From 910e01af3fea59e4b61bffb9d1d945cdf27cafaf Mon Sep 17 00:00:00 2001 From: Jack Amadeo Date: Fri, 24 Apr 2026 13:45:07 -0400 Subject: [PATCH] add a goose2 signed release flow (#8728) --- .github/workflows/bundle-goose2.yml | 90 ++++++++++-- .github/workflows/release-goose2.yml | 192 +++++++++++++++++++++++++ ui/goose2/src-tauri/entitlements.plist | 22 +++ ui/goose2/src-tauri/icons/icon.ico | Bin 23997 -> 107653 bytes ui/goose2/src-tauri/tauri.conf.json | 6 +- 5 files changed, 300 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/release-goose2.yml create mode 100644 ui/goose2/src-tauri/entitlements.plist diff --git a/.github/workflows/bundle-goose2.yml b/.github/workflows/bundle-goose2.yml index 1784e7bde6..814ffbfa80 100644 --- a/.github/workflows/bundle-goose2.yml +++ b/.github/workflows/bundle-goose2.yml @@ -38,6 +38,11 @@ on: required: false default: "" type: string + windows-signing: + description: "Whether to perform Windows signing via Azure Trusted Signing" + required: false + default: false + type: boolean cli-run-id: description: > Run ID of a prior build-cli.yml workflow run to download the goose @@ -125,7 +130,7 @@ jobs: - name: Cache Rust dependencies if: inputs.cli-run-id == '' - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: key: goose2-macos-arm64 @@ -175,13 +180,11 @@ jobs: certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} # ── Tauri bundle ── - - name: Check disk space before bundle - run: df -h - - name: Bundle Goose 2 (pnpm tauri build) env: + APPLE_SIGNING_IDENTITY: ${{ inputs.signing && 'Developer ID Application' || '' }} APPLE_ID: ${{ inputs.signing && secrets.APPLE_ID || '' }} - APPLE_ID_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }} + APPLE_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }} APPLE_TEAM_ID: ${{ inputs.signing && secrets.APPLE_TEAM_ID || '' }} working-directory: ui/goose2 run: | @@ -291,7 +294,7 @@ jobs: - name: Cache Rust dependencies if: inputs.cli-run-id == '' - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: key: goose2-macos-x86_64 @@ -360,8 +363,9 @@ jobs: # ── Tauri bundle (cross-compile for Intel) ── - name: Bundle Goose 2 for Intel env: + APPLE_SIGNING_IDENTITY: ${{ inputs.signing && 'Developer ID Application' || '' }} APPLE_ID: ${{ inputs.signing && secrets.APPLE_ID || '' }} - APPLE_ID_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }} + APPLE_PASSWORD: ${{ inputs.signing && secrets.APPLE_ID_PASSWORD || '' }} APPLE_TEAM_ID: ${{ inputs.signing && secrets.APPLE_TEAM_ID || '' }} working-directory: ui/goose2 run: | @@ -477,7 +481,7 @@ jobs: - name: Cache Rust dependencies if: inputs.cli-run-id == '' - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: key: goose2-linux-x86_64 @@ -564,6 +568,7 @@ jobs: runs-on: windows-latest timeout-minutes: 60 permissions: + id-token: write contents: read actions: read steps: @@ -621,7 +626,7 @@ jobs: - name: Cache Rust dependencies if: inputs.cli-run-id == '' - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: key: goose2-windows-x86_64 @@ -697,3 +702,70 @@ jobs: name: Goose2-windows-x64-msi path: ui/goose2/src-tauri/target/x86_64-pc-windows-msvc/release/bundle/msi/*.msi if-no-files-found: warn + + sign-windows: + name: "Sign Windows installers" + needs: bundle-windows + if: inputs.windows-signing + runs-on: windows-latest + environment: signing + permissions: + id-token: write + contents: read + actions: read + steps: + - name: Download NSIS installer + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-windows-x64-nsis + path: unsigned/nsis + + - name: Download MSI installer + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-windows-x64-msi + path: unsigned/msi + + - name: Azure login + uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Sign Windows installers with Azure Trusted Signing + uses: azure/trusted-signing-action@db7a3a6bd3912025c705162fb7475389f5b69ec6 # v1 + with: + endpoint: ${{ secrets.AZURE_SIGNING_ENDPOINT }} + trusted-signing-account-name: ${{ secrets.AZURE_SIGNING_ACCOUNT_NAME }} + certificate-profile-name: ${{ secrets.AZURE_CERTIFICATE_PROFILE_NAME }} + files-folder: ${{ github.workspace }}/unsigned + files-folder-filter: exe,msi + files-folder-recurse: true + + - name: Verify signed installers + shell: pwsh + run: | + $files = Get-ChildItem -Path unsigned -Recurse -Include *.exe,*.msi + foreach ($file in $files) { + Write-Output "Verifying signature: $($file.FullName)" + $sig = Get-AuthenticodeSignature $file.FullName + if ($sig.Status -ne "Valid") { + throw "Signature invalid for $($file.Name): $($sig.Status)" + } + Write-Output "✅ Signature valid: $($file.Name)" + } + + - name: Upload signed NSIS installer + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + with: + name: Goose2-windows-x64-nsis-signed + path: unsigned/nsis/*.exe + if-no-files-found: error + + - name: Upload signed MSI installer + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + with: + name: Goose2-windows-x64-msi-signed + path: unsigned/msi/*.msi + if-no-files-found: error diff --git a/.github/workflows/release-goose2.yml b/.github/workflows/release-goose2.yml new file mode 100644 index 0000000000..bc1d8e4ae7 --- /dev/null +++ b/.github/workflows/release-goose2.yml @@ -0,0 +1,192 @@ +on: + push: + tags: + - "v2.*" + workflow_dispatch: + inputs: + version: + description: "Version string (e.g. 2.0.0-rc.1). Used when testing from a branch." + required: true + type: string + cli-run-id: + description: "Run ID of a build-cli workflow to pull goose binaries from (skips CLI build step)" + required: false + type: string + default: "" + +name: "Release Goose 2" + +permissions: + id-token: write # Sigstore OIDC signing + Azure OIDC (Windows signing) + contents: write # Creating releases + actions/checkout + actions: read # Downloading artifacts across workflow runs + attestations: write # SLSA build provenance attestations + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + prepare-version: + name: Prepare Version + runs-on: ubuntu-latest + outputs: + version: ${{ steps.set-version.outputs.version }} + steps: + - name: Extract version + id: set-version + run: | + if [ -n "${{ inputs.version }}" ]; then + VERSION="${{ inputs.version }}" + else + # Strip the leading "v" from the tag (e.g. v2.0.0 → 2.0.0) + VERSION="${GITHUB_REF_NAME#v}" + fi + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "Release version: $VERSION" + + build-cli: + if: inputs.cli-run-id == '' + needs: [prepare-version] + uses: ./.github/workflows/build-cli.yml + with: + version: ${{ needs.prepare-version.outputs.version }} + + bundle-goose2: + needs: [prepare-version, build-cli] + if: ${{ !cancelled() && needs.prepare-version.result == 'success' && (needs.build-cli.result == 'success' || needs.build-cli.result == 'skipped') }} + uses: ./.github/workflows/bundle-goose2.yml + permissions: + id-token: write + contents: read + actions: read + with: + version: ${{ needs.prepare-version.outputs.version }} + signing: true + windows-signing: true + environment: signing + cli-run-id: ${{ inputs.cli-run-id != '' && inputs.cli-run-id || github.run_id }} + secrets: inherit + + install-script: + name: Upload Install Script + runs-on: ubuntu-latest + if: inputs.cli-run-id == '' + needs: [build-cli] + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + with: + name: download_cli.sh + path: download_cli.sh + + release: + name: Release + runs-on: ubuntu-latest + needs: [prepare-version, build-cli, install-script, bundle-goose2] + if: ${{ !cancelled() && needs.bundle-goose2.result == 'success' }} + permissions: + contents: write + id-token: write + actions: read + attestations: write + steps: + - name: Download CLI artifacts + if: needs.build-cli.result == 'success' + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + pattern: goose-* + merge-multiple: true + path: release + + - name: Download install script + if: needs.install-script.result == 'success' + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: download_cli.sh + path: release + + - name: Download macOS ARM64 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-darwin-arm64 + path: release + + - name: Download macOS Intel + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-darwin-x64 + path: release + + - name: Download Linux .deb + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-linux-x64-deb + path: release + continue-on-error: true + + - name: Download Linux AppImage + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-linux-x64-appimage + path: release + continue-on-error: true + + - name: Download Linux RPM + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-linux-x64-rpm + path: release + continue-on-error: true + + - name: Download signed Windows NSIS installer + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-windows-x64-nsis-signed + path: release + + - name: Download signed Windows MSI installer + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: Goose2-windows-x64-msi-signed + path: release + + - name: List downloaded artifacts + run: | + echo "=== All release artifacts ===" + find release -type f | sort + + - name: Attest build provenance + uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3 + with: + subject-path: | + release/goose-*.tar.bz2 + release/goose-*.tar.gz + release/goose-*.zip + release/*.dmg + release/*.exe + release/*.msi + release/*.deb + release/*.rpm + release/*.AppImage + release/download_cli.sh + + # Create/update the versioned pre-release (e.g. v2.0.0) + - name: Release versioned + uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + prerelease: true + artifacts: | + release/goose-*.tar.bz2 + release/goose-*.tar.gz + release/goose-*.zip + release/*.dmg + release/*.exe + release/*.msi + release/*.deb + release/*.rpm + release/*.AppImage + release/download_cli.sh + allowUpdates: true + omitBody: true diff --git a/ui/goose2/src-tauri/entitlements.plist b/ui/goose2/src-tauri/entitlements.plist new file mode 100644 index 0000000000..a5f008eaaa --- /dev/null +++ b/ui/goose2/src-tauri/entitlements.plist @@ -0,0 +1,22 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.allow-dyld-environment-variables + + com.apple.security.network.client + + com.apple.security.network.server + + com.apple.security.device.audio-input + + com.apple.security.files.user-selected.read-write + + com.apple.security.files.downloads.read-write + + + diff --git a/ui/goose2/src-tauri/icons/icon.ico b/ui/goose2/src-tauri/icons/icon.ico index db5b7751d29f4fb3c7bd7546e681deaebb908e95..83c727d9a309d70ce39db0c0a4d53da8deb4803c 100644 GIT binary patch literal 107653 zcmeHQ30#fc^S_C*g>2EPBqdr%2o)-ltt5&TM5R&@EkuYmAz2G~TZkm7NZOQ2_FK}X zJyhCID#i1kxxfGQxo_HVk=JuRa_{rpXF2CPbLPy zHLH)l%h4j9H}>HJCr1WrG+qugIlMyt+VF-=ucjn%-PditckJ2lMHUkGpT!tX*gtpO zQE#_(^2=2(J(#*hQTg0n)`wD4;#=mcX{F3NHRGC5cKj2amcgT5)#dH@@OjIrt*>}T zaB_}Xuc6^C;V3OKh@G;2Xeq^D(K=qrLDhq-j?%7H6e$tuL6j8X6qbZjcc)WEd5!w> zFG^=uw6mM>_}uIPUTMP7!&A7=*0UV(_I8tApE5>JaE`Uu!KreWSQ8AS#)ycpjUGMv z)HDnJ$7g4bj}}hhKK_iwvhtaj@VId-l*yAP*L}#dm=~PsCgC2YGS-}OYLSRp-VF|A zW#!|AYO1Pt_VyXDY|Wa9(X&#x_eZc;Hox1j^Zlb~E8^m}zFwlFqLOGV<0j!5#x~xZ zQk4_VK4Zp=6>&?IR^8mpcVlz@glMG{?lZ?&EK5^3?xv<@HQ8!wj}{UVvaBnbLk*n# z{CvPb$FcJdjhQ_=_PK9bTH2kNwK4l5B4ns9CqFj`7~tsU)*o-Hxa;e?>tny#nD>J= z=SPo=HcR1lvSvBr>AA;i{L<&muf4pyI5|1@q^E081E*Y=UeT+l>1}D0RjEqsx$tdo zw63haIcQ_JwsrGCv4xi@Ql}S9-`R9c`HB0%gLeTEWt%ZYg|fG54+c}t#|XBK)I@W`#@EdnY(Xj<|gSKAF9~-=NLTHTQGu>AH8j!ue`&R z+?4$TxTH*@3$V zd+^OXv1Q8^C7Tr!M7&%F@yRLeW8)Bt)X{C$3Ci4*du{E$@^@8xhqDaf;Zb`syOFm# z|Mp31xqOGirx%In0M&2Zx~0w6Yplw_^ZL6#t+2KUtjn{AS6{ViRHRwX_1vs=&w|tq zC!bb2Y4Sdxuj7hfEl$doZQBBilbn~YTPJk<#0f3=%`)5-NrM%HZES3U=M`04^u4h4 z^<&qXEnX|Mv{YtpuR5Q~zvIgDthJB4r~0Wy4$$bWXlvW#;Fa{~k%!8`QFB~fU61eR zy)pc>{KxXK@9OI#UrYhB!Ij*X{VTX*V& zZ{%ohX;H9zk^ka_abr!spV|!`jot|Xs$QGU%D@|B4DSuejomRV|JGLLlG4&QGCBOu z&YU@8oaof=*y+<^_I;}sDl7L13=E`R^xd@(i1sXgH_=j1798Rspm46QaLSXXhxlfSN=O{CZ>Zd`t?!Gxaf=r&6bjFoXfJA}15e|V-+3zK z5T6?G%ednUw-rvex3yhnY%CgEmpCAk|5nAbOT%>Ic4}Kst8yF8BDFTr$$rwR`Sa(0 z%q#q?5^nV5f?lkBW^?FL^AKhCk;6GT=iIa?966g;R&2@?uM10km+0x~MII`3WMM78 ze_Y(UD1pWP)oG&%^X7(VWqfRSqimB@14wSmXARoS73a|M!HriaChKEk?NatZykq>S zqV}uIQmFp(E7HdMUU@(25cgEKg=%VI3JSg;6z=8cpJn6VR@%RRzu)b3HozXcKfm{N zn`AJ~`{YTkN2jFseQqfv-1xbR<67UTZ7Pg&h)r1EMME;1| z!pf9~XJ#yK@(aB>yR|N9_^@HiUzQ1LR~5wi0E3!Sv!NGK1JzC{+1#m7eXC6wJa{m5 zoTm8f*?bun7AHCN8-_BD`cmdH2p6G=69?Ma*^Qj7ADk%!9ZN|#T73IrH;U!9Z6kE& zdQ6xw;hJfdL`;3UTK4q~0|v6~D?iG8Mk_e^#jUMYpFVC2z7cLyt7m9v=u&e?*Gq`v zJSKDnvWPhyy!!9p5JZ5tbl%$;|s?{A7oE| z(~uowH$}yRJMdnwFlAqd52NLY)~(7nUcPzb4y@o-a}=MfbHl73kdeCKS&r+l@ly8n z#;vav2onvio6{XW$`tG-9Fjjj8ZBi&+3Db*Z1do%>M#nohl=&+hAmLdn1<)8S4D0b zasU2(rIYI;_wMc0`bM9atEF{9DDQn;T|$t$f7QAtk58y_QmS(!=P4>WmQSt>2?*$2 z8`mQ7>WS}RKR+Sr%T)(mhVb!)l;@vt9xQO^^QRW~8t+fT9C)uwpL(?M{=IwWBTch3 zKv?oOS!t{`6BHD*e)D`1b)Jc5K!ETjs^9)~>x*k^m%e`D%atD@GRKY5`_rsQOg!BI#|AW>ge=73A0uFJ<~HX z#N_0>ft3Qv^@9$WJy9TL>BjHUt*^^e)z&_p?3)yH^^)cUohVDe(F572x~7u@I2;wy zE3E55>O9?18#|wseNaTR)F@fAQ@U&3ZUh-$R#q0Uz&CT#RFIP%Ztm{NHo>aJlqRpE zM~BJ*ydk=`PaGI5u;laS&t>K1qC2U?t=JE_rpJ7I#OwXuP`lg(oVszxhi36)|ZqB(oqkP!-B}$r_#~wL6 z7ZelgxBTLg$d8)(l=7$lu%4K-`oNJRLvG8ROwyY^QTw`~Yq^ja2j?9FDaDH!_ z`Ldu)4c@TL)*96;t*!5$L|GR1;^pNvko8elS7(XU8|+VYfhG^<;_?p)>I>cI-lIp# zn>S0md;eZtQ?vKkB}QIGFK6JtC~pf8t|l+4`}>HTcew&SLcb4*S1qo-CE#_MNCRW{h`!00yB z^!dZexLF^|{p&MV>c1V~#qFxeaz1m@C3rz1m)X1s{@M0VkBhJ5c39-@?rs7@Wf_dv zD?V|19GE+Ap4iy2^Xg?h-85MYCZ9HLZF-x?WjZhNq@KO2o0}WA`7Dcq7*!bWZ+`T< zv}@O{2)p+iCy0v=o2?u$b_Hb!XZ4F)86tzT zH0S~l$MxLE^rI4#>({TB7ds1#j9bNXIdW5`+aUf~+2_~WmfY>vf8fA~%S)h(dQaZa zKR?E9dHt~?-qtLNN-{=|d5Z@`3a*ad^@-bTZE|w5dg>v*kjqcf(p*PM>OH)yDE`>YmHle4119%_F5ql^hVJ3ELK{^KW4x}Re^D9qt_{rY5X>2*$Z z%DGR8{=74{FY`a^T(?;hw;}-B-H<97ajdQr2ydFEu zGN9dvOBsK(~iJ5E$ye9~TakpnfMvYof zQBmQizgdgp66+XA$)#cOmN#CUkkHk6EiE=_QsBLN3pN$R+!Bhvt#(pkXQ4cg$TlE> zdCv8~wAwxq=6NRu3COo5gx!1m_=2jJh?p#YK|w);MWH-ZQaX5lJmuQaE;n-*gwB?pUmsao4?%DkdIrKzb&(VwcR*Qlt9Qo!0;2CAWKb9^?1 zU6BujDcleLG&MD$k0%;Vo^vrnaO_yt`G@(FZ3-Qn>+7vi$9vg-DySc*%FD~k`>Czn zmcX)X>BjKUAUUURDeF6Q*f3A97tWmF1#Qp?RH}jcJKy%ZmG4Zc`<_;m>mOSFCZU|_|Mr1o zyo*Hg#)jHL0a~S@M$|y50aj*N=U0a6q3w|yVKO%QSWA%R1S;6Ja@#7MVDNcYa&s#$ zC32LUwI~jVKGXkE1~HkJ$FpR~5@CRcYG}3Ts_CmcazvB=2*xYv=8{h$=P}AgbA0`4}aQWXIGrerSG(F zA1i2mp!DvSCduW2B^p@X1*Z(PdlSSAgxx*riLCUeOL`8#iuT)5kZVJXMXYFC};1 zfm1_<4|f9TCnO=U#5$`s!%umD&#ht7;r#51vu$_mfQt2(J3EMdFu$gC9tgO;9308V z#Fig9dD6Ke<6>!9nwQ`0HOgz(3PJ;&6_*Qs+}ry@IjEun9K6$)c@8iFhI|T~4&Bqk z#pS4%*QFheHHngAG?u?9h@FWevLws$zU+?suj<7vbof{wW-AEV{!x*|-bzM~&s>Vx zGvCZ?A`oCnlTc{LrOZt_@w;Nni;emhQ?AX`(cx~W$-k{P;NF7=?s~gFZCj|SD(FvL zpriytx$Nc_LD~DK^F)K1odJ5I@?eGK6n4ks68dp#E)J=yt2+Wbf@6zJh|;v3xc&m{IDlUvI4JD`h0r#KvKrG&cOa%+IW*U&qJW6YF0l1W9unU zYC(wB0R5PSH!hyDciUcDu-HCUuU_p=rOVPjTG_GURrWh}tZa!|axuwI*}aZBU*L|J zth>ZYD`->Se*MrGe;R4JlKS!*dlAK0X~TvMt72@W{rvpA%Ss4;7y^s(Z3>g2e+-;I zU%v36mK8YTbSKk;YzVd2Ba|@eja(+IaMO?GU$cd{Awq~s`h%W{IjuQ3{(7}5_ zZLDW_)YR@KX394evCevXcNp;N?nIWSeQ%iO9RL-@FCak4S}f7JBE65Nr>E`9<15Wx zT~;~Bdj5_>OZ83UtdP|=l}-w+dH?DWTIHjsY}71p_H<2VdFm*k7vlmRilWNQU_Z66 z(cB(v85ftP9v!DvR8b)o&07K0J;F0>b5TQ1 zVh^{XiHR5vjqdSmN=`uH^_9;q!FVuI_t3NH6z&8trrh{uZg-JLdgaiNx$+bYxDh%b zerleBYFR`@r%mI6ddD=qF(E#GIyKdF z7W@yaLHX5FwTJhb7# ziJZHSmKxq+IqwK#!9@KyUKrS+&8A9D<>kg^xe=f@FLvFvrL-3JUu8BfH}WjpfV3!1{nEYlHQb0J@iVYw~iX63VqBX@-fQL@v|R z6plV7Vh(1{f&~kP=&E=nvl#pXqHZlT-0y+$I~dH+W6%l?B6$DN>6D2P@ctKZ4y&z4 zYc#!06$rC$*fh#Rg&HU`gO@TANbo92)5EOgL-m4%3x~q<$b@FJHcNad$7ZxzK02-8*6V=CWZ>S212ngEbgnXJ*-Hz*~fb%w9xs zzJ7dmnC?O^ya~*EQBlz$x(6bzhljr{*il;y(gSKYbULL{5Ddw|pK=^wFal?Tvi0c2 zy+Hn*k$2!WF){Ib5HvSXuq!`PT>>Dhf0LmyZStH&nD98d8@_P_&>N@m@^xn zoLfBM_(EGDPTI; ze`?6upY{CIqs+|XG!!zDHd|4i?MXBAvnoyL=UdgN0|XJ9IyEv^$09#k8ARCLI&PkD z=(2}E_6gg2XOA1?C>I4*B|KWaNeMhB7iVmJ^%Qg+(~!n2{oR2@MFzzUvK!yzgpUVz zgX_5o+nrg@4+2hIvMExhy!Y;=V&@8w8p8h6RTsTOL5j!jXw-^e19jEsoO^~fxsl=yt#4BUGAbrsC17-U=0AV1@?PT?QC70x zt41Xq#HO%)Wp*EUW%dp8)&8}gZyHngLXS}a4brW?_^#_PErGQ!hu?z)E_0X2BTa}lN^GRk|=ANCsYKx_%@e$XGvNEN^3ZJJ> z(!TB_p&K30q~Gd&MsAy%J@oug9RX0f?x&^w1DNOPQYhzF>e=nz)lxl;nvo^~e2`!` zS>4z;sKhG_oP;u)o{8p0nsU7?E9+a42Tn)m3_*{lJ^}BDiwo#<;6zQU)P27ZoMRuw z9ssw4oE}Hbxc|zM@=P%}Qv+;wA+IMH8D8LAG=Ynboj9>^*z2oAea2E5g9JzR=QWj; z&`(vBlSx}|H z!U+JU5%q0p>LnZ_PF_Zi1bybp^Ig6B^ic;*k(2XNUDDvPiVBlVA?Tswl2cOp&y1)n zEuAMVEiKELc*BwPJR9_=;Ks5o+qYksFW_*jU{{OzM-V{OB~Hh{)T8oP#Hg1_G?yg1 zi|_sbKB#9G7V`v;G=Q;wgP|cgOvI;9N=6cL|MF*TX+dj@PGBN_E z0|&q|YO-Np`^Fj%S@T>MiTKAmckZMOwyCM?JhEnvdZD2^A3k_6V4m}!kk)AJ@Qt8q zT&vvG7e)!=!noOZBe(?Y74$>2{K1C_stc>Ot$rRjps(me_6H3cy(z7&t=yJQ<~)Ft zeSNul>H4czulDWRHvudQX;2OTk~^uX^R3fHzOS#p>o!8X==E!7a0O}Uy}t(isWJa- zR#Fn{B%O$Bl{R2%-^s}t4eH3g@bLEzdzN#7A`jk%a`5IY@s&5X;)7#Q8KZW6l6xMi ze>fo_fsJ=9kBB|jT`h2MX4DlYi5E6}sILzwh~1IV+Wfwv=*~XtmJjCCak4H=O}3TK zLwLZL4qjQt`T@CgV=+L!My z0{wr^9F}py!cW0TT>;%O{mhE(pIhzv_v`nMJC~%Eo!PsxG_6TDf`UYaK7Nu4p2{WJ z4}JoR;$1_-3gO=1wNeEyxy93AVP>4{lwd88(~;xH#}c1gMoLbO)L9H|I-Zvsy)8J| zH{7@&W=0_NJaEPb0dd`&9Dy}+!i`q)HymNnAAW4bgUrmxTyYMY>fFo{@gXzi{UdX)o16mI{S*0?fl5xGcdu`L_YzFf!iLhUh2LS^8#H_x-9tj2=es*D|9R8=*Qi|b@d+%(G~MeE9EX(jg9 z_0~jLvTTav4&V4F5qiRiW*Z6x>`Y7WHh=;6l099^W!JF1IpbsXmV#7}*;0mvwcXhQ zLsQ^k=q)d9@`dLtT7F?sSmmSJsHW-h=NnF@q6mNOy)236AWY2!!0aGGNtbY?4ua%Pm4!^X_%*>KLATC!&TNWoeG>0Yd?CIB6XE)}qu>zBz+7(}@c_3+^$H&@qx)+QZL z2bEi#%g5JOKN9>a^>^3>R*gW%W$<+_#rl?pA-=XHt`kyQZrju@0T=HDa8u_bJKx}T zbGw(gR8#5$1=N5AOP8VodIaWe5)NvH3tlnWT55S5_$jP~NzZ5zv zxQvv+ZJ8YJ4=%-~S3VYCz-hh=0|^2;CRood{QZ3rec22>65)>A_|`_4d_gYN*4DlU z^JJh+oX@CO2F_#9?qQg8bO9%wxB}Z1jY|`Jyu60h+s}rgsiMA0a<>ClP6CS zIXO85@)TKmCIZF9#l*pb2MHM&8G?(!>FIwV+C8tyPEJl8(rV<$k;L=o z&uKCp(vo#}9VD(HZr{F5qdg?q>hL-`zbsm`=nG%*$7 z|Jk!=G<}awzqX(F3`mIGX}`yNa9pvlupp|dtN;5TchW-05Jwmo7!Z&Qn85EfH8q`F z&AgwG-jHdRaBy&->0)TBO`kr!L;6E@a{@LtAx@n-)!{WL&r$Y6lCTc1LE7W*M~)mJ zAe$cZ8uSM~3G$E;jIwm#z=1TKYy0-?G^~GC-)LxPAolFpLqG~ZV$7H^1nPUQU%w`V zg@rq%o42<&p`)YI;Wen|bwzu8$F*zM{y=ImzsfBwEyVKW%iF~h^(NH6?d|Ppy7c?^ z@0n5olrNCnkzi$IrM(w&8558Wmw55w1u<&WsCMf@m+>g4AiZLz*U+zR?{n6yS;WJK z51G=A|H?zU(xnkc^rt8&C=ebV9yA^7du?ab@7wFYkTaHm#FSszX>DnU{DCr~?fI^b zSy)&Id`C%1$$y1xOlwC*Mh1bpbypbDf9K)hq4{HQET-#j-Kos0SFdRP7y5G;Khd^3 zfBt-z^k=-MyWdgHn3|dr=>H?j*9agD7cN}bZTi!3M_mDRZS=FCKd!Taw1*8VI(!Gx z2(p9|!-fs(@EZDizvUC3yLIbU0`(2Dbc_J%!ry``?>&b6$OI&7XRHqSy#oZ$4n#lL_hL=I4|M~y=}|vK|10YG^xuBvC+hk1xuOo5 zOrCCo0M3gsgGOjKqE8359{FP9G2^-2eFlyr7z03-Z$ltAHq~wY`S*$d0JXpq`vn9>>L^zN}!*;yLk7c>rnTA z%{zaf_2jMS@5eZqo_{=HvE`Y&(7xq;v57s7c7j1MAp zy)PvB)0bF|t``6RfThQN(bof=iA#QGN0@nlK8gH`v zS_F{x^f+Dgui@Gd`r146wMj}!{xms&<2=qol5;t~mge-gA?;VKTJ;ruaXr1WvorDX zS$+=!xW1>WoCjGg$AK8)iw#*hDK{Pv_t zlL*Z1L6%>KfUmDFfopl%_Qmfx{#N zGsbf|FW}lvjL+Y{e?OtGuTRU@NdK*)Ps{^`^A2QTE&@2dc7*xQIFGbPzaD)|N120b z4cg1|*7p7AXDoyquVi5k0+=h8S?j#o(yF85O`A5gn{Sg!r4qPqxTE{%=hfBK$$22= zke`;%hmPy7_{6a!J3G6>+GF0Qb?er3xn6MN#*IXMeSL?|A%Ex^0nDF@^EkhP?)VP$ z2cbUMRiWnt!+7qF>V~mjIBxyzIorCzva{bYe;PA&x{hc?KaV*Dx*My9IsxhkTwGio z@&M*+L>}nwGdsiLZ~Ki|IUeY=?dnrdQ1H9v@X_W&JEWuMqfEg(-k1xPEZs){WB5?^ zqm0EE3!J<8QGb0$G(vy!g$ozDU%56{;@X3$Q>S*w1NdIF9q=8Ddjhn140*_a0Lo0v zv6qsPLfpA?hlq-bB7%d1Y55W`-zUb|F(dy{@7}$Mef##ctM4;Zr^~OHqrWTL0QuP5 z+?w95yQ7kq^P#`0h;R4XehT72)1&I6!sf%IV3x*S}K+7%C=EWq59q@U<3^0s>d z?Je971M}^nuMhicM{@jI&;N{dIT&l!9X}DqrINW_+a)JjMU`C0R}mo8nR=`HQOoAI2yygX4}Ufwq{Et5~$0n}( zu(Y)7mYl-IWGiT0x@$3Klt;{{b9J1YsIhK-=>M$26b8GbH zJPr3lVRl|8)Vc27z57c+z&+naj~?Br96+8VW61tZ7S!>XrRU*ZdnoU54*7Q!^bvLz zuZDBW^m)eLQNNz}PSl?|^7WuxKs&mvY;Svv{&zJswO`)n+v16SVjOeYlLMlnqO^4h zo}QjG|3=$;|JLK6prEhlk9wQ3vNCP|Gu&ILExj3!ao+{Z3)YkT?zsL0V;3?1IQkus zKXL5}&N<-mj2Sb2n~dsde1?8LdjH41ju>6Ja)q|nUROEyah(VH3wvV0IgO`JpVD$p zqi)!CjN7|+Z%?fDFRv5MsbGvg(mf&~g4U05f6cDs{)!bV{+QSswEHnX1mpZ6>Vi+6 zJo)8#_p}${y#LLcH^2C0aeutd;(Sq7;99(2wHF*S@xt8SxYr2!xKOu=jErRFM%U+Pa|2AnU&aez^`WBg8^zacUE( zfc_IwNB(cqo!&ZJ+vV!<@mmS8rx!CV_iQ zYg4nZX4}p72;2z_+|H7n6lW2R){H%RJyTfO=U(}EA zBq&A|motJyBjQU%s5Ub?eqw`{m(&k%EGPU+$STYZig~{xP<(qwnJ4 z;

HdqUf>4k)v6U+RwPi~FKtAI1Geu^`}x%-;NDQ3?R`LR7xruV_iz0~`HH;OQ;V&w?RU4WD=aXl zIPNRolMC*D&bT*NS8eL<@0^^Re?rl7D{OOI2jf}78@!xUZOaTFbAHo2~LzH)a>ON7Zn{`*8Y0Cqs=lb~g{E>O{R`X?6D>rg+#_95-jc11g&JADE5e7yE|+cMva z`~Ca(X*vJf(w3K(mzX_!Hf;~xw!bkRqn(Gm^Cy<<>}*0>TDn6%$Gt9bKg5n~IXVuy zy1IX)yu=FOWg&BOf=(RRY|kA5%ud{L(M)Pj4rqCHQqZ+Ab@XBQO}^;NT4T3TrP zMB(rBXQ4eE9UcAEwLRfPRaF(SYu7HCzk1cGRfL3uM3=G;{UhkR?yTUR={RQ6F+d;M z{{8!V7Dk)vpksjY0x`z@C3{N2`4?GP*?;v} zdVSk|V!yVtv-_s8{lI|(U&$8Kt8qT8CluVfyKOt$J4RkUefsn_+cGEaC@6e+5AHdRdyoHa{RsU$xQ{Qk8|Qsc zk74xvqRn^g*s*Wo_l_{ax!;2a4-!gBO2mW-6KM9;k6_x-d%pEN`muw9gK0hr#yKe* zw{bp<*#+k}Jv}{Xwxo@X4YMEr&Cf$Qg!N(6S&%;W?%n(5XMM{J*eCMx^1kJkpK>kw z`55Obd3bpKSo`&R075^7y1F_|HsPEn_J_Z%1O^7u_*vfJA^qfJA^qfJA^qfJA^qfJA^q;7>#Ve70oyixI#)5mNAH0DoWdLy5Z#o#xG(N2@Q!_2FDTJ+6cPiO;jQxBn$`UWX4Krqu=U z!#`XHgmbRAE||U!4A)G{$jH!s$F)ZogG;}@?I*^Z9y)aBtF@S4fybm1Shx1pKwyj? z_C<{2V2mF{zUU~P6642k?f0*YeL-GXym)cDcw)Q@owwWK+}<(r;`{gSnS^ZjA9Mcv z`3^B{ub%Cl!x*kdj~;dZrA)jM=a_NrUwifH&N-BoCr+GTVvWB2Q5Y*Yc<|tFZUgc> z#trs_H6hN<&R=9(b)$dc7=>dM{h09+b2j`gS;+_-=F0K*_9j-WSV7B^!B|Je@7NZMvu9kl zg6p+@Cl6tN#Xg8Uf_hg+Isvw0!GZ;}yb6f<+_`hV&_qj1i>RroVT9zDea9GoMvOc9 zj=E7|V&a#2VN9W(p57PU+OS~*f$I!@WkH$e;o(8kGf}T(jPGP@2g*^ru5Cdb2iJhp z)caA^V@%$R88c|M5@WsbJMt99(6(m_V0&=9MOjO~4`tTPn>X7w^`{); zS~`^V^mn)YL_Gr6gLGw!qu#{0J_q&e?$~iZ+9=HRLbsLL=DNT-L_|b%TZc!!K{W5! zLp==pDdw2^k%H~O@etQL{>*}Q?YedAXmv+E!gVme(&l4E+i)E>@+{`+>Z+eI<9*D2 z#?z-yiS_H(|FOB{a16usiDV%WAQ2!DAQ2!DAQAX61VEo5%Wp&g1`@5^#$9DU7%+H9qbm`CU>=W_FI22|U5fGQhvrf z9QG~7eCuuNg0U9pdt&5IW?_K5hQ1-pp@P1~wsT3ypO{19NBVh3b;Z0Y80UiR#rc)d zqep+`j6tSAw}T=;itI=QMvYJ-xnY?NBzgx26|pxI=|yQFy>I}D82#v0MZ5X{`{!l8RHNzZVTtM@cpW) zszgRc1|9MaKapoJ?rt~uzJF8>VU7&M8~OiR#uAj5m}CD({ot589p~fGm;XBo?q|Zx zaqM@rfqW;4Ku<;hrTO3kXBY!UvwMPpHZi2t5>x5EF9M`)*1B@93N5l!r1HX<^jj?3~eM}F znGg${%j~M)d^yHW({+BjK62s01zP-lS9A6l8-njgTb)s7$9AD@+0}SkTwF|xwePB) N|E1sCh=XrF{6FlkrP2TZ literal 23997 zcmdR$^K)cPxW{K=+tzMu+qP|IcVllbv27d0CtDgx-hZ8!ih%oYIkUl;H}06qW!$b29G5_|^!_gy~3|NaUDeAFzSJr)`lJY08ao9bk4<))S`E>F}@ zTR3**J2!Bah4}yf5lri8$#uzA#$UAiL(bt#@n-QPdzH*MhuEVWKLunKD^~AX*U$E~KQM385S6ZT89`)Of5EztoHwVoHEc z;2JlOI@&Aw+|%>l%pBgd3>9|=)IW$2DU;Mk4ZpsUe&wK2(|lEvCuYw+<1l}O59}xZ zK4HX9qBr@gny*1XS`NoifC!C>JKc-i)i>{Mx<2gft^aQ9?p&x0!2!eEFO2-j^0u|} zIrTbhie)46?;E!<0f6SM@95s6*B|ZUvse8(E$mQJptX(}_!o~PqlhJRbzIm~(}tQzG^11w=*1a;$o@IAF3;+nJk!v;i7RlF)) zt@XRuZmRT4J903y3tz0UzpRol2k4T9+ei^}khtO=pp zKUtvs&#gr@uSs0MeLnr*ZfQK}{Pf&v>?~rcoQ)-2n1X~ML$`bD<{Mef0r^k#h2~vw zpSqqx&hkvM`AZm{BuL%JpTu|&1R<)IQk_81?yc^t(A981GyBO;Dozs)8IUq+Y$*En zubndY!c~CCvv$DU6zKD*>>@jPuknKNmSzgq!fUJ1ruq$#|MrOzkq1A8%s=`C zUgJx^R>8Kf2~Ygl1urEJ)qX|fwKH4*ZlNwx$ zEbIdh>=|bh`-(J|R9eICwk)aVxa=C81;QuFDSxAf5K!}`Ef$%D)JUa%kO*~yvF#Vo z53>P>bVre&_i#JbEo;<7n?l8Mg~5Zz`8Jfl?nffLI znCq>#e?24!U6Z1(1!Mt5RP+lawR=l(y`|>=M0oa4T|u2Rz*|8GWPUeU7r_V6e9FZm z#o6fDn@}awB~nfE!>>bV>G#7q&P|K71hhhfZj?b1Em3r|pCU*x8WBP=AjH+M#{h>V z23RW?0Awwxo|DoNqinD&M4>o@Kv#A%#3w)80x=vU;J}|S*a`P73r3XYH;OETZ)(r^ zb~kTyPo+>AJHxAJEA)25Y|&f4yS5k}CB`z|`Sz%0O8b~KpylP(ZES6uT9YY8BY-O4 zhUy9~(wo@|$egTg;VYZ+7d+=2B0kN+wEn(ZR3po&J#sdio0{Bpv-kicK=;Hgy{8aR zhDp}MFR3TV=87*J`l@zD&Y+kb(D;OSCHqW&{GxFLkTLO^H$9{~Rm}kQEPUqJJf&)K zb?L6KTdxYmWL9`lA!f}`c_xaaVLTDJ22dMn?$WUXY#6mgVK1TtaSdGy^!?xOHzv8a zqEB{Ee#1}#9LV=Z@if@9hV2Tz{W2vjFLz3*1d2r9NCkbueLj>EY?iI#8hQ3swO{aE zTo30tjx)7az8)|;IDM;b4J82a1v=Rqe3`ANkb#KygEt6p1Lc(4NNKVI{E9vDlk@tz z-)_bwpYcBrg+GtoH|`rQS`TxBe#K!@k}diDg&At?kz7T6&p^&#HBDGq&Lg0>W^&fGEtjB!GkaG zNb~`6I0N$B0JQ%0ZEX@QqAwIG0nBYjze>L3I*-v_1R^pyii?Ze=W2V-hNoqSWWsS^ z8;#j$LlBw@Fs?E=*Ibpe00;|j_I@sajIN%Cg+F%eJMR}uD$9<-NW9D1k$EtOl;N~} zGN4BUfij(4Q@|uCYk~0AL1ge0YFFn?BmxLr$&3MHG0O3L1ie|;5Ttd>l$y`Bw zBoTfC65l)3=GTk%_B3NZU3=JloF00CJ=glL(H#X?;bI>iotuln3XBQz z-Hpikd-wGap<&Z~b0@3kie*}BlCscB3~7x#J{xB3U{C(DpWQUccyJ1p2)rY4{yei$ z+7Cd>xswS|&2IPG0dsr#ly=t*_G2OGyUY?~k7zWAwtMNFh4QF8Sb~F8&IDoA-~^_% z9=WGHX#RIcY4?8*R6d){>$3jwdU6swqQ}N%}>lJT}=1 z;K;c@|5+6@UuZCC>}lGSI-Rp;wrwr^s_U`k``8+RdH*-mj#=9;BHlp{=S->XmT_Us zvZ;du5+vo6B>v?!hY&tl?q#vLOOp%0$N@olHGrwylH3ZCJh({iLWsu!aOrSX(|ufX=w^v;WdL#H4PR zhG2T%Q8bVN!ns$0~ot%^`6%*hlNVE_#at~<4?WF4ECR~$*LR>EdsinYRf7ReCG9){1+{S4*{q?`31XK0YW>$ zm{2*seAf2wj5wyPduM?q~}R|_Y+iz2>{t2ltH2F z0lp6_r3WGnz$H3^?{$NA+6GP`$)=%0R)h+1_4MlTnk(o6roV}u2GIY|s+TmLC3$q+ z=KM)B@|Hz<{!Re!9OI=vt*77e@@juDBp+u2usx|BIv=4zb6w4A>G(n8%Q$$?W!Z%h zyXzn`Lx=R)z)j#0dF>}K!Wz&YGz$n|m-!yc8z=szN3`W)f&J{mlF*O~M)dN3KQ;cg z>};rS9>W=W4okGG)_zi6QDooXLpsJlh6n8aP?I~C)))z}Jhk2$590CTq)51nPk#)P zXQ-2~7h$X)q4;CyzET|O0U7wq+4(R1op$%j0)f%n=uVci2Znv!AP#3XH5ub5s)8>D z`D5vEYJTYX%AX(Rkq zm0hzQAq?#Rnd4YLnR3G11i9zAt-ngBedYBHy#g)4%@zOodCeSRkvT1JGI#a zmFn`ioy@Ol>HpB=zpZ5dhARB#cs?u7{3EIwUpUBx>l(bxc7+xWOA=gb(s|VIkxs%q zG5CjI-!)C_&(jzpE~!l#h0-r(Q{6#m26Mr!mul1{8awm(l>9utmR@xjdMNfrbFD>jk+>Nr+9I zsO{;6)qx1iwN!d*hb03SH?)5CDFMU&gde}2GJw-=L}QIDaCmUA+&Axah41qqy&rUM zlqutD`XJ-CUECk2O59jZG06{8d+D2q~Y)fT?_&cKH*h+&eS-?e?~z?MF0 zV&BjIp^^Z5t3&bg9LEHU0F;+v2^jOnHNhazSb;@TOeeB+b@?~3FamfJD<-mMB+C8K z9>v^+H0EzXJ*cx z!#Npb=9`(r?gw$CCtPf)Ue*d);sYMU7TJll>OGFiWih`Z&Hvt?73fmx0FSTbym@WY z^qRFJhel4h!DJC}`Grjt>L>>!x97U{qnTG=iB#2#d;JQLH-8~HYr-O5QcA?s?+CdE z?t4S8<#926MSg^h=N~=XsJ+n(%0Zl;NtTIc9SVIP>-R_(QygGSY zk;Arw{R|t=eNz@L&#l*Wu)jj%Z1QN<=RjAJJbT!+=f%&0)D0XnLVGtHgKl7e6k#{4 z0)~5goXkre5Ou?G#H)6##ZHPl+natsnf(R4E#x%-jeyb-{EzD{8!6gGyt}J6>_76B z|6w`{w6g_ytM~st+Qf`4Yf&wFt7MLYVLniauSe>!;IJ`aYL8MdTvp7SphNC@?I-=% z7J8Y9-TwN19p~@*-wN&Wlf!?Y|hpuaFa;U!4r=sed0n8fZT z4-(6s@^ijW*1UhSIn|@drPB-#@W<4F!n;VDNrB_$Vx2^2Ime=ftTf!9noU#6`13#3 zmMzbru=14+fB8DXV+p!%|MD*xvH~~>4_?cR;N#^G_I}X=1Y6+6uk3=IGa%@}hiXo&2_ z-54Ktv;s{T#m=4X2Xk_pI*EXD^xqR9*dMiR4Ka%sXhX>LJkYqo)*`3~juLmqDv;e| zr+Ubwy7+ZBHI1`!&W;Gr>N~BQs{Z%Gl~uJ*+FM#pzkAb1Gt&l_ho+TKxpY937`v=p z>xwFTSKD7_ zbi*iOKSzu;%uLuz)(SS@GTg%>x6E9TY#J+(W#_GUt8~tAyI8iP4W*vS3A1G_!=evj z{l+oD|Hccsi@E}beTPXs3_u>3EB5W@S0!7v_Ji2k$&b(@?ME@pYgU$o45Yt)&2nfh z$KgVHNu;1Qd^0_(^__JG{on~T4O2*w3`jVnR!AmJAFyOo3eC6PzSdvbqP(ZA<$8$d ztPe5!0b0&+B4>M3fN+w^y4C?nCTe*NSk{Rj;W5zh5`8j8D)Yo9Ik)`c5po$`km}1| zfk<~}`?*bQ9Njz0SMQ5QP3m$6J!pFHBVTtp3&xZsu0IzF$*yDVvg_ebjoT!Sbam@q zobcv(`(>9s(F5;92y2P+m~e~;k+q)5Y;8O&S>26&I*?VtJy)AlP0e_o-&vXb1EtYH z59(CDaTdQvMsI%1y>ZMuXb=P~cv42s7G-^Ejh@il){~2FL*~B}C4S zyf{CMFoT0H2{eND)`sWFdojgL0f=7#q#NS(8_`CO;H~lI2S@#$x1<=1CZvE4y)NYTWXB z^{9H&u-a@g@YuM&*f{Obw=&YIrR|~-0BIyLRI>wi38J0&wlox7pR&IBGtH0}Y8}1r zu9Z)G^;#eR5C`C?t=eM9Nuu9+g$JW7^o|KUqZU*`>eT4VH+7~?QVR58!@FXE3UZPATZ})OFUKt%S`L5A4Rmwl9jGk>RJi|vHyB<5Mp_=E_ zHlEo_DkY@+KGq((hid%Fd_v|Fr+bpI#-ibYP>KQgr)C$*92)1m(J-;-fQ=*I$G6lpM8!nM zPNi>YBvsVr1t=9x4`8T>g(?d@J;B&#HM#TXbymRaeG_&j8?j3VUa8V!3u-yG6Wqwr zIdu!*I3kQ&stGR^$-cLjTZ~FfS{O@l!t?-wnda#+Va;uL&B%AIcVi!}0c`7N6u&e7%$VB_583q;0}r6f(EQ;9QNeW_j;WuNQ0idr9+)wTh2#J9FWvE@5H zF{1ziyjoBc`sapq1LI~)#5hO-PjPiyj>U8kgxTn$Ndoh+pFXnJaO0+ie(hBO+~M2O zjQn&L1!xi!W+eHr#0riTtXb%UadCt{uH(j$@(VWsMOn-=nss`@cG7JKm;qBnV&aQ>czY^JUnk{`2~`epVBGrLr55KO1kldhd-V)tAnSx(i6N2$Nn{(RVKNz z#jNMl( z!Kt~H-b3V>A4Ut3GX?87+UEJIOkALah-70sT(-t)^TTGoA7vAO+FS3Vn79q5!RFKK`ga}^a+d#O@)WV~?U{S0(5KVo+>6hej z(^zT1H-UP@kWea1u@&j+#u$;54kU?d4qWs$&7WL}(uFoIMgMrcgw`MM_ndKRpUk4h z8&l#sO3Vq8IysQugy*>{6n|JsD2cmf-kJ1~>hSu{l>q6y#XaF~c%hah>Ht@=BoL<=t zC5I{ws^PC?&Jmt7!FP3Ux_g6;^C9gJ{8DbB(6`jBwC*>{=X`6o^W$m@g4*Ve1I8O) zLAv*GPYoWmVYeVmB_2_d`-C(k78{qA8)>IeT*ayC4?Ur>JL4qtcU-n@BnD^mpD<_y zaye0oXtVR2X*qI`--uJ=M;vI`o=*HKF|zi;e}~&R7l+g@1}9dD zE6W|)742yi)HeqhwO+D(c1q~QW~JXk?Jm1(dHcQ+>DrZTFi62eXKEfT;1jFKs4dow znSu|JF)!p2GoxsPvzV#078syh+!+SFcp|Yb#)z>)o#l?If93D8o*HaG%zv8txXp`^ z`KOQ9td{4txKjVMPrqHEmmFh;QV!ieJnLeZ=L}PHTvp{L-DwR&Y5`CS_5q}{W06@n zBY~2PeP%v#4~K7rG?MQ%K+(~4?}tcnw9WCPyW#P zUiy9rpch(Vcsh!)#!EeZvLdw>S1(mc!3c72WTT}7XeRk5e z@}=|jG?Z!xqZcnR%kGvOa|lW&79I3{$*_jedwvcj7P6pdrm;jJ5kmMcj3sVc!O#cnAA4<12gp+&Tg4}fc+xbUmDXo6xi2}U*qZR?hd$f*-myiycZM#!-x-)#V0dIb1O z_;tmE@yY3xt-FQ)=il#-owwc8VXn0?mOOvC{t7-CG=me^dv_N0cLf6zwg#o|e3 zaTw+Z27GYrK-K|}OkP4J3cQrXPAV;hK1nYgbD*+8pCHUh{|C03l`fJa{nkZ4HmoBH zg~vy{+I4(9oZt737ovi1s$DVkH%Oef2j6&a^y7)?RdOq=U_kC!SH-`7fv~y|B>dUQ zW%O(Sw;8~!#(#`+G8vXm5ngoeMaiQRNR;_f=)2cWD;d_gv_XPn2L@mvhXT{tCGzi*l`Akm`g z$A-9>*V+_WpIVSek=<~8J|R|^*0ZZWdBGyzSEaeb8RxSGp!!57AMtg}ppJWaK~5-X(0IX(C@>OrGpC!wSl$A}ltq0a1?~kAluq;~N2% z{HYOB7Oh|}VWaBhL35+~^L3b5sNK+=vzFf3$zvcvIuu#860{1ax$wh5iw>M>jvUim z#Gu83*YFapoCk1_AfbiXl8Qxz)=_}?%5bS5^Kh>+izqe7AB2CsATPVb-@?)7h6kaB zwv8rH4_o-gIJ6y?T;O&;h46z@h#RCISFn$&3Z0*KrNWPYCafmBKqq7LH4MfocA?@e z1kiEl#t#Xq!sfIOsz;KRXpdn7<|4sau!ukKT?nn*p4=X4E*y{aWOGIxz7^o4_hos@r z`#fnhyZW2A!ZHID*E=#{`kum}^bsx`ynM;rB4jDD@~9e!aM3ErENFb{-$^k>kl(7` z*(!%Lc_6O@Ed{M)lOSik;*sG(^dgV&jd0kx2&5dhg7621*+gPFn1(&Csr3E2PLkD? z;4hK(!@c95uEK<)D?VZ_5LG<=ZlWx&yV~UrtQ&IuFL+tKOAg!g{sNI4_Ljwx#8nU= z2TYAVGVSK^L6X}vnXFMDRgD{QVH|d|lAif9I9dsG_-jyl%A`(p4lA3iFCVT254rGE z-Q{ltWRb14#UzMG^A#yx;eI!80(3k|M38obeJ7Ma>E8cskF=e0$v|94WsLp(DG@pE zkM{Y+`*`OC{#n$vemor^(r#cp!f1Jg0N>cuchTSXRRaKvx$cM6%+aq=f23tAcWg7w zdVU>7^R=vOTM=%0nwR{ik*(Jm3pBl-H1_Pj-@7dtQm;QfzVm|H)e z;y%Nj`J)nX9cZfuwcQu>Jp^|~r|i#TXochE2{?vbARM}$t$680?SCrrCB)M>UppPp z`di24r84IQw+Q@7VDBES9_w8Hyj@fn1#X84{hzKB}Fh(KTPhhQWiMj)v2MPhJKo9q(w1dl2KRQS}`Wh=C8|FI~4 z1pIndppVAiKL$c9HYPKN>w1l;&s~e*I<+cq7bPhr8+zeO{$ypkyI%9|7-Npc3>&#D z#x+h1ks{gR439lUYd>$wYQLM6w@AX;O2ne3cyLAyd~p8DIp7F4?-OHdY*YOZ;vN(x z@9#yRJbaP#F}4gR|4`+{`xL?ujn!Dh3K|q|orrs)7dMfAF1pRN1yV{-nf-=Goxh1V zc9Ox3hc;MI28R&UgLI_mHra>0tTxM@?3q?qruaDM0+a+0AIJ2yoL5#c>tO8?gc|auibEGRgz6E^da@pg|Y#_h^1KDrgG&EtZ5`1 z1@Z=0vJ49W_1b{XQ%Bj^5OBXDxfN7tH?8@;$_p=p=mJ zvk}y-DcZWaLNFBV^zUE(E-G7?Bej=qguXDHRF`IAVWfx1U=9ehu)3Sus1HLYJhe|KKQ`5Lqi&Yv>&gC1F%8z^)_Jmj_b4Z>q$Jm?7e*Mj z>m}Bv+#1e%DRY|G5#xeK0=e(4VtzI>?QJJ=GUgDjiQssL2O^6_fg-lalx#c1Zo(L@ zEH+<&a|~_hL!jS=t3xD0J8{KqHZe$hha*)c*HFqpA9hPlQmxJIJi5jC(!P@pm_L zdQ8PO(XoXVXfkbDT2E^%J}VhJ=v4IJmpLG%cJ6H-SFN0j>Vk zy|l&g6uhcXpviJhupHh9enEpX+GLQxR|qdj(Re|%I%1Lql@oEv?ZWxze>foTKC4^p zg z;dtNdprtq)l0?~qw0^b#$pio6FFxLgQ!|IK2c;5zpRZf(VCZ4&TH?zlf-SdrXaWO! zMmbW(a4ei7vr8@jtLSn#YCDi2n+EH?*wLK#;m}KNHI13M2wr_u1Ebd(+s76u-A<)z zQPru6NHzgRynxAgRg9-@UiT=e7>a0@jLmQWYV@t9cm?lWEze}e5{;a0l!Lyv*zdXA03i&q1 z(ybbYauLjiGujZM$Wvn-hWz&05d zL#V1i`6ri}&>l2Fkp4SWo=qRet||7z+ZaMQJ3!Euym;gHH?cXuIv^Q)k)>gi?kNJ) z!3mDCf9`_84%R(((!my{J`d_x{tKSEyf&wBgs2)Uady1OFa-%wInBsWVm-A>4ebXS zZovC_-rx2wg|!vJr3lftByo_R(!wvQ{`7(fEw>B*ruI~i6wdtieQRjjkK2o8P~_P6 zV*=gX^asDsyN(z9Y?DI*xzq7$^Xpbz4w}rG9NqGMQLhb|U=NR@_yI|Mg-H@g%_2+R zm6CJtk`6>$z0dZ+{$8*cBLJUPK7vZViBC%P%zNSBd#b<7_|p%S8O+Lftwc0Si1SjC zVWf0%*hbN;z!s3+%(Bl6zmrA?N0V$t5P15*m@CVT>ZKPK1tI@+_HnO<(CR{gn#2&0 z2wAKZRJrnfCg2Xf>7P}Gs#mK2TO6#QQ_m-Xzf3C_KE{X2nE=rc?+ApJn}U2yp-{Dm zjQVn63&7R;r{A}QR&psX%edmJai-m-uIG5S?u1~hWltq{}j(BMdBdZl~o^uZWHSGx} zYa4ooh+Ny^Lm%3bTaZ9&9d{O>n~R3$c5HeKlW&O_q#-8JK9GnLD2o-N!xc&pc%Wx< z^}^C0pRW85Rw`F6thhHBME`*b_NJEKTx6c~s!fYjzFf`aeP}F7xA)I+PYzt!v5 z1cue+6U+?0V~8?Hi_SP4k#41_Y9-apn?z$H#(0JBP>^pb(MFmpM$?XkYnuVe?Y?(I z)4g914hQhV{v-w)P?g8KIpxRpBh|?~e%Rk{;7m@F5OF?IVFf)QbpxR1zO_3O$PQE3 zc3s(lk}a31I!Yk2DZ#~&#%l@{jaGNY2eP!-sim1jBj`C5fflh?dFpsw+j?$lKQ75? zXe-iDhd1zhKDfz+LIz^@*&pDkjio+B5Gf5cPLt|N5!U@{%sKRo{1@E%(io9ic&z!0 z0LX!vjOPxre?T4HKq(lsEPm2N#vgyQ)S1z@zi{l=&T3!K1 zpQM*1Mv+q`~ zO1J{zOG2rB^?sOsBp3W>w94@_=)uX%#t88Wr{=WEo{}6S#-{}RA?n+f0&w@AkrNV< z)ohR^?@BcD;Gy;S9qyD0n4664)9Rp3Z*mOIIPJW0n4N~n8yd?A z*ZGH|@%B%>@QkNnh^z5PBoi#0fv}b_G1P-^LKynE1vIFF=q~I1!PF#0kyu#r#!**t zSf~?7sh7}i>;1uFACknE);gN~V25U%!R>SFA`LhEpQ>z!^_-&R0G>v*kfFO2WL4bS z@|UIR5jk!^uR)Xg227w`SS4dN$@N#lV*wwNL;$?l?} zrYkc*t&$#o9Sq&+h(DL(X=3wxD{$tTrSk0jYutjuB-_QHzEzN^?%@y?SMdvAb_z+a zlrixc2~ZOMkaH&@Cks5hjkxqWj1MkK%o{@z`Kogs{mTS^%^LOni#=;fl3R-_mI#Fn zDTerQ%2#uXoS^uqAXRG_TMLSTTmo6K#;-#1kOd0{(2hHCq!%66C0PPe2vT$bV2VH< zMX~sMRgGA8gLP52Pu_E%1rdO%6wQ*DxlW+#q5Po+WB6SmJT_45b3EO2#_8G1Xo5b~ z;jNLXIBuNFbH(%vOg_y~Jt5

dU62DkLZTDJyaxt|6G6n&THfsg#w4Kijt`{(PJI zOb$}N%K_H#{PMx!ww#ckc=>`#EL+YVD|u$tri01#8$r7bs4}iAss2;HHpm za8cjEEyyp~!{Lhx3O7l{(C}|>olv7BOPp;^sUghrU6--n8pd+Jhai&e0cI<8qilrJ z;TD`t!9DdzC)s9F-5B>gBmtttF~f5`bJkBJ`2je)tWgJuE+<_)_QryrZ@2wiTFS|R zB(mFK!fypWB!>3TS2pp14i->6EJ#dy2nVlB2%Hgfrao9MqryFr0>A3w_ml|=#g1UZ zL>cIdWa(|Z{8a0TCFt1!6g~+6=(9lzAoMSmQ-ze^t|Q8pf&N^T1Xd@_M1Xg?BbHTS zDaU?Ahin;DhxT}yvcbP+0vhBbXKm`%34~bsPcR}A*M5+y55XYmO%EigA44s=X@_*C z??H(dvM{!M&!*Q@!HRP{b%?Qcot^57lHnSHqA!dXyBSPSxOq;Bp+`+p9R$m{ZNu6v z3t3+@kHIek9VT4Kw#FYMrCv)ox;r?K!iQHKf|(F^VO1P{N$6Nsb~H7ufD#Hey!_9S zGYOOtc|XU9>^pU1t-w1uh|eB*&C(oif?NazG)XgUnXR4Su8`9@Hl21(pU`xM;iT?#DW7%2Bre)JZd>~= z%)s2*x6?I0#&1j|8mpw`t|g7oniu|qQcm#Lc%Yl2g>PVl#9~C2(o@-cVXE30%xW8W z#bn0G@4|}>?`nZw8O}IOIiWf#CG2Xn$S06s3@x%lY9BOP5Rd_x(Ww=D&n-pByZkAA z1;HJZA;l@1dx){StmWCVSc45^P$9L+n zP#@q_&ZzZBK(EJ z#9{zvNe3k9EFAuJ4{CVd@AbS{WRb5_TPj;0)8EIWOrp`~gjeAwOlBQ+(Fp>vB*kKW z3Q$oo7D!V-ew;=fj49XqbnVkl^+f%d4#t5e5_)NWU+Q*$-0;ZjnN{|}c)IZDJ_Tb9 zTwbO!$#f^i>NK$p-ota7Z?&>tgOCWn$LdqE)qLpU0y6t2G zIb!1TFx7Bo)c^BSvkgp?t>pOJj9zqqoOZ9**uSToN$tbR3f~o=YU)>wor7jmtCAr01!I?z*3UOa%qgh9cO6 zFds*agPgWy+s#+5kN#Zxe!gB{u6?K6BDVNUw{FKj#0u!l@NoKMBQ2Z>;t0QClrs`F zMTVz^a_i{3p37in2caE{Gdi(AI zsmcj}K9(7_fYYsnuMt^hP@4+SP9F8!^4ARw%^lJ@_ z-mg=}31D!+XOM4W^W#B=Z|-h9iqR&sPp1`EW`P+|o5>>4;@|!aftkHo_w?9X^xcdf z*PWki8yNBoJ4$^EZ)WRTw_SM^+a+fhYR{}O(WaH8+<(uyw?24^1~yCR8x{{z@2~n% z+dCgO*WMAc>OBc9U_cu=gMV(t_1MCGmnI?waRiO|D4n0 zDP?ba$jn1^!dY3n9B%pVW%G5VEGjp@oLt7oh2I$Yx1TqsiJEKsrdG)1X zCFi*SdZmM`x>y^m*@2shjzDLX4dPGVur+XL!T_A(A{XjU=(2C#=mpMm-}Foc?PLWU zeFR_*2OQg@6DW8!nbVq zb@Nfk<6nmLuEN{t#(xzfUJM-ST6diohskU7d?yL)aL*Ot(R8Dag;7!>i%@;={5jkf zU@X#EAU{YMA7;fV#|peNJ1Gl27mXyoTgy#(NA14CT(wn76-0`zs6-a~s{F!&1c}Ow zTA>ytBpxUJF?3b%6HC)c4RNaOWw3zda+$ozR4+4(ynUuQF9;)XZZ`Y$V&3ROWIk)! zaMvGp*mE+Uv36gdVQkqByg+8SaS~a@&X!~F$M8NVRbxLFJhi;$L2@*965`sM3ph(> z%$u>Q#VuJPed>XAbYncHSg@KrnYrk=ReJob>^rvc^Rm+(c!s-OEvkNJfR|9em67Hm z6Pa+;BUZhCTsEr8+56WVC+bE5%o`;?J55iNJ6S|w-Jbkzz8;D9!FCbh#9$^57|!U( z!^HrkBp9J4Ot_VuKZsOUNk@7mB8Uiy%vI6Ki_TCCG<_5`QKySD=P{y^V{xZzx)G=^np&_E{C_Qj2&x6b#)@xZI zI!ll!Jb+X5xs4!Ht!DW0u9Qh~e{j(EUpkhIlw{+3!=#D9R*xMAw_*UyIqtI<8lNkf zX@rEilq6G28(Env2_sfzf24}#*-8UoaHf~G6)M>Dh!%_XEwyQ|Q33MG$0nC!6>)=3l3SRF} z^4zn0ZP@=K&qjYYuVc#&2aMD!>||_D*EI%DP|qLIlABf$+uA}=QPJ&Y!=H73c3B*F z-ds5H!^r*w3z#im(hM+^MN8U;NqigK3KX5wyymjjcXh<`%~B6?z5d}hpH{cGfiaX* z`@5NbXlF$W>C>h2T6VvspQCg@6{iihr3hrIJ4)bGU%> zLUpgp!$M!zT3WGRcm?cEhkmp!XvM~Hd1*4ufi+DJYV*1}l6F~y!A#N2M!#IL

at>hiZNv7>Q~C|b_v%}2 zCL}wR#g2K;_a6*VxJc}EYo3ZE9-~C+Rq{9Co)n;d$RIB?{j){%nUp~QA=x#}qPi|x zgS|A5D2DoQ{{47y0>6duFb5*{Wz!p-80T$KnwlPuJuMwm=;k4UZ)57gX-0G&!~v1M zFUO_h-YDG?9pH&=(`C07#Sy1tXU0^O!iS+#$f?%fYFx5A4We)t%#P*|3j!O9Qc~gob{{cMNhs%%8F}ET1TqcspXS1+EtJl z3t_Z2!pip`HIb(R*lAcpGH(zuN3!`5dBt~52Reoio1e{^?-%u>ME8&an%S6l@cC`q zoan1te(76faJPDN>=A?g)mOt|h7zS5x@LOH=Nq;yiv35Jr-K5{&DPKdWdls?f=Hbq zY<6;fX0^$`ev+|7l|sTv9oAGGw7v(0vin}4e5ufOaL*`kx}9;!H&{K|{QjdVcg#$9 z001%JfByv#gH{l3(!mlKk7l|aZ10$rJ1A~&?dnKxWTdiB&V#OV^`?xYEg()gTu?yX z+zWF`SjMzp{w^(agYE%F!dtTJyH;{sXJs$`(?CwDA~pN>sOhrbSS7mUSHqxe`1(!B zgCj5nVs5mL8(e)A^wd$m4tTy8$R-MZlui4@JX!PXT?t-#Dd!)a_jbKr(4U*e(4gi9 zERRNyq+i>PWo^A#Wyt!N6r$p_6vnfcBQkf$_k3>^pK!K|!D}oo3n#0sOrS3-=C_cc%J-T-3Ts>& zKDoPU9A^Jh%~^0o`Sopkh8TusNQdrjM!LJZK~khU1f;vWQ@Rle>6RKA1@upMNev+- zJlyZMc)!8E_S$P*d!N7aI6yt6+S=ZTg?YLsg==dY#kC9qS2TU|z_)*`|9t!fNv1#Y zy)n04^S(~Et(U+Wn0zOWy=6T+l5I#H@7A&=PxY(1PJpPUgRH*4Pvn(h;G?TqJip71 z5AXR`a=GtJwo!#gC%JcBq$;P!uvQy$CSQ2#s?H?%kLz^3ddeikmPR+X`yg*cxiS&K zd;sCG``!wWfjSglA`P$lxeP`Udy$yBg_8FS*6bYDeK}iy{e8kSa=Wh&4>mJRzg}qK z*Azw8HyZFZ@FQ}G$2#Q13N@7JIJjiy;}wCFic#^BPpqQ7i?m%hEA^BuA7;~TLjIS} z8us5cy_SBx_Z(ckKaBU@u64)}n|)V%_rBH|nn7dkbbQ_BKsg+=Om*h*$zoQ*RZm^) z=BG<7zMbIJRwqV4?%~}|a`p;;On$mgw{ zbh1F&q34L!z?GdKOR?`XvrDx(#LU4@n&a{j76(D)5=yvKLNghj8dIe`MGBKWsGF_( z4C*v(os2Y!@h^nTs7&r^1eI>sLJF4e{3paL7~4AGQcUDkuiZ(4b|{UeP4nd!_!#Ec*?@u zKj2o;DvFOm5v=HVHx)vsYnjmMO>;^ z;Do|%Mm^1B0vDB8{94NUcP_eR^?6MBmCk3z@;TMAPdk+4zj)Y~I#ae#FyYwaDbb^( z@s=Zu0!PW}UAom`7kV`@XK7f&P`w5}W7C#TLw4-_Nnk9?Y@(E@Dv$LIJrsAV2jWc0 zs3Hx+(wH2CjdvLw8_cWQ)+SzX`HSEvPw0N=m}&jI8?ifFK;2!$GTWSs+?=70*ws4j z>o(Eq10%j(NMe&@5&D_9>JHxBDA% zx)^+0_U0TGaNS|+E-?r2{Mb95(u|L=Q>+g0cn z+LSWe4?vo2+4+Y5LJW;1TQ?K9x#bLakso!-B+;E|l#W5Lns{APf^>ske*BO zB6CiH7-~76dJneYr|GuUu9Jpka4$mwS!iR|u|sYp!8|dmA0F#Rn9p&Rd63^nJRFkV zqe`;9i6N8q<^uLx59*j6F&TLBix-w`5z<1&K<^V#X0G&}OkxYyA;wOm27odxAuR~b z4+tI!9KeF2yg~JNJK&}{FU8GhkDgmObyv24H?LFxQ?BxhV+;R1yC|lF*X1J}LMnsa z2HvHSPSC_1!RX)ev;xv5rT{rWG+3u0)DZm%P@p&(3vrV6p2jxiXqTZk5kvHj6g`pu z^8(Sy4D5w485~xwM8))O-QE$weVZ+vqtdr3FwnR9Az!28l~30;bKLI(s^5?ao%Jt^ zD>T~jqf)*7?bCfqT7rxD2sJC&ZwYYWrZwlp@R+>e86&4lzV@ZnWE+D{$dfrooDSM{ zyxuJ51JS7{-`Q7WR=o4v`|85TkNEnG=ePf+E+Cg`a${GWC*5#30WxB5D};}Frgc{Z zWtq%$22d&tQx=^#np2Kf0DVuG^n*YJrop4R5kY?@Feh1V4KUZRKh}Iw%Ln zy1t=N>vA(@+2;ZM=g?Ay@raG=WP2Y8cHxB~6+$P`3mD&ZPowQFY%8rX#wa`sK%@FC zt#Mw)cnZS82~yTO={$rKsSPDC(u#P&IzD<8prV|zE(_+~Blftd7wIdiR8}1SOny>|; zZbe^o|It{{pFoKWt^(wqY7}`bsxYoEghLs~EXniL0akVtq}gBm;^?2i7Xf9=zkS8= zQI&bJ@8Jz4rjo?NZPRgI$ZrIq@)v3#n$IBXoz4LP7>v>t+Q+Wr6*S6r9>Ql|+Wl&f zu#w`P+fOyFRKG)@pM}g)rS#e>ZEY6c(7QI0xMfMsUh>=C7Eq&Et1?uj){2({3P+htjh1=-(OWxfFv4qm|fft!E9Qc4mHu4xaN=*<5pngU!m`<&xA zRyA+`_+li$39gwqH;_HUS_4w+W0r7Ti)jkyQl#O02*KT>A*je6%f0c$n>HnKm^{dA zp|buYbF{sk2KgI-`cVP|P)|s{W%Q5mLqFtO$RF%UyF(TS-M$N65V+!>h3+mDd)D zGoG67y5weqetHLktSX#e%Qu?}453CE2uAF&>_4l7^jTAJwn-h@RI+ap@8287XmR^# z50tkF!G^|v2pAx&a?>QLp69QNlV8qe`Hq5Xe`WM#$0X%|>D-t|`x>W^=A?Rv4o4Ax zdz))Q_VHsty{sZykaR5<%haCKTV@<0E83-~4?8?`nLeY}P=p#X4?r`>MPuLR4|BNN{aL*3g4~p^n}Fm8J+SD5L(+vstSaxui&B9B_Z9;blGG%dcQLw`UNnP73NnjuQ2&95rLltqYgA@T zDNMmhk_wEV6ab_jngsAkJ3~|!WXO(9;2`gzSXjzIu)1BgoBN3SOQ8uuv4)T)jm+Vp#it7?fc@{^79t#JXa5GbV*UkMBSUBdPK`@=FJ zVYOW%vo>Q7!EYWj2CDBFjP8J{b8(saI6{anS@lsVe{p;a0$%Icz!(1;Dp$-9(|<3P z6z6FGy=eeBMxV!7fzZqLC>E;(?uYu5rnHEZxT8Xp-3b}3%m3a}{q4^~VaSL_@l^(E za!xnjonI+Qt$pa4QHmPV(?J$Zwke@+V>fB8-r++6m~)dRzs2ePhgv7H`SKBkT|w43 z7buA)rb9;BCGCRz1N32k@r^_KZDiO9b^##|+hPciV&sxHvC zso)0^(CC}$IFzD=wJ1cAQAAQ$iq0xAu*w%~1Uq9=pWYNo%rG+kOjqziNll&+ zD-AOrh}wn{PPV6=_@)YGe9>Z4cdGzfb26Z_MJiU7l3}b!X>eRLg|Jb}T=%>&ydSrM zmC;etXHsY1-t$1f^!BP5tWV1Mh7tXydAwl+B?yzhKTw=}tx&AwYztm=Z%YMeqrw!V zyw4MiU8KfAiOa7oE@J|Z5{(#D#qVBVhuWv-<1b$TA}$a2enp<0HOklk;j44O+GE~N zD(rkngeA|p0H}6e*DqQvDuWzm^ufM%(XItquiFmgiwe&MazrWv*H+1>Oo!q8E`H|G zq!k(&6_r9sQPefu{CFhbrGvd}K7f0$Ka0zq$E^HsQtJr92;-$8pp=$V>W(ABT!9Wt z6qiHhP|Um(^JkTek#^;KV5DMwKQ#@`TYO>JBh@4M*{#v;CHW-6m%nB=*X-wj|D+S7lyO8L?&h_il15S6vjU0D z(>jKGD{wp7k7yEw2W8~q`@QA_IVG4A~WFX90zt*su}l15BK$B_+;MiLs2GxnkK@Ul~6-lJA?POB2GRDS&Sfg=mlF88EMHhFZpe{eU9$bnF~VyIzzK zv%A!L%mjjBuiw|^iJ9GmTO5U+XJU~tZGW9a4#3D45bz#|yj?7{7+w@Fwk5h6+K%MG zHJayPJT3*OS_T;hl(imKBb-lq(E0+%iY* zcKY38P6XZeW=I7HTb*DrAf~j?r<9E1LYO89Fyx1=)78s;8tj9yPK7HEzzi4OC^#Qm zJcJC`wKj;=@{Mt1Zit#cgzij=E8rTV;bZ_myK&n*uu-C%@dXXt<@VT;=Hc}UMLtp9 z%zwU-F+cv1Sf4i!ixP-Zw(cruZQJ}MDPL$QV3C4WGDEjF4rM!kJaPtwNK=My6q0lV zgf3QrW&oP>I*h8FIDelNV({D*BShr~_tB%?CDk1>ypzK2O4a*c8{ABwj$|)EHny9S zsxCSpKny~{L1}1Z5IlZBbocJ_Qw8PUHJ5&@a-hXt$La*To8{PgCSv( zwKPQY524jV3}eXNd)0*u)dKswhO7$&%{KCqsNW@$WXxVx*Zu2wu!T!tMxJBu^>>vi zXC$mTn`i2)v18zDO$72l5a@~81Yu2?v5Mm9*0#F1OVPzA}Fkm>wX@V;TIIFsW39-Rx)?e9q= zUGD2etPDGthBaa(IDr%EpGI$vF*UgNf?(?R;oH_AZeUahcZb5($KhX3u8i{WWJc$D zKb2RJoRW+N?l0IpR+?BPmQkC3ShLj{v-%_`1L8QoTxxIm-5mVoum^*q%NEWf1trdS zYFDdafDG#a4uil5sdI?rKb`~-o0#i5qhij=O^U$iK^Tf>$~c=04Ed| zWJZ|@T!me`obAZ_3Yu=B&xk8WUc{P|=!T_1+ljvrsC#P>Tdn2W<$RV|d7kApiFh7d zppy?P4p*)?q?c)@<|#(O;NMt?4?W=v)4xoM;LcX&W*+fF+gK4w?(73{Afpl^K?oVMylbuc*yZ{J6KQBNggy zf`S^o;EBmaRKRxs+TrV)8Wv0hT=sO6Z9y*#koJouOqLFDWH1#z@*O+k?wOG)_whYZ zj=#$xB0^k9-uacp7SQiNn!Im!CgM4l58W6now^q}>Z^M_}oyoo?H9JbS z(B=*=#Dt2d4UG?3n;H)Nh1;yuq ze*TFc)FlSW`l^14d6~riZke7VlC0QTJ@pp}^2a66qF*hNYY26s6$^F^tvC4D@Yj8| z=oliP+}8DfgG!1VR33hx`svN($yP8*o(SDtP69E52qT$&;*d_*UX$%7o$~gG?H7qv zjCw)nV~0J8Z{5IOEUR!yVb(ruUll%GCRUk5EY3G^084(fK$MuWL!efI?`CqVfnqX3 zmZUm^osQE}*4>7)2ibtXQGfwVV#C=M@c>$?T{XVPL*uk(=deT}sIVnf<}?Uq?P+c@ z56V9W-kA??0A5TkHraZvBH6~R`s`X@_;Fo=gh9^q{1N6<8sMdnQm$l{%`krKg7~qR zfH3ZlILp}Au}HCM6CCsjjX9OXpk7?a2zGx^QvI5Twl%CbvszM6=mGxkF&)iLo0 zlwnOf{`&_gz-l@VgI}ueoXudXrpC zcxY@lcn$a=eC|IDWQ!v1coRF{X_@MAZZX<>7$Y`Bj3=zpNpcxBYf%4-Gb|D#Lc4X$ zkr-C$8nvP#xR=oECwEXu&icT&uCwKrS#>Z-uHh#td*CXtYM9es5x!)tdC8F+xtSee zPS_G9$K#tN6@cMFQb{}WHj?EcJ)|4F5Rcr)Eo~NcXO|XbBekm*deB|^dk=kK8OLr7 zyQlW8XStKl4RIqjcI3fQ6px+03n=@>v zuY)IdRaNN=W|8lgVVx~#A9$9;(@a4k#nwZOe$IdQEsgT#Ed!w9pqV!jEaTwu|Gd|^ x5WI?LB!k<%Rbp>dqyPV9-~ao9X@-jzASh`bN|&(m>woHWB{_B3Mrn(%{{v|?I->vp diff --git a/ui/goose2/src-tauri/tauri.conf.json b/ui/goose2/src-tauri/tauri.conf.json index 11f0ef4aef..8b555dad1a 100644 --- a/ui/goose2/src-tauri/tauri.conf.json +++ b/ui/goose2/src-tauri/tauri.conf.json @@ -44,6 +44,10 @@ "icons/icon.icns", "icons/icon.ico" ], - "externalBin": ["../../../target/release/goose"] + "externalBin": ["../../../target/release/goose"], + "macOS": { + "entitlements": "entitlements.plist", + "hardenedRuntime": true + } } }