From 3fb8552fc1847789ab2e60b9f6db6aeb3f6b00e8 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 17 May 2019 17:34:45 +0000 Subject: [PATCH] Merge branch 'docs/dependency-proxy-ce' into 'master' Add documentation for dependency proxy feature See merge request gitlab-org/gitlab-ce!28096 (cherry picked from commit f4dfbb688d979a81abe26dd84af0ace875dabe5a) 516344b9 Add documentation for dependency proxy feature 084fee73 Merge branch 'master' into docs/dependency-proxy-ce 14b9e8a5 Copyedit Dependency Proxy docs 10811da0 Link dependency proxy to the group index page 900d40ab Add example of a namespaced Docker image d7e2b4a7 Add link to Puma for source installations 18e68c5e Merge branch 'master' into docs/dependency-proxy-ce ac62bff2 Add note about data retention and fix heading --- doc/administration/dependency_proxy.md | 150 ++++++++++++++++++ .../img/group_dependency_proxy.png | Bin 0 -> 40162 bytes doc/user/group/dependency_proxy/index.md | 74 +++++++++ doc/user/group/index.md | 4 + 4 files changed, 228 insertions(+) create mode 100644 doc/administration/dependency_proxy.md create mode 100644 doc/user/group/dependency_proxy/img/group_dependency_proxy.png create mode 100644 doc/user/group/dependency_proxy/index.md diff --git a/doc/administration/dependency_proxy.md b/doc/administration/dependency_proxy.md new file mode 100644 index 00000000000..4dc1f4dcba4 --- /dev/null +++ b/doc/administration/dependency_proxy.md @@ -0,0 +1,150 @@ +# GitLab Dependency Proxy administration **[PREMIUM ONLY]** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/7934) in [GitLab Premium](https://about.gitlab.com/pricing) 11.11. + +GitLab can be utilized as a dependency proxy for a variety of common package managers. + +This is the administration documentation. If you want to learn how to use the +dependency proxies, see the [user guide](../user/group/dependency_proxy/index.md). + +## Enabling the Dependency Proxy feature + +NOTE: **Note:** +Dependency proxy requires the Puma web server to be enabled. +Puma support is EXPERIMENTAL at this time. + +To enable the Dependency proxy feature: + +**Omnibus GitLab installations** + +1. Edit `/etc/gitlab/gitlab.rb` and add the following line: + + ```ruby + gitlab_rails['dependency_proxy_enabled'] = true + ``` + +1. Save the file and [reconfigure GitLab][] for the changes to take effect. +1. Enable the [Puma web server](https://docs.gitlab.com/omnibus/settings/puma.html). + +**Installations from source** + +1. After the installation is complete, you will have to configure the `dependency_proxy` + section in `config/gitlab.yml`. Set to `true` to enable it: + + ```yaml + dependency_proxy: + enabled: true + ``` + +1. [Restart GitLab] for the changes to take effect. +1. Enable the [Puma web server](../install/installation.md#using-puma). + +## Changing the storage path + +By default, the dependency proxy files are stored locally, but you can change the default +local location or even use object storage. + +### Changing the local storage path + +The dependency proxy files for Omnibus GitLab installations are stored under +`/var/opt/gitlab/gitlab-rails/shared/dependency_proxy/` and for source +installations under `shared/dependency_proxy/` (relative to the git home directory). +To change the local storage path: + +**Omnibus GitLab installations** + +1. Edit `/etc/gitlab/gitlab.rb` and add the following line: + + ```ruby + gitlab_rails['dependency_proxy_storage_path'] = "/mnt/dependency_proxy" + ``` + +1. Save the file and [reconfigure GitLab][] for the changes to take effect. + +**Installations from source** + +1. Edit the `dependency_proxy` section in `config/gitlab.yml`: + + ```yaml + dependency_proxy: + enabled: true + storage_path: shared/dependency_proxy + ``` +1. [Restart GitLab] for the changes to take effect. + +### Using object storage + +Instead of relying on the local storage, you can use an object storage to +upload the blobs of the dependency proxy: + +**Omnibus GitLab installations** + +1. Edit `/etc/gitlab/gitlab.rb` and add the following lines (uncomment where + necessary): + + ```ruby + gitlab_rails['dependency_proxy_enabled'] = true + gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy" + gitlab_rails['dependency_proxy_object_store_enabled'] = true + gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy" # The bucket name. + gitlab_rails['dependency_proxy_object_store_direct_upload'] = false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false). + gitlab_rails['dependency_proxy_object_store_background_upload'] = true # Temporary option to limit automatic upload (Default: true). + gitlab_rails['dependency_proxy_object_store_proxy_download'] = false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage. + gitlab_rails['dependency_proxy_object_store_connection'] = { + ## + ## If the provider is AWS S3, uncomment the following + ## + #'provider' => 'AWS', + #'region' => 'eu-west-1', + #'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', + #'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', + ## + ## If the provider is other than AWS (an S3-compatible one), uncomment the following + ## + #'host' => 's3.amazonaws.com', + #'aws_signature_version' => 4 # For creation of signed URLs. Set to 2 if provider does not support v4. + #'endpoint' => 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces. + #'path_style' => false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'. + } + ``` + +1. Save the file and [reconfigure GitLab][] for the changes to take effect. + +**Installations from source** + +1. Edit the `dependency_proxy` section in `config/gitlab.yml` (uncomment where necessary): + + ```yaml + dependency_proxy: + enabled: true + ## + ## The location where build dependency_proxy are stored (default: shared/dependency_proxy). + ## + #storage_path: shared/dependency_proxy + object_store: + enabled: false + remote_directory: dependency_proxy # The bucket name. + #direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false). + #background_upload: true # Temporary option to limit automatic upload (Default: true). + #proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage. + connection: + ## + ## If the provider is AWS S3, uncomment the following + ## + #provider: AWS + #region: us-east-1 + #aws_access_key_id: AWS_ACCESS_KEY_ID + #aws_secret_access_key: AWS_SECRET_ACCESS_KEY + ## + ## If the provider is other than AWS (an S3-compatible one), uncomment the following + ## + #host: 's3.amazonaws.com' # default: s3.amazonaws.com. + #aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. + #endpoint: 'https://s3.amazonaws.com' # Useful for S3-compliant services such as DigitalOcean Spaces. + #path_style: false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'. + ``` + +1. [Restart GitLab] for the changes to take effect. + +[reconfigure gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab" +[restart gitlab]: restart_gitlab.md#omnibus-gitlab-reconfigure "How to reconfigure Omnibus GitLab" diff --git a/doc/user/group/dependency_proxy/img/group_dependency_proxy.png b/doc/user/group/dependency_proxy/img/group_dependency_proxy.png new file mode 100644 index 0000000000000000000000000000000000000000..035aff0b6c47cec54203b77c8f52fef9b7f10261 GIT binary patch literal 40162 zcmeAS@N?(olHy`uVBq!ia0y~yV2fj5V2oO=Afe*Nm@H`g$0 zgN22~zyJRo92{=kxN*_n?BBotKY#uF^XJcxpFi&2y?glZ;rH*~fBEwDb*atr<;#nU zi{HL|`~CZO3+uYS|Nh>)cW=Xn4ZgmkT`w%^z`fVTUuH|LPGZM-#=l(gqbsE+Suh?x^(Hng$r}%&U1Bj zZEtT62ncxn`n8vr*Oo0?>g(%Qty*>E%9XypzKo2Fs;a8fr%x|hv}o_%y=&L5t*EG2 zvSi7}j~^#ZnzViU_OoYSef#z;E-tRNw)WYxXLIJvS+n-sf&~knKYyN{Ipxu#N2gAm z>ged$xbf18m8TPv`?qYldg|2k-Me?ceED+f)Txsu@3?mD+L|?MT3XjsRWCks=1gd4 zsFqH`lP6CGX2zhAcOq=8Y&;w8r}-h21( z$Gc@0*DhRm^z*N;M;@JwUX%Ih+wYRwtK2*)ZpB!19hsu5pJY|IC3R!b=FOXXz9MY2d{pc{p@hV{_e=$=U;#RnfQ3mrc+-Q z?EB>6-ZtsP>>F?HJbd-LYt^MUpMJl7|9#z&2YIt!9k}%T$j7_4o_?=i{&v!q4-3w( zNHPnUb!PFdI|tr2+pW8{wS4aB_cNUyz4~(F@rP;mw(s$>ew1N#{`{R&H(#euI_f$h zC}VL^{o-@G-`%)8(c|FBE8PxmmZmYwcb)FvxZ}lq*KIq`@7;fKR-S)NOz^f^Zx6$; z4R0sp^OFc&t)*<)rx_R&7(87Z zLn>~)nY%mx(G9udF9S-}#jItydq=C*O6wo5mWp_S#sr5XZU;6_$%TUajt2aSTn>WU zIh0R%h)m4;*O=)hmD&9!#JF?P-N?5+VW00+pFhp7pm>nqY197vi3!p<#WjC^|EarQ zJg4H{cYOg47N*8I)7U>SF*Q0Uh<_0J(&V5Z!0}`YgT4YtZchV<3z0p*4N~mTAP$mX zi~~uqR4_Jz=nqUxk(V_r?lRkMSawkGi^~CSjxSq8T5jx2mZf#ZvI|$&yB$CP1E!3?pu|=k;!K(=YiO=RK-X5 z>7$wdU%XKf_z-NnTjBK*-3L!apB;bu?gslN(L06$4_H|$Dtoe&O1>U@|NVz%{0II0 z$D8Z-9c;+l)jxebi^BBmJ%$CxL4o?zv;Uc16`!Jguuxymv#Y z{LP#^wsM{&rQut{=li^}Ee)T)s;Pmmf-zG|>&2_$ga;3;tUkZEb$|a3C$EdKdjj&` zgq6QxzRmScqC-QMFE#gFr_Gd04dMb1Qm0RLWR0!oOxP3P&XfJ_V?lAwzwQ5D{E*TN zyL{yL!>8KJC!R{>^V~5M2=$Geb64XED7-%?iJe*#UCOnH`L9C!+Gj7jeOzvw4AGt6 zqqT5{kngj*-j@%(uoB>qxZ1t&=gWluPdy(%eaClnUgd+lLqe^zI@KA+AF-;r zs;`iX=~r2ZmzdJV!bKNL+4L_i-E%Zee?q{XxPIl6xBCUoq`2;`-#PPoSkn^^bzQyh z_2K_EY-zc0^y2a4Ch@q<2JvV5v!_o!@IY1Ze0s~8+NISGp9V3X_&$4E-Sus8yX5w! zo%P^O`tfenapAQoaoTUKb9{?F*G_d>T^is~^1?;&L%#FY&I6*EAuI8XUvFtWOIfAnzW9$`*KWZ-B46tMFMs~I|9G=#I?v?P0-u`A2h^AB zXczC5H~$^~{8yTEo9*S;3cp9k=Ghi-0--M5Qul?QPHN7K274HvS?`_fX5CZp;;e|2>FH&G ze5oILn@?#jZa!(&k$NS}@4?bzS^q00-8nAVDHKpPPhTtO&+mGEw&u(IJCbhBKX2Ne z^G|HO%mw*~aF0@M{axl|i><#MzL9lPmitwB`Cl1}OZ(q(8Hfhz>=Ji$Pt-ksbK_0D zCt{tmgM?ayZribzIUku;6=L9~pHqH#?$wLEt9Ex!uhES3Pf?v+7%JMbW~=` z>?dwozU!ZQQF?#7-75PJ)${h-*xBAvPuBna`SRoG=T`>0?cHR)WbNI9rzkZRtXjJoF^nzsDT>5^m6uf1jVcnO>Q}YlY5SG4Tc_G>P<+0IQSt1r`g0}bqB5KBip_FR{G(7K zDX@!$X@*v*_*6AfipljW<&1JL2yIHR6PX1+ZCRx1V?E6Y$29W&l9}~ad+R-X zD$stwbE~SV=O$fSj<|0jS0~=s;kQBh$>#GL@A;kDRM+=+-bK@=6DKq3HeWC{i+=MW=fI1mpGN5=hCiCN z+dFGK=8F4Q^EcmFzs9>N@z#%D{z8fopT1`S@5~7a5%m&#ES9t%@Ak4ecIuFW&zeU}aS{3YH{6&`v%URd@OJaj4TthR zMR{oV>GVG~*?co6n7eP2*v&bUTSWf)AKde_H`n?Hy#od7sEF(KAw>&R}*>M+wK37WbqXK_iK*F zKi?cVwXj)E{jA(Yr>I%`x~6Z)%<^)o4?E?#=ftfCb?y87W<+=CJ)F#Wa?RW=l3ZcS zc<%Sy`(c%Cv8hmMd+nZ(-opM#A2$Vg&E%e$rx~4_xqi1rTv@QDm}#Md&0> zd^r;f>zqs0KF(m*uS~hi7ymBM?*Z%msD;z~#IuV7g}Q~KQj(0fOw?>HIn!5}KdWPn z;nTHY$63xj`*kf_d*P$JJ%36IK6I~iiagexd0C&Gz5eD=?>V!kibyCruDlr7Qk3M> z^eE&w_saJ6EaCM!#j}k>)VG#5!mb@10wl zoRvN9UVSdm^vfY~R$B7UyT`cCZC~8xew2+%#Z1QdVPjO!rK1sDdJn&rywmOcsx`Z% zI^yz&LupUjrrVh9v)?Dxp3rGk^lWDG5!r4|!GCpTN^(bM{-5B#U+ZG5i{|4)PC5Ni zm4^)St-8ML@T~YcAzC<7vyjtVGyH=Sn~&P==IN5M^Vb&ciqKgtHeWt<^U|Nrse$Sr zjnqCL`||7Ql*>;oG8+Qy*k5Z;*d7 zxpkS5Z?9yWhl>3Z(Ip<8BIh5>=+%FI!Q`7zV$4ccrS97G*Gy`k1{MilH#=y3f6bvI zI~~v0oQQO^a(n8wXUdPTiD8Z^*Tj?rPtG(>t~j~rS7Oh_LmxI>sX2Bbuy5i{eSNh$ zvvUnoJ`~kov={rro?x_T<%iwh&+f9|Z$B#^T{Zit@xI(G4l#v0e8C#yxiZ$8qQ>Zm-_6?~6dxZ}!2o-yG_l(}}0`sSOpYkhI zKRDIt@Rc_R+;zD|w>SQ(rRAo5^Y=ZMoX`+eHL1Hetz&xj=NIfuf4VCQb>$Cor+IHM z)wbHV?)4dmPj@1|UcQ-q{C3cd?yISqcAw+^1g5`P{kUrxn~X@z0ZZAHQ^U31R3ziPO|^x(>>Zzmc*&FQ^z*>jSU{&U%)#huBv;rCpODh#h_-1leFZ<_0t z@3Qts$rX|2cl(m`r#`wY`Q+Lkc4_?s;tRaf-gll9XOEp%_tZVE^v=?Xowx6oe^NbQ z{!PlhTwGG$M{32_lrsN0TNhn5?GjH?P3vqp6%?~{8jt>ohBY=;pIaDjoSG2kocPM{ zgzT@a?D|r_onD;ToBrb=>;1P4(^^?t(w3JBTt6eApRj#`yDQ_zM^XE@s&A~x>I%FtcF&~yi*-^_(c3T3C}Rk#?$r5FV@PwjtUR<@=wWdDVI)hBv8 z-))-S)p<1T)*HF3=np~JYrVx69??AFTr}lf;w^st*DrY{={h`Ms(|e`2-dGovac+P!^zc&ugsyMhV$hB;B_J*fA4QB3pBx+`x z?{MD#?O^wX1+t=>&$V@xUW}Q!ajRaU)}P`RKZK4oA9Qf?R`5Q{(0G$MrRFBT{*QGW zQDr{8_m>G?KBE!mamBTPgXhuFtu>tt?jJqs4Kh za~2BsS9$#P_$=eAI@wSqFG`*5`%bM(EmDRb<{a~q+7!dM=fW9=&h3&OS+kOCXEDV^ zS!+L9>VDX^qD3)E``PPa?Jb25o5jyhkQQdL@hn`h+rpPgUuC96?Oxvs!K@Vv^%iZn z$lEOyDkFcZ*0<$G3ERQ$lfB|$9jV`+wM-3q_qV2K^Xcshr!78gdbGoP?R5Vs()l%e zlk}~vSs>LI$L#KsM{jRzH;X)P1Z9ErYWbHnxB{ypOUEF z`0k4KIsxySMVu>ZiryXN`(Jfa_$}YDZl_#^Uu~`8RXSHJ8G4GlYYX! zh)>O*zZGmPoc<`a{{C5U`};SfUnjqA{kAfq;^fAb#Wopk+TRYDZdamr@3yM=trvQYNTUAlWpUQDm)iSOV$cJ8Eq*L2SAy&Hb@M{RxS_q5l}xNExH z>DVpF`gcA>R;(=KO-YK9es=wdkFA}srA}Oyc6y)dtdEOszcXTaV```6m$%o^d)jBC zD2op9lb4pPs=s@>q5k+XKGvX{i$6AhJQU-ziCh1SgTT%D!Uso*su0ZD?EF_sG}7?Y#x$9@64yYzH_JEgSQoKn(m#WjOc%vp7=L@Dxvk0a z*K46y-@hy9F>jptf7$Ja$78#u_lsG?RqstcKeuuEiIvHX6^gHR`@CZ>TC$p*(0&#fZMT;FZfk+)B9%5 zUw!h!%8MyV^AfEZBtV&CLEQW+@07vGfYs=D$HI&$Udun8InX+NmXf8Ayy3U6a+7jMRwx@<{c)ufXTS+{+(m7qnP>ICRvk=EEb&qUNN8-`hT|QPt1gvY9Qe zArI79yp&s#!InlGcea~ntF4bpyqnkPd|5Pa-NaJ1 ziyZRjR+eu1uKboI`O{IY)is%4pP&EpOmlTi;vLad-}djhUEcQHcAw$5f4e(Er*eNN zy8H0->By`5L|AC$h_s93_`zGGQs z%c8k6e4LA&c|I&>uKMUYSMuoT8Po0u?6H`B{#bYH_Ruv)jhWfwvKIZ0ictQxY0uKs zACkXU?l_fj;i;AQ^N#9v{uh&Vbmq2xlC8M7^Ia78he?~6K3mqHo zyZ+Shb*4P~otyuC^3%ubE*btjCwi~`-KXA-2TmW~y&`?tyQYRSt{X~pdggPP#kE9n zmsGZI6Mmh@GXGU&P`BT-Mg3g0kE*kab387Vwa!#DpS3ny>|*-wH*XSl8J>09Gt0r4 z@#;C5)eUc%!h>=fY>%@Y-*`61rM7A6G{0c~lJlQ3W4>MEh&%tPaBVNMer=hdkMd*H z5a)jvjQKQJQnr7O)tDCI)7>D&-s&Vjfe!AzU;G&Lar`BCmGUpWjBlYRB?)hs*@v{n! z&fEBYzs`|WXV*-dHbL9%=ciY5zP9h&W1Co5e}CFE@8hwV+r1t>ocH{6^z!_kOHcnf zdU(7#tl9fydanO<$GlU2cO5^>^uPPc$Ir*T{4D!wt=L!Dz54Y`=Gv}5I-tKyNvPI9v?_ok&a!*1hx~b>C(N{WTAkDd-*LRthXFl{sPfU}yWASCv2bjXB?}^@{Vq z;cRwEN_lJl#`zDH{Skb_yoKl0>n~?Ff2-!Kkn?N%cmGC5-)`-&Urbw1t|?k9vi;nQ z<@KuDICmV+IP&!B&v$y?+IQ}$Epk%&f26{5jiUW~h3dB-`aU*JFE2m&+H=#!cP>A~ zj(%JCH&}JA#UUvv{l~reZ8oYeeLrXU%{>{C{e9t+z003(bo|fY^<;IM`WF8lRzv&C zJ66@k@0sxUWL0Q-?!pbc?aw@Y>%UTX+V(kj%90f1E%(_xuSs5i{iFo9dh-{lyRC8`C#})B z`NE$+I!tqg@B6K{da{dK4>asMadq#4S?-Ew>qWPf?|FBuTQ*gLPy7MvB<6rs*4-aA z9X2zYt$UPPI`Un0RNcWZdz>frF&ndFlopzLG1WwJ>pQPcO}MwsL^=OuiN_z?QtQTh ze{J5peZTU%bhT8i|8m96@m7_;R$S@-ziaN2`ieD}u9WX8XpP%SlVJRy2ann?%BGy?&b`DR{e#EWsDtWOdgn#LcZ}Y!h zuMeK~TE%d!{ge!4&n_sZS@gapZ4dS>o=Nt zMYrXscO~R9^EY^A%FgB*eglPkaq6kwJSESihiNne`Im!;vf8X&2gttyRq44(0dx>N9oo!xh)qMxW zrp~-_^6A@t_mz9^D;b%Ky1lkF_NCMJM0otbB4fmEXHB z>QsKjq1)`)QEUp=Crq^1!B@49wINXJXW6zZ=fbB%IXTbx-dZoPXU?30w~0ZLyLfwk zK6?80=la0+yv`3@e-!oCRC?DYx9EM3mkWKpnB&mQeFA#EwcYD(=^ph?mNTmU@%ym% z9lnWi{*hn)R14Vt{kJ-E&mD(JH{yHCjx>jVG#ng^HTEQHXCvmdz$Hp!5e9asrx;9XL_H(b_;-A=EZh8Nn z=FxdA*FV=Z^VZM8^|k9c_xH?A`t#GK;QdG2eRc~Le|}iK?|IDoXT0^FZ8_QYI_S-b z=HBz~+3NUz@3l|YGX1}QIs4?2xVkFYh|{Kpd$RYg&^7oUusQj@*X}(DNjw+4_x(7m z?rCt8)c#G0TrlV4!J5Kn$HN=9&Y8X@(z4>E{d?Q`?{mxV)y{i7eK*4b zaR>e1>UBRu6+YC4y6Ml9`7dtI!nFTv?Zs@pD$8H*zt6L;{WYi4&_TZ;j*p?9ljYhz zZ}l(dU+6am`ai4}Jz=_f{_eQGf8UR8_m7`&nf(jXi>C@7KF$(3b9%;N@wd}&cz?Y$ zuWWUsC7a#WDQ>?W=sL&F}z{eGDwB)_|z9sI9#2F5WD^xIkVcK9h z-+0w~al7T_i^Lfoi7S+W#7yJoCI7u~et+5f^3W3r1_lAJU5@$;4659dlOfhEuxOu6Y z^k1+tEMPh5)5qHE{>j6jBaVT=YlZJ?FlcZIfy@JmHoRcn3vxTinXo`wa3tYA zHv@yrix*4xWXb=Z`RHTTFD?d$kFNUS&tAXn{PV}{qSVJ1tpe5Gy|-pYo>jWb z$IuaXuP;vN^0wUgbLaD?2(?}4Jy&7(b<_9RSFLn~Ywte&V#DB|pYN!@Jm>ehW}Clm z>*7?J%fBy=YkARi@hiiFgw6J9$7khQ&scxoaXHfn{SuD zGBmtc`k^ZGqe|SV(=~6ks~=1I#oKOcjk|TVurR9ck-5;bqpwcgdMsGHOQQFbc>cWk zXZAcj^mpkB%Wn6@iKl0+wVg9>Z`c0#;HOu;m*rKORK-rq7GIa1XHxZl%fA`y7gwyT zx0T|p`nss^;N(v!=Qbs+QoZVJ`z+5?cdFW6;qIe{ZvEL95n!5e@$VMTUD^x_rr&+B zbmP@+Z?9d;{$yfkl6(8BeCRChf0L$P4Ef%g`z0xI`V)|)%d+w?DYFWt6^JiAOPUUpEo4L2*wHa69b)FTU*w4LRs2|4TS#8RB zaaFvuV3Jj|{Q!5eG%%szfJv7p{30An`L)nO3$v! zy&iFMDR14(`8VD4udNbL{-mHhp-cO${HeyOGcQ~_Qu25I*{Rc=^=IE5BR%)`T{EtA zZ}Io){Wkr{QPIkr*Ly^S-1PtL$_hOq^$oTb;E(w9-Jz3~dtckTy03Ju)|{1BKAx=o z`DllU+fTN=EKg5HE>~4P+1avG>T^r8~>CH0w)Y*&yE)0mtI2Cda33zj#{LcHtHk_cYPvJu?@^@xJojWTD@0J8i4Z5zoj~ ze3?Hr_V#!^EX_1rX}C9TU#eNkmq+VYf4TJ5MOX0jq(+a~Yl817xGZ0{D~VnE&i>et!V#voxlFpt-9qQYm9=HMjO4)+Tf@jv1E#!v7vv} z&D(2ic4kJdbxUPnc%jO^cTR!$1ljFxXRf*ACKdeo_KT&_|4;8JvdsUeraIA@x@?b(?n#_FP+^W*NwobH*q zO!~UG9@oZKZKk{4eqGfU*x%JBZA&Z_lX6ZhqUk z=F;ppMHRD8ZaiIOwA$8q)oRTZj^;P_tr9E!TA}wXbMFh5s?B;|tqS}36d&Czm7cr0 zaP4$CW7lcR;(QmB{`&M$a_^PbshlsTZP|VG)ft}|p)c3z8m!;C+G17bIWC5yNA!yH zbN7GV6vME0&2Ij-nOomFM=tFx+ZmReyHt*-oflDI$a+V$)HJyu^YReA1OJ^i_Fk$a`#-UUCK zY&C*7w_Nt4q%1pUgN|Tzf(Dn3L0;i$6uq z?~~de_wJRXo@ct%caSyShwi3q{_vx)JN46lZmZ_Um%E?lcV0X_W6g49`ShE@Av)lziK2gNM)U)i+h`y=UJ#de!^qhFigl9?7eA zet-Hgt=hePbDVeI|IU7&PcduRf?rOImX*DGvr2Pv=&i@oN>6Pr(h0u4UVLj~k%E?Y zv!9UN%JQux?_Kn@ELIr{_D5~l6QOwILRXGsK>XZG=26SmGaYc8C-YkOjdNn&&2Ir0 zX8k^+68%S2-uCnIHD|vHWo2a+Zpi-EKm5Kdy4Kox?Oyk*Z=r5JohK(m z-pbjQ##Pw5kBi}jYWm(OzSh6L$mi?46*(_F*?*SG@tpbT{(GdZET6mR+JQaMyX`kR z>R)6m)_nTr*7vJtFLg&PPg`Mpxi2e!nZEq~opEVWcSM;@k9i+X3oY&6x60Ts@Rt_D zg6XlZmtKo)mRT2kUViq!v$MUdpUisPH*sp=_oWd*?|1v(D`x+C+p4T^ljQfU&TMU0 zwx_P+DD>U`EXB7;{HZnju~m213xB>Q`~8LM{a1OD>#o(UJzkuAZ<=ZP%T$HAaT`|! zuWDWRWYLvN3nG`znUE{vk^NF7R+Qm_cV2wko1n54RhNU_ote8o{9UhPQoHTyj@8=Q zr_HL9ulD@Ec_#Ym)tu=o9! zpbR!!{+T)o2Q|}E55{$V3E{XXzHl{@L!qFfK5L@u`3qOy{B_&@wO8(9Fyn#~H=aI; z2yQ>jQFT-3?~A9KD|cL+^8BX(1H(~gi{rUdeO*^iZ(X{Sz4iZ;g(hfNl{>K%(naQM1K zP@kdURkkX~j^hs`7#6VYc+biZaQRiL?bmHpFF%=W_1nYXz`U8i^`&QNsD9k8AX|Ak z{dxw5IhOJZ^SrstH~X zldM7hF{#-z<<<061=-?{SQ$E|r)*3A`}uO}UiH~3aSRJKrcU1Kwuiyta5zY5!z+l> z!OlGJJOR_6kbwKh#K7AP^_PY8rz6}93x0t-3zAJ|-Yd@Fz-wT^#-IQWWsu_6^7T_@ zWiQ)1cfS#XfPQFsX9Xj}qgJSG3#u3y1oT6oL3|YyEeop{83Ojg;t3=KRjUvOvIC~} zqtjO=29S1;+75A048hdy0SSTBKHpV!a(&cI{lDsh=@XwXXJkmzzyNozKQF=kKehuU+nR|JDC0o+)^I{$q$b&Hm{wk8YcR!%Zt(Usc)o2sg<6E8^0; z=hW=H<+X=_;p3;9SH0`MY$~m;&<^=&5?_3Nee;^}N5`*MW!84BJ# ze%gL-l6+R|UXGc+jpCNQRhxOXZ{?#WcjEdZH*XFo+WAFkyIE=NKR5rJ`E!5YJ%0If z``I+t@GZ3^M%MB1^760uKjGh7%IACc^}70-eztdDH9#-aq{SuCOhAk6C=v<-|duGdtz$bmi;ofXJv0cp4oXXg7=g2Y4_b$ z8T0Sf)P~gD*f=xrv~5zk?mc(0Pmg%St(8A&|BIHt-t~P| zoK38it~IN;`WIDSf9h)=$C%b$)LiE%1{k4g)IEXOY)gQ)oq{V z&+lv7lTv89e%l1iPYNB!Pd9wu>HE9Q%11NKh$*R+Zr2R*|3&|P<=T3%p`tcAKH%%q^1CrlYd07DN%zZNZ@(e^dxT=S zUf7P8ZZYd7Z{Elp&*5jefoIRMAFnR%>0810b?dRCLEe#je)OHb7qR*NskW$NY++y2 zJx?y_WMe*lWOZsO%SY2gD*MYAzKZEDT6zEX`*Y8p&8+X7Ucb8btJ3j#ZgUzpy_=`7 z-(cc|xm?e+=EvFHi4SWI+HdiHfxX^UK5Oxm|EiCVoL>8LdHM3IulMLq5t3g2-TGa{ zMPcrJfZWqJ7ZMoEuZ0l~HP8$TMo->UO0dFQvOF?ZE&%LJO8@Ort>nn&!} z*C%?BHa?*{=DII)o^N&EGCHi)?C6 zj=N{uzxA_q>g@kNci#%r&sB?iR~5XziPKbM$+}O+t7-$^FTPyA=%2mojTsde|8~?F zuUzxutdh5w&mNh|%j;+P%FV4P?q2Sj)UoqI;`FF`jce|gcOQAvyrn}wu$q@m^pWfQ z{Op4@e%roXEqOG@m?Qkt+~9>z=f32+e)YF?*`^!cn1vAV{u z{((b$!E-I!x}Cwty?2YpYyZ;9dtW`r_+yYq$h_>bMa-uqXJuUy|9SUQzWV(cM!)Mq z6yqKpkH4IMCwO)IF*Wh!rGaV3@9ep48b51_)iqxo28-~IpE|Fe-jmszAF|_AyIR~C z_LR+Of&V|-KbzDyeObkxFBQV=U+2Cr-sR9?m>RrGC$4RebWDu0mFD^#<|ivYCiU-6 zIiyjtdSR@-%vHP6V=pDI94}jczU0PJ=kg0Y46jt;?%CVx#@c;(H{E|toZDH8OIPpr zh#Rj+O?ssK_~?;IpF)m%e^Y+^^up^S)7?|kC-9UW4H45{ym8ap=M{T$j^@pfERl9z zofY@3<@25C+N(}YUfdx5b0sM0cDlTsF1dS$aH@Cl=Pcj!KHZxKC1zwO>Zv!V1J=3YtIQo1M7+}w|M$GCp~E0KY#D#$F60U--rCDvNXN7b^Y;|ryd`b zt3P^Y`OBl;`>$JewN9#gGi&A!fft#V`cw2Xo8qk+jD_`0_r7mAH-Ihz0e`eO!6wlV0%9gy5nc=xgoZZr@%uwc-NB<5#4E}dr zU;ST5tflq$D1kM8Evh_x?)xQv3&YSB4YR!2 z6&K4Fzn?AFy+=p<+SPBtyF3e{_UKe^kM6s9TPu7|Ty62K-Sam)?GgEZ{NBw!TP7|^ z+>_{a;uPmaBco#%n5yS6I!hf@5#!Sk*dQ!ZaH2>2qhRBlImb>+v}oX;$TsEl8LvQ- z<&h$q)9+aHiYUHK)R+0T;Uve~(kU?!nd?5==akoOS$!+_faGk84}bU`yjoYad*7~k zb-P!uo|^jM`O)mDvm(?h{Y!&GDlguY{#FyWW!=uFt-hkd=VqOMzo+%^{Wpq7^RIrd zt?2#InaRq)aAC`*PtUu>>&@;|-`w@_?7AHy^%|UA63?#7#5bSr_H&QfH{Y0nzdb9Wf@D;15u z)vjfjpR^}XQ~yl-$IB~^d+QiGU)j9tYRY4{{EW3U-f&x z#NFwbICXu7jPdpA&EXxNv-WH*D9lk-ytZn&w_n-j%w5dQYj>WzyQw?aH_l|=pC$V~ zRoSf5$vnB)H13ry58qVv8KINK>t^>JN!#4K*ro79RZO;a^$G5a&xOx@yshpbpvZa?2L`N`7lx0?Q3+)-Wp(xo!9c>UV{K`x&xr7p#W#;FKJE#32>^StQkZ~hj+ z$CS>*-W1`qvXwi*z~CT!@^rU<-O^9%EA%@*N%cfquM2<9d`@Hi_tWzqNCfCf4bd7uV+1PJa=KN=x z`nQ(+$vkKJ>w&7o^b-Ao;K*x}?3XJ&k^E)Jut4+a((m%?ZYTf$w{!cxd);sBUc7v| z@!$q)w`}|Ud#;-w$?mL~(tj_t-}Mpa&*Gk)>Pb7|1e*@6dmCM`!gc35{{D?GHVVzZ z{^m^5>zR+`JgfX~%nu6-+P8X7zEFi$+TOP*PyTFv-(mS$KKxX7n$JazUvnO3^MvfM zp2+*}%2Pl4^;e@$&0?-8YAl$wPB7@{Rapjx47SRj*>jFoTM8fR-Q7KT<)_zEQ`Hw4 zRIZNrx$^$H3lHvZ);+j+R=$3&Sn<5-pqqPJ&uy+|xHxT|?dMsqcjP?P|Kze-OMjaB zr1O1G{D13ozkhY;&=X1H!~3Q@uE}O#V9=Ygho@a?O6ga*(8-7Q_eolL#=YX3E%f~R z!r9CW5BA0cRC4l%%s+J1pmJyIMm|Xfh6B|*Ek0e^Hcg=0F8#c3oYnQR^bZO03=Hp| zDxE%^n|{s7$J)FyvY79e)La>mXwvD^0l(8HOn?63F#|(|{#L{PttU^%9IW2If8r;j z-sitSf~J#BM~lqb-}Tm9>+27%Ww-t{#rDN8KRH_e`JYvl1p~vq)2*sWbM|u!#&#XZ zXJj}~&B(yOP}%sMiGhLP9ybHX2nGfQ1^o|k3?K)BWZ$zgFfcq}MaVt?O=mRhf#?Ox z?h$8TV3;6Yp^s+R32u-KPNfioKz2V6y6`mHL|1o3Dg(og5*I~~L9hDxKf#>UpwDCj za_R+!f?^)9bHD^heuDT3@5vXQW>0u{AnR?WQlN>4Y$X38z5}X@c2_=8opdugn&aoW z)lU}xn|n(*_t#(B-ZLSu=FOjQ^VpUzJU2P7Oj%^HO4#Vmk+p?V-F5XFXZme3e560; z`o=}=?eWK!I>tuZy_~;3|J|#+4@H7GVwIV(YE!JcpO=L3Ol-U*+$->@mie>D&g5{% zc;}qiOWf8=l-LZaQ&V zLUDfCd);ET`RZFItUj4GYeLN8-SUcmeYN#x?)p7(;>15Y=iU&Hh)Z&5-*ceaa`&E` zmn|{r*H3QOt&QBh=97@}lgoQreVFrB3U0dm;a&O8Cr@n}_c+Aa*`M90;nOrB@Z*W2 zDqHrm@*dvjc=7PM?@YRB9-lIIed;$4k8J8Nbo4lB@Z;W6>Dhbb?4m69g>OGM)hqW@ zXxhay)88w*UiVJhcRM(48jtm@SC2~tuNtgbyyT4M_PYrN5(RZPQ-z=H&NP&4Gj#88 z^t~Y%eKssGWvkJVV}HszMNg&MY%{rOP@%TgUZFnBZSrlE{)rB z#?2{BEwu09EBRZS&n8{a)ej8Z95wx7-tvVHGtxE7z2?q~U@W?xbau-5O?TY7Zz+*a6!}VMogf%iZY{r$0Epm_MlPo4uUue)0X^ z>o@(Ak!9Wb;@`g14^uG?;tmo6w!BmP|bKd5*kut*R`!LVvz{+?(`ylIkMrDoZkJTh`qBF1#tbe1qZLIt}5+k3Da*@xI#p zt-_pKUr~H?Pu1nW0JJtB6v$V>Ibw%vytYsgvtILkPST*hUwR^@( z&h$hms+>5Jd%IRAFY6+&^{#y<)~_kMp%}e0tuB4`hxcW@m$g<|?3i=+^3$h>Z}ZKz z|8e5`$9j{B0vBgl+5P)1H#EK9Vji|D`FHy9+x$hJ!ewRO$NxQLwtsOZ|Gf>i?fXwp zd-G*~f8%yWx(ue+{K@y{3cuFf?IeSPdhoL&E(l#Vw| zVqM?1Zok@8lCsI|%AN@VbNSR)GG07nNPJnI}MRucGx z_1;|9)Q;|FmV(vJmtEv?N;xc-{++$-*@=nM-S6!1Yk&MzrQhCEW$Pj5L{;_K8T*yY zj4kJiOw*ZO+%?bFbK0KP2`p2S1N#;-tzJLX;{JujnfG@;J-Rzi>+HH;o;ST*{}+6+ zGY)i(dnb6wH#a| zwffMLqooC^yO*CjZEtPC9)I&-vS7-_HD^s6o<6ltx?UX`7stuW{^?);{;n7G1(ge} z(oUZK7rpWM)H#zU1)p)Plk@xdfp7Ps+XBDYou;mx|7pVXDJ$MYu47v_YnKz-kt+*T zW}7eW6A^uWB$I9JG@)M6ey!LEHmmOSKHOU)S1Fm&JeetX-^-)XuDS_ZOZTXMxgoXw za_pO1#m^E8cbtDEF#B4;tc`vbchB^h;k$RPme^W7$0yuYru(Afj^&}M%_aDdt8dEI;QF-+37GB6&P%6{V6a*gz4H*eOJz$LdYEOm06sF4x$%=yJuK@-PQ@}JV4)x5j8Ij%&r;!<)q%Z<&&=g!TX zdB5gu;jzuPCpR!>zg@HVt>fBEaLdlOL z&ujSW1(K&po|&}p|Anm^EzWeu-FRoTGq_6PDMyaqyU09=JvGeA_1`{!u}(NBdF;uD z{|CQc-W&hnIX{a&1IK&*{l^967&Q96_az+R*Wa_{ZTNg*>nC-R;ncRfk3H8ciECrCkn#N>dUo3j?Mn|*L)T3B zD|h#S;*#w>ny21%xv);@xOBO=@A9cbEnBD8Ft7b!bawJI|Fj$ICWp?t$7F4q@{RdN z(uCgTSl`0p*srJAHNIQid-sB~eR?C`xu^5kYyn+mehhEwwzM8e%lyw4AR$s1c=M2E%XHU;J%;<2 z8k8zcNeFV8kuURH*Empe)oz=m1?C=m*FSg~^dR+4VU}2hWU_s47mu^CM7r(6Q?Y`K z`umIDw<b+WvUDkh&uW9G0;C#^SXvXTc(D}Y( zf6X42XB%67gjwv_P+auuz^gB8pG{^kwq>XuUG|-$(a$5!gq;^g49M*8!X z6kOUOvdphV$fv7CrNT;bS*ebpQ2aXn?d+?*|G!`Qw_YNy?1ulkoC&d?PlU4j=Wtcb zoPKh>?Ca|nW$(FY7-u;59lq@vH_7Ted&_2B<|U8pDhh)yvDl<$mVVpqIekrZ$gEGE zV!b|+b2rBnT2(IUC?F!`T|)s6CH|| zmEQR)^5KvnG)rxAlikFJd8-g{WEv{;rYdhXZjp7Pccj8ogDy4p+zF?`6Nyz)vFP;WH zc&d3iVb+I3TD;mbE~HIAtg`X(**sg>scVCn;>4af9H0Hk>{#`KRHsg@lPA{wOf1zh zkDS-p#kGY$&gETlbI4+?kB66>?&0>HX}~aZN#N$UVilSi6*Z0p)4#}`E9&=}`154c zsbsF%OZOhrECU5(rHJ6uv%G&Qf^#&NGFQd&JRetj2upj82 ztG}%ALcD>pmAJ-8RuRsJ_9c@5!hi>-3K^&MTOC z=AzU6k0hT@)bnnRR5PD;TOe-3hW+RD`qQ9GLHGP&wPK@_1Wp!oeOH`Za+}n z^mSVK^_%Q(Po9d*m*y*fN{p`uHBI!e?180}L z{T$SF?b_Gv51)pZGSnz92|WKgc$=)ISO1l073F#F&wFG}3*9dJ`K!~zqgOSj=+4P{ z+IyErxC6rcq?9hQ9bzPRjugW7_L1by7C>bFP@H?zQ^iBrnmh&{hZ@}E}q^a zWB%gfXWPfNA0`D(at}PVBK2-h+&xZ@O&?8WFfPl8<%!!MU;cCb?3>oR zU7lI0zIk!#^S#{jPo5P?AN00%(YNP2TI!=ZeOt4>d%JzVp4?s;7I*!kQ-|xloUCtz zmRIYA&o*8>oloch>sKr1DQiEx-N&gf9CUr1v7nhH>xWM+T8_8!HGSrCsAe4SK6Jf4 zC;Yv3#ZHlmozGq!oqp0sZQ1(;+IFjx#66z=4RLs@ny&ax`hBDLQ|*l$-{)@c%w>La zyh}qNI$OW+<$t>iPp>TT-a28CQN~^gJO3FgR%PkeSIF#0xp4Am`Rg@XeOB+~IKEop z(y88usj-vJwH-P=p^$6lEFH}UOEn%gUyTz}ikp=9A?aziW0=b4JSO}5Kb|B9?40DR zw&x7z>;n&%UY)JY{~%L=+2`Uei9If@v9iiWe~pqazwNkn+KX9`WA)w_thH;pWh%XY z*9*rf=}3IK5_j*k<-VwE+&&c=UcdKzEAqE;c`QUf=a~_7Qp7K#N zu==FryS47>PMlI7nl#Px#m=m|7k+Z%X-g5df_-w~VzRq`Ug7IIm6DU6+I?z+j^u_F z4^k&~YwKU#7NWJv@TU1aX8q(%zieE$?SEz=siqnG^_TAvma^Yb4n;g~rTzQGODs)a zy6sx*x24jla>-i1jh=S72fW$;t1$dgnl7U+zh{fN`S;GMnt3x186I4dyK~VS%Ll5O zIyQB7LQML}o7ASPco3;ldDFo7^n;~3lkNmBDqeHK{88l6n|%6<<0>|OI;wE{(w#G} ze#x)YJU^koCC7hth4t~QCifR-Kb+ghd-CbKgn4X62SnC#AM|!=`%tPRJo#_ojkk@Mx#iOkh34>YwN&4v^&YI~-z#w9+F&ZoUA%^RIord&XBCxO`{T?^J=! zf7--M?9Rm$%J2E|$(i*62d}Yyw(o?qUy3eU3){2rNeF(Y$K&(GV&R7-eOI>1=F(4f zPu~7p`TWoB>6vz4rkxfM;W_qNWcvhevx-7iZk0VZek4tZ6;i*l(JjH*Zo{TceP^nT z9<)x^eIWVFPY;f7!Vvz}Ae>TH5z~>B`98 zIfuTkE|}rYATdqKc7xfBl;oAwai5&>lYgJx7#p|e)6uCqoBe-%|6J>%78i1b-;Bv; z+hpzY?y;M{MOQjBPqmc0;eGa&|I-w)wYuKH2^}3~*!~cKJCl~CGINKba@^9 zlvt*f+x_OGRIk&F>+FH8v6e^E-}g;l@qLb2hvG4l8Y-M!i3dgs!_cffGziY{BPgk*B zTY1WR-;>QI>(w@Ni!ZNM4d1SQYw8o%yGh@xe9s%^zAn_9Aa#DtqCH%HcW(K~7Gk0q z8J2lhPAYW0e?I+bOBLIW zRbjQCCQYxL`qx!WSm0pD*GI{U`s?h=z!>JCo7h}TfO`G>MyPDZY_>*@e7?~lrv9z zdDM^jg>6ZzCZD+$6k;R1RcOtG>CK9zHLoUR@w{G|*sb{fq*uz5rcBOsjF_Ozo(~P^a|hk^5EfluMQg?*WGnKy!OB)#nj2$4HqvJ{3|E;q&&i9 z2aoafId8U<9+U1WsXRA5NAD~XclHdcaOK9QKV-g@{0@Eo*3Q?b#5UOYWWoB`*W$8z zlTN=`^!2#0=*)$myj#AU{laPe_JwEIw!3F-T8u4qcdgHuX0Q2FHu%ro`CqM`#FdF& zD%_sDNzZzPthwr=Bg^DYdiHKCE1SuDw4r95&cC2tw%6CR&ExyQnWC;TIY)o%mzo*2 zhTC~o3RGT$Zn|MD3Re*FILGUf4qt;&sO<1|m7PS3C0IpLEM+gD$~b|1EY ze@XlaKO4Qz=ga>~)NfU*yXow&tR!z_(k;J{>9pTUy>_MiyXo9#?=4+F_si}km6_6O zB-+hRJMNdYJSsE!`Hk%9hU?TGTSax9N?+vG^z?b5=P%hA`#&tt+xAXuPnn-)|87jir;N zZ1vxOEiWdvE{=L>7Cp`9!lqN+$9v*u$r~S?>D@oOx>@nIKzfqxvQ@>=3iE$_TXmsq z>xXq8lM?Pu3}>AD{r~Cf+m3XzUhm4Np1gay?x8zok8SQ-$KN>__4DMtXIWpHpOw3> ze?DJUG=9h5)+*+MtDj^}{p_1f{kMxWqC*EhcLbzQnC>79F?n!x%fpQL-< zH3tnBpWVE4M^e*0(aMMWLRU*IE?$%Psfc@}@;x)@xHG>Wh`rms-CKWViY&j&0p({~ z?|)wU;{8<(;r`p@av7V9H6DLgKX`rf<=o3!`CR*L?rnFBD~sQ15pl0|&lPojvFMkJ z@AGdz(3IwPal6syQrD1YY$s0pKI=aJw6${gHskt^!&Bb;V%_c<_vdqk`7ha*T3m(~ zA0;t;3YxxW%cs8h`aO3)Y)uK0H0${A_u3!Rlc#&1b>DxQI*H#k@3UirLe#2g75%!Z zJ<_K`SspD|+9dI$)iC=^efi(dJt9{*igp#P@~A17l5Lx~d)f0($3Cg1NaWYV?)JMP z)Y1J~YDIHp^0#A8kDB*yf4_G6XRpec&3mr6R;fOb-!7D0pYdvksL zbKWVcf2g?cx6a^O(p!tOqG@N|uz;uMRu!|>T9oi_OY-3<3&|WKU&;M4O#=heb zD?@|Z!|n;w7@e-w-Mz@ExKebVve$`siyTi#{*|jg#y26bY)NmO?UQto9|tX+{C+$; z{Xw~b>_P~5Z|Y@rhZyyO(5zc{EXZWjB?BRFX( zn_tkXvn^KXGo{TBXMMin#L3KXVD2<=C!^U%x9a_p6#C?J;>)v$K<|K?o^!=7uYb{J zSd}t!LenzUZLRA(Dm^bZ2Omx9yJdE!?&ZR^(^(IWKGXSgih*H4Aj@AR{n#@XJaoD` zb$sH)ek}BLYWs2Kk73q!lk8i&96kEK&6(i3Rz?4rvlH9RXSGf}JC^whZaQyPU2>^k zh>f9PckbRdpYjV=$rSThg)BV-?*KXQlGd1b3d&;3%-(1Qz zGBPmi`21(2CNr)rFesAzkkR z??&jKK7Dyoy2Iypc`=v!X7wG}8z@=Tpv1<|;Pzm4rM`DgS+}JUoByd#o7_CgdulD! zpDbLN$)Cn)nXvA-b!w%dJ7;9_?2o~D$8Dxe+T!}Ol~wKZ*Y67#Ffu$y`*?oM-w?gO zzd~jirdD2jp{FeMZjSn)3dx6Y3}=G^ayEZEe@Xo!&(sAh{hW*UM{~IB=B!-FY5$aY ziU|Y59nZ>}5>w~JKc5vG_iklE%9BokNj%*XZ9GI(!ul-DmYzHLY^k8~i#(yuiJnmP zoo>@^u9=!E$ff4)v7n^&@Maq;)yuONEabC!d^dTvR??>@+c+kk`F(NA+R$e9fWA)# z|0d>L;$u%`VA!$vlaqZFb7)vbCij!4oAjosF85N?S$(sx@8(8>$r`y^k98eg_UV1# zIR=J;!x46~!#Eij9_Tl6f=Zi$zb4M0k|V}`-;D1lTnr2iUyIIy77099@5Th8 z8LolWI7H}!N}PtTOdx#>aH8Nihf^HG5BuuxmoJ-bJ63pSdzaSfAeAM2Cp;IdXgE~z zt3A+*-B35_l9Qy>1*5AC5?vh`;op_CTo-M4!DKRf^>4miGsO=SeVf=b$yG#C=;7WE zOz$j@`+0Eanpmp&efq1@@m8fzI{e>D%l@~}W$gm`3=UsGI~G8j7$z86uz|$|K#TQD zblHwGFo2fAKWeRDY*=^nfdoTC1tY^2_BuZvh6l`5kOlP))eF8eF??WbPG(?u#LD2X z2V^9OV5m(x!p-2YU*jVa!-f8Xh71k-JKjOo|7Y;u5n%&wVpve67{}1?sDu zh|$iVk5@R&4_N9>E1JnJ*xd?(2mTdZxnxvF+^!(T;D5Fie&iivD-hd)rP8&1XhGm2cafN-uI{JHfEvsGhWp^oDbipS9y=d5J%NvZE^Y zxcXG}6XFaUNnec=g;aMw_Is~#^vo2?Ie-2Y`c&^pndLcs@-8*+eL@C3{frI_kDvB> zOlf~Qvpp&8Y){Aj?&_+?N6(pGF5ju(n6rCMIN#q|h8=a&dHYU&-0->h)B6kFd#`#6 zKkpIk*Y{hKyq+~UNuSx_!K&%{N4vM)SZo;gMomip=pS+IMM`gL88Q}ERH|1STodm7 z7?hEe@#e?r)wbW-j_;_GXIK}l+?>4ZXa3C(*Cq5V*Vaz=`Wf_Y|C1Z%87_!@+_ctD z@v@kHd#|{@dVK80xAW|u71Vn(>`43A_DEG%PW{VKZ{fMqz5TdPU#?|rm}Vf|HQn;# z56AdDQ);y0T7>=Nm>a&WjJvk~;itc+A1{629e@96>G#Zc%m=<^t@-|Gdc~XTV*0)D z8{+>s#fAEc?<|pLh+44l;6}%v7K?P_r0nzGJPJOv>EYz}=hn_CKF+X!_tDeFiWyhR zuhx0Kk34yE);yoKXWR^1y!ZV1!8?6#jAC3@)OqRCE2TBU(>}*byD~GdXvRG|dU(#h z3d>xJxW02?lk7D^E~(Zeg-?@TDL!x0a>fTyN2NN&e+nm8|9Z6aW4G4%pd|r3;{5s^ z;)l!h*QEF}AK2PuCZMnUN$>BnH>~XPha~>-g(+`)%ABxmHN7(ecB5CKX(*5rhs0+vwKF$neJ#0sMN*&lzR0naa-TQ3PO@0~;^)-jU)sX}l~z>x@{q1Bqr!}<-I?#yuHVV|X}UAJ&e}fz#QOs0I);qf6`4Zz>TC>0yt5y* z$~&_)_z815?J+5QcjNl(Z!-;^_cA(s57T!$c=77p^$)*(m6iIwLJe`?vnnZqvCo)shVBVjb9y z&)QKEKi57?T=C~*?XUkB8Ro|BHMv?hkuliVsVs(5TuPte!qbnJQueiU@AUb1Vq5>G znK4&o|9OftWORBIJUV*9;jgw#S0Sn7@SJ@dJJw1~cc32=%^K`5Z=CDU%G|#85sUb$S^bf zXm}k5F7O(@9q>&Avlv!^63GhCJ}d_C9xDchyKPWaXmT7TSc*%~t|CxbcwsBZ0s(!7 zhHnSXcQP{6I6yaXW$=HAV_>jL0PTd@!@$r1vJOlv@b9T$WOyMC+QS8Q{0GMC&<#s( zA8MJmzKo7~6)e1+f8O@YJx9XAmEYtraD;sQ)USG`vvc-&-P7|cBqKxJYJR7GYjf&v z+N-?i(S7;#Ud~@*UGBV3H4Xb5dh|y=_X6Qn)5F7(l9dyep7np9dgcsoj@y>w-Y1H) z|39ctD?jEP^yhQE&UqUl<4@HR`t^o;e+$cN$6t;8cbn-&%d4k*J;aQ2_rCwR{^`s& z-?ihG{H~3a*7tro^LLV3kgUE@;yeL;1}m*Nv9*bp_vEf!8VLX`pb@ zu9h?|7Ylvw>JxoU_U*?;>(|y`YoT1*?)Vs z{n@s?ao@|V?&eF(p1=K>+?4s-|8L!5cr92~|D&{b@cQFH@6H@AvD%x}^TzM5twBVc z_m^Xre*HSNZPq*C^VR-umR`O*wSVnxv2s`W>65gx%F4cMP3kiXVTfm|1Ec_w2ORN2UeMtHeKVUK9RLP%&eiySxNPl+!o$WrS zoVRXNSyuNmTDRicx!CmowclB}H?d9;5T1Y6K`_`peB1WC=qp|Gy6ugV(h4r!UbC@C zujkZ_Uy(k41g3u6xiZX1eOcY^tUVI;ohPRs;cnnt73ULttb5iAf1j@Xwn=3twpSRw z>zv7HxiK`;>P~lc`xpMFs#^X@+*8B%e0%hCx&2;N_M(Hg)9>B+T(rk#<(|h!*G%Wy zKXv+wuC%9Xu6{gF`)}T@RX;zqhdf%E7X5^K?F4E4+2^%ZPk5>5oE~HIPcQz_zN@)< zs(TLXh}xsF=Zb0^Ly6DVA~F56Rm;on^;cA?rwKj!C|+3;H)oRj^9x<&9^#@0fAm;& zoj!1L!g3>dAKsI!{C6t^zumnsk^5Rmg_~qOjOTCH^n@*&sJf+atVs{#|pPuRkAWm+yTcIYr)Vncc5x9bMCl zxI;Fa?%%LpO22UDuDVC84(-QIAN^eQ_~}|}9?|KGBX%d%g~&{=PQIu3xAw|vhdP6v z$eFU5>mPYkd^FmeEU{Aj9k<(4?#bJtt5#H0YRN4>(&S(Cv^GvF=SJJyFWVgWvUO{2 zn=07D)&dyy+`hNmzsmG*!p_ZcqWV{FFACdYkR`D#>WcO?+3Beldn(R0#BA5Jukzb- zb(*yLZO`3Lwccud6q-Njp{Q~kL&>uTH?|(}j*(l*``EFv#amQU|E}||#iyEDq@~_5 zM#{B5&fBwM+t2StVRx?ct`ztAH-B&O%gkub!yBY~1FnQFIU(pNrQE^#aMp?#tvoBu zqYtC_a*G85Ttp&F1N)8$s&I=r-VM21Qfu~C@NfHZOn35xE%`<=JN@*d-QC@n+vGbNK@Kl@w`{t^|9O70-wInd zJ1$NR-xPgq3wPaT)!Y@Gw%0U^H+fCFxP@z}?T(OhM+6x!H6Dyr=)1Ax;>K9@#YTEb zT;9hV&6Z`}+V!xQsl@uu&#e6uzCavcw0E1<`yJO^-pzlX+G2ZBc5Q~f?5+RB_jWRw z?|h$ntOaz2$?3aaKQ)CEyxG0DVCJq8%ZC-N94G3}Kb-mEMzNn@^b{6Pt5dUv2EEoBhFSyma{Ec zB(nE|3`5n<$#E4Q4heseOy6=mM=(%SA&p7Ct^FBi#Fmsfv*yq2SHAs)v*JxrCoHeo(A*H{jPiuik*^>$=~V z`QKcheQUqpq9v2OmVP>0^^ozP$@#C}&!3nXXO)~dv6pk*(jfJ-RS&HVKE9c*ua$r3 zxu<^hXC*KFeY+~YZ1TG}ec8;!pFd3M%JwzuF)y%yh*mG}Mqr#7d;^(VhP*`O+x!_HG6{^!yQOQXci zk@}VQ_Mi9pDsH#xcifN9@vq7Pl0Mx$JU{A1EC0!tTkC>t`rF#}KYP)3vSM*uP3gxM zt>;&yNgJ*$aoGOybo>4(Pesyu^A;uk+sP#5o00bP{NaVSSb~k$$nNcMKkX6{{MM_i z;4c%yu4xbRE_SnfEfRnE{pbBTkp?{H76^jK05GKNMxyR z_rK`-`3t8%SW$hz>~F;r_Klm?nZ7(4E#4pZq&xBJ8;0)mbiFMT*3DU%X>XH%`QU}U ztH()%KhoGD2Q zS}MLSS}2(HZu6-di5ndCZDf_@l0XL`&GY#(DahX^Z}UCJy-(Us?LNnUE_;4F*TJ5D zvf;5+FI&oYSlPat@%_Y?KaZ_c&#H$+H9fyH{m5?XXAe)scv%O0-f~7;P^IPcqU+B- zv+wJ8`#CEwqNcN~B70TVhrnG0YdrP$?b^Xwc&ugdq4l9*^Mo9V&)wOOFvIkW=z?8) z1COn$^qX69{M@Sx+zboSci4RoT6({F<+kYeEpfLl#@|>e@pqnH?B%41P38R&51w2- z@V@JW|193Cm+WjqQdrht$y}f4g%}KA{KWtN-C=!)Z8lhnP zV{h8SO)LyH?FToi{@QwK|E;z5OX8wRUiP1xRrRmv_^V6j)@PVFz!O@4b#-do?h*IdbNR$QEzb)@*h>8opFsu&uU`~HctZRz{rv+?oY zve*4fr~hva%F17U;ii)I{o|V|V=5RLmixV7Yg+L}&#i9zzm~5|3=9wQSmb3u2Qtl5 z3ZLDCxp=Os9=vV^= z2e3I{y$^0SfwufJfR27*aM0g=(ff`SKLZ293&wM6E8g?;MgG{sz_6fvLzSz3tAm1M z)sIyS3=BKWF9sM1XvEy!Sbp?;XJq3_0Xstmh8Lnv!Pk%L-CEo9QLCl61te~T;3iihB zdbrR4DP$Bt!r*hZ7``xpHn2d*3ZK0X_JKyP!QKXiqFh&F?UsX!g>)D3GE_KS^q#+N z`up-%E$iZ~xXZQIt$97|Z+`Up`@0p_Y_9LWwu$+kZg>8Ekv+R(=KS^9`$_V@QvJ(y zSH3F$e*fHg?#6@C^MbFho_DpfcIjsMyyM(&WUfTWUizuE`muN@V}(`KMv3b3{lWW_ zh2I^z+x7dHg!lpboG<%quLugSd9zA)spZDRgO%T(?YSXv&Vqer{+m+uAWeg957WX)z8)_&rKZk%I2(}A~NE*))7K5IAQyk{(nc+qlm zi?3YTySe*UPCprwcYgm-n*=V&3ZLFnrM60}CQH5r9QWg7Yz>jrJoY9a?Lt_HWntas zt~Hx?vTt?#{;E~#^|mcL*S*Ph=U-^f_<+-0-&jXyx`gyDNA>d&XJadT_NL4})UA8W z?f9C27VRgZ_XW1UEt;@#)#I`qPJb83?tYOy-+cNT+f5=>Ei?V~&pux%elue3C2ocX->P2zI=Hby)z)?D z8{=(~#yrYW<~+yJc$D+=&q(k2uDdLnS1fmP|2)?9ap#0L@6)?wwQ}BWd+xj8C$Dg= z{SxHkGi#n)j?v?2S(cr(L3AH zcq_-uUudxeA95N%C85P zD=d#2OW0pEFAI&5PtKml>aIWi{gDNin~axcIjfvL+P3$FA9Xk0Uhw8> zmvPee+{$g;$$=St>`KcwRT<}%cI~e_xpHm2L7B(tUJVw2^T*|7c#-%sveD_7u!+b{q%p6*0Oz9 z`?2oz^jBAA+b|#P4Tu#;J@dTP;%Usfrn_wV*CcLFQeE@!_`R)Pmu%enFhi}S;%W+0 zr}PTJli?z3SzMVjyjI@mYF`khw5{-Xm8zR?=T&Y!gS{X1zZ{eQ`1kPNdDjy8Hhuq| zs(yR!xm_9UiD_%U*QQs@`zm*BQn%!Vh$H*|%;4f)sP;)KZGZU3M_skaha|feuJgR; z<&&}8sXyT-ckQVr=Pvy>tQ}t)^W^Kg4K%U@_wMnjvJB+>xX4#umVa-E)~A;Z1rm0D zpZvbvcX>0P$X=CDue*`SpDs#%m3=bZc5c)E7fYwRpN|z^SHr^3{Cur-*mBYCxE_m3 zVKc20%KolMuHgGJQAnLFiaUV+{9+5Sy&F45{g?Fq}$S|(W~bl_ar2k9D(-I)zgSAk1?{~pwjEp~wpGL8+oKmp3pZ_DE%hhGJpO3# zS1Xw-ufM)G{<`aN$?LC1j4bCm-y8P_O`6*Le|Js2tM8a*wU#Z~E)Oz)RMqckeK5J_ z{hCJ*cw0_vfA_JC)y-F8PwYA72(x8J0&RXyn=^Z=j=;mh zx2t-UpB=I~a_H{Y@~4^84fppvmwz8+|FFs5Q99oH7pLX5@D;9m%1g?NUwDbJ*yqb^ zvp$}o_S`1;TysF}fp6N&^du^0C{21;)KU5<%S>#y+2M14t1AlcY!nc#6y1Dpb)n3f zX>l#jt-oC8ek^zG{l*xZ{(S;pc87RB3Y{ISw71&wx+JsxG0m8sw-2MIbO(Ubm`9c6 zB96anQdT$z{g${pLqeZk3kDdER+; z&RO5t>ThTIpZNwF?I~YRY+NV1k7uIrezTRe%6>J8rC((}tcW+$9;ZJl!05C1>2 zg-aj!E|OBc)w4$Ag~4`3(<<&i0;f)W_qJA9bN-m`()&A=So!zf(NvAHDR~*Om!;V2 zgw69+n|5%VIC^}3;Khwvd<%M6yK0;&=C>UGV0XmD?&z87spYX%UyD9GSZ?#hY1-eD zoF)t2bH0kZ$2FmDnoQb^(2$dRZ%!@hUE%sRe983xdorp#3*OX6O;DW^XC*cB!=jmM z`5qSrB~F*&*jp01)#zTpk_p`#F8n&>b*pFJiF*?kit8QRr6eZ7;8)00!65ulLiN>K zAzf$vD49i!J*zfsy4|;V`8>hIP+x_4&rfwK?44pUeR1!D@Fyn%T~90*((_jBP|Y%8 ze*T2XeN#p5^OWf=>{sUau3U1GE%W;G^G&xV{a!FHTTxc;mB)R-ScbbgM_nVn%>QGi zS6IUH^->ENZ-`FPw0W=CdQbbvCYp# zV;6jzG1J|4a+Jt5v7VT#JUittJ>0TGrfbUSTQ>YAcfa4>aqQm3-c?gSU+7-b*KfI{ z!1cJ;a#a=&{==eCWnZf|oGtDsU3XkKS+(}y_J+=yF4mW-U#H&X_tjT&o;q*BYVoyY zo=ck6Nv?0YGdDvq?TXU-r>vK~T^E1-{AE#)bS7tsM8dtVG6s81cpD6Ugp|&|bWcw1 zOn#8t4QKt$-%g0LP1w$nz5fF5=iB##&R^!s4F+K6h(~oNTysO}veEJ$wfUkb-(>oIHkFNH(pCIjj zcBzi!^S^QF%yo6`G#ek-BEqw?!hXmh~5_4=TO5l)1d3-mWR`z=7E0 z6Yu4!8t32ps%K@|8`0tv*!?0kWcJH7|1B(Tz2ECn6*zT%uKu(Tk@qW@=T-;099$^O z5K`T=bM>CCqk&&0nXnY(yCX3P6JHY{@4&n-=-ykFL*(@ zq!#JNxq4Y0R4m-wmvVIZSDAZH;%uxlWM_T+HL1Gti^qHChYszRSA`w;u(%!Mm+L8V zky>I-`l)M=Y_i?*w9}*K^|jK3A9-H83vPcn+m*Y9b!B(o??qX+T+UzecA9weDMwYK z`-S>*-ybO?EPojPO=Rl|*DsGUSJsp@MQ!_BFY@vK+AoWgK3hF~^y2>ezLS5QW{0Gn z{BjxpM5)i&KW4o=46VNJ~pp zexC7iVu~cg*Uq{5=Vv*J@RjUXar57gH#q`J#OL=$-YjuaJ-&xQSABm`WrLj5u?aT6 zc=`K}9(&p~GgxHKv8Fvdry_#;Ha)rhu)z9=i{h6{QyX3d>`p&_**n}{w<^H^FLf1xKStNGRJ3@Mm?~HBLC4cSnmV7b425#BWtqi{}S%e$3|Pwg!NeI~85%vx{K9k*#!m*3^?_=(XI=DXzYe4?`?#_`^r zWfdupXP;qn$k5BZ_DRk0*2AJccdd1^(O!kL|5nOh7QPpD>QC^OB9_Z< zzCKEyXI{2m{PCu&`n`88C$?UZxOY(G%t|fqYwWA6XY{M_WtTX+HHDr_{{5J9y+*r# z=i)PWzrDCpw}&&l{JZgQ?V#N(pT2ybd|yvk=O}~o_qm${)y=qNE?CaaOq?is_DQgG z-)58V+jgumf5IM6{{8ZI{=U680$x15an&@y%IQTo%V*ZFY!BLr`dFr3< zg?7Iw6#V-#u5jzYLl;;5eOmKzgJPZ!|GGOfci%r>BU(qwau3K~K z`%DcF{a1UL&abGi3O?QE^Y-$tg=hcNKEHTTPP6{6)c4shmfYU)JLb#ueT%=HzH~aj z{vK=4sfQIdVSg5IJX>M+v;PA3`yH(}cISVSi4JqM6Ya@*8WX4gP~Y3^ZtwZkQS$S` z{X)Okg=V% zKi?@?b@TG?SgERy+C~?y`mr;2{a>*^cur7t&bxWW|7x!(zvYoIUGBPvMf{#v?D=Vt zbs~Hv68~4N%iqI!a_^6vHHWek6Bjc{&WqaqeCc%i8`it$nQSxdW6tD>44-Twl(6DR zBS&fe(GBLu15A%rEz|1VnxrUFu5x0k#H@;@r-!N=aKr!=U@Jgcd(iFb~4Y5Qw`UTaa+0`ycn_k@;ck&zh-3w#9jIB zb$4BP_V$zB24CHtmOqlKwk$h$hMD2uM(G=it2Sx#lwA9iu+3jZZdaWCRc>Hfq8O0)0W+AAo$>3@;WlHVtzUhG%@wQ5s+ z(*66_Z_ny^@PsSJ|J?L8u9{yz{jTa~DN1&ktV!(OQr?!N^zQWJX*?e9qLXDB51LIo ztfc5)$+_(2wh5Q_uKIoHP4E+ z^D9nw!|czW`i~|X9{WG9|LB>h&DZyNzwP_}!|%fV>A&)PH)xmfns#k)eDL$s>A86x zrQNGKYi6CgxZ34IZZOB0uldu({U4Qnee+}Gubo%_=ZL;hKXu&nVzo)A`K8B}&BjNk zXd5iv+FizWHNx61B=VKzbAymgmw7GcF)y0^bxEj9;!Ccn>$MG^Kk4{B?^>1UvfSoo-_A`@Hn}1BEB`pOoosdb zyDeb#>fXqY|9GlSbL&PQd_T8cF2Fy*bKcyO-AAupRIk2o7@mA}ckhyP;kyAFckSq& z|NGWswKMOUo3(nD!lyRdHaqImg*QBUo%KeagucH&{nqRBxzhK0<0nkt91z!f zTJAywLxcN=IKGvAYxvfb8G4&ketvn%+as4RRo2I>ZF_$i_r&S%SYP{l#r@cP{l~QI zwR4)U9e%2M$h|IzKSzh*fO3U?=(Yuyk~zLf`^MLCefm_l>)FIr+nsm)PT2Hu`}@6# zPHSrIw&a`G%1ULI?%V8spmJZ(?7II6m6dJ$eYFcyn+i2;ib=`jxb=H9w^j21WSXH}L=jjt^+k2a?J`HN#13F{p>BH!# zuKWkRk+2m6uQknj=&8-(M>0VHEvOa32 z{*3Kgr|u};_3mHL%c_uN#lQ4f85;KV1jg}wY6(8oQoq)X^^wV?^3@lo?#T;ZT2k(E zD(=$PW4fCjhp9U8?LBhJ`e&ZhpGAzNt1eD{Tv)?wv}xzHj-#DAf&O#!W}9ylUG6to zY!2s_uy?0Q`U-b0|0v$o^5ny8<_9xBgft~f-rn(avh&nC@mi^SE}iE%$=1HE-XuRZ zTlFzSrNv0wRjEx-^9Ebla6!D{9cpzEV<^# zuYBQ6#U)}fOODOGQrXcZcSh~dNuOyG-WHzn?i2{O@v~ps|CoEj%8)f~dfJni-d9L` z@iTeWq^PA;`F>l`32w{n=lOFhZ(1#TvyuPJi%YeUhx+*#PMrSn#C7qqH9A)BxUY!h z{+qPt&gsg<>(24m|8nqX{X1VZ#h-Px*W)STPG)is|DB)e;VUDVXZp1?vvJ3{@Rc8C z&dYr|WqQ|UR-MYo?SE$~?T?uj^T?h3z~={~m7Z+LjE~SLbHQRZ-EU4gF#jANHSQ zGTv>p?0@6!6TF2w>!zsYbX~Vm4AwTyd)acfFQlSOHN4>1nUp6xO1mc1r<{*@b>-E9 zJs~$%>^GDyJ=wi`j*ex~jHR5BrY2t|iXVP4TT8$$Enn$oa@zFpD-x};*Q1qF`m9ZN zr%j$Zd)D(aV)Kg>T2AdhV;@kheLwz5YP4_3Rg3D0@n+huUq{x?&yU|~bCv0PKv?U9 zb)_Y*Zia2!b74=Y_`Z$4#{dH*PtzP_q1l zcf4ihr(f(dKPc++#1AKvOLy?5!I>3i$VA8c>tvrpT!=XK7p6|VRCkFL0zy-|D@ z`%$@vdEL7DM`rXNT{kmPOmX%tuhj=t(l0LNkk7QAUv0_x%dl+kHMjeJH1eL*Z@ZnD z`C#duFVl_nYFb(kSqa|#&vv$8^TktB?)*Hv>0?(w$4`;pcK0KDymIWsx?9M>x_#@~-p;HS zyrH+zu;S(Ymdw`mD;6&aRMoHEK2=wLYW^(r6MzEd^4_|2(r zD|FPt47H5ScHSr(sr7#qyH~jv2r}&-Z zdDe}6)Awfzd(5lovf5X|Qnm40IK89xx4oKn{q2w)vNwKN7+>hC z>O6gQbywe6mle}9e{D&X6q#Eg6xbb;?WKR(NaNG>rB*TjW=xxYDZEg7=9fbP-#1%@ zUi=+%ZqwX%Q`b-5*EU<~YQCsa=d@b=rB7G<-+b@sdAFM8+Rpg8Jg3ekSLID=**@thHg;Zn zLrT{q|GE6|)BPJ&hVO4r?fa7I!RV5@OjG?ebK33utJC(LS*74BW@Y|z>5GLjrAek{ z2j9=R)7#bz0A3CpFC0YGZFMNujyMz8NrZV?esWEkX3?(yn zf7-8hYKPj_J@*CHNsAn1Zf4wjq<2!P!on|?jLvcXKeDfv7MO&e@Z8T=JIH`+uP>)~J5L`m)n%tAqT7 z7d<&+TKV(C-mGihI(my&?~;gBno>P;m3fZaf14`~Yz$RX*(X-t%=3MF{ZFiFcG07^ zYsAyf#kag%Gksrr^{e2pZ@2pvE;G`)w^~d+XUZ451=B_2IkesMbsy*4;tLLJSFYT8 zOKiQ{?B>l=CuHur(jBj-{?7Z@`M8y*Htt>4rc*T8>-XvP+aq^IPrL7#bE`g2HYBTj zJyVsSciZ2h)(_6zaW)61^n`MqHGRQw;L(k{ubx)E?)%EQ|I*i`uj_Vt>9a5LzUKDn z?3wA>Umv+j9j~9pl&j2~bJA&jX8p^P+&)sdi>C`ly05jlWOQ!Xi`1KMK1x)EdbC@W zK8^VvcJZ`!;EO*$Gi^VG+?&q2|LVadb5892ANIP<>-g#Z8!p}l#Hug#zTU@hmp}Ji zXn_9gL&tW1TDIkt>mQ3%&%DilZf17S|Gs4U%8KGosYdEtlmBf0-d>dUYR&X1GYz@z zFLckDbD!;&zFvCT;(uJRp?;^!9+muM)lqHv`0T`~XK_uB=X{vW7c!gsQJMJNXN7NW zPTekS+h4w1{Qct9#}cKB)XZ;tUQ+uWlwZ8udAh#d({7uNI=z%XrhAzsuis$ZaD7wS zqNj1JUoVxvI+k1+>3G3SUotpyn|MqS3&WS9<-Un=75PVn|D~vAExlxBzE^qoj_sGb z=WMW>F-hy<`K62F7P-5xntduyLG9+J=~>TGgr|ho&&@NxQKFOHy=L2!fIp`;9$AYu(*IrczagR3%EbNV2!&jX4fT1Doouj^? zK9gmzW`9xOQk!kD=G)c$&g{z5yy&KH8XGKXI{VM6@TYOt_MD&eewKEblc-F!zL0TX z!wn<-ZP!;Ys+To!zL`_Gs`LB1d$F6VIQxTNEL9N}e!eQ+!SlCzSV(M~NTmOwq8jGH zy^0&H_wKni{d-LLWRcrpM>?zS-2eWm{m(XQrM{O1KYe%0Z1*|mk#pe-n@I2N8><(1 z?T&sI>Y=|_^Rn{-SN+b+@c5{iT^mk5`QZF`%I}+;H}$*Pm77fi zjTDUC4sk?Jy>aBsu4!(k_j0{-J(8Grhx5hKl6QeK^mn<%P4x4vWLR)rqE?|_c=hqz zxtF`V3g4KW;hec8@1pnpIqxjPuEj^y6i$shrTMu?e)ev*>3`qv);sS%^-tI8)_o0e z=gyto_AO#^oYUhke&RmXhCBa=R%hGI%f7cxZnJ;;obJ00`pUZmXU@L({i%n2R8d(d zdt};%yp4B$ermm*e)ZzEy>EiIR&9N8zr*QwwdkeOI|5T*Z}Yl7H+(I_v|G+LJ$ zAzZ4zUH8>JHrVkw`NQ66w-)YH4z(55Ph*~c^G~&TX776Xz+&%Z>2phZ zRKM6r-40kgad|WUlK0+T6Q}xov(KBPI?HwIw6v&`JW_jmR<6}@FS_&csc><;Pe zo)%KIF-di<(pRPr78M%&&SH}gA3_yH9W4{QKtWccIg-+!AqOX1I7-_BCtX z!RKE~uX0*$6Y|*of5N{H$w%HzsY$R`WB6jk`Q?)EoZWdJmx_l@IlrrRf!Dp>`FE~s zZ2tbrh(V#MF?zGwXZy^bM^5F0$4hGe;xFBoeeG^c(|l2ei`-Q|=T?-Zow~K_?M|b( zo!j|-K0U>0ugS1T{L81=fvcZw|0KEVE;IO&#V??x#t(k=fbJ3muf$pex`+{SeIjT9 z;sNKjqlOF&U@5R#IbEGTMh5WewFMxhA2JdPc^DY#X2!+M741%6f8^q)*qJW(6jdbl_9^Ef#HDe;_0@Fr&}&x)c*{u z;$Uf!{`{UeuX7vhPAwE?VA#?0nq$$E*H4egfq8S|B4n5u8mupz-jpr;Ysoi8h6m{{ zk4E-#FFg`2tL~g=#J~{KeB-N#;mr)6Z=2T&F)*wJaB4(4^6-={vi zU1b&O^S-v*;#|VvtL~sBe0hRUuweSRw>p2f zO}qK-RupK3;Fn8IHfyHuFiz?RS+FI2N%dZy#UMYXekqc==6&nt7ML+_+7C}(G8xXb zc>4LL>|c{7{??zLr#?R%UEC7K!0=#M)xxE!3=AdbIY5i(Ko&TFZjpSj@z5jq?UpZ{ z^yBsQ+o~pXpI-l`i}AqYCyF|KuK)MRyo%KO|7itK3>7^#Eq6{oz3~0s)zjsN#2FN-e!5oel&HFNm?!o_ zG#f+zg!T#5lCN_2@_dYDW6nH5X6s|Mz$Q z|39Di|Nqgs`EUHi{TH|y{_NlTyS(u8K4y!52^Ph79`Px?sLAxcQ`F)xYl7;G9b1;R zEYn=(8`Y($C~IW8&{<(+yWUZ6)6#bz7I=C@u`nqLNNw?~Z|3QM!Q4JD>-+iuU7^@(Z2^~>J-ch;PXh+}xN zbj}{1Me}{F5_eeeHF;_1Gl(5Ob;5hM5XZ`vQf zTrs!i=G$$bL$~B@pI>Kqt4_+nLbm++Cm}!gzp2OFHb>sjzo%9AI&=Bns=9+~=H}?v zpFEbfYi{OpZGDE_lc!gG{JLiHo9oeApNLM*$d}W5ZOqdYd8g+|gm3Dldo!BarvCW7 zHFM(hlbL^d!^GM>KRx!+?sV5)(e^n-`S2Qvm%Gi<@76Tky5X~Y-k-^A3->U*Ir1pt zN`J!No{e?3^`5%7w$EpA+~xf~yeaESo15x?`?YUhx^MmCx>rYk@|%w;H@!YSPMkG; z!Bks2&p5l&_e&@4J$Ni_+0lCCDdG*WGvfFj$=2tWF1PJ(YrB`TWrb?>uS&ZHpUFW- zOr@6C%dFYw9kTH9&kDKenX{g#c3oa%ES>VPOKtwGJ(n{>FLADz%477nQ2$r9T)*Ab zC(nBw?=9~=`(^Qb|Fp!#`;4+qav$hDciKW$NNsb?*6fItCYyFHt1P&1HvIS^r;)Yh#H;@!v+Do2KwyI)1jy?3#-IjT>hy zW>+n053OXp(Ry@a#{IeaF}&t_t8>_xAjEtAl6URM?%je|sg5+TDZO zyY{;sExwgq{pZxN&J)K^dY`w|t(SPZbfW&*qmMo6IMgK5tDc)*?!A8M*e9k951-Y~ zxv^sEoRw4GeUYA=rpxPBb!YKRy>M4&ALU|Ude7bZ} zeM#0P9`gvjt6#U}s9E|iFq%>Rlr`a~-<=8jgT2e2K0Nu!^=9hd#64zV{_WjMpC(SY z_)F-<&pl^W9bLWcN$S(5bN|#d^`1SmS#(cgbR0ujM%BslfqBQP|12=d(OouovWfoO zipU%(mhR@1H4SwEy+zzkU)loh3$W9uhuT~uknqxH7LXJ$_I^jABR^|LEG{RLjHm#>aI>;2`E*X|w6 zQST3(E$KEs_k{I9n|>c}*Wx!HnIbNneb#Qmni;ofZk0(L&*t}Y(-b)lzkB7Gc5}B# zdf(cosgveMnBAT?y{fLz*T&)Nx%_2!--`XewQ>)`8;7_>2Nzjsz58{^=h~rHnHrz= zxcvT8Rk!(HqFuPpHMX8ilTR(#*Y~b@x^(K(#nHFtP0yHp&}RR){pEGWhixjqcH5aa z#4%LvOf2{5`~Kqa%@vzF`d^q|TDa6s{`mLj=g;f)@mHnneBmbSS8O=%_*>5F>n3t) z?aj=ty!tOH?vb~7dvBq(-GTkO`X57t=9n$^U3PtMPM(@nRny55k^3SGu1yzjkUeqQ zafi)HZCOFFo6XM@&YxC_h!ZkCo6i=uX64#Djhia^&l(?ZyUDM<^=;+L^l}a9l1=6} zZurzOZ(eYzFhhPpLDA&%GOxdFimkN0U26WQ@ma|YIkoV&>GL^*d$ba5D}OyxSN~pp za^+$5&2Lm1Q{yJhZaZ2o&7HNj`E#Y^SwEiFys!3t{M2-+_w16xAqIuVQyN6S=YQ)w z`PMIapG5oW`D=?_9uI4KTyR?`wA>~u{?j6FyS1q+1MeKFFE+k=(W2z4-GOsDeRo;9 zt7;41xtPrlS z`s?S*r(Ipf{)s7}O4HZkJ+J!Oo2&Q5#4%j%-V?)I$>^j1NlBjphJPO^)d#7ZDBcil zzW2|M)9m$?{&7!O7u$_eTeOU_P zXkI?eFJJ%p*~5qS_THa9{dnKr?*H%Gn|S+);+2dQbNAFphd=G^x3fQGQ}uuHi}UUG zPj~NO*mLaBjs5-Gs@Ct>Gw1HRJ#&8QGW+O9|Ea5vyQibCfBya69eYbF3*Ya&Z{!fS z?Z>arxuriB9ZA;jtxn%=uAly0s_ryHck*qUyFt^_?@ymGJ)_2Q_tMX&yNwTXE9i^= zG|)WNeE;6hgU9#(&^mis|Fn&vrG(A?@@!lAAF9mXE{59qy@?E(Vy_-=|5K&%gWt-^ zm0{B7&*vpapPOgiv?|^xK|XdNfBEHyPd$IV;6J%Ie(J30(LON@mrt|a^SFLkE{)&b zH~I6m{wJ&r+l1be0RK)vEX%#uHgH1SD&tSu4H@=6dwJ!s=hY& zO+*}nMq<@XiyuYqaSS`IyqqdDan8IyKVBa`T>fu9x7JhE17C_(o`1CafQs?y=#P(X zoPWaFAhc}yD?=sY1GUW-Y#_19iQ)}=Qww<*E^~v^Q}yXb5)7Z14&+%(6=yj0{029}GI55o zW{}62yOTk4N3c{k<+)27gU0>ZO2!2>V#gVFu&t|RJn)6-Kwd$x1cQ%0*ro$tl=Q)R zm=5eKybCtV2bxqFp0GAZpM4|&GXIHd9K*M1M-4&RK#qQ+3$beVK~Pxn%D@bM!`hIY zP{_kj$>tVQI n4sm3|OV>CCkV_mg|FPfNGOxT>Y13&21_lOCS3j3^P6 [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/7934) in [GitLab Premium](https://about.gitlab.com/pricing/) 11.11. + +NOTE: **Note:** +This is the user guide. In order to use the dependency proxy, an administrator +must first [configure it](../../../administration/dependency_proxy.md). + +For many organizations, it is desirable to have a local proxy for frequently used +upstream images/packages. In the case of CI/CD, the proxy is responsible for +receiving a request and returning the upstream image from a registry, acting +as a pull-through cache. + +The dependency proxy is available in the group level. To access it, navigate to +a group's **Overview > Dependency Proxy**. + +![Dependency Proxy group page](img/group_dependency_proxy.png) + +## Supported dependency proxies + +NOTE: **Note:** +For a list of the upcoming additions to the proxies, visit the +[direction page](https://about.gitlab.com/direction/package/dependency_proxy/#top-vision-items). + +The following dependency proxies are supported. + +| Dependency proxy | GitLab version | +| ---------------- | -------------- | +| Docker | 11.11+ | + +## Using the Docker dependency proxy + +With the Docker dependency proxy, you can use GitLab as a source for a Docker image. +To get a Docker image into the dependency proxy: + +1. Find the proxy URL on your group's page under **Overview > Dependency Proxy**, + for example `gitlab.com/groupname/dependency_proxy/containers`. +1. Trigger GitLab to pull the Docker image you want (e.g., `alpine:latest` or + `linuxserver/nextcloud:latest`) and store it in the proxy storage by using + one of the following ways: + + - Manually pulling the Docker image: + + ```bash + docker pull gitlab.com/groupname/dependency_proxy/containers/alpine:latest + ``` + + - From a `Dockerfile`: + + ```bash + FROM gitlab.com/groupname/dependency_proxy/containers/alpine:latest + ``` + + - In [`.gitlab-ci.yml`](../../../ci/yaml/README.md#image): + + ```bash + image: gitlab.com/groupname/dependency_proxy/containers/alpine:latest + ``` + +GitLab will then pull the Docker image from Docker Hub and will cache the blobs +on the GitLab server. The next time you pull the same image, it will get the latest +information about the image from Docker Hub but will serve the existing blobs +from GitLab. + +The blobs are kept forever, and there is no hard limit on how much data can be +stored. + +## Limitations + +The following limitations apply: + +- Only public groups are supported (authentication is not supported yet). +- Only Docker Hub is supported. +- This feature requires Docker Hub being available. diff --git a/doc/user/group/index.md b/doc/user/group/index.md index 06564fd6cd1..a5e3bfda70e 100644 --- a/doc/user/group/index.md +++ b/doc/user/group/index.md @@ -368,5 +368,9 @@ and issues) performed by your group members. With [GitLab Issues Analytics](issues_analytics/index.md), in groups, you can see a bar chart of the number of issues created each month. +## Dependency Proxy **[PREMIUM]** + +Use GitLab as a [dependency proxy](dependency_proxy/index.md) for upstream Docker images. + [ee]: https://about.gitlab.com/pricing/ [ee-2534]: https://gitlab.com/gitlab-org/gitlab-ee/issues/2534 -- GitLab