From e384f07a1847a3f391ce2a7f093de91ed7ff948e Mon Sep 17 00:00:00 2001
From: Captain ALM <captainalm@captainalm.com>
Date: Thu, 30 May 2024 01:42:30 +0100
Subject: [PATCH] Re-init.

---
 0001-Hibernate-Patch.patch |  69 +++++++++++++++++++++
 BMOK-openssl.cnf           |  25 ++++++++
 bash_aliases               | 123 +++++++++++++++++++++++++++++++++++++
 boot-verify-sign           |   9 +++
 grub-update                |   6 ++
 grub.d.my.7z               | Bin 0 -> 23604 bytes
 install-grub               |  12 ++++
 sign-boot                  |  36 +++++++++++
 update-mydebs              |   3 +
 verify-boot                |  32 ++++++++++
 10 files changed, 315 insertions(+)
 create mode 100644 0001-Hibernate-Patch.patch
 create mode 100644 BMOK-openssl.cnf
 create mode 100644 bash_aliases
 create mode 100755 boot-verify-sign
 create mode 100644 grub-update
 create mode 100644 grub.d.my.7z
 create mode 100644 install-grub
 create mode 100644 sign-boot
 create mode 100644 update-mydebs
 create mode 100644 verify-boot

diff --git a/0001-Hibernate-Patch.patch b/0001-Hibernate-Patch.patch
new file mode 100644
index 0000000..ed5dab4
--- /dev/null
+++ b/0001-Hibernate-Patch.patch
@@ -0,0 +1,69 @@
+From 71c4fb133b496d62539dd32dc3d377f861f067f2 Mon Sep 17 00:00:00 2001
+From: Captain ALM <captainalm@captainalm.com>
+Date: Sat, 25 May 2024 17:55:24 +0100
+Subject: [PATCH] Hibernate Patch.
+
+---
+ Documentation/admin-guide/kernel-parameters.txt |  5 +++++
+ kernel/power/hibernate.c                        | 11 +++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index a1b25a735..71b537ea6 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -2684,6 +2684,11 @@
+ 			to extract confidential information from the kernel
+ 			are also disabled.
+ 
++	lockdown_hibernate	[HIBERNATION]
++			Enable hibernation even if lockdown is enabled. Enable this only if
++			your swap is encrypted and secured properly, as an attacker can
++			modify the kernel offline during hibernation.
++
+ 	locktorture.nreaders_stress= [KNL]
+ 			Set the number of locking read-acquisition kthreads.
+ 			Defaults to being automatically set based on the
+diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
+index 9abc73d50..25c3a8fa6 100644
+--- a/kernel/power/hibernate.c
++++ b/kernel/power/hibernate.c
+@@ -36,7 +36,7 @@
+ 
+ #include "power.h"
+ 
+-
++static int lockdown_hibernate;
+ static int nocompress;
+ static int noresume;
+ static int nohibernate;
+@@ -83,7 +83,7 @@ void hibernate_release(void)
+ bool hibernation_available(void)
+ {
+ 	return nohibernate == 0 &&
+-		!security_locked_down(LOCKDOWN_HIBERNATION) &&
++		(lockdown_hibernate || !security_locked_down(LOCKDOWN_HIBERNATION)) &&
+ 		!secretmem_active();
+ }
+ 
+@@ -1337,6 +1337,12 @@ static int __init nohibernate_setup(char *str)
+ 	return 1;
+ }
+ 
++static int __init lockdown_hibernate_setup(char *str)
++{
++	lockdown_hibernate = 1;
++	return 1;
++}
++
+ __setup("noresume", noresume_setup);
+ __setup("resume_offset=", resume_offset_setup);
+ __setup("resume=", resume_setup);
+@@ -1344,3 +1350,4 @@ __setup("hibernate=", hibernate_setup);
+ __setup("resumewait", resumewait_setup);
+ __setup("resumedelay=", resumedelay_setup);
+ __setup("nohibernate", nohibernate_setup);
++__setup("lockdown_hibernate", lockdown_hibernate_setup);
+-- 
+2.34.1
+
diff --git a/BMOK-openssl.cnf b/BMOK-openssl.cnf
new file mode 100644
index 0000000..5741787
--- /dev/null
+++ b/BMOK-openssl.cnf
@@ -0,0 +1,25 @@
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME                    = .
+RANDFILE                = $ENV::HOME/.rnd
+[ req ]
+distinguished_name      = req_distinguished_name
+x509_extensions         = v3
+string_mask             = utf8only
+prompt                  = no
+
+[ req_distinguished_name ]
+countryName             = UK
+stateOrProvinceName     = Kent
+localityName            = Herne Bay
+0.organizationName      = Captain ALM
+commonName              = Secure Boot Signing
+emailAddress            = alfred@captainalm.com
+
+[ v3 ]
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer
+basicConstraints        = critical,CA:FALSE
+extendedKeyUsage        = codeSigning,1.3.6.1.4.1.311.10.3.6
+nsComment               = "OpenSSL Generated Certificate"
+
diff --git a/bash_aliases b/bash_aliases
new file mode 100644
index 0000000..286ce85
--- /dev/null
+++ b/bash_aliases
@@ -0,0 +1,123 @@
+alias screen-off="xset dpms force off"
+alias boot-sign-verify="sudo sign-boot && sudo verify-boot"
+function kernel-build() {
+  echo "[+] Kernel Build Starting...";
+  cwd=$(pwd);
+  cd ~/kernel;
+  for _dir in *"linux"*; do
+    [ -d "${_dir}" ] && linuxdir="${_dir}" && break;
+  done;
+  echo "[-] Removing Sources...";
+  rm -rf "$linuxdir";
+  sudo rm -rf deb-contents;
+  rm -f *.gz;
+  rm -f *.dsc;
+  echo "[*] Archiving old packages...";
+  mkdir -p old-debs;
+  touch dummy.deb;
+  mv *.deb old-debs/;
+  echo "[+] Obtaining Sources...";
+  apt-get source linux-image-unsigned-$(uname -r);
+  for _dir in *"linux"*; do
+    [ -d "${_dir}" ] && linuxdir="${_dir}" && break;
+  done;
+  cd "$linuxdir";
+  echo "[*] Patching source and configuration...";
+  sed -i "s/.*CONFIG_MODULE_SIG_FORCE.*/CONFIG_MODULE_SIG_FORCE                         policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>/" debian.master/config/annotations;
+  git apply --verbose ~/Downloads/patches/hibernate/0001-Hibernate-Patch.patch;
+  echo "[*] Cleaning kernel build...";
+  chmod a+x debian/rules;
+  chmod a+x debian/scripts/*;
+  chmod a+x debian/scripts/misc/*;
+  fakeroot debian/rules clean;
+  mkdir -p debian/build/build-generic/certs;
+  sudo cp /cert/mok/signing_key.pem debian/build/build-generic/certs/;
+  sudo chmod u=rw,g=rw,o=rw debian/build/build-generic/certs/signing_key.pem;
+  echo "[*] Building kernel...";
+  fakeroot debian/rules binary;
+  echo "[*] Build Complete!";
+  rm -f debian/build/build-generic/certs/signing_key.pem;
+  echo "[+] Extracting kernel package...";
+  cd ~/kernel;
+  mkdir -p deb-contents;
+  dpkg-deb -R $(ls linux-image-unsigned-* | head -1)  deb-contents;
+  cd "$linuxdir";
+  echo "[*] Making kernel signed...";
+  pkgarch=$(dpkg-architecture -qDEB_HOST_ARCH);
+  pkgver=$(dpkg-parsechangelog --show-field Version);
+  cd ~/kernel/deb-contents;
+  pkgunom=$(head -1 DEBIAN/control | sed -e 's/Package: //');
+  find ./ -type f -exec sed -i -e 's/-unsigned//g' {} \;
+  find ./ -type f -exec sed -i -e 's/ unsigned//g' {} \;
+  pkgnom=$(head -1 DEBIAN/control | sed -e 's/Package: //');
+  sudo mv usr/share/doc/$pkgunom usr/share/doc/$pkgnom;
+  tlinuz=$(ls boot/vmlinuz-* | head -1);
+  sudo sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $tlinuz --output $tlinuz;
+  sed -i "s/.*Conflicts: .*/Conflicts: $pkgunom/" DEBIAN/control;
+  pkgisz=$(du -ks * | grep -v DEBIAN | cut -f1 | xargs | sed -e 's/\ /+/g' | bc);
+  find ./ -path '*/DEBIAN' -prune -o -type f -exec md5sum {} \; | awk '{ print $1 "  " substr($2, 10) }' > DEBIAN/md5sums;
+  sed -i "s/.*Installed-Size: .*/Installed-Size: $pkgisz/" DEBIAN/control;
+  echo "[+] Packing signed kernel...";
+  cd ~/kernel;
+  dpkg-deb -b deb-contents ${pkgnom}_${pkgver}_${pkgarch}.deb;
+  sudo rm -rf deb-contents;
+  echo "[+] Deploying Packages Locally...";
+  sudo cp ${pkgnom}_${pkgver}_${pkgarch}.deb /usr/local/mydebs/;
+  sudo cp linux-headers-* /usr/local/mydebs/;
+  sudo cp linux-libc-dev* /usr/local/mydebs/;
+  sudo cp linux-modules* /usr/local/mydebs/;
+  sudo update-mydebs;
+  cd "$cwd";
+  echo "Kernel Build Finished!";
+}
+function install-tar() {
+  if [ $# -gt 0 ]; then
+    if [ $# -eq 1 ]; then
+      fln=$(basename -- "$1");
+      flp=$1;
+    else
+      fln=$(basename -- "$2");
+      flp=$2;
+    fi
+    fln="${fln%%.*}";
+    echo "Installing: /opt/$fln";
+    sudo mkdir -p "/opt/$fln";
+    sudo tar -xvf "$flp" -C /opt/$fln;
+    if [ $# -gt 1 ]; then
+      sudo chown -R "$1" /opt/$fln;
+    fi
+  else
+    echo "Usage:";
+    echo "install-tar <archive> | <owner> <archive>";
+  fi
+}
+function install-tar-contents() {
+  if [ $# -gt 0 ]; then
+    if [ $# -eq 1 ]; then
+      flp=$1;
+    else
+      flp=$2;
+    fi
+    echo "Installing: /opt";
+    sudo tar -xvf "$flp" -C /opt;
+    if [ $# -gt 1 ]; then
+      sudo chown -R "$1" /opt;
+    fi
+  else
+    echo "Usage:";
+    echo "install-tar-contents <archive> | <owner> <archive>";
+  fi
+}
+function edit-dot-desktop() {
+  sudo nano "/usr/share/applications/$(basename -- "$1").desktop";
+}
+function edit-dot-desktop-local() {
+  nano ~"/.local/share/applications/$(basename -- "$1").desktop";
+}
+function tpm2-contents() {
+  sudo tpm2_selftest
+  sudo tpm2_gettestresult
+  sudo tpm2_getcap -l
+  sudo tmp2_pcrread
+  sudo tpm2_pcrread
+}
diff --git a/boot-verify-sign b/boot-verify-sign
new file mode 100755
index 0000000..c5279d4
--- /dev/null
+++ b/boot-verify-sign
@@ -0,0 +1,9 @@
+#!/bin/bash
+/bin/bash /usr/local/sbin/verify-boot;
+if [ $? != 0 ]; then
+  echo "Bad" > /opt/boot-verify-state;
+  /bin/bash /usr/local/sbin/sign-boot;
+  echo "Good" > /opt/boot-verify-state;
+else
+  echo "Good" > /opt/boot-verify-state;
+fi;
diff --git a/grub-update b/grub-update
new file mode 100644
index 0000000..fbac7ef
--- /dev/null
+++ b/grub-update
@@ -0,0 +1,6 @@
+#!/bin/bash
+echo "[+] Updating Grub...";
+update-grub;
+/usr/share/ubuntu-system-adjustments/systemd/start;
+sign-boot;
+echo "[*] Grub Update Complete!";
diff --git a/grub.d.my.7z b/grub.d.my.7z
new file mode 100644
index 0000000000000000000000000000000000000000..e7718addc998160b364f08a685b527226273740c
GIT binary patch
literal 23604
zcmV($K;yqRdc3bE8~_APn5BjATL1t60000a000000000bFy@QlueMr?T>ue?KqB`@
zLp$2OUjnHCsh6Vh>jF0jK}5*h@7*QMXb4@$$i9L)A2AsMK@WI(s+w&A<tWkCj3Ccv
z+KG=qkM=QGcGv)BF2}##@D_@M*V_6SoWU<&g1Lewam>d5SAoJWeX-Z<ek{+Kng1_?
z3U5fOiN{Apu!`=Z*m~0Hu>EBGG|rlG+MZ<=fg^$$6*os~7lgD;_%APRog<UFMFR9k
z-S!n4e&}uO)dnw|@Il_8TF%8I(5{`EWT*x!1lz|MN%lRvB?(Z0N$2&FZLWI9_k68d
zZ)m`doP()Be=J>1?8r_!0hGKvTRm|5W--pO`fxcUi-~0d$a`M|1y(8pE=<n=^twKv
z7r*ka@ghBsH~a-jCD6S<C!-8*5KQT55r={0|CVK+Z6_Zr;FJ4e#^5tN1W@T2MWH+9
zk!>m6{M$y=@1{^yYqxg~<ia(H{NX1^-r&P)209;szeO4!M<m0NfYqVgE0Xt5s+`LX
z@H$<j^r-u8t+Gts^etOU3(9+4%nE^Ds14lNIQ4J@Cj2rZdTPpvC|$}-Yw|UhKX;Ws
z8!X3<Lcdxa#CF4Dw{rRs9eiKuHwKXH9(73Wv%sAE@$>OQQFi1zmnfsMK$12CCZl`a
z)^4Djt(7;az`7SHQ{#i9FvvGos~L^<%?;lJS&)*LT+=<HwYyzxW4J)>q|=3A$()fv
zl8WG{cp(3u?k;L5gr)ne6$J1VwF;CYiNLG*eKy})Inx}cmA3%;*@H?<`I~()J**ew
zODS~4F-$^|AV2mPHdJ-FZGmUIx}B<d^?<5m{Qcda(;&8@8j%5d{3U!{qJ7Ao)P5%Y
zQ7I&PQW;iVzOh@A7)DL5bU<J1Sq2IW*~IBE#C~Wud<@{R7%(X~V#-OK@w|>8&INj2
z0md5)$_NRw(ctu8Tj}Yv%K}0c2ej-7Fku-RO1t!4w7;U7fH_e@&f4*!5nTy){nr@-
zy()!{3I?hHbOd-gEs(9_BuO?bx?c&`!*I`jt()!1;1f5Q?t`6Qw+`@&Wp=~Yy4u3L
zR@xsVE5AV|hyGK2K>Of`CV<A(^_ug_500>pNb`iG2w8BfAn4{{S13v6cc#~<pP-z3
zQQqarK0yK(ssj`R9q5=)ae>q*hZQwBOo~(;G~~lH>b@clZhsCP%g|7N4NCg+G*mFT
z0G3dVM)F}fi!DcF0e4C(EnUHs;0+ST7=HWL3!OK;21w#4vIHp->7Dz+*EACz8`(J2
z7oSOs7+!hFxeE$5#j7x9)L+^UQD_2wRZ@L_{Wum;^FgLy6@pjxpw?}wY)7(EEKQtL
z#Z)ci2aI@#BWSd*@p$kix*oS|YgUN`X-Mg~ZqFb7Q&Ch<#XfqcT%!ERQc0plwkB*+
z-nxENuCLK^ygsDr`B99z*6l|!!tGwV11^gpCDAQJ9Dw^BAJtULBJ#MX?S)=Y`N6ES
zCC!Y;b#yvlx0pY%7!DKxR5OH$g;~aYC9{))2g$B0%7iDOf{MWv^#b!u;$;#T>oYYh
zfyAKzMqwD;KTG!Xb<7^U;fDs-I8^ZI5BA%&B~tBkD88*8U1Fp&21m@_3LH$k0??59
z+f@d4>f><iONV2T_ptQ=w-Wtv7i&od!KfeXxu1%FM3mMGLkQy(Yz71Za*fYSQ*wy6
zLWvJ+HEog-OSRt2kCB9BkYD%#1D5ZwMZdjg(ZqAixDXYE?HTlm>MzvuPdqwU12Z)c
z9AV$+)_K0TGuP3&lFtyMi&|UO<DF>KD<ZSJ{K@y)f+2F0i23_bW^PexTimIC;<@=Y
zDMP{cM+9E^5X1-W<Je!>o#E%0Qq+lN-YOdBE>^TQBlcQyikd1@GKE>R61#(rF<UQs
zbxtKRJMubw2m&1eZl&7d+LNh38G7J-dHArO7(ejIL&FM>%Y?XYzL@!VY*`bF3b9Gj
zO!I}38U?$Afi-SI%<&C4Ok-)J+`i*NR=kU${bf|Luys!O_Ny`*9|K-{LrZM3o3|k)
z@Cb><am8i#QZ#(pG0Wt|?sSBRzvwZv-mo<o=Ywva#KUfjP#KmyBT{^tFmBIWb;;?O
zT+(&=)LEB`sIdU#X~r`hSU^yx?SpZqlIor03bSoEpg}C2l79T}8;z}GGv4Ihq|jUA
zXF}Jh=~t`o8|K||PKChsl+l=5AzOj887jR{4T@TqQ2J9BQ0U9YZPF`Ec7Xh7KY)yZ
z`3>z&B!}p0?AV=XOp^37dDSy{u8&6_+w$%R28wAPPVRsGu=W960mMNh4gX*vEDwm7
z4ix}iiKb<3A4bpTlZNUC)<A?GivfT)1X7gyb^NCa#ZL8ck@oWtkNS+cEE;`J&~g-+
zWm1Pp?c+}yjdF(N;{hrDZf|TZ!g(K=S?io-zW@8NdHOkW4|Oh^A3*JW;n+OmuU?(!
zU&a>V+egD+Y_jmkrT)i6fztI=WcqHGO_j%QNWZ^;y*EZ`Geld7o<axpI1YHUu?7Y4
zSPa--3n#*@TU{Y=Eqi8xBuMS_;tFtS@VMuFQR4RKY@dQl+`cbP2WO23m{)s*b7f6P
z+Luvg)PT71L<Y#wKgObtoTX?BA#)T!21&2S5%XZdlor=!3x-@xM!&{4K*zAT%N%$I
z1xtz_aK`bx=a5NvG=3Qm3Mh2is>1TnnhAk8upBR|cW^X89P9StTOt8q&+hxSgJke7
zXT80$b70gNnIERoQeYdb>s>{q8sBr{pYk?2_m<HD{~8Z}2H(}c&+}1V<Jg0jxM99&
z!ql2M2GneY%fCtyrG8r%4dD9uJS=9^&?(20h|w`NAc?#?R8$CXtJ~lo44epm@?p3&
zcgjegjn<l2OPvDlqQaYmXa*d>Zuq{MVh#>QEJSfJ`z?&z5Z!?D2kp`cIplA{BYHoZ
z09L7YiRjs>z42X>9E6wN=Ey2Wx!Jr{e#i0P!gG*aM0F9<cBR?vZ!<C<y71R#+)r<(
zzT2qx4y?XAn)PGfejZWLe%{CpW#4>x!QRmZys!L5y}0$fJ2!Pfl||#B)qU1uFV8L`
zVi&5T%hRbx5gw$oG=*vMLXJ-{B@BHpsWdQ6R#`(>1X5~MC#56&DKx8HaA&F+oU`zR
zecR_yhx1C%PnR-TfS2jh*#wx{m4|Bn>(lN!ZkvO@C6VYpC;}O+`W(D+0u^b_pI}16
z<Xx#qJ@tLZWmD#p6)h}Ap~rlrnvGq$t(vF*^f`ENE=YiEaUD3#NGIz9asGr$4c7tH
z$KEH*TvUmrD_irCxouG!F_ZV8L~_bX`6>4B)xznAsY}M9i;1z_z)N?LO!qHDSa}RK
z{h34mADBOvTkV8#rs(>cCLMC_#HCPC#}k}(|F68V<){71=c9O516UTlK3!%hCH5p=
zm#b>&c=ascjjTqPx7}<o|GzW0bsc+l91)Rt|1ZCPtw7W}Ho{L*z(u*<R=!v`{qnZ?
zuVu_voMe*i#h5jePzsckx6R}yClOe8s`4M<(FkGPP-LC>aCnAQzMS#u<r?<?dH0uO
zaJmG&@zQf4LhR~2LM;?MysJu$w+q({Ppct+rvwoiy|7{(Re-M3$WJx5n|tFFvI&b@
z(7zR+;~1#j!d}WvCIeJqkI++E4DKkY)DGUkepe&g$$><+iI|I^ODFIKN{ZNU%j)Lj
za`p&(QJ0Y~!0hGG>N<LAXL}US{;|nTDU}&v%fUpryjeQtJh-alT`X*zO3!Hctd6!2
zEvO*yO5Oxr-+*FsVG-+6{X{eNdAD=1!f8LT=J2`E^ruKg{n^|MT#7h(Q<6Y-Ih1zp
zk(`GPKt|UATMzL>n#jUKg=kikVJ-A}F8&DpfIdl>4SHsjzwcM`c^|<&4fnh_lGh6#
zYG<pI?w)9-AiA-rp}3$-qL#)7Rs-Q07R1ZpdjC_ZKI{(#)zSd`xT7DDN}9;u{JMq`
zAY-`4h<%p?jdp^&1RiZy)hj_@(iXRh&83I~Lq|~3BawEnE$hqq%95arG;p|*yZtll
z3QYbVMjkJaE%Kct_A@An0phP~A#bl0&>15HFp71Dfqkso0wo`4Cjvb&;6i|lBptMB
z8}bEWyUDA}slI%ZE<JjD<c*aY)0PBiVF>dlnI%#gGk|7y<zb)5B45x7F}C4M`?^N=
zd||Avjs0+f524qDX=|4$H5EG)Y_wc`9D+?cX;BxB#X685G~BeXQK@bmDc^iSZO&>A
zLJM%P%3g;<3CQDLs`D1{oCH_<7WE~;#X-#>bR>&Jp1aQ-m4vxK5yb2xT6E~@tbe3?
zV?@g|<7zT^NbBcfPfnD!Fd_7v;N${aN{jb<m<|}ZzSVqVb}{Fv>qJ(#QJnhNSftBL
zweFm-7|#9ETM(PeIy*!k!8jdeF2JKQxT}mCOCj_%R%kT0P?MOTsKtOZDH(2XSlnzk
zLX7v`{@!69pSah+03tYRDbVzcV1wR#D+JR`8oX3CSRv1BWM_2)mpgonLW*rr_J^RK
zCevw0G1!4AeWAa7uhO!Gv5ZIeMBIu|-I&-QGMM<@yl$M2%2>-uP@dVkz=z0dknWCU
zMASskJI@mCaepJ7uJ6cNqzsuj?t<0dSP7GQMF2!sq_+Fhv~$&9R!p?`b_Ji;_bs0;
zP#qwZmtXMmAyXB_>dKE2Nbmf@%3pJjxA4jeGtYyCTb=ZuzGwl%zVLu2=MPb}GFS}K
zkj-iX#8~WDhh>xOY|DI+acBvcUWntC_O3lRIyHGmaF*n&-aM(v5Ju`X;*#D=S7Uo6
z5x<tlc>b=cgyX<)Uuf{r2kX;x`I-LOGI$PtKa4OX_(YuzUfP39VlrpeWQM-SR<jSl
z;MG5BiC-QI{H<KtoJ4ysj23h&tfD0&@%;(!{A|F+u1a()?+rt6WZ#2)-&qidPTNxU
zR)}22YrDmEy8>ksiFkNtacwoG#O!~j!hvo)9V(Dvn;nVYA;QIWV$j%>n4K<G!+OIP
zS0ht#QZ{M<o^%ML^1of=k_CKtW-B2So7ilUgndBYqK4EDuy<>`vvYeZ2>!p&H^0J6
zRR2_m#UPe4PP;cX-trw_cDNIpd{x~l3Uw-V;ed{cH9Xz~4S12(4I%g{^l~?j{TW<D
zg#;?OnC1@UsxjP8LJD`TS%8X=Lb;EWq$vch@I1aFe}B78G;lL36*w?NkFTf+2)nV4
zDx}8;hfBH<W6~=M@^o0FWAHN;x{RC112FC6!EDtf81&&%Pti1O5Rq%58l|R$S}7gW
zQWrxK#?F$qb7n#vHxRKJI4j!!m#dzH*NW+9CDwrl-iT0|48KBg^Ik4ep^DEfD}`fE
z(A5i~PqC)vaV6wi?Sd`D%EQ$Nu^oJhDDiN~^7ERI`{C<Z3CldGy++*9D3&jtT8t2=
z9qy_UD@48F5^3^wq=%Xj<Q8B%(}%bEDqz4Y6jiET>ZpN8jcyy17dO)Ju7b0)N>e@^
zc$LR=m@q&7u5Zu-Ip1F1+5gmGgUs79${tEE<k5Yc38UTE_wQyl;n6%UQljl>mtzL>
z`^_vi5TSBa;o%ObhKS9HYRo|BoQPEg-i@?BMVPXxQ9Xh%=mRdZqLnALP43gPe-(dN
ztaa)<RY_IgA=~Tr%j1bFDmUJfyYywwCK=tujDjCml_D|xEtf5xu`@;E9iD%OQ(IXB
zu>Daq%pq&Lw*RWzJ>OAzfAnZa4jOb)p(?BNoIsm{Rqa~IqKX9oC_Ub_ljYCZ@oQLe
z^36Q~Mj-j3S}z~t;aL^PJL};Oys1T-A=40eL#YXKkz&iQofuzC>bSU|yxL)VqfyOQ
zjP!G0Cjj~+qVo<n;N7t=WryPh5HxyO8**C(zd%<@6oy}%JbL1?z499?F2~~P1<~qX
zY#l;Y3%EZ6mSW^&VRX?N#~4V`2IxA42+puD8h{Yx`z^f0-mflEy*C)<R9K^ll*(+X
zP(vq459`awPz#r_Twg?GS_nfUmloaJ7^D{6$fIbchb&ju?pek2m@c&@7%JS+x{6NS
z*ss*qCpf6)>`CoF9)bdl0znzUdgbVYHnzS0Z(apfx66Y6=}2FMU9?%_T8gEkcwQdc
z3{6-JfJ2&E6e+Zu4#{1J6EhWNhW|oH<4(K<kIh@}$d)PLa6p*bQ5<=Da`{)|V0K-i
z`rA1c*PtI~>;-qR+;8a>I>__0vxl)hHl^JAc-dK^N-W;E^w#Z`-Cr=K7vgx)!9o8y
zTt|tt=*4E|ir?Zvw^~rWLW(bXz`FTMq*4eF0}g!jW%OV?z(*TxZwDunZl(uD29&ZV
z(>1?g%dhU881ty(0qJX5f$b*X!e!lT9pa|atLP6Kcy5bf_Y4uz><cN8y{&r)-~{}m
zbWxfF9^zijHjA!(U$<sGV9S2yAgq>?p2c;re8u(A?oID?oI%bS_T-VXn%I`ry!Q4W
z)ybMzaS)z7wPF)VxGrg=lk@%!S35hppCZgBE6Djdodhc0H!F`+9@Cm*ctGHof~*#O
z!v5-vKkYtzSrOBL%(?JG%}Qx@hZVmF(_-TdUQ8+ioO881U7HaDs%Mj#lbA!-uUJA@
zAVjlovGV5-)9#X<5;vzd{6QTG;b~@Ih=w&(r?y~qC-d%y&lYuN;AyHJZ#!Zpr26Sd
zQ)FKz;!f8Oyk6;tFC|MK<-+i7!l+TC9M6X5xi;CJP(L(Gdy+*+pAas9Lu{rocW>|B
z4=^JHM(4YM2*3|Nq6Xhk9V=0s$1OJF?)anMFVm#W<20Z-w9!ZrCQr?^&T0`f`4x>N
zew@DD<`Uw1g<^mndil1Qk2qTu@U$PQNh?|-RM%#FD#CZ~ovt1?WU7O#ojt>{=iNP(
zHZ+T0onB-S*QNBtq}2<+Gm?U1wZ1K+E)i?bN_NK9{16?dJP)0`GCCU*4Omj=#!iHD
z?U9+|DyuMc7OV7+<6?@-oR<fvWgn*f^DjdLUrfslw59_JR%@rWB2aWO#Iqe096=2-
zZB6b!L^<nty+X10#VZS6@Fl3QCJ`09oqy4WJd08h;-IksEOUUH21au(nTwRK_-q;!
zeH>745Rnt2GjT+09HS)8r!o^P)fA^bMh)3TT?nPI!{L3<8~ZmdK>sbGuq?^0q(*c+
za8^;O&TPk>`+e?>PIi%n!zuf%XtM5(Z|EB{#Xuo34LPl^Tx6qs)=oAtvpz3CtR4`~
zad*%Jju60*!pH?bn}a;Tb0ir8c;p*a9(R7C)N*e9G`Lo%(j$5`1Wv~sFE!NPg0G*3
zyPQ!kY3e4Un%Yl}s`0(bX5C|aK`aP8as0UUw!!+Z=aiMm826_!l*w7QK`dHp;pswp
zqoZPEWR5PAfqTcQUHMF%CzXhIKYIU8AzhPegv0cbAFMpfm*>u*X>y$37W?#R#8V^^
z``iXc9`hRkv0QS%T^|jhuda|WhbV^eEV}pL+aF|>JTK)UDu8Wscm?SjJBIW|6T5R}
zaQ3G*66)_3jvjVOb7Q=P2jFC3*3nDR!9L!G^WR61xQADw0)LKZxS^v<p?H6UGXhmN
z2g><!rb1vr^zdw+Nw-I~ic2k2Pv^g&a@a=k@X^2Nzi+Pvo@~m7cp0w*);@=3nlL^F
zOsdv4E=WPpYjI2_*Ue!wYH}iJk(?FDQB6bgx}ErSe84<|eGm|zrf=lY1+)#k7C`iO
zbg1n#)b3gMd@B7P)`llV(AuXKmNLy0>B-{7(~Oov?#{w=;*}OmkicQ}CyN9u#PtU;
zRBq$n+VM-Y!(;7oWO^@c^G>(Yo~e=3Rax8_ySPRjbfWsVV8_AY>qgtBo2JtoLu7$H
z6bvOxiuj-Xoupfiulq+M18xDjk<Ilv9pGe8nKl6A`X<|TPBJ2gE~h-XtiB*BF&*%E
zZ67<47F+Q7Lcew77RS`)yntXhI=bahLJa5U%1$0<l>M59#cEJ#ig4;O;J|EH+$Fer
zgG`k*VNY<0;W>mn(P~a{w~9_&GjS_@0uVpuGenSzPSph7MW2@SUe`l?b(&PXMtFLk
zcrr_CM3WpcCx!t!lN>hTXE53K((XTxw=K{Yp3%%^D3!U%KSIa6g9M`}mx`H;?3X**
z9Ur<fxJ{vl4nK=q2pI;MV~K^(IX_&ieqJnJX1;Hh^EbK=`1nZvFn)Vf0A5gaHzjSX
zKVutUNfHpm$?53oqI09cKLXq(^=O6lZ$bR)p~MuYYCWDB%mLT{whk1kfV|oK`!!ie
z(4Jw$lK5yGM1GF8T)j4KR4KD7k;U1M?xU^lfK3At>xQyj;ls4a0@yG%wt>dpBV|cf
zhF00b^B9VFMR!X$G44y-46Il)3Tzr0wzkFi_Zb$BvL3BhF@h1@iN&qf4g9H0YCf~)
z+7)5}OR%1E(%hO!v4yc~_jUi^osOwQ0(Bdg7_^g0P+(;#O~Q#<IZ$A;N`Qc2OffbV
zfErsF>+s<yMq*bD3-8<{KGa|p46#d7v{D0B<E(MwP*tn=wVe$O)?tge+7>){WjK0c
zdlykV2}?ssCsd@alI6jvo$bwK!HI#QcbE<-luYASUgld?;l>nV)Y4mJ$zaJ83fKy`
z*p@(0;YtoUjALZ<(+U1#^}lqwBN+x|D8RZG*QNzhBPqT2&ydYKD<%V{($M=4^2|8a
zG7vc=mDBTJ8`HxNcr7~2mVlprQcP?XBI$_k=(t#N)4hP4&2hhNZw(3Du7b>ixNVZp
z%%nh*8Yc>qafM)z32ZDHHo1=iE5Qpu+mE`>g%;A+(p4p-7qXls1$6O(SqY4?M^L@Y
zp~!;pr8itFG2%;US9>qKY!h~bFio@QO0!MazCP3tR#Gw|Zd`w)gGFt>pN*5KrfiN3
z2-El+387+V?_^Sr1CDFzm}=9|KV%7?#MADH$s??Gu|P$jD2lAAy4zeHr5hcly|>Zw
z8YT03X9#q#I!82g(LM6tmx5Wf(EuZ1%bQT+1onY#*tzFj?O`rtWlV7L5q}DDW8ihe
zBt`sd{HK$}Zq&Qh^hS_V!~`@;>TRs1%n*(Pi!!JhaPH-cDk$^17OYx{Q8!&M=U4Nv
zF&kBxxn2m^PmF_$(&&St9&64eWv92UhH|?Z@O{AQ?T91|xIf&p43OBZn|ZOarF&kD
zrZ#jnKT%2Yf{p2K3bT|JH<Z!!fdZU?Spv+75ef*#<zq0T-&Z-T0=kL|4EJQHnBPu6
zGkO`kF(mCVWNW`^52Z*B=mse2NU$xFhH09x<&EBL&3342*1grJ2|EoS;1|~yy}+J(
z#3TeVTk`<ZyPTt3q)(K@8<CBZhKodTzzcb^npn^vi3o0UX6;Ui{S(CYCjcekH=X`S
zPcZrXa9;;$Y)NptxEwYmIaS4)5zpu^yz}+{HQgtV@DJC`sb}rMmbHLv0FJVo=J_v@
zlXP#y1I8^U;;;|oWsPD$M);tptVJ-A66iuxgo-hvi6g~YA6uwCartEMgx7rQ^}Z!*
ztF9h*4^Zsp?j-ohX*Jwq=w;0!w@7$AhFKKeEpvoa-TYrv^isDiwn1r%KW0AArjF1?
ztV3!C{xhQMk5*wQ;N-zNZ|EK-BI}`pBvcrFWRo5|!8DSxv07PYqCV~(x=Q`k@Gm8R
zz3Y4+R<P`lJ62;y<5qHEdy~B%3n(u73ED>fk-pwGuJ?CRcBlFHV5WV1>4DG-&tH5#
z;Pq#K;O-Se?l!;ET@yr;lO0H-wuYfU!2aDh&4wjmnH*);6VJxZd}8T3hxt|J-iQk@
z?5c@xi;zLCU#GP@#C*!hY{EGUH7_#!;Kt}C!4!79+5G~X<uxrj&EA=HWq=a3kBD8?
zZZ=Y-TqN;&q1ov%1w+L`V1x<C4=S=4ux>5dCm2YuNoE-^B{T~U7a)-FZEsQad7ety
z)=&CXRnWN32UT5YiEa$r84dd{+67;jOq48;iJ1i;to>9ftw0Ln03jdy++tiPe(Z_C
z7Dxh7t-AKH0E$mF9M1|X9~?{~ex(3ooVUo>?>t&h{5*$4CpW)QMuf7q(Koa89xDc)
zucb_$p<)X|fBZ$<d{JPuHRL(Z{@iPm_(@U13x81?Vgry~UJUsyNp$Mt1nM~5<mgHj
zt@9Mm5sIa5l;d9n!|aqP{B(eFo2-1i{Bjn8XY|PrrIoTUb1O%tPBohGXeT*0R_%ao
zgZ2dpzn{(9zum%3{jApVZg1{UrQInh2SXE$X*2pCh_2gm?I`g>v-*RNeTyzd5C1$}
zY=q*OM$)j{pxR%U)_ejj|GmBG6>b3^zvCk=F*?vofW_{(0!<qmm}@OfyzEOtmeBSx
zbLP1<m%d!#Oh_31USyU0A+k5{^YPs3>}IdyVyC__y7@VuBoj(*N4K^0lhrLqm~{~w
zkDT(nW9(YY=EioLDnM&ojsP7oBGVd7k8nPp%KJ+d-^|}D4PI$2%z~D<$TdB?>pTZ}
z0lw}XUb@7PMwa73I5YDw#cLYCU>;Xv-6G=`Rz%v6`#8A_3H`tkaMb4gsGgJ#L5B-;
z3BJV<t9W%{i+1u~=Op^Vh-h5qPu3$)hADUL-(WtZ_h<6GeA+nRF$7IW7%uYz>O`l7
zhT#$eyLP9mjzh3IC4m6td9Ioz0W6;ifS|weN#Ze>*!yweZ=-1qMn`d@2#;#ww&Okn
z2_}5z$^<p)sNNeJ7@zGcDvu7^1eqcCrL3f9(dxk?>#<%Kew_6f@lZL;H;oEod%xlj
zy7ZVEK>nm^CbWG-rSRcLyLP8*hAVqT*WQ!i4<NFe+pjq3K$c`uZrtUZ7#|L-;EMf)
zyo(LHSO}<Y1JvF$XvdbnpIQ-4yX>nx^f)v&VsHFRm24V0>U#yzzme7#OE&vPhV*2S
zO==Rje5NY)@CU4G=kN=9`dJZI+S*4+*wmuJAg4bg(mvmwwRUmgUeWLY+cwGBfpd={
z0CsR7*=efh)XjxiK>>ZD(}+?>R+vHPGlaa7R=A|-p9Z}zr&3MA=cD5`uvP>sBRV^L
zM2ht;=s?lU79*udJg|IAO3_h?%C88Fv`+6vUY*?0IOSQ?A#z^UCKfgF_gub(0R+QI
zqUU(I6NlGFDxw94KQVEa+LnPBaT>N+3~M^z*3LCL_%VlXUlZe*lI__kDYeSiP<6r3
z;HMhfn#`V%$pp#;^}oy_-@<7Cc-(%mioGSi9$ft$YDr2`G~2!in}3!YfrfU-8&?;N
z%Ipi2+P)92T~3J1=B#ClOO&m9)F?X+*u4kucLf+t{svUxTJ||#`Z4*JtA>%a)*nC4
zz`Su~UN4LCcouR@8kdYl?{dfaXy?+robIyjGjbc!^I~3J_Z+y!(p^Ns@SRfU0qUr5
zWF_xXG?IDmdydTWDQt_uC8RTqN94AUe>Jq7Pjgn8ahbrC;uJ0Km_@=PmTRV%_A@*R
zHze{p=J-_{X(Uywd(v`O+&?Xr+7MV!oi?{HIR+`VgQ;M9X?iKw%V4L*hl-D<xpn;?
z9gkVu)YE!}PQ3kH8_n`cp9%sTBoe%jQEly)G@+D0<nscc@LAe)6B{oCd#s(O05V&l
zQYK*79Q1qr!36j{!y*(i#+^FJ;KdC9@rrgTOf>zZp+?3nXS?dDcRg3alQ{b8ixrh5
zjibaawHen7&Lw;5E+@k7817eDto+w{NLOJ=YemUea!}*fEm&Gc6Abtt?ZIK?z`Gb)
zU168p=?gx1yzaEC1prU_umvE~zV(xn_W*oOZ_a7{#C<6Z-(=VIe$mrv-gcwA+GA2Q
zyVCG{G01^lLZ~u)KMU4~<YE;kuy>pH*;$wY3i5sJxJyw1`{!jo!b&<m_@Abau@uQE
zCL+(NSVg2|A<AbgY$c*MP`@7D-F6W~!2pVbCG4LMYR~*0(WOqj_QT`Ig<nu&1lF51
zZ!e@bVk<bzfjO321WMBIBm-q{?nr^QapJ$L4Fh0;jev#h#puqXsQtYX7QRPHZCOoJ
z^O~>1Z|>u)r~h>s{tnE5edM(?BaJ7H`LWnULFw!k-4Q1f?qE*|P|NoZc5ta1RwWB^
z6OE>{+cG(N_aZq`!R_e&pgpWXWx~eD99tG;lMB5F$<U8gf_@vKz|DEG#a(XdofYJc
z;|lCbw6fm-+~aKXE=L2(?-tw1*47;?_N<Dp=f6KBbxcXlAtrd6@ktBm=~t*lAP<Mh
ztCK*9nsMw$kO~h^J-~%&dKh_Oa>%*9)#U>6wiDmVOL_L^EPKH`Y0a(P@Ri^9Gd9m}
zbr)}lSJA-;vYX$0`C{1{P0N$I>WkEeEV+XJ_y7$@#=e7;+18~nK|dKHvBUA4u*o8j
zZMziu+BZsmJsL!9@H9|2T(bSelh<EpJOph!{bp~nCjqr$x-AJ}c*b_teO8LU!LUBT
zTkT4sE4#kri`9Sk0~YdS#WZCqs_KBr!PcC*+6<cq>+t$2A6&}?%Cx0>@BoULK>@a!
ze=lIJAPYB1CEqi1(bl0Ic&RR%|2>0mN@o8k5wl}H?N+8V45AXiY7?5bI5`52c{xdA
ziAJ!Y?uME@q3B$;fdIJ7lV|U9qr98D*4?XoH<sh<^fKM0(C-@E&NSpUQGbTmFXgEm
zHfD)TlWrljKCO}|NWE2L)~#Ugyu{i0rO$Hzm06Rts(}CSE{9L9`p9jPj<uiw*|+fH
ziXs$fLE9|*&20K=odL|RTlk$>3c2BzL&a??4er)9NzvmDVKeXjVjXhm*rm<r+^x4l
zwexcdHTsm<30nQ|Pd(>+TXVgTmeN@J%9fZK_2fPHX)05iTp<Ptd)r0e{5Ho-+n1#6
z7H`;P3Li-+v*U2gVOn4pUaoS<X93#K)K9n(&lK553B-LsO=&Vbc*rxOrpK`1AqeeW
zDJi?F<%$Hws-ZVlL>nz`<e?82mvBo=Mz(&NlW*~?S$YbJ4s$YGtqsOJF*Cc6dkAr4
za#!bv1P6E^eaK=`tPR$wmLO@VbPYDI>(axX`@uRJgHHmoeez4>`oos}whTI_o}{sM
zY)nb^%E1r_O%@Xk-hen)ekjrcxw8*l2Rp~1VVzi3XM4zTXx{L9?=8?yc^|MPrD@KD
zCFK&wkTQ|79xu8H)bO|aKbzWl53WAy60nyMi>6e0amf4N@UE0#)_WaK%2JLYL?n~k
zV3K0x3WQ_Kh-SYV^pZ@Rie7e)ycP<YJ|;WiU#d<OVLPUdaxZ|T{%hK&t~-}wUK)>H
zKDHUJ@n8ysIa=b=ZFN5dpN7$({fGxXip4#rg3UPMmdEr>dGEOECd#CL$JqqHfrUxw
za6`v*7ac{5LYX4b11<K1gB%;zj9we+i;Kkvc6GaGe2G@eC4_6+nejU$=ixb$A);*-
zE~IX)QV8wxxsL}Uis+Ndo9L5uC*b7t<(FG6Z*JC`NeU;JV8ejms_fC<&Bs*v(HWhN
z0(76om<9^34bZ39O%i=IleuH&Q~!=;ABl~9)fu|al(}i3-fQwr0c#?b#0-(1z(J1r
z&dx=ESV5xXsJf}!fb!^)q20X!0PbW83C=F)ByJlm$^PEpkbj8d<0p1kDB?~SWs##C
zLPKVf+JqLgWPsTD$<Ukms0e@KI0hPR&iX7N7Hd|5SR0JWjI=BzW|&ip;zJ$5(VI5`
z3?;<mgoGwsYz?SwGy@BJ%m*nLZy4oU=r<jyiAnxEZ4tHnOc23{D=)T36J=aNVEv5<
zGFw=6McA>*^~4M@T@kCA2ns#WuEb%MMldDUISuClQ2cGR?$)ek<q?Zn(<x#NJ;Bjl
zX43)6;=hNKNvx$Oj{}1$%;Wg?`(`NO7@}yd1fp^SRChI|Tp#Dm+95K7CmcWA`8bY`
z#`a!ZAoi8m7MY@kbaMnVku+7na9=%-3+reot+#D#Jh;|AhGF@S{(LSph@D`kqLsTi
z>3}gqPIY#|a_BN~D~7&jvmeM~E@V!p2*#q(Pbm<87UuYfME<(qD&caHjPnj=q?(Zd
z5K3+^tCq-7vI+d}cG_5+v3uH4Z_Hw%#D1a={cv0;%VaR^+F@mF&=qbGWdCfy=*9rf
zFuSh#wojzLzJ>L+LWS0oHc=ftg^hn2rrubesp`4CS$|Nd?=~ZwZ3=`lk#;}6?{oQ$
zmltvMRU6x~Ys>tZtCfi#L4b1)x7_ShHH@8Nt<DuoBJT!9_1Rigz%6P}3US;*q#47t
zL_l3>KHO0{AE2q2>CVP>V47#BkGZGu+*M*;qOYx;h`&BFXpr~}N82u<x{3my$GyD8
zDwk~T*Yn-YPe~;dw^o_FFOe*j>C9yexXuXIIL|rg28_teQJPobd8%{}5g`R%{=2g<
zK5s3#1v8fL$df8>nAce|yc7$U*A$k<{HDiktiAT?en?VQaoq~Gi8!!ydmuw>cYx;7
z&!Fei2f6~f5-%lB+(wZ3nMWy~=hyNW9(;<plV_a*ISdIy0;4yI@c@XT;c1Tc(4U5H
z`?^+|8{Q9^DR?rAAP|GP9kUY98ji7upu%8SJddbz6Xk_8MRvVDRPlAqC@#YA0(^>$
z(Ir+=C0HG~M>>%f)$7RrW8E)3byo9)_j`i})+goL_#7}%HG3)SJYZGlk01Kp<Pc-C
z0vq3i<P~?8XbW~{53yF!gZ7UzNOLxDL%h#=&xniiydMPybGe7#h}l&48<NbvuNDwb
zK=r6szad>4Fd6;k0tEk@ZrS@TofD=MtjACM4kDcMT!)CK1+}{{T2&OHNbIuYd8qVa
zRh1iXyMX73+-+8kCSC`ki-Op5R;?^j;zSG&%G0sJ;AR8bK2NO!Co;m!)w&H|X(3>#
z@J1G>ayl7V<#=Hj*a2*%w92jXaJ{W7hMEt2A!&4VKs~RlJ7Kf7=DMvJ>4%)V*u&qx
zg};k?HrtCRnh99Zf`nByDV~s&DtoK(jj=_<QijtADxyJ2NNeGlc$-_@h_@<b)0*?y
zs|XQh4F6Cet$PkKP!!s;vXHZ_1PQbrYx?q+0O8TK7ZpO@TA0KEoUv9}ajiTy{xqpJ
zcAcWR22B;5>Vub@iES!+^!4iv8sD+PF^PTU*+PjY0k%hN7+m)M<#I8=+FkN6t<xaV
zTw>lq2wgS$FmHACgyv&KS%sLSkEar@t9O7d)CBDaB{NIy3_hIHeyKTMwFSE_E7G3a
zs@!Pj*)lK7xSst-N8<wCpNS%y3(6hr?gHyX*zNDaanI>zGT2xQtJ2pTKuh(ctpPY_
zI%Ppv(V>{?lS@;hqao|y?+H)=(cV|ZZZOndW^f~oRIoF4g6<^HRsGtcG&Hc+W7I=J
z;AvYC9iT+Fs1HGqw|Pk`m#`+u7R6XH<j%}wqN~53B5X6LIj_8sM`h3e*AxhaB@!Me
zEh{WNg_xt-c*m)&Q$Ep^SN78uduQY#nl+GVX6fP%Y<0R9$4E^EGJeCOFM--|^k!V-
zcRC|7hb1Kr)kE^B7A`mYp4++#GiPJK$ef69ixox%ryWG}EdL7XDj{=(%8;@X`=**q
zMV9MJLzfT0A{yr?e71oPn-b9=3Y-{}8;uS2V2TY?ha(%*!FIqpEml<g%soTfLF;IX
zy;K|wgds=1Vr3IBFwfUD$;}XTeL?SkvJ61gcL+2ZLq*Fe%L0m}2@+-#R65N|mz0Ol
zNON1(NP6a*J6^Xf^DF~=a7L|#rW8D*Ujw(HdMGH{)C#>R`6*vyBUn<3Gbo8Pb4e9P
z<a{q-?~?&6MyIzSuD^GlKs(Uj<1}(kb&WH1M^+_u^}jb~61x1~XRucpz>=TrE_I^2
z+kK~RZ=o+}hNE&7K-h0N@zcv4R=$q7wGin{K!s_8Y7F24&|>cwW~PdyJgCZCd)upl
z_Qx%5y~uqmii1=aVt_i$*z|PXlD_*M=#rQFx&1n2dwNr)2qX!k0QM4;NXjAhCAJi3
z=!C0Z08%)cD6!3xW~)RRVn}8nnxkI=8?wRc(0C2^uk@c_+CAL$#ovd}{f9qA&Vtp=
zVLF4YIq{4LpeBu}OLlRfafc%T82cLx4I{llgQosB7LO^w^|l(wSRY&p;fs1?W&yf`
zlga%z7WVRNq8tJ$*v7bP)|b^PKA_JmwHZmkf!*&#!#$844Jm$(3MIS(tyNvP{QZBI
z1zEKHtgHJ_t#SkX$5B^R&j7)aS6@3sid(HkU>*VIlz@lZghd7J{U*%!lkP|P*82lq
z!PkRf?IIvWGQU;_eRmfePr{V=BY=2X@R@BEP+JGaUTSX2(Ve>lmS`-=Sv`|1P(D9T
zI)vyefeMXCSclxT{(g_$D$x1D;hc24VHtW2K*b}Q)jp^z*5M2jtE)8LCD|osU0^lp
zV#G{y5ZF`;uzw32EAz=NzrHyN1imacT{!fPfr=QDN#jg8U?gD63jgQ#cqHNm2UsMs
zpH8>bh+}O~pe19w9E#1p>7_O~Ok^xyu<gunO1ugaLlT{T$8F<xP+C$kdRp>GOX-os
ztBXRi;WGT}?HUTiLuv~&wv7sL4oEB)&GGfZH^x+e*ku^2LHq_rZyPbhKW6Q3kKAjq
zjH2+X*um>^Xg8=0p0=wcE*biyo`q=6It5!kE8JszvS$t{n9Igpttio|C_bH{dpW5B
zoLf<3_h~t_5r5In2wQrXJC>a+o0z70w+*e<!uzCV`Cgf{r~#XpWKWorAmlPHzFLt<
z^y=wJGk$-DgjNQg*+XWwhW*60Ozt0~eL9Y}m<H1@6r|%NfwCIDhRPU|Zs5b*L5Qy}
z`xsa$F%LL7uM*rPVX2&8@?MPgn4mU6ilZy5Jh?Y6Ag!hV#G}u{_lRn%5sVek{eo$-
z%VV+s%XeZNrgjwpM3WZx2@W7f2OUGGC&k(M@)49(pX_xRy)n5XO6%46&@HhA$-fi1
zlC$^Fu!r08@LG2{)BNF@l`e+D|7*?alXhJ0N8MMtK<4YEm*TCmJ-&XgbuRt1*co`p
z7+)eHQ=mC~pvQtO;99^RwEZ@6FWVf&j}FKfam-Hm!K%zGO(hZkN&Pb|(D4qtMWtD?
zNp$+&P5U9?up3|z6jP8<Kf#n4P3_|Rc~ECX{Co{e`s_*xiKUPuDZ+*=UO6(?oJ=d!
zBabR9iR2c1yDdTgV4d{U{=!y+3B=LW!<c#hw0>7CEz=<Eg!zIJvVDWeOH0JzM9G?O
zrFJWvjfj_vnVa-NT1_L5f?8U_jyXT_Hj?z63uAO{Ai7E84rv^!AIUWQGBV~!S?LId
zKwAUNR#-?zRzY3I64KR8>uh=kl-e>V{*Rp8_MLmum1qSiD*jgmCnKV?r&0uK<YTty
zuj7QvKYS!k>L3kk__8jFYKUM_;|+Wj)*nrJMrDaL{?1Qv2(l7mP6kH6QGH)79--dP
zu>VB-3S&HXKiB&ttK%>@4CJK<VW<jYRjrxr%4P-go<zBk2;W?q<2|bJ&WL6rL8=AR
zN=WbhR>55*R{n!OV6^eT>K{S-a5-Q&7mE<8@=!hemU#Ghz}^N}45EIW3*Cny8!F;S
zGEmu8vpk)$%%qeUXAqBiz!)89i14my!XA)&n-zN-lcg2VW4iE`xNNy-({M(1cwmPL
zx#;jaI9PuI*WNzK=V*W(*9@ekd+pA!yW9*dzzG4`H`y*5z01#iz1onRQD6=lkpwYt
zPu~B#&8J~G^jgQ_m5iS%#I<|?1Az}pMOJtD4mztQrt`;w*{K{g^`XLyrtq%#YTk|q
zw^i5tD7s;`RasE*h6#*=WsdGz4B~@W3AIoWQvX>TggT`lq0u|wrhu;`J5}$V1Y(nv
zR;`{A>NVo<kzO$T395^zQW}fC1;?bJLtzCS4?!L-yW89{7s|G^ozikU-!KIk8heIH
z9eH#KUZLb2MVDDLo`YdSfA6)>W@$`2Pv3;;kQtOxcl!V1(qz}G+~vJ8ym3_bRrT>S
zu2$or-dM|o@9n4oi_Qn|(2cJYi7xr2w-12##-A4L@Kp_Zw)$04DB%7!7G0@k1t#gO
zzd>T6nMe4&WbcW8;rO~%YSq<Vhrt{OK%j;!y}-Z&eHTBX*T{dQzEu`y9EC@|H7NY}
ztm^Zh6p)uE3VniwgT5?#LVZtcX{yB3_;U58>G`#e#x=NWhBg-^*^iTc#j{(o7#drd
z-~M$qyOMwE2fzDv-2zO-I|B%Y8|J-v=i7p|?Q8Hhb7%xD56CB_e4&5n7rvvf9Wm)0
z+gN1-U?bh!|J#0}?<}2<6~(4OJml|4ZK?pik=N7&UQRSo!0<m-oT_g^La`)u2B_NE
zj8fDo1|RV1C}Xrdk3LY{Uu?Nl>%M4+pTrQLJzl0<7V(`U=KEQ5C%s|v|A)MwT=Oi#
zNI-1Nk?9=Zu)9qK=9W3@I#bG@KEC<p@ej(l&0`&1WsBT=3s&<cr8I%?;DG)C*Prss
z8WCGJFPW37d;DF&H%<jt1$Wn@5sO90%dO#pvjcX+8oc4sn3ilIb=D2fvw`b}myH@g
zu&$iM9ep+RaF`Z1V${%Y{JInyUY>O&-#S(KGLBI1-5c+dGI%i`nnX8Md0+XEJFiI)
zY>2h-{G_0&Q+Hmr7rKw<VMeAOPUjNM*L)FxvoeNM1OGuf&SiZN!VMf>Umj6}RQgTs
z5vF6DHyhR3ysKpZ#p?$ueQz*OI<9{5);0jWNI!nvK8H{aYx%)5rQVs2r62CmUDtA)
zMRY}czN;fvkJQ*dt%=;o^9u?j{i7B1r(7gJIV>pOmNqofhP@&n{=SkOI#wQF81GE!
z&4=UJ2E33?RDiSN&;m_Trh?5WvSm7#;93v6lmDY)=5Ek0Nc2E37MK-WG0Mf;a`&QR
zuySW7FNMJR;^;1P)<$z|KwB9Leu7RS9cv-x#PCZ0n!PF)h>xcyVi=191?~T&>h>M&
z?S_IOI+yFGR|2lTR*<n9h~GV}BVWpSshL>DsbaTM*HYrntXBX<nNY9aJYWV`gmaWG
zX^Uc8jZo7wi4c;J?=irmXAp0%K%*|mXd$P4%=6E1QM&1#8}Mzt*ni`IhgU6z4*!pE
z_q<jG#erVYxoN*jnsP5?J2w<-eeWhEr#o<-L)2M9edjNCg7LciW=Gvxxk1c4TK!$U
zv&9CY1()>hvHd@&ke={c!1P%Zx5ycxFe!k+!L%z{3`e!dq7q6RkclM_8=dwp7mvg_
z5Gt=zI3-T6CtUy8^&@-86^`dAugOKpp|)4FMBI~fi*c?F^Sfz)3<hT}IXbr{7W;42
z0KlEhAC#Q_bceV4Y7Q;m(1Nl9Zw+LJTqfra5D}+3T+V&qby_Dw>ovBnZH3?}szpw_
zev1oskW)Ja+lg@kmO_}WA{rB1mFIGKMjbIUB=~D}yY&Lb3wBYWi>5>@K6l7ML4~O`
zP#=jh*cBV=Si|_q)AE*rtEi4{x&~n?Z2A#&lCTkLT?xRZ^q49}B7~1`Ngr*Y<VOOB
zJqgHY-=Vb^K21Mrf*9h+tNkcEEZAp2+kX})V-!&z^1ie2n!wCWH~(;R7#P3qrpZ}=
z!?dF}7GehsuCUBA8?T=bl57l{ZHTKsG)<5K+3ZWWyr0{gT_{T{RZPS-;7J}S!TPoR
zO1(v4CR;zJ&Kv=XgwOwqt089%vYeQ`$r>%$sS?gl_N6Nb&J)K9jtz^p^79;^jE!W`
z=3wF<C;1LD<>I2jy&ugIwZugFPVzdqa`n1oQ&k}wx<-)zRm~5qC^PZL#Vq(<us>gN
z3ulIOlc8eiomqvlc3)m66RpfrnOTkDQMV>Z<+VZOlV&bcyBHhz{7-^;Q=B+*w#^p#
zLGa~)A73(X6Mh9R)11>_{QI?amhfYyW=L>GK+I;Z6d#l(l?*xVLTh@aq<<Otxetd1
zLI414;z42TvTT-gwA7e5TB%krZ+nj&e&M>=f9(N)58EDpP;~GVza`5OS~Yfp$#jwD
zSNSM*Mcssd32_49OO<q6uSq&Su0Odr3bqm*_4T<F7ODPY6hKOm$v!U2e%{tkNs22K
z6UiB?v&a@S+>NMsa4|BKpMOtmoG>0tty-ko0}5|D9kV(%wQsuJ=A4*ffZTHmZth?v
zU&Hab0zL+hOh0j`116HvFNc&5m&XwSQDeadRY@LzY69;+L6e;ltrW)jkWSRQNX_#T
zOpTd=GhN0ng=<}fae}%e<aQeaL+F=@_`woJRfDtT!dZUMs)P=xPC0ayT=X*9#O+jK
z=Wh>_d<S6{<h-ssy1DFHe^A>Bp~=XUeLvuB84yPDsgb6aOjzUp^nrhcpJyyh6GRR~
zS5coI0ehZZ@3dcT=4QG<W1fu~nJ=|Y>Q?c|opXN{+##mdB<G2>+J1c;u&2aZ{?7=T
zn$ZvPJ}>EcQ5~h&oshN6N{|&cBJ^I0GWmicf<WSEh)4O_;#NsiB5e-oLMQ4R=62?^
z1SY!*5H;;Dd^fc^?toPJd}oRz8zPe8HtMfmScF7>Xng{|oc^G`(F#~b-BF@opJDCd
zWxS-2&CK5_QdQZ|YZ~;!Ss}TpQF{s~3bw{SuOVo^SGKC%lh!0rd@N0PJlG2B(%?dS
z(2evS;$Mr!Yp2M9leN5b1B?H$>B4JSgg}i(r|b(`Ky>wOX;1{&>ihp8h8-qjR}cbB
z$z~W5jpqJ)w!Zuaa+ER*G&2u?Nqi;n&|Mqon~*UdPIXZ`l5i$oZ#XS40~bbjo3*$Q
zgS4h<4>celI2&WluBjG2jW*-oA~Hh+>V-$TJ@W=jIzarEMQT0Ie4XFe)c39^DaUQ;
z^ape2kr<>mn<#c&cB>+!Oq2NP6#0~myIQR8Vp5tnBD~xA{0;$vbZd}VhM=JAWg~lN
zh$lZwVczGzmyIwcP^}%c@sqm{eppa)Zv9=2a?dxkfQOnnw8&EThnx|gJ<bnt8&~d{
z?e^oL{nOga2q0GktH4u;2+d=H6MjZ#GdBl4)FULKQVww&{yo}Z<-&J_FlB7=Jyat-
zD&THn!8GL1Afud#zTr38K9N~~LK2lw{6UO#CC<q@+^RG$e!){S8OZe;r%f&*1){!?
z|3K<^|B`q!>ic5Rinz<ju|;&dQAD<hYwU?`f1JDnpULz|DV;l^s=U9VUvM{P7wtJ^
zG$s6<saoU=12tEKwIa@*4hV8p+dJc!qzF=~C&`F-$yAZzb`%W)(mh%{acQ1ii;@?}
z2>$tNLgDLC!dg>XjBF2GYZa_-{ERrPdlu?oAAw;e`A}Ha&@?&}aqLRE%t(gQ9e&%B
z2mRVmKv`Qe9qjzDs7!n+fO0u4q23c9uv>)kAzB+hT!`tQtFQ(OA5NT{LfbD&H*LJH
zusVtlE=tLv*#E8*`Pu_r5Okf!cCnpjo0xNWT?+aF8BFL`Hop~e>JDxpFXNm+wb#Mm
z>a`&1Ene~Qmch?^`lP`vyLP(cbFEEDR*E|<w;dJ{|6ugO9LPMw<{z_#{cm+<#v)=f
zh{z<WY(NjtxSG%;9`K6E-t_d@T(vU;#)-y?HS3@g*w~;-qQj0*ieEu}-+HlR&Y&rF
z1_iRiRRAEZXvi@(E(t(<8e%<sKG<a#-N$dWZg(<DD6@_&V(_Q?4V5@zLep0P2NjK<
z>PN*I^DL~@PX0pF=dqQ>WUb)A$&FUlnTI+G*WJk<lx7i_HdWAg+D(i;sUdGfnN_es
z1lG9*m0V}zwBBZ9LZNIoS)X<73Hdv}c&O1TD17{f5t(p<_PL)>8b=ifx7R5Vce;e5
z%CwKcXnU@n{drS4Uo<EY6kTG2UND|q()e0S<|gAK=Y}R(5UDT$7#!#0y?&kB%TrZ?
zW?JZ_vVdT)hJ>a!z=Ug#YpIX!x9m-q#`^Ry<!rZRLn@lyfqB7)t1^QsY?@87V;}L{
z8_{7T?Wz~0A?sa;XPPrS!7PdL4#(+z<hy~3``cm7jgMXOmS5usSJdl^vNV<QAs~#o
z7#!<wzR%({L$VI4nWf*31^+h2vsF1J<{eZ=YhI9!0M>mAvT~$>qGBt<xr>vmVoDEr
zWM-l1&X5*VbFbx;aED|uKuME2>A`8ZSdzHyE0^{#u>|3jj?7v00E9|@Cwti0Y^SCy
z*Zr>`W{(e<Q9vICYAgc&`uv1J_lI}>NrjP<Jm+Drw#M>13y-BYxIt1kHXfELDVt`F
z$#B>t&-{RjyT7RN@%T0S=;y2;RZW1WR8+!y<<AFGZQJ!1)-W${gtXkNKrV*&=<=3#
zu3?13M@2|rg7g5M>=1>Or?6Ig4^t`|V5zb!X->*E7TH88x)UE@3iZky<5#eRC6Ax!
z&svG@$NV~48ao19oW?W+4)=eMSqARed)@9NT#<U`sdb40qC6oT40U^NxmJ)1!_4FX
zrg_Mk7i%U$O+_;ZO{o)t{ZMnkL^-F=fO@RR=(y+GiqUz33-RNRZJYW2)~gQA?Vdp+
zm^vz5{%6~gV>Zd@f9~ZC!dyw^OZD_EiLg4<#}6wO$st^Unq!)Ynh!h}B+tgB)2QdI
zlS|3VF5?Hj&HYz-g+-q)xjGk+WCnE^;))YGX(fX!Fspw2CB@!E`nAk?L`ITgM?#?W
zayD5SPSsEG-6zp_aLFGG`@j|7y~!Vk^Fcy$w}_-x1^{s+GaXr_j=bXC3RR4=7Q9n3
z0ml0r*z+Z=s?3&NzWkJ`@*UKgM$3h+Xf>2O#{lO-V=SPP!}tgbyV9|gl)2Uhb7Kv(
zoC}P$PN7y;m(?L4k9gxeuQ8r|106u|Ba!9fQ3=&kN!EVn;-@~|SJz1s`Io_E$Dl1=
z_9U}cM**!=1c*_9gT7AY58<4rUy!>E(HEvv5QvU-U1x^|#%!5m;m_w)>jU-Dd?C5~
zApJ0NJrWaA5#}yz69{C;X)LC6x)&tt?q;Iby5c08PJ3<gn|g{HG53h+&p28FC%ka_
zzv#G2#0o+(1`V@uQ7C1lT;bUa0`N5F&%Bt6DB2T}^3|qBhxcEmwPuhV+sg@#WNdLQ
z@nznmP3j$ykM+=EYXEM1y6h6|mGhIMg)c1jg2wMIbj*OKWO&pXn?L<4pU^DX&|(zn
z5{FI|v8*Zygj>XBdw52F5c8>RwU0KCnVR8LKZTvgFyh-m23J*<N1jr$cyF>o!waT?
zSEbBIe+){jK^)%`OxR8mIU|?cTl{nPXh4LIf1Wz4hCTfIkvAIhlgz`KBrqw}X396%
zJO=WGAz_opsMphrzgu`>o@DiM1}Cik8_dn%V_0^4)_(3)Tl@!I1}5>`@YpA^Vdb|p
z&b!`mavYkb3^YD`S*;4R({g`y`YX|O1T{?r>_CJ@(SNAb9=>DunGv7#BW|6nB?MmJ
z^bbY|+Wey{B;G^d6Fii=qlTGvKxrUpE*?#w)zBosoBnjF=2!Y%a4GGS4Q1}T)70D(
z%8ck+^1I)sn0|8CrZ&DhRZNbKYv0U$`}}Q98d9j4!g7=>$(^MTRYL(=sPa4{S5uR%
z&j*BX&h&h%bJNc}NQ6(TU8zknPq7?w^>E5QUH}_a!rqcv_(v)8p1!)dGWl((gN1{L
zw0pQ7iG*tN4`Tk3yond_*Ys|EMo7aDDDXEhgva1*c6KwCs*BL;D_|<MDL<7@RGZC)
ztFLmZD3!L{>wzk>gLgrb;29-$xeFRt<6wXj3VRpM9>(*M3}R7UyE1r`U`3{9{>D+j
zym9FLz_(I4r;xImU-AoAEolxalPwiwikR;E)3FTWC|}fH0CejhU9Bb2w(dD$7C(^=
z)kf5C7ha#Z{zk4zhHK-+YO7u$AXA2V3j&XYom0~KxA<(oDInq6Pvv#T#&*$tGo>}7
zJn|6*__zbqTSE>$Wg}wnimPQQ+c5kbVa1U1W0N0wqR2eZCrgt|MF$QvpH?+sRkK&a
zH5e_~Q2&v7@`jgri-s1>#u8X7sN32HyOFwE3sz_JbAu>X56|&g;`lbv$v(XVhtsFs
z9q=F}6gsdJ{ihy738npeu@8^9kZASwjm1GmC+!1=M;hZvA+rBy<C+ntFZHAYc*TI*
zzyV+0WwdGE@~HO+x|T!)Zk=q)TJ?Bk9k4(mVR)9uYoAliE|7E1O_~2`_%MtO{kD_9
z^;LEN#x!i{aCAwDVUqzb7b=WBYbn&yXn6w3OS-QRC%d!P8rZ9K1aOHsPXGMb6qt?I
zvz3z38O)84vvoj5K{GWYB2VW{Y(%BMG5Zh6Wm6bESP8y`6}JvOZ<{rT<8cFTSEfSG
zDqMR-BXRCj_1^xoRfht^RL^X03EeQS|8MV;I(k%ibXc;JNB2<=7Pb7G;0ywPl0C#V
zzfTA<^1gOg7M1*ML#rK=I518kcn?<Kp2jxSH$d1jp|W#~F5?Z`caHhUN5%O85%Lp8
z!@(?xugacNx%H4nCVZ~Lmm~{kV=SCdV3iz9L|B~*58+rIln55p)<eQbYiWJygyNUH
z%6SR%3fbxH&kK^NCufRW;KKR2L%M_8LYiw_N?$`8fpN+mZkeCp+D`d+(H+;7koo7i
z$_JLYv9V<|2b%<$dZQH0?j{2cmAIAu#0)wCyH{9a@qHA=1VD_wfGH{P<dO}w7$CR+
zQ_4O4;{GGU05}mRuaog|<qMry!S6R->3e6S_4#?T`dh3W)FdChwXdD@<+=bEGbtZ3
z8Bt}yY$fU6MLXxndtfyU5j$YP9bV7=(Wt=^gWL$pH|Q!qo1i}9EY%Usw&)|=h-s+(
zhJ#*wzaomuCd1ERGWOrVq0D?qDPo#(QkN?r;|0LiU*jS5QZF%=(-m`1jk!E2dvHSg
z>gp1w4q9gyf~VZ4D~&=5p>TNei%OSYE9%k2P6A9DQAJ_F7Aah|A9;TWM0*~b`^hd>
z@e5d)7n9frsm76hyA*OLN_~~Bfy`=Kij*{)FJ-hX*z6fty|xqP6h2g6Y7=+<47Q%p
zO!D`~EpV*KZ;08hj1Y%@Y@ktm_Cl9}tjbo&Rx4RxLA!)@IaU9ypOUovof%nl)Fj+J
zL}z?wKh5rG;*gN0#7wZr1M{{}$VJXG`$Md5i|ZOfkJPA-v}~dJx=(PXSSM47P`XIH
zc#fG_)Aelj158N)Z#lYlo3Ff(_v^$@>#?qZV2d_D9VU552^r{c^<d&65u5_JXq7Ix
z>t}?Ssgb!iEz(1}wAjZ9aSFa`LXicQlztBT7O#;6?<u%jNDzLg!Fn8HF9TaRUI=~L
zGa+Fj<*ThQTshH|S<I}A^9HXCPK);2P<^;TcZ6!_#r<Ilqc5K=S}O8yd9p0;zI6QD
zDRwlSzJG1Oy@oRBGoMV7XsdMxWTC>G>m|Faccugnu`{$-;vg?LM#$Yu?6_g@=@0h4
z%A@&L)x%Sm+}eA3)R>oXc^wN|jb}OXM;K^z@)^r*jDVPK$D0ATVOee6J_nq~Ik&pj
z6xpvWqN!I0Au`1|2(DmxX9r|xAcV~p@bgA8Q_+F#^fLEjjLz=vcN!_qGson7;-ON-
zSULS1n!Feev@dTHJ_h%R%Mn#nhLjynw{ubKbwhh*0+H5k(h&m}R1Re@v0Mn%=S`yk
zFWwV2hjj*R?0J^0Zctb3;)5x6$i1$Sa{c2C^O{$TNpDt(u!FV}TXhqyL&*$LBOm(T
z#oIjIMEV0CSy>CxSg7~L?8Ba06M<8zeCj+VM*0PR&~7M+Dx2L=>z-iKUIlp#63%v%
zL<DmI0~V(1f63G5*`L?whyHf46M=kF%5!%J^A36ETR}a8FtkFVANLvx=iN*G5DRZ}
zA5En0AL&*Egu?W$5M`Q#qq%cMOFLvkAYCTh)MW-){Pi@qRTQ?(NNZu*yXShmjxbEK
znU+dv80w2pl#MXsC$2c)?9bdCC&{+zhlVS7+JXi|y|TSDg7HOB(WPOpK9zx|@%R2}
z#!H<$d%UCqaoku^1}ek094&ZSTwhNn7nrkem12EBYP=YXoh*A0a6ItId}zT6A?{fD
zL)J4V$y7r5pW|R9tGB#>R^~R5qA;>2Y%Mr<PS^;-aXAQuKxWiz?LF{a6h>l_>qcY<
zPQGOIrPty)k!zuxJ<x$Ofa4Tg^0zFAuNA0VPJB=f-JVOW9C3klLG&h==#}u1HL$$w
zPE@LN!EyHudwO({84FfM3KtIic__0u6XXMnU7+>VrmQs1<(XsZd6uy%5NxF+rNp5y
zY1i7Z_D{9OmVUa+?LE8K7(}3kdJ<-|yJ~12Fuq?l$Z|&mqlkoRgtGphbI>=&qr8dw
zf<cX<;^Y-(3^$PgHUE?OLfBS!idyT#816LNmIL?*pT<(Q+c`??mHc5QVIVg*;WL7!
zVozlVb{Pe}1o~y~0U7X%vBt){t4!1;G$G^CGP?BTJSKVDPz)FWT~>JF&sPcBO|gn4
z++(xB5ZRn)o*5S~cMxk6J)_W#@O;#yFaePn2tkd~iEZc&)9J;HW+~!2Rbs>lW!Hb~
zO{FDDSr9&@{jO@~VgLGQ#|OX5fLGCjUdmp1yh4n?8fpF;FRs2{NSc!3GHO^bGf8Ew
zAsc2^4`#vZgn_J|8`yiqro+)RBmAqZ8cxZMWr03tRNk;aEWXn+>Ad#-GwaPFQ95E(
zCogJBO^6P!xuUVrICJomIa&55^X1iqRmmz_+DhsApmy?poX=!BK-98{oQEE7P(#_a
z!>(FI15l2`>T*@o>Yerueurf0v!NKQ1;#GgUb=|H3IB&>WuF*z1Q?mg_gwRfHs0AA
zo3Cq7Go>(XYiAK0KEIzrW@q57MI2&n?Xf8$zUtt&c@$0m-M8lqle?LP%_<+IEl<1`
z9gw5bpWMm+6N{Rq#GaERh>{aL1SNMhJ*|qxEUBcYORa!K{S|{F#$!pDtdX}{bF>>Q
zn(ngW(WTs1<W!jb0U`D(Wm8PY;un`})SK<no5h^fmfG_Kq~W+BMx>)VdeV~~v)lw;
z(^QB@W6gBqhYM17AX(JlWWu*@?ko9i5E7H&e>mxg@(YphYAg^h`H-q(N-Fm37Jt-3
zWjCq|Iz=Z3xeKiJ$ax5hc7=1Hoob>jrBR?y?ahOT`Ir<C<S1M{BCT+k>F+b>9(`A_
zO<GiQ;#Briw;4sw9v7;7DO1z_dj;+)rM^x`!VLg)@@B2wsu^nlB?^7C`u(z4OegRh
z0X2vTOem?6Ru&WG=Iem}@~NQZ15#{oCrsJ;CqFT&*}1B}WPftQlTp2CE5^(TN>OcH
z;I;0^<HC@-{l*)Jmt#leIW+f!Ap~5E_FT1dMY4}sTRnc=(EO^w3Ip?J9Y18=CT_AY
z6JUG4TqHT`wvaP7d$jdG&xLSXGDdQ!G&zqv<k9pT^Jf9M00jO{$1k2;;n5jxIt72v
zhXQRyRYg0w27ud)k=q(l1^LjVl%KoKULDJ;u>VjU&=)+DUW(JzX2M`U14G5EOQyiL
zTrZ;#%6Cm|uvKnwh|Aw~Q2aB?lG-Iz7jcIk(2b{!k%J9bN+=hof0%3FvB>J0Z<*f4
zN{>wtVDYoO5P1;JrMp1|2<XG!8CC&eGM|MYjVcbV6b)_qPsRMA%D4^8vGc!w;3+WE
z&hpEP41}hEM`5&*?Ki39jCoqF1bG@?57B5TvE+qM{V*W=FXKOO!z3hoH(ip~1vBqe
zHr$NN(|LV0fX0$u+LVbbI$;>Q5eZt~-*XAV*8mH$bqH?pWkl3Sg8y!j_4wb4ixwn4
zpxe>f<i^V(Xc5r9PKbLy;gW9Mtkb490kkVP7)%t`OwLy5Zdfj$PeBr;3-K`xK?cjI
z6Xa8Dx-lIk&*uiG5V-;2iO)#2(lVvyR|82pD1u|vVgvcR7*HDPj(*4%`)T6sZQDO@
zrP+AyYDKi2AlBtkyurD<9yJvBPZX`SJidC1edSQ4)Pq1@v>G1Nwk|<Fl<e9jwci^f
zDr!bzY|0X6-Wa1N-JlkB0^8zuQ+OH(My|v&_ASkkhZq&mK7?N$ii^rH^s*Lm)pp%;
z8KVR2l}UH=*{18c5@3lbvcGB{1+EIdRsV@df_%2`5es@stLG2IUAYGxu70oIv&SiV
zU4siXshA_4X_<*BF6LUPNX~SPJ?=l6dhX73g(86#6#(7VQath>QBz)Y<)J<i(!Q0Q
zN3U(kI%E-b%Nu^`%8v$fL>n1^1|;>atuL*6)V;n5^Gd8!OkpiKEO=XfaV>2z6g}47
zoud-B|0lA~Pk2ZWp&k{#2&ehK+hnVTUoPVj0#Sc=Y<SZ#uT&G}bQ8tbgoqh*21fqY
z7)I<VVji(a@EgFI*bkxU(91|hzxuLI*u6I#%|;LzO{eRPu|U_eTwzATUccGh=@T_<
zttcj;EX|cxR?mMTHR;URSL4dD{Z=gP(P-4_z>0D$3QVY29(CdPB^|Yrg{JyD6UPCt
z`rmF70J2n)WoUrxqs>dMOqaay`lvA&R;$K^!p_?nh*OJ>a{m%9XmYK;9PD!2otnA^
zW(`pCg-V<4BneL~N&3)eFZBF(<%v5Br?NQNNsDz`kbFoN*EM^L?tLJoY;b8K^-M!c
zP1><^dZTw1^ot?7Ebta(=sjIsR(3p0-xky!{xSiQBB=YS@mREG#=t7-B*=Nik!6?&
zqe#5*C}&@RfKLh>C)XUC_A(9$zIBTOWk-9w<wG6eWq~ro%Z<z0?Ui)gyLg>Eyed_d
zueCMBhTw_huV1I^TaT^zO7GVFXKx*_1Mo&-5#dLK)=q}sRrtRB9_i<Wc<KxY2<fVy
zCv)Vqxt-L&=4BFd86mC*Dm&vwO~8X5_96s2=(~=z#{M^HwSDOmC|Yz1Rp>Z(3dSDU
z!?F}NoTs~tOkzT^6QncxH(P^O;p!Nj1MC-vMuc{T0RDoIqXsr|3Ai2!@Y{_aGPMnG
zf*LAI?3lpoQWv=O)Y}4IfJ9p~g<n9Wk+(z|c8#)mcZD#UM0#^Dd5mBex17OPhDO#r
z1Iv6TeI!iH><rR&v<5lfcfCAK8<I+AU3Uusp|=EJ{kDPc{h|D<H+G^Jr+)fKNnKZH
zsx#fIqBj{(cmVSC{Ch#r_7CPl*T^~p3KmhPAS_ned~?hwoi*i*hwYCuNwpsvOPU_=
z!)Ub%nDk{4aIv};a2iUCO+LO3y`Tu1+p`D^*vDfhe)80SdYxdVOq+zQK@-#*-1wf_
zm}}m&*-Z%s#byrIP3K*ZvUPdom`cNj78Wz*)3WO$lmD)+uIZp8SfzEjwI}{^nTXXW
z3KiDs{{urQTArcntlk_{l7I~O%e8WLEBy%pyc{7Z6R=#b7ESc)BX%$Yq1I<Gof+76
z{<`yD`+|irx0ZUgnO9-DUD~>Ep^qdZi)jmZP1QqH9V@PNeExE+X_|CbxlSzHoXiWE
zKp!Zh!LOD@nK;KDJ+jh=yPe_=un++P)QZP|SMR|UaWqeF{DQ|59wM?$Qq0StX}G92
zEjIwAdxz5){L9>&(F6~5$*J*Q0h4;<N|etfsf1e^u8+529c8XjmFWD=##k&2Wf|Bz
z0v#_P=v=R#j^`UcJm=ZGS+_C00vTQE>%W6|xyJk|uDxzv*Z^<A5%Pb9*BY%1CWF>M
zlHv;!lOzbBbw>8HuRpT%e-m0tBh>u5S4yqU2KVRo+<#!Q43bmov{X4{%;1qGs#ElI
zC>N<qhI){)9vzEo)EK!DVGC&4bdiBpDsq!6+*%Z!>tMo|aWM%%B=AE4Kx=z$s;Aj!
z*mYBUIdF3WQ{$4848N>-nChBYS(kwT<Jo*RhFxO+AJA^0ZEpXL$~`Vy%#I%hn=6rh
zPEm&p%QhD8nPnu~qolIANzd5nXZ=Y?pV8D!h^Y#kLTK%RHw79?7lPI!^05Xzc`|t`
z(86}_?f*KlWS+aMcr=B`)mbrS(K*E;HKRHL5K&2zsnwCHTgQW1)V?`SHVWOi5~bU@
z1OC5Qq96z+yogBz7%wK-i!=tUUFzC^+OQcLtf#&We-`Qn!sgQIa-4WfTjVB0{jy0z
zPQA3n&j^<@b<S?RwjqpR^46)?S=PA*c4<0SmZ`)tK*XnV##STqkR;DfHP1iTJ|6mw
zzaP3*6N-DU)}6tgSlm&S#nMWmafccfm3`nwRVs}4G-n})cq)nzk(ucwM?X)N=w*9i
z(67?`?tv15iN+M4d1b2Hu}U*pU0j5=^qk)#8rN(~`~Oz8lZ+(<Z|n%i4E#4kUvJ5}
zUhRh5FT?I6-_XlTU~TLZb-pmuR%veoG|HYhVucz7AsVDx6G5G!JFt7|l<Hj}8a}Yt
z170?Migsb9`{V1~h8uskAh&_Oz|-Y4pFrgx%Xhdtf3&Cep?ELo2b|9>^Ts9G`~Ddk
zAB`7svm4#$KeLEneh&(PE*T2VU#&VS@z92_BTZUV|Gf=xT|{oGCd+#5Z2*epH_ifS
z78GDwfxCq`-8E@Zxb>p46*~->(JKV6W*=3pCBlgIo~3eZ(*NR>#?5MBa@x5;eG`09
zT$|4o@XQf16-|IOE{S!^oZ}rQm*R9%v2skXYm86YQ5nNNOWy|zJc}hz0s##|E9mx~
zPaslE<R(xEvZUUwY!G|1@QQ<EJjc$7`|h-z<};O9C2cw!b@8TnpdfDnFT%4tXYcXk
zLYn%EU3QiTwTn)I=8Aq_d@#tkpZi$S+IYL|6M(OvP)_{5z!itE1Ke<9TWT5qFRUq4
z-?XTt`kX+~VZc6-Gdq5`c1Kl)<I2aFEJHtW9L!nLH?)r`Z(3fz4Tpy=vz2F9o4g8c
z=ni0719Za!BgvrxiE;xW%qQfReHYjR&vo7hBj#NIM@@g%hsHHCq50La;XYD7YbN0n
z$LU!CKCc%M@w4r_8%casP5Z-Hh_acFaxiA{{vHs$fP54<qv`+v0D&_Ht`FDnG)TED
zNabtdF85p$bzrP~igwC@Wv7|mfpEosmwiOhNbS~Od|%5}f09ORT8UIMvz{-_svv$)
zI`@PZ)^)q8{x75Hy<F-F+b*DCF_;A!5(%Z)Z!OEm$k;vB(0`T?gU>V9KpiC2fX!o4
zd*r#j>`tVGuDtGI626Gs$gm2J;+AVBcu5j9)2OerkFh%-hS58@0%~sUY+lQMFwnsi
zEg_AN2n(3gVK&#RUjI6zg&z3RGZX?PRuWhXK2J}t`bP#q<GpctsbolRO$)GBYIVsk
zE0Z?Npr>g5KD6_)j3uo_8r#I2XiRR)V;x%x;W>7T0=l;lhM;FOf`mx6R_xhk9I<%=
zz`3t6zbe+NBZdS~%7r~=513suS(>hbAK%fS%gl2vEO!+cxzZRQ?jBI}{7PK)qkg`U
zio(om<rJm(oo7hxx(U@(8O4NM6U6`k7Y4wSS^)`xT>u9Q0RRCb0|5aAT>uaO01Se*
L3IXScSbhKirh}!Q

literal 0
HcmV?d00001

diff --git a/install-grub b/install-grub
new file mode 100644
index 0000000..ef0e4b2
--- /dev/null
+++ b/install-grub
@@ -0,0 +1,12 @@
+#!/bin/bash
+echo "[+] Installing Grub...";
+grub-install -v --target=x86_64-efi /dev/sda --efi-directory=/boot/efi --boot-directory=/boot --uefi-secure-boot --pubkey=/root/pubkey --sbat=/root/sbat --disable-shim-lock --modules="acpi afsplitter all_video bitmap bitmap_scale boot btrfs bufio cat chain configfile cpuid crypto cryptodisk datetime disk diskfilter echo efi_gop efinet efi_uga ext2 extcmd fat font fshelp gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool gettext gfxmenu gfxterm gfxterm_background gzio halt help hfsplus iso9660 jpeg keystatus linux linuxefi loadenv loopback ls luks lvm lzopio mdraid09 mdraid1x mmap mpi net normal ntfs password_pbkdf2 pbkdf2 pgp png probe procfs raid5rec raid6rec regexp relocator search search_fs_file search_fs_uuid search_label sleep smbios squash4 terminal trig video video_bochs video_cirrus video_colors xfs xzio zfs zfscrypt zfsinfo zstd part_gpt tpm";
+#echo "[+] Patching load.cfg";
+#echo >> /boot/grub/x86_64-efi/load.cfg;
+#echo 'trust --skip-sig (hd0,gpt6)/pubkey' >> /boot/grub/x86_64-efi/load.cfg;
+#echo 'set check_signatures=enforce' >> /boot/grub/x86_64-efi/load.cfg;
+#echo 'set superusers="root"' >> /boot/grub/x86_64-efi/load.cfg;
+#echo 'password_pbkdf2 root grub.pbkdf2.sha512.10000.87A1064D2A4493C4235F8BB04C02309873D6ECC872696400690D4C6194A9EE8A0BE005590ACAE2E3C1F416A8E9DBB665EC1F6AE35B4274CE3CD8F4694D17D0DA.18DDB69D7AB16CDC661D9F8D47CFA37A9C6A9FF8E2851C56E0E131A99BC713C348C152D338171809BE7AE2CBDA7DACE06AAD83F6B7ED118430F0C3DD9935B5AF' >> /boot/grub/x86_64-efi/load.cfg;
+#sudo cp /boot/grub/x86_64-efi/load.cfg /boot/efi/EFI/ubuntu/grub.cfg;
+grub-update;
+echo "[*] Grub Install Complete!";
diff --git a/sign-boot b/sign-boot
new file mode 100644
index 0000000..771fb04
--- /dev/null
+++ b/sign-boot
@@ -0,0 +1,36 @@
+#!/bin/bash
+echo "[*] Preparing to sign!";
+#touch /dev/shm/sb-passpwd.txt;
+#chown root:root /dev/shm/sb-passpwd.txt;
+#chmod u=rw,g=,o= /dev/shm/sb-passpwd.txt;
+#echo -n "Password: ";
+#read -s pwd;
+#echo -n "$pwd" > /dev/shm/sb-passpwd.txt;
+echo "[-] BMOK Un-Signing...";
+for i in $(find /boot/grub -iname "*.efi" -type f -print)
+do
+  echo $i;
+  sbattach --remove $i;
+done;
+echo "[+] BMOK Signing...";
+for i in $(find /boot/grub -iname "*.efi" -type f -print)
+do
+  echo $i;
+  sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
+done;
+echo "[-] Un-Signing...";
+#-iname "efi" -prune -o
+for i in $(find /boot -iname "*.sig" -type f -print)
+do
+  rm "$i";
+done;
+echo "[+] Signing...";
+for i in $(find /boot -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
+do
+  echo $i;
+  gpg --batch --detach-sign $i;
+  #gpg -v --batch --detach-sign --passphrase-fd 0 $i < \
+  #  /dev/shm/sb-passpwd.txt;
+done;
+#shred /dev/shm/sb-passpwd.txt;
+echo "[*] Signing Complete!";
diff --git a/update-mydebs b/update-mydebs
new file mode 100644
index 0000000..cc0ca12
--- /dev/null
+++ b/update-mydebs
@@ -0,0 +1,3 @@
+#! /bin/bash
+cd /usr/local/mydebs
+dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
diff --git a/verify-boot b/verify-boot
new file mode 100644
index 0000000..d183e5a
--- /dev/null
+++ b/verify-boot
@@ -0,0 +1,32 @@
+#!/bin/bash
+echo "[*] Preparing to verify!";
+echo "[-] Missing Signatures:";
+ec=0;
+for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
+do
+  if [ ! -f "$i.sig" ]; then
+    echo "$i";
+    ec=1;
+  fi
+done;
+bad='Good';
+echo "[*] Signed:";
+for i in $(find /boot -iname "efi" -prune -o -iname "*.sig" -prune -o -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
+do
+  if gpg --verify-files "$i.sig" > /dev/null 2>&1
+  then
+    echo "Good: $i";
+  else
+    echo "Bad: $i";
+    bad='Bad';
+    ec=2;
+  fi
+done;
+echo "[-] Signature State: $bad";
+if [ $ec -ne 0 ]; then
+  touch /boot/boot-tainted;
+elif [ -f /boot/boot-tainted ]; then
+  rm -f /boot/boot-tainted;
+fi
+echo "[*] Finished Verification!";
+exit $ec;