From be50b1a39dec7499e64c37bc8c7a23b6e27ad2b2 Mon Sep 17 00:00:00 2001
From: alex-vmw <36181540+alex-vmw@users.noreply.github.com>
Date: Fri, 29 Sep 2023 04:04:45 -0700
Subject: [PATCH] feat: add helm rsync.fixPrivateKeyPerms option (#246) (#247)

Signed-off-by: Alex Romanenko <alex@vmware.com>
---
 helm/pv-migrate/README.md                |   1 +
 helm/pv-migrate/templates/rsync/job.yaml |   3 +++
 helm/pv-migrate/values.yaml              |   2 ++
 migrator/helm-chart.tgz                  | Bin 4794 -> 4869 bytes
 4 files changed, 6 insertions(+)

diff --git a/helm/pv-migrate/README.md b/helm/pv-migrate/README.md
index 63762ea1e..5d799e648 100644
--- a/helm/pv-migrate/README.md
+++ b/helm/pv-migrate/README.md
@@ -27,6 +27,7 @@ The helm chart of pv-migrate
 | rsync.command | string | `""` | Full Rsync command and flags |
 | rsync.enabled | bool | `false` | Enable creation of Rsync job |
 | rsync.extraArgs | string | `""` | Extra args to be appended to the rsync command. Setting this might cause the tool to not function properly. |
+| rsync.fixPrivateKeyPerms | bool | `false` | Enable fixing permissions on the private key prior to running rsync |
 | rsync.image.pullPolicy | string | `"IfNotPresent"` | Rsync image pull policy |
 | rsync.image.repository | string | `"docker.io/utkuozdemir/pv-migrate-rsync"` | Rsync image repository |
 | rsync.image.tag | string | `"1.0.0"` | Rsync image tag |
diff --git a/helm/pv-migrate/templates/rsync/job.yaml b/helm/pv-migrate/templates/rsync/job.yaml
index 25599252b..71ac5af97 100644
--- a/helm/pv-migrate/templates/rsync/job.yaml
+++ b/helm/pv-migrate/templates/rsync/job.yaml
@@ -38,6 +38,9 @@ spec:
               rc=1
               retries={{ .Values.rsync.maxRetries }}
               period={{ .Values.rsync.retryPeriodSeconds }}
+              {{- if .Values.rsync.fixPrivateKeyPerms -}}
+              chmod 400 {{ .Values.rsync.privateKeyMountPath }}
+              {{- end }}
               until [ "$n" -ge "$retries" ]
               do
                 {{ required ".Values.rsync.command is required!" .Values.rsync.command }} {{ .Values.rsync.extraArgs }} && rc=0 && break
diff --git a/helm/pv-migrate/values.yaml b/helm/pv-migrate/values.yaml
index 263123912..23139b214 100644
--- a/helm/pv-migrate/values.yaml
+++ b/helm/pv-migrate/values.yaml
@@ -146,6 +146,8 @@ rsync:
   privateKeyMountPath: /root/.ssh/id_ed25519
   # -- The private key content
   privateKey: ""
+  # -- Enable fixing permissions on the private key prior to running rsync
+  fixPrivateKeyPerms: false
   # -- Number of retries to run rsync command
   maxRetries: 10
   # -- Waiting time between retries
diff --git a/migrator/helm-chart.tgz b/migrator/helm-chart.tgz
index 1fea13c01ddf1442559e2ab73d405c0c7d478f11..f47c49ca638c1147504e8357a281d43dba025a3d 100644
GIT binary patch
delta 4853
zcmV<R5(@3QC50xCJb!6(+%}f}%wO@+@=V#DH2cuu+1~N&cx6u|JBg#RJl>jexg0c!
z?uJDI3;@bf)Y_l1e`x>M762X~c=RPJcB)Zjiv;m59Pa_|p@HPGACoyp5)V!nh)e$(
z#nFSiO~c`Ecye^4{|<*k_wQ)*bo^j+bUZvBo{SC;#}9_1!+-J7(E}LXF&~X76%z3W
z!<}il!hIzPQOYEegi$f^01%gCh61@rr#@i=5~Dd56Iglx0DYh+#uG^8Maq5+aZLE2
z>_2@W7NIT&py4JEvfu)9g{T8$GV+K1a2*0%T+?7f3L2&$;fNQJ08@b{@H|1m0{6%M
z&_fA%i@6|-PJiHX?4cwnUWfjXKlDN@0!|XCv)(K)EN~P<pau`H8I-iW1yjN-q)fzQ
zFqjifHehiJuigc|{=|4FCSKo0qh12959XaP>cxmqi3r79m&Gw6(F9WV>)#U2B%|tG
z5%M6b(0|H{6#nmj4M`6m<x$C)#f{JS+%q5+1A?VIz<-+5`ohTT1Wy1ZNkjs}^<}jl
zf9syVPbyjZ{}M$h7N5ZYbnE}oXf%52>i^^6c(4EOBOO4$59g8-ItR%hQ5q6O(KWD3
z%sB}$$OVR38bwMifW&bUA&KD=kqbZ|4CJFvB#I#6IKed35FAGs39R+cW35tt$`DSV
z*Yg~*3V;7*B)$B51+AwIiU*+azocjyVK_hk?ga?UFENJ@ClR}jF_j(w*5AVk%upn-
zmm3vrVGM%`QfC6k2@^yzeyu;3uWMSlMx;rqYK=uCFj&?5nSPzX_p?__o^dP;uXSLF
z<~m=Z`2=zU*GNI&fMY3g0ngGXIyYGpc=z4|U4J<wz|Vt#rBqrKaLTc&d6bs`WQxFy
zaZN@S4RomqNS<PcRTs{hZs?Ns^aE~gS3sNoz#tWdj<Hm|UPbVPg$|j7h0kkrssI89
zDJSw80!Agik_PHL%RM!jHOR6zH6aiVw5cnUpec!nBv?$cxeN-!{IL(`|2qG0`rYfF
zet&vXHjLXP^LkM>*7N~wY)_+9NX)-KYbl;EZn~0sn80}4R^3}QQp8XQQxqW@U=A4*
zD)T?HyzkE%+lu3Ce&Ip+Y*)3KV^J33qWMLzz+sw?Y=whSHPvAue$~_?G_b%C4kY7Q
z!Sn33u{TH-VO~_g0sJk*Gn7VB6%rW3JAcbmzJFxBJodl_o@BFHJe%P_PT&=Ld4+>i
z;;gkV@byG<<6opx%qf;wC_O@%>~oC5>#Q706h_7D%PS(J$g)dH=Qv<A6cacc4!5M4
zQjSruP#SSds?HFc%?Kq@iI6{LbxpDS#P~&~=*r$?tLv<ctsEU~ofG`g=oLuPX@5il
zB_0qenYJN0Gio&J&;P*Jx_qIliVl__xlny8*60*)iLeHKhU8)b1J0Nn_(CiOD3uGw
z$*(y4aDlHy1#!ujRt;L47wC-Daz)|fQmNfmS<LrRnB0DKNmJsiW2nhP!VfqcA0LnY
zt%B9!%aWzQRS`ywM3JCCk6514vVUg~nypLpXM41sy*)K7i@MxC{GD;YS13**EWXv_
zaOGG`E(0xKZs-6G@-=318T3b4=L0p^exlKJS(Q3FwkpRcraF#s9fxHHD=0!Nr01Cx
zsWV5>CX_I$R*<h%0r<$K>r7Eh;oavb<=VQ2cJo<^4c$IXsnPgM^OV<xXn)NU6~o8Y
zGnHoWRZ|rMwaHwigxGkpVn8>Wtu#{J!B&?@T8*_SvaYo*5$?_P*5=ykhOPGcpwvjJ
z(Iw)tR0ml`t`A<}OUxaZDGDywYz7gDiRx+D`w!}M0>jlaf~;R`J|$?fqlLs@x*@IB
z!His~wQ_=aOoULq6&Q6HQh(2kX9kz5^0``{k*l);{Tb%5aD;u8##79d`Qcb{f<<n&
zH3kS+93!ggEJjzaO^FGNihlIph)BJbCozU8mY*=DIVRmpBv)jKR#T=I9_O%sSGxbT
zO$OAzS%l^aHp{Ej$(7^?5T9!<rx;L@U>ahj3XJ!`#^%F0mWI0p5q}Vq`9eZ~Qehko
zlCem^Q6^!Q(m<Qxgsb5cUHi%gD{9aATy)QG%AvH`1gC&&n&EtHvzy=AowZLJCd>bu
zJKDtH!vaSM=E9fBUATf*#QzS*Cr6I|_xR-KaPR-Uk92d>hY-&Q#n3DJg0D0{5Bj&a
zURFTQr+gD4R;myDw|_<%**;iUD(yf6I62ghBtB1PGjavJeh)HSn1<@nYayJwbxY!8
zR?u>NzB$g;@9Xdri2~0<J!_pjTVLRkM`gzmp&~=#zcvnV1Do?%$=r~+gcB-f(EEev
z|3UN|T!!fS)!+Qs)+jo-S+<DFiCszNISZM>QY}IwWh8rl>VHA+L+=iHNQ9<15{8=v
zj$&Ud2AaVM+}r@6L6nA#?E8j5W08El@k55(w^}xn>3I<eR^L#PI5YAhym@oe0J4N%
zQYNt@V;xJ3D4OH2KfN}H@>V|2)|czmkt<HWk(M#@Ej3~Wq2J6Up+X`W;3|)HS6{`T
zScHCcIsd9{)PFaW_038i9R2jj>6wq31S>U+{}_4-dGB#2EozHp4al5oFMH^%k7ezV
zrzf)OR#a2ryQ?XU-KwfaYMa;9YBaUV`mJr|?<qCT|8$!SKC<cEYz9~{|9d(-9y;^C
zlhJ4&|G$^is6sNoN@h07{ZLaRgT>%-<XsT8Apb8m^?zb4QHUg(6nl+Y?1`mJ;P$rg
zH(SeOWlAb+6yMaK2QY@;xQFT{DPVEJD5i1(r7v4c*T76vnE548LPJa?94RUy!P+-p
z^-<M0vp*Z=^1)-+vuh>iLvLTGqNzH24I<aqoMjmtlKl(CQHAY4mtdBPG#Pe{ZBT1n
zHCLY~HGi;@*J6k0u7|&5y5{@er3UJjv$cb^n_9ob=eRp-9i#HyW}{&%fGd*QH5`Y2
zv&7l5L+=F4k>(DZYKxYhG%HIL77Hh%A2=Dy%DWOrLjTIiq|b&<4iBD<+$`e~d{(Qt
z(yds^mZwBJ4(l*=uVNjxQNPu_p<2~dA%jKCLVq|K4(qMl;Pq{$T<ME>N~t6fyo26D
z+JpWaL+@c$Ej@Velnt4aq3{C7zodlY5PDU<a`!0_MUijZnO0ur_O>op;ptRg|M*AM
zfJ60n$}zgAF+!g`eDsL^Y4rGU?Gp|bESoU`l1ev9ct{7ioG?Qq!r`~@DRUb?G)=6=
ziGOa!DV{NoLGo+$70nT$y&4e_VVvZkwR)pE9$+UjgLm+d2hgV&hVcI1K`t=u<ozR?
zX1oHLNz9>;Aa5}Td`6rMd_|-pYGt=71L#r+qE#D=#??NSZH?~Lnpc1D%djxq-cDKy
zNi>Js+n$T{%nJRsK$g+rDpzH=a6Ng8@_!wYUa}~SapnWBq2-9qF+5bTSKq=z6T+E1
zbH{S-M0W>j-}Y|b+++y+xP8PMt$WF$zACQi)(e%6^qZSvS)~2)IfcB03)`Yl8a14w
zp;pPZg?h_k1g2=;M8oVP(y2jTV(XTsj0o2!g4w64p>LQ~*s<a&<|2Z;%WR^BYJVOt
zwI*<R1obmevjWy-*;*8POPXdxIXHG0Nd47=B2lXgAu*M2HSyC3k+?dV1C>?ujW+97
zF!1ild-bAwOw|--BaBx1l1bZ*%Z4$z>3HmS4kfcErdk~)uX8fnvf3(BCgG1P#1j}E
z4Tnu4?R_r4`_$q8$u?Y={T91;f`3-{e}*R~&hJ0Q!|};*@Bg`v)Tpg0`*B*mL0Kt6
z=l;c?O$a3S485`u+@Fsq_dDptvu*EVB!k5d6>rGezL0G^Aty$`6FTQu6#L5bZYo^Q
zG9&EGb%Klh?+s-3_R_q34t3ly{*9Tr0~heB@&9z_{{HLaWc+kL{_i8L^nd@ZHJx!)
zL!k(a5AXNpCC){$ckJEVz@u_z>Q+;yOQtOL7?v<SIl?rs1IFgpJwGMrmlWT1NUU@G
zYgcHtqj?8CuyXv5Ph9(dxVQiJleQcG%`xT<EnpX4UmL7+$$w#bp>@sf)E9DtKDB^P
z%hKJV(z%gm{q}Dh|3WOnL4WykfnBEnE5`rv$?(vz|4$Fc$NTYrAE{}tP1}SYC5b5K
z_%F(zQg3VCvmZt`k7CWrwu89%$@SI|U?EkxdFH}1Cipcrnoj>*W|#GabyUg@%Zm+T
z&bmUssF1T&4WBdOtOft_0?w^_;QZ|Z$9eni95=2s%jWT_Os*ZmRexoJwMVP0GMfdf
zEWq7kRT|mn4^^3_{hdXsj8K&yR<9eUY5?sLH2Y1qoyzc3j%8~JwhOg2!EP<XE+IB!
zXIDqqigNcEVADkJE54?Q-Dh}hm!ZEhvbHj=wkoPtrMyK@Z5svB*h*vujCbmd^+sgB
zX)M(vY@5f|9E;f&Tz~rlLu>8pzdH;6tP%e?bp1cW<Gug)UQ&}q`$ED$8?FxTEckOb
zi?gpF_Vb`~{NGvlXXW{?<Kq)I{&RG=-~WFvX_f!y4$SZ83J!gV-lJTOb(cEUK~U8I
zQWc^ld{iye96WNSRBNwb+GAS|Oeb$EB3l*aK4+L~pITCv{(sk=sm~w(9~~aK{{NGc
z{rRu=lQ!}HyYal=mF8~q2js)x4r6xtOw}knSM;2q`nnEd)gv~u`f`rlR5TilLBhB!
zrk&<c&^B(=SIZxQ_#DeK`xsGWF_>flize{q^ep!b<qqXq$Yi%>?3#cd?TyCzX{G+(
zef!56`#*;6`hS0PypR9hOImaOzs6Y%cfR{$RebDgG9O>y&JUBU@$WBi6q7k+9N%pp
zTQ&ZV50BmR|BsIM=Re&`I)F1ICFWEgrDs|nJ}oeXX-c9{pE-zv3pB^V_YUCAf(Q_4
zqGt{u7C4Gv9<ix$vJpD}7C4TOB$wIQiDf>bp?3fj&wtH9w~rEzXXFZpX3%`|*asa6
zU{pgYmLS0#B0{n6`7h2toJ+>BcL1j>jv0lwr{@q7E<Aru<Us##*!TSDuY92Y&odVD
zf%-3h6_<2SBATM$B28dMA}qWozW9`QPy8vm@SgZGR?m!+x%cFMyaRZPIAN)P?_azW
zo}X~`5q}5L^GS%&z!c}~qvv0WfQ5MQHOxG$@&Eee^A|t9^yBcZX>^bO(YWUSAB|6j
zd;5Pc>A=3|$NT18^|GV)kMawDNIdt&g5W6BHgk%?IUZz%`?_qO&>7>g9^EMV4<WB3
z{A?B>*%!a0h~vlb&AT`5r9dkPsPcWQ_&PM6yMH$}t)NksUsDdx>%8^Jd-CKv7UKlX
z@#M)9_{-W?CjHg(4i4bQ@@^;3TS9hH+{+k|2$t|q9>LOELcibdgZYy`=={n>Pq2i)
z)GvkltIBS<`{}Q+)J&Y~{VZ_GLM6|}GMEXFV*elb8kV4%5ti^G3jwRA;tnmvwwA*D
zpMU?UJn1)Y2@U7_Wf#ya;pblOXISoZr;M(_wef$Rt8z3C&d-XMz^2O3C@yYp6&Lkm
zn=QD?;WSGiR09qboK-462cj-w*Ll1af_#;*gehaHZ~m-9`wBzXq4qY0;<$-A6Zd$;
zuf<Wr!65D8?Q$fuMYFaQtx_5G0sFnO>3?e{^Vbks8|Nwr*SiUzM#@I#P?Bg~C81CG
zuVK)|s-X6E%q2ub=$`uSeWRQrFIeEP&WtI#`AGNk^-i<4P?ZbDdROc`>Dk877&dS3
zKTXG)+vxHwS#^%qJ7wR&Rcza8Qzw;!_bp&&%W$VQvdh^B>U&b#k+_!=*qF+wQ-5=<
zG@Pv72yOyh4Q;dD+41c-^%lMgZ;hwHmkf6uFmID7c7VA9<qppjx9Hh>THBk-DrG}j
zM_^T|Lf;P1a|}_#DNe;`K2~MB&X%|E)OQ>=^WAX`Mg?1|-=+<5#|<Lwh%@I|*%KvC
zbw^x%rAa$d+N?HK-c({?w6{SPJ%4Uh?`gi1Lu0LO<g8a=?cS&oYPBY9zTvOLu%U@<
zzM;=Wx3z)QN6tEQ9P{dIZf~)!)yn`Kz%JX`azS8;VIy;BUF>9G*w7d@-1=o9+r|`H
zm%~*tbr{0>b#W!=N;BAW`(OopwGnK+kI=%itqE-0>anQ>EEsIVc=z_t*?$SsB6RJR
zwFX#M<XqLRbA?<Rx=wkWYvH<tE=iY!HZu9!-;-8S>@xcG`x;BQPSe}7ue|I{Zh9yT
zdy{v)@}kS$``ePlD)ZbLly70V;Zn;w9w&z0u<Y-;>9USbN6U*@%y?WwVG6il()dX%
z;>DGobuLU{2gQ2xl~q@>wr--`ZnmPywV`a8tE{^JwZymGOr`0rPgr_hf1~6*PbHgU
zsxaUXW}M|d!92<dsZesgTi__}hb$0qIr2v%e_VPcEvFh~{1ap0$3anika>s1AcK4S
bHAEHmX`lA#Ye@ee00960HfcB$0EPenOt750

delta 4778
zcmV;b5>@SmCb}h%Jb!C*+c=W>%wN$XXSb5<h@#|2_H>)Q%{kecxt+<l;%u(AQmG6?
zLK0#M-~gawjph3p_lNF}T>;<&1Rr|X@g!41RbmoEzW_8E=!SsgvcDiRjwBwO&JmaX
z5-s8fcbkGB2u_ZU^xq%|+`q%&)6s+B(Q$Be90W%v!GmCUIDa}id;q~6^U;`6ArXHN
z+?tjv+*gtirA#787!_j=0C7pCD3tSb;uAI?3pB%G3@Z-+pbr!+@EB5gk+NSSydZo~
z_Mg5G^GKHi&~RgjSa^ZCLev2=9{PbFY(jvGB@MTvpkWFUj(9N%F%@_W&l42Raew3o
z9!kht%mra|41bp+4<$+Q8u&+k;6+%3oFr0by_sW}<9Gp~QXXJaC~13hri7VGnTYXV
zFe935$QCWUdKY;4iSbB`y}pe`y@XyL%sXM!TOdLuA{2977B3Kq$B?pL|CVqj8CCC!
zkOx_X{!?D0@PGenNO}M%k4wfZZhXdPo&m8K5G>^()_<fn7e+1<JO-2`F$oRVm(_aw
zt$Y4Hsbr1+mncrL_zVW1d;A{;Pmcq4{67x%<Nv*+1L*hRTyjEZAQ>cTghX+?1a^rz
zClLlY$1qLfSPcsx@gj+l#PEs8IUo=Q^3f*}$B=NGU>a!%j$@1j*5l7(J*51UAsj=m
z=Q(5*{(tRAdinPXT2C7k4?yF8Nzo+6aDM*X3lNxJVh#~bVzyjhDm?(Kzei)3qF7)r
zH!9k~7zP!j&IFDVCWvHwsXv#m8(O(Wq)Do3jm0E1Sk?QPejUU2(^pKMaV!k4bzq5R
zI$xsM7;*#GNI~F`V<~b0&(b(PH(6tN_ud0tIe#R?&%=<VR9Y2q%CV|>l$QWxiold{
zO-2_Db*V8(o??ep7tWe)=#uvI1Fmn@K%4%+AQgs=u~fZYMeu}04w-~S&uet500M_8
zCvpiPqY__919hI|o|?=WWZ9dV5C{j_)D=q5gv3M=EXLVf21QZ+*oX6foqss}?)6VU
zy?-ei#_f`My(k-N`hYgJr*SGI=HH*S6i*m8T}eHRVKi#1?wuMbW+;LQiV+Plhl~l8
z`JY+d_h*f5#c?*j@SuFQt6I&mD2s5>{34v=D9trn;b2rvby$R7HT4J$EO3lN$#_=q
zJbP{I4U)x}7Zq>-e~a)GrLk0n1jg{rGJlotA6YMtJ+Oht*{l{%r#O^jc*R~`;V_jr
zYwZiX9BXd;i*$lH#S#lOj!-819HVHNm1Bv*sF;0uMT8Vtc1h_Rhm1yI42MCmBh8d@
zjKaAZ5qG5OsNi%;D3MBp{4uL*isdK9FS3EI>`nG?ot3c%M`yIo3I1rt6-d%aOn*Wp
z9uO*-wjnt)N}KiPf8eDqUyM~n2TPEgtG>0+=oD~?um*mH<a`VR&X^qdLd*v!m2<|)
zuQ>W}ftR9!xa3O@4SF;$&>5@cio(gI8g^S{G2csJa{JXKO^LIPp(YQBKHz9{d_4TO
z3Ra6ROO^sxMHr=tB0-_nSf0|dXMYfytxNQ0TU*cGo*I@#U2Y%#&N$#Jv`AtszSVlT
zRu_}YPz#tFI)H<GjhS4A{bAPmKq=c#G+vffsk0YW<(Pq~j$>5EVcEe7iU<qod1giG
z%u%!nC5);S<ZD#`KC;OsQxsG9_H&eSZCyjV{Vc_XZl9*qXndx5%IiY3=6{Kb;bZ5S
zN;CMnsfvNxX0B2~Y&}^qpxez>8Y$nxR+mUxjkPJVskJT<?#=bi=Gy9pt@iq$9FbI`
zOT=Y49Ap{!c<>5eV(!39P<X+nQ;5lesGgR+|DayS5UigOWc_0MDM6DREhPTZ4QXyi
z)5QdHWfwS>oM4gLQ$1os$bS|KM3pcLboJVl7{jn=;QvNM>P0qLV3=U}31gaL(#<FN
z@(gpL#}Cszj&s<*t3mm-O$OAzX^dtHHp{b_eR(B00>o#U%LxXQB$!56>8NoF*w}nH
z$I@^&Cju5^HkS~hR2UC{WGq&2lu4MTG}QJn;i{j<OJ5mBMeRACiGS{iN7=`>n|Ty)
zO;eArZQ9Z1|FQgkxuZo4KFo2PU@m-_+=VM}P5kF@baLeQ|Bg?NMtlF?eWdH_K16s*
zD286y7kt&xdeFbQ@v;Kip86(4s5A`xx2DhAJ~&vZPDn#IIn<A2ah^`6<O+KI9%Q&M
zjnt#pLO6HpmBh)kpnv81{BoSF-#6hW76qP%de$<2wz<G1k7^u8go+G_|Jpb}4Q$S5
zC38#W5>BX`Lhlcv{|C`?a2cYTSAX+kTchaUR@ovhCw3*7=PYCfE42uT)mYs7QxAF{
zdUw!6Vl=_AFx<>>yzs?*pcx#)^)(P0#%a{ZzHbOL7Rl$EKYwJ%eXC_NnVuJsK=lnJ
zi8CWB!dutZ4InG{C1nyjGS;yy5JfW_^(RY%C~xKSY<;m=9l7H48)+G9(o!Qv3H@d+
z2^A925LbD$yZSl?#XRz>%ehx=THjFCH!C@C#-~S4&wSJ*SUJM@kD;fK_a1lBqPAF;
zLgrL^*+Xx0EPoqoo}MplT2W1f@2;jacB`ryscm0Z>(SII>$kR<zo*nV|I=+U_{b)A
z6AWH6|2sJu9Xs>Cli?`X&;RZtH4Y)!x;ir(<$jn6lHq)CIrJ`wTKD}In|KQ>QG_HK
z7kf=w?1?p)z|BqJZ?slp%9K>tD84DB2QY@;xCiPcDSu>(gi)+k@ue?QOV_|mT$uS4
zP(mY2B^)U#BEi}>TlG=YII}++=5pmR?Af)F^P$7nRWwy+pF!mM8nY~eL$ZINMO<O~
z&n1{OM4Ak{#<r-nu9~Y)lp0vcYq3Lg*TY*fUGx3krUvSkv$cb^n_9ob=eWCS9i#Hy
zW}_h#?0<^nb`8g&+bnUm?9e;Ga-_MRpxUCP!^X-|g~i;-=!Z_ms`9SHk<h<#GU>Cx
z$>HI%p_^qqPtR%<S9-5X+47WV|5P2O?!2nQrc{y`-a+pn?LmKrq4zN3p$G4svJrDK
zRQmwOzodlY2zpiOxl4?QqR2Pyv?eceb5rjsg@5--ef{GfRc!_8?}TG?QDcNYd-&)P
z{nPOA<Ju=2&RI4+10>ZzB;g?)<Z{9kkr+qc!l%p?_|Vj+>Xf?9CV0v?2FaJ|E1Drf
zdo>~=#yH7AYxPF8^VLpd3h&?{51~&n1n~afLC!Jl<ozR?WV`~JO3a~<Aa5}Td`g@Q
ze1AoxB5Gx~Y94fHpJ-LR;i%fjvVEw%TJ!1;ei?&<o11Y<A&F*ibJKINo>_6W7RWLb
zSLLdV&1@!bQNBacOBSaKocT3tXgQ)Y3=b9T)wl4__{+!7+)*uejJk^2w>_5E*BJu8
z$gC^28R9Nk+*idl-Fl(YIeL9vtU<J|HGij&mvCWgmZZ$CO_!V?z&hDFfxCpwiuO(D
z!A>Hb81yB!ZfVN!TYc7*eX3g31`}=v=Bk*BaNTW8cMH`#IAzV2@^IB>pk_q}%d)kQ
z;f^$oMmaccp-BDpN|C6kypWj6x0?8AjL4#@&7sOF`bL}eD;Rk9<h^>)J*H|3Gk*=E
zmA+)sZhG0EliTWJzf+aW283#Ln7q!JW6RQ}Oqql~vIvhMI0}L$k$xKoN5}d<3%Hti
z>uo#%Yu5k4$;s2|`hOIRj-T$=|M!s^6{r%AZ}kRbr3jt*7k@S`@Z2--%0_U1K7xGR
zsTWVS30fc-&VQ(^hBsad@3Im;F@IwYp)-y}v9Cn$roi<qqhW8B2`=)#H;~!eOY`zM
zMu-mmHzVI2xB%Db|I^^9>;F3$o$U4hKGItM-$oYJ9U6*(!1!=}Z(hP&6nn?c^));y
zCrfTMb$SWPVvk`3lanJ%Lpxw-cK833pkGpa*CCNk{nxIrY)9iQ#(}l^KYu!L?f>E4
z{@+j9P5+x?j2)wZU3~M=V698`3mX?&myu3=A=l|&bNIKcCM_zR8#y*_|3>{6Vjd03
z?ZUU60<6*h<CEafvHwpGM@M`8zmL?k*P?C0kCH@`bNm<OPbqgb@7WI{o3&W8va1po
zKe^mF0w|;^H_N<A#st5{W`Cs9+vRVwzOar;xW)2f%b26C&@U?FXjQ}Kj5un+zr28B
z>mDe7x4>cEzPFAWR+?q|5K1Q3Eg~pogS7`xtTNlhPb|ROhfg%J&mTQ8P5V0wo*1Dj
zKdjs|bkYFYC201WOgohklN`&=66_ZJX@cEZhTBAajGbK{^eM{SXMfB`6TPpHk0y4X
z5ue+r{@P&A+ECBBKu?wO4so7c29U;9B2!?zbKKZWBl}IdR1f-WAM$Z5W?Q`HH;?wz
zQ~Ubw&cZ(%#D5N5|4(qd_y68YYO-iwNcd;V)#055f9_^+_7%i_9(3yeorQnap8q&H
zK5^qeM~B0`{@+Jh=YRjX1M~a2f<s@T_b8WR)1{7e5KJ|IRE1~>A5{xA2alX7)y6BB
z_SlvK)5+VK$X129&l%?0r<T+;{%g<F=a2sn506~`|H(<PAOG(qZR7uU<9WZUk-N<w
zkgLHR#_aN$su}QH(Q|_8>n4m<kJ!uV%Q<#W(P%IR3FESuc7K{f0o%AyUoC$K;xjDI
z>|+F##bA<!EFQy~)3e+&lslAbA(PuRW7h=yXm2z&Pix2j+i(BaVE;$puK$O}`}ps@
zqz&i)8~hgk&Ub&Ti;sOx=Hm<8`C*c!|Nb1u3o@gO<Gbx+>-7Kl(Ea`Q;nDH_{GWSC
z2XKa@#GL9AyMIjU!>2i>FiA-q5jukeg%@ash3_4}n>i66(nQZ3K+JI*!z^YK<76Xr
z_APK6BS|i^v(w6aL?iD2D4v;vE*~WvPstUIjM9Ab*asa6U{pgYmLS0#VnVU+`7h2t
zoJ+>BcL1ksv0xP5o}NQQxbXZLkpum|Vc+v7zw&|pKY!1d&j#wh{8e1iL5XOB!izM4
zDT%T0p7`QZ;yv*v=)!yA%Y}MooXor@|KlCNTf_-V1$_VFrSSZOvyV8Go=+l-2BtV?
zA3gt4ge<~?uVLn4>Hq7O&tLrb(qBY(O`}`?hohsX?*8x5NwDAlc`xa}zUagI=3Vu&
zllPDE3x7YzV&;oE!EvN*<^)AEJje?7b=f|lQ^prsyHWffLM~(cY#Jlk7r&&4<HzvL
zyEpEoAZrMy@_noLCN!SAH@2*yQI_9O4$ten^~HPg<U6*&37X;YlPB<(jjv4ktLGgY
zz>nqKE}pl7?4+=l3q)dA!9RHnD{lq;e!maqPk;WP^D7s<zzY6SzZB-LD!b+Gm%qYF
zGjXo>v%o2flssF@U?xC{{eR#ktUxs*tl&i!0#;AO9Xg6_Ert0%|5JI=Z{7+T&Uec$
zpjg4rz248Ty49T$x&}AK|9P&;&^$Q5bX@_PC_|&TxV}+b)Q@eo;3|ictbkAr7$`Wa
zRDXUnL0!bIV?Qkf`6^)r6UJ2E{8@+g6^5=ut!)g&2?%v2?(rm1i=*1MunJ@LVb{H~
z8EU6w*AQBp*eVD&JC(ae%0}l<l4w>Xp-<edVbH~@p!U|t6~sj7Ui0pKqnsiySm3bE
z?<l(5Q1`jb4zRUQm5aA}x9B|F)yB~n!hde>s!c}>+vxJ`QFV?sJMr4VRcxVZQ|-zj
z*cPy}eYbODu*=y9>ia|6k+=ti+nCA-P;;#`oO0X<Zh}q?ZL`@q&h0q$cDf30jVCjg
z40j#&Y?CQ=W4VfQhsOw8^z8km?M-EsvLUVGh$>Z~PwMVDMxo(EokE+BRoSlNq<<|u
z_1(YCe0Lm4U%}SuLuo_YahiWS;>?j%_C(23-4WMcFVK#ZHV+$XZw;_8+FKHf9=ERd
zG@p;Ju~s)#)~m2~hf4{yek5(aZL7qvrHO66Ez3o>vw_vee>!v=^XhCgZ?Ue`i@6-Y
zF5B92Syzc+D|2XFvSMM_(ik?}z<*;Q+r<=G7d2Hebr{0>)lDVnS~J*m6Ica&y%B7^
z8_dG9s|jq}cCoDmEEsIVc=z_t*_F~FbnV8Y23S|*e5l>zI;S>to$@+YG<6AGk}e5t
zW%75wv#6xlW%TQJr<HJ>rnhHbKi3;y_fQn|#_xLNrE|UaHzkR6=D9UM-haY!!v%A7
zJWf2jVF})K>s%e5j$9YBn9-<)!W3}9r14o;#Ea|o>Rgz@4vNj@E9<UFY(=}<Y(<l6
zL)kJ{S$7v>iEp==O4Gf2u=2eAR>^ywN;bn(VZaegIm`WXdBhP?q2ziu$MK>cu~5L}
z&>s%{QRyMH99)#~PmDz$2O~xCLFTCugADHR*Wlsbr+wO|eQHks9{>RV|NncuhX8^A
E0KVUMLI3~&