From 42fe781ef884b627a498a57f633130fb10ac9dfd Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Fri, 30 Jan 2026 21:36:33 +0100 Subject: [PATCH 01/43] Add Update Manager for automated Part-DB updates This feature adds a comprehensive Update Manager similar to Mainsail's update system, allowing administrators to update Part-DB directly from the web interface. Features: - Web UI at /admin/update-manager showing current and available versions - Support for Git-based installations with automatic update execution - Maintenance mode during updates to prevent user access - Automatic database backup before updates - Git rollback points for recovery (tags created before each update) - Progress tracking with real-time status updates - Update history and log viewing - Downgrade support with appropriate UI messaging - CLI command `php bin/console partdb:update` for server-side updates New files: - UpdateManagerController: Handles all web UI routes - UpdateCommand: CLI command for running updates - UpdateExecutor: Core update execution logic with safety mechanisms - UpdateChecker: GitHub API integration for version checking - InstallationTypeDetector: Detects installation type (Git/Docker/ZIP) - MaintenanceModeSubscriber: Blocks user access during maintenance - UpdateExtension: Twig functions for update notifications UI improvements: - Update notification in navbar for admins when update available - Confirmation dialogs for update/downgrade actions - Downgrade-specific text throughout the interface - Progress page with auto-refresh --- config/permissions.yaml | 4 + src/Command/UpdateCommand.php | 446 ++++++++++ src/Controller/UpdateManagerController.php | 268 ++++++ .../MaintenanceModeSubscriber.php | 231 +++++ .../System/InstallationTypeDetector.php | 224 +++++ src/Services/System/UpdateChecker.php | 349 ++++++++ src/Services/System/UpdateExecutor.php | 832 ++++++++++++++++++ src/Services/Trees/ToolsTreeBuilder.php | 7 + src/Twig/UpdateExtension.php | 79 ++ templates/_navbar.html.twig | 13 + .../admin/update_manager/index.html.twig | 374 ++++++++ .../admin/update_manager/log_viewer.html.twig | 40 + .../admin/update_manager/progress.html.twig | 196 +++++ .../update_manager/release_notes.html.twig | 110 +++ templates/maintenance/maintenance.html.twig | 251 ++++++ translations/messages.en.xlf | 702 +++++++++++++++ 16 files changed, 4126 insertions(+) create mode 100644 src/Command/UpdateCommand.php create mode 100644 src/Controller/UpdateManagerController.php create mode 100644 src/EventSubscriber/MaintenanceModeSubscriber.php create mode 100644 src/Services/System/InstallationTypeDetector.php create mode 100644 src/Services/System/UpdateChecker.php create mode 100644 src/Services/System/UpdateExecutor.php create mode 100644 src/Twig/UpdateExtension.php create mode 100644 templates/admin/update_manager/index.html.twig create mode 100644 templates/admin/update_manager/log_viewer.html.twig create mode 100644 templates/admin/update_manager/progress.html.twig create mode 100644 templates/admin/update_manager/release_notes.html.twig create mode 100644 templates/maintenance/maintenance.html.twig diff --git a/config/permissions.yaml b/config/permissions.yaml index 8c6a145e..0dabf9d3 100644 --- a/config/permissions.yaml +++ b/config/permissions.yaml @@ -297,6 +297,10 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co show_updates: label: "perm.system.show_available_updates" apiTokenRole: ROLE_API_ADMIN + manage_updates: + label: "perm.system.manage_updates" + alsoSet: ['show_updates', 'server_infos'] + apiTokenRole: ROLE_API_ADMIN attachments: diff --git a/src/Command/UpdateCommand.php b/src/Command/UpdateCommand.php new file mode 100644 index 00000000..4f2cae86 --- /dev/null +++ b/src/Command/UpdateCommand.php @@ -0,0 +1,446 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Command; + +use App\Services\System\InstallationType; +use App\Services\System\UpdateChecker; +use App\Services\System\UpdateExecutor; +use Symfony\Component\Console\Attribute\AsCommand; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Helper\Table; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Input\InputOption; +use Symfony\Component\Console\Output\OutputInterface; +use Symfony\Component\Console\Style\SymfonyStyle; + +#[AsCommand(name: 'partdb:update', description: 'Check for and install Part-DB updates', aliases: ['app:update'])] +class UpdateCommand extends Command +{ + public function __construct(private readonly UpdateChecker $updateChecker, + private readonly UpdateExecutor $updateExecutor) + { + parent::__construct(); + } + + protected function configure(): void + { + $this + ->setHelp(<<<'HELP' +The %command.name% command checks for Part-DB updates and can install them. + +Check for updates: + php %command.full_name% --check + +List available versions: + php %command.full_name% --list + +Update to the latest version: + php %command.full_name% + +Update to a specific version: + php %command.full_name% v2.6.0 + +Update without creating a backup (faster but riskier): + php %command.full_name% --no-backup + +Non-interactive update for scripts: + php %command.full_name% --force + +View update logs: + php %command.full_name% --logs +HELP + ) + ->addArgument( + 'version', + InputArgument::OPTIONAL, + 'Target version to update to (e.g., v2.6.0). If not specified, updates to the latest stable version.' + ) + ->addOption( + 'check', + 'c', + InputOption::VALUE_NONE, + 'Only check for updates without installing' + ) + ->addOption( + 'list', + 'l', + InputOption::VALUE_NONE, + 'List all available versions' + ) + ->addOption( + 'no-backup', + null, + InputOption::VALUE_NONE, + 'Skip creating a backup before updating (not recommended)' + ) + ->addOption( + 'force', + 'f', + InputOption::VALUE_NONE, + 'Skip confirmation prompts' + ) + ->addOption( + 'include-prerelease', + null, + InputOption::VALUE_NONE, + 'Include pre-release versions' + ) + ->addOption( + 'logs', + null, + InputOption::VALUE_NONE, + 'Show recent update logs' + ) + ->addOption( + 'refresh', + 'r', + InputOption::VALUE_NONE, + 'Force refresh of cached version information' + ) + ; + } + + protected function execute(InputInterface $input, OutputInterface $output): int + { + $io = new SymfonyStyle($input, $output); + + // Handle --logs option + if ($input->getOption('logs')) { + return $this->showLogs($io); + } + + // Handle --refresh option + if ($input->getOption('refresh')) { + $io->text('Refreshing version information...'); + $this->updateChecker->refreshGitInfo(); + $io->success('Version cache cleared.'); + } + + // Handle --list option + if ($input->getOption('list')) { + return $this->listVersions($io, $input->getOption('include-prerelease')); + } + + // Get update status + $status = $this->updateChecker->getUpdateStatus(); + + // Display current status + $io->title('Part-DB Update Manager'); + + $this->displayStatus($io, $status); + + // Handle --check option + if ($input->getOption('check')) { + return $this->checkOnly($io, $status); + } + + // Validate we can update + $validationResult = $this->validateUpdate($io, $status); + if ($validationResult !== null) { + return $validationResult; + } + + // Determine target version + $targetVersion = $input->getArgument('version'); + $includePrerelease = $input->getOption('include-prerelease'); + + if (!$targetVersion) { + $latest = $this->updateChecker->getLatestRelease($includePrerelease); + if (!$latest) { + $io->error('Could not determine the latest version. Please specify a version manually.'); + return Command::FAILURE; + } + $targetVersion = $latest['tag']; + } + + // Validate target version + if (!$this->updateChecker->isNewerVersion($targetVersion)) { + $io->warning(sprintf( + 'Version %s is not newer than the current version %s.', + $targetVersion, + $status['current_version'] + )); + + if (!$input->getOption('force')) { + if (!$io->confirm('Do you want to proceed anyway?', false)) { + $io->info('Update cancelled.'); + return Command::SUCCESS; + } + } + } + + // Confirm update + if (!$input->getOption('force')) { + $io->section('Update Plan'); + + $io->listing([ + sprintf('Target version: %s', $targetVersion), + $input->getOption('no-backup') + ? 'Backup will be SKIPPED' + : 'A full backup will be created before updating', + 'Maintenance mode will be enabled during update', + 'Database migrations will be run automatically', + 'Cache will be cleared and rebuilt', + ]); + + $io->warning('The update process may take several minutes. Do not interrupt it.'); + + if (!$io->confirm('Do you want to proceed with the update?', false)) { + $io->info('Update cancelled.'); + return Command::SUCCESS; + } + } + + // Execute update + return $this->executeUpdate($io, $targetVersion, !$input->getOption('no-backup')); + } + + private function displayStatus(SymfonyStyle $io, array $status): void + { + $io->definitionList( + ['Current Version' => sprintf('%s', $status['current_version'])], + ['Latest Version' => $status['latest_version'] + ? sprintf('%s', $status['latest_version']) + : 'Unknown'], + ['Installation Type' => $status['installation']['type_name']], + ['Git Branch' => $status['git']['branch'] ?? 'N/A'], + ['Git Commit' => $status['git']['commit'] ?? 'N/A'], + ['Local Changes' => $status['git']['has_local_changes'] + ? 'Yes (update blocked)' + : 'No'], + ['Commits Behind' => $status['git']['commits_behind'] > 0 + ? sprintf('%d', $status['git']['commits_behind']) + : '0'], + ['Update Available' => $status['update_available'] + ? 'Yes' + : 'No'], + ['Can Auto-Update' => $status['can_auto_update'] + ? 'Yes' + : 'No'], + ); + + if (!empty($status['update_blockers'])) { + $io->warning('Update blockers: ' . implode(', ', $status['update_blockers'])); + } + } + + private function checkOnly(SymfonyStyle $io, array $status): int + { + if (!$status['check_enabled']) { + $io->warning('Update checking is disabled in privacy settings.'); + return Command::SUCCESS; + } + + if ($status['update_available']) { + $io->success(sprintf( + 'A new version is available: %s (current: %s)', + $status['latest_version'], + $status['current_version'] + )); + + if ($status['release_url']) { + $io->text(sprintf('Release notes: %s', $status['release_url'], $status['release_url'])); + } + + if ($status['can_auto_update']) { + $io->text(''); + $io->text('Run php bin/console partdb:update to update.'); + } else { + $io->text(''); + $io->text($status['installation']['update_instructions']); + } + + return Command::SUCCESS; + } + + $io->success('You are running the latest version.'); + return Command::SUCCESS; + } + + private function validateUpdate(SymfonyStyle $io, array $status): ?int + { + // Check if update checking is enabled + if (!$status['check_enabled']) { + $io->error('Update checking is disabled in privacy settings. Enable it to use automatic updates.'); + return Command::FAILURE; + } + + // Check installation type + if (!$status['can_auto_update']) { + $io->error('Automatic updates are not supported for this installation type.'); + $io->text($status['installation']['update_instructions']); + return Command::FAILURE; + } + + // Validate preconditions + $validation = $this->updateExecutor->validateUpdatePreconditions(); + if (!$validation['valid']) { + $io->error('Cannot proceed with update:'); + $io->listing($validation['errors']); + return Command::FAILURE; + } + + return null; + } + + private function executeUpdate(SymfonyStyle $io, string $targetVersion, bool $createBackup): int + { + $io->section('Executing Update'); + $io->text(sprintf('Updating to version: %s', $targetVersion)); + $io->text(''); + + $progressCallback = function (array $step) use ($io): void { + $icon = $step['success'] ? '✓' : '✗'; + $duration = $step['duration'] ? sprintf(' (%.1fs)', $step['duration']) : ''; + $io->text(sprintf(' %s %s: %s%s', $icon, $step['step'], $step['message'], $duration)); + }; + + // Use executeUpdateWithProgress to update the progress file for web UI + $result = $this->updateExecutor->executeUpdateWithProgress($targetVersion, $createBackup, $progressCallback); + + $io->text(''); + + if ($result['success']) { + $io->success(sprintf( + 'Successfully updated to %s in %.1f seconds!', + $targetVersion, + $result['duration'] + )); + + $io->text([ + sprintf('Rollback tag: %s', $result['rollback_tag']), + sprintf('Log file: %s', $result['log_file']), + ]); + + $io->note('If you encounter any issues, you can rollback using: git checkout ' . $result['rollback_tag']); + + return Command::SUCCESS; + } + + $io->error('Update failed: ' . $result['error']); + + if ($result['rollback_tag']) { + $io->warning(sprintf('System was rolled back to: %s', $result['rollback_tag'])); + } + + if ($result['log_file']) { + $io->text(sprintf('See log file for details: %s', $result['log_file'])); + } + + return Command::FAILURE; + } + + private function listVersions(SymfonyStyle $io, bool $includePrerelease): int + { + $releases = $this->updateChecker->getAvailableReleases(15); + $currentVersion = $this->updateChecker->getCurrentVersionString(); + + if (empty($releases)) { + $io->warning('Could not fetch available versions. Check your internet connection.'); + return Command::FAILURE; + } + + $io->title('Available Part-DB Versions'); + + $table = new Table($io); + $table->setHeaders(['Tag', 'Version', 'Released', 'Status']); + + foreach ($releases as $release) { + if (!$includePrerelease && $release['prerelease']) { + continue; + } + + $version = $release['version']; + $status = []; + + if (version_compare($version, $currentVersion, '=')) { + $status[] = 'current'; + } elseif (version_compare($version, $currentVersion, '>')) { + $status[] = 'newer'; + } + + if ($release['prerelease']) { + $status[] = 'pre-release'; + } + + $table->addRow([ + $release['tag'], + $version, + (new \DateTime($release['published_at']))->format('Y-m-d'), + implode(' ', $status) ?: '-', + ]); + } + + $table->render(); + + $io->text(''); + $io->text('Use php bin/console partdb:update [tag] to update to a specific version.'); + + return Command::SUCCESS; + } + + private function showLogs(SymfonyStyle $io): int + { + $logs = $this->updateExecutor->getUpdateLogs(); + + if (empty($logs)) { + $io->info('No update logs found.'); + return Command::SUCCESS; + } + + $io->title('Recent Update Logs'); + + $table = new Table($io); + $table->setHeaders(['Date', 'File', 'Size']); + + foreach (array_slice($logs, 0, 10) as $log) { + $table->addRow([ + date('Y-m-d H:i:s', $log['date']), + $log['file'], + $this->formatBytes($log['size']), + ]); + } + + $table->render(); + + $io->text(''); + $io->text('Log files are stored in: var/log/updates/'); + + return Command::SUCCESS; + } + + private function formatBytes(int $bytes): string + { + $units = ['B', 'KB', 'MB', 'GB']; + $unitIndex = 0; + + while ($bytes >= 1024 && $unitIndex < count($units) - 1) { + $bytes /= 1024; + $unitIndex++; + } + + return sprintf('%.1f %s', $bytes, $units[$unitIndex]); + } +} diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php new file mode 100644 index 00000000..10a719de --- /dev/null +++ b/src/Controller/UpdateManagerController.php @@ -0,0 +1,268 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Controller; + +use App\Services\System\UpdateChecker; +use App\Services\System\UpdateExecutor; +use Shivas\VersioningBundle\Service\VersionManagerInterface; +use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; +use Symfony\Component\HttpFoundation\JsonResponse; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Routing\Attribute\Route; + +/** + * Controller for the Update Manager web interface. + * + * This provides a read-only view of update status and instructions. + * Actual updates should be performed via the CLI command for safety. + */ +#[Route('/admin/update-manager')] +class UpdateManagerController extends AbstractController +{ + public function __construct(private readonly UpdateChecker $updateChecker, + private readonly UpdateExecutor $updateExecutor, + private readonly VersionManagerInterface $versionManager) + { + + } + + /** + * Main update manager page. + */ + #[Route('', name: 'admin_update_manager', methods: ['GET'])] + public function index(): Response + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + $status = $this->updateChecker->getUpdateStatus(); + $availableUpdates = $this->updateChecker->getAvailableUpdates(); + $validation = $this->updateExecutor->validateUpdatePreconditions(); + + return $this->render('admin/update_manager/index.html.twig', [ + 'status' => $status, + 'available_updates' => $availableUpdates, + 'all_releases' => $this->updateChecker->getAvailableReleases(10), + 'validation' => $validation, + 'is_locked' => $this->updateExecutor->isLocked(), + 'lock_info' => $this->updateExecutor->getLockInfo(), + 'is_maintenance' => $this->updateExecutor->isMaintenanceMode(), + 'maintenance_info' => $this->updateExecutor->getMaintenanceInfo(), + 'update_logs' => $this->updateExecutor->getUpdateLogs(), + 'backups' => $this->updateExecutor->getBackups(), + ]); + } + + /** + * AJAX endpoint to check update status. + */ + #[Route('/status', name: 'admin_update_manager_status', methods: ['GET'])] + public function status(): JsonResponse + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + return $this->json([ + 'status' => $this->updateChecker->getUpdateStatus(), + 'is_locked' => $this->updateExecutor->isLocked(), + 'is_maintenance' => $this->updateExecutor->isMaintenanceMode(), + 'lock_info' => $this->updateExecutor->getLockInfo(), + ]); + } + + /** + * AJAX endpoint to refresh version information. + */ + #[Route('/refresh', name: 'admin_update_manager_refresh', methods: ['POST'])] + public function refresh(Request $request): JsonResponse + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + // Validate CSRF token + if (!$this->isCsrfTokenValid('update_manager_refresh', $request->request->get('_token'))) { + return $this->json(['error' => 'Invalid CSRF token'], Response::HTTP_FORBIDDEN); + } + + $this->updateChecker->refreshGitInfo(); + + return $this->json([ + 'success' => true, + 'status' => $this->updateChecker->getUpdateStatus(), + ]); + } + + /** + * View release notes for a specific version. + */ + #[Route('/release/{tag}', name: 'admin_update_manager_release', methods: ['GET'])] + public function releaseNotes(string $tag): Response + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + $releases = $this->updateChecker->getAvailableReleases(20); + $release = null; + + foreach ($releases as $r) { + if ($r['tag'] === $tag) { + $release = $r; + break; + } + } + + if (!$release) { + throw $this->createNotFoundException('Release not found'); + } + + return $this->render('admin/update_manager/release_notes.html.twig', [ + 'release' => $release, + 'current_version' => $this->updateChecker->getCurrentVersionString(), + ]); + } + + /** + * View an update log file. + */ + #[Route('/log/{filename}', name: 'admin_update_manager_log', methods: ['GET'])] + public function viewLog(string $filename): Response + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + // Security: Only allow viewing files from the update logs directory + $logs = $this->updateExecutor->getUpdateLogs(); + $logPath = null; + + foreach ($logs as $log) { + if ($log['file'] === $filename) { + $logPath = $log['path']; + break; + } + } + + if (!$logPath || !file_exists($logPath)) { + throw $this->createNotFoundException('Log file not found'); + } + + $content = file_get_contents($logPath); + + return $this->render('admin/update_manager/log_viewer.html.twig', [ + 'filename' => $filename, + 'content' => $content, + ]); + } + + /** + * Start an update process. + */ + #[Route('/start', name: 'admin_update_manager_start', methods: ['POST'])] + public function startUpdate(Request $request): Response + { + $this->denyAccessUnlessGranted('@system.manage_updates'); + + // Validate CSRF token + if (!$this->isCsrfTokenValid('update_manager_start', $request->request->get('_token'))) { + $this->addFlash('error', 'Invalid CSRF token'); + return $this->redirectToRoute('admin_update_manager'); + } + + // Check if update is already running + if ($this->updateExecutor->isLocked() || $this->updateExecutor->isUpdateRunning()) { + $this->addFlash('error', 'An update is already in progress.'); + return $this->redirectToRoute('admin_update_manager'); + } + + $targetVersion = $request->request->get('version'); + $createBackup = $request->request->getBoolean('backup', true); + + if (!$targetVersion) { + // Get latest version if not specified + $latest = $this->updateChecker->getLatestRelease(); + if (!$latest) { + $this->addFlash('error', 'Could not determine target version.'); + return $this->redirectToRoute('admin_update_manager'); + } + $targetVersion = $latest['tag']; + } + + // Validate preconditions + $validation = $this->updateExecutor->validateUpdatePreconditions(); + if (!$validation['valid']) { + $this->addFlash('error', implode(' ', $validation['errors'])); + return $this->redirectToRoute('admin_update_manager'); + } + + // Start the background update + $pid = $this->updateExecutor->startBackgroundUpdate($targetVersion, $createBackup); + + if (!$pid) { + $this->addFlash('error', 'Failed to start update process.'); + return $this->redirectToRoute('admin_update_manager'); + } + + // Redirect to progress page + return $this->redirectToRoute('admin_update_manager_progress'); + } + + /** + * Update progress page. + */ + #[Route('/progress', name: 'admin_update_manager_progress', methods: ['GET'])] + public function progress(): Response + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + $progress = $this->updateExecutor->getProgress(); + $currentVersion = $this->versionManager->getVersion()->toString(); + + // Determine if this is a downgrade + $isDowngrade = false; + if ($progress && isset($progress['target_version'])) { + $targetVersion = ltrim($progress['target_version'], 'v'); + $isDowngrade = version_compare($targetVersion, $currentVersion, '<'); + } + + return $this->render('admin/update_manager/progress.html.twig', [ + 'progress' => $progress, + 'is_locked' => $this->updateExecutor->isLocked(), + 'is_maintenance' => $this->updateExecutor->isMaintenanceMode(), + 'is_downgrade' => $isDowngrade, + 'current_version' => $currentVersion, + ]); + } + + /** + * AJAX endpoint to get update progress. + */ + #[Route('/progress/status', name: 'admin_update_manager_progress_status', methods: ['GET'])] + public function progressStatus(): JsonResponse + { + $this->denyAccessUnlessGranted('@system.show_updates'); + + $progress = $this->updateExecutor->getProgress(); + + return $this->json([ + 'progress' => $progress, + 'is_locked' => $this->updateExecutor->isLocked(), + 'is_maintenance' => $this->updateExecutor->isMaintenanceMode(), + ]); + } +} diff --git a/src/EventSubscriber/MaintenanceModeSubscriber.php b/src/EventSubscriber/MaintenanceModeSubscriber.php new file mode 100644 index 00000000..60623b45 --- /dev/null +++ b/src/EventSubscriber/MaintenanceModeSubscriber.php @@ -0,0 +1,231 @@ +. + */ + +declare(strict_types=1); + + +namespace App\EventSubscriber; + +use App\Services\System\UpdateExecutor; +use Symfony\Component\EventDispatcher\EventSubscriberInterface; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\RequestEvent; +use Symfony\Component\HttpKernel\KernelEvents; +use Twig\Environment; + +/** + * Blocks all web requests when maintenance mode is enabled during updates. + */ +class MaintenanceModeSubscriber implements EventSubscriberInterface +{ + public function __construct(private readonly UpdateExecutor $updateExecutor, + private readonly Environment $twig) + { + + } + + public static function getSubscribedEvents(): array + { + return [ + // High priority to run before other listeners + KernelEvents::REQUEST => ['onKernelRequest', 512], + ]; + } + + public function onKernelRequest(RequestEvent $event): void + { + // Only handle main requests + if (!$event->isMainRequest()) { + return; + } + + // Skip if not in maintenance mode + if (!$this->updateExecutor->isMaintenanceMode()) { + return; + } + + // Allow CLI requests + if (php_sapi_name() === 'cli') { + return; + } + + // Get maintenance info + $maintenanceInfo = $this->updateExecutor->getMaintenanceInfo(); + $lockInfo = $this->updateExecutor->getLockInfo(); + + // Calculate how long the update has been running + $duration = null; + if ($lockInfo && isset($lockInfo['started_at'])) { + try { + $startedAt = new \DateTime($lockInfo['started_at']); + $now = new \DateTime(); + $duration = $now->getTimestamp() - $startedAt->getTimestamp(); + } catch (\Exception) { + // Ignore date parsing errors + } + } + + // Try to render the Twig template, fall back to simple HTML + try { + $content = $this->twig->render('maintenance/maintenance.html.twig', [ + 'reason' => $maintenanceInfo['reason'] ?? 'Maintenance in progress', + 'started_at' => $maintenanceInfo['enabled_at'] ?? null, + 'duration' => $duration, + ]); + } catch (\Exception) { + // Fallback to simple HTML if Twig fails + $content = $this->getSimpleMaintenanceHtml($maintenanceInfo, $duration); + } + + $response = new Response($content, Response::HTTP_SERVICE_UNAVAILABLE); + $response->headers->set('Retry-After', '30'); + $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate'); + + $event->setResponse($response); + } + + /** + * Generate a simple maintenance page HTML without Twig. + */ + private function getSimpleMaintenanceHtml(?array $maintenanceInfo, ?int $duration): string + { + $reason = htmlspecialchars($maintenanceInfo['reason'] ?? 'Update in progress'); + $durationText = $duration !== null ? sprintf('%d seconds', $duration) : 'a moment'; + + return << + + + + + + Part-DB - Maintenance + + + +
+
+ +
+

Part-DB is Updating

+

We're making things better. This should only take a moment.

+ +
+ {$reason} +
+ +
+
+
+ +

+ Update running for {$durationText}
+ This page will automatically refresh every 15 seconds. +

+
+ + +HTML; + } +} diff --git a/src/Services/System/InstallationTypeDetector.php b/src/Services/System/InstallationTypeDetector.php new file mode 100644 index 00000000..0cd99a04 --- /dev/null +++ b/src/Services/System/InstallationTypeDetector.php @@ -0,0 +1,224 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Services\System; + +use Symfony\Component\DependencyInjection\Attribute\Autowire; +use Symfony\Component\Process\Process; + +/** + * Detects the installation type of Part-DB to determine the appropriate update strategy. + */ +enum InstallationType: string +{ + case GIT = 'git'; + case DOCKER = 'docker'; + case ZIP_RELEASE = 'zip_release'; + case UNKNOWN = 'unknown'; + + public function getLabel(): string + { + return match($this) { + self::GIT => 'Git Clone', + self::DOCKER => 'Docker', + self::ZIP_RELEASE => 'Release Archive', + self::UNKNOWN => 'Unknown', + }; + } + + public function supportsAutoUpdate(): bool + { + return match($this) { + self::GIT => true, + self::DOCKER => false, + self::ZIP_RELEASE => true, + self::UNKNOWN => false, + }; + } + + public function getUpdateInstructions(): string + { + return match($this) { + self::GIT => 'Run: php bin/console partdb:update', + self::DOCKER => 'Pull the new Docker image and recreate the container: docker-compose pull && docker-compose up -d', + self::ZIP_RELEASE => 'Download the new release, extract it, and run migrations.', + self::UNKNOWN => 'Unable to determine installation type. Please update manually.', + }; + } +} + +class InstallationTypeDetector +{ + public function __construct(#[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir) + { + + } + + /** + * Detect the installation type based on filesystem markers. + */ + public function detect(): InstallationType + { + // Check for Docker environment first + if ($this->isDocker()) { + return InstallationType::DOCKER; + } + + // Check for Git installation + if ($this->isGitInstall()) { + return InstallationType::GIT; + } + + // Check for ZIP release (has VERSION file but no .git) + if ($this->isZipRelease()) { + return InstallationType::ZIP_RELEASE; + } + + return InstallationType::UNKNOWN; + } + + /** + * Check if running inside a Docker container. + */ + public function isDocker(): bool + { + // Check for /.dockerenv file + if (file_exists('/.dockerenv')) { + return true; + } + + // Check for DOCKER environment variable + if (getenv('DOCKER') !== false) { + return true; + } + + // Check for container runtime in cgroup + if (file_exists('/proc/1/cgroup')) { + $cgroup = @file_get_contents('/proc/1/cgroup'); + if ($cgroup !== false && (str_contains($cgroup, 'docker') || str_contains($cgroup, 'containerd'))) { + return true; + } + } + + return false; + } + + /** + * Check if this is a Git-based installation. + */ + public function isGitInstall(): bool + { + return is_dir($this->project_dir . '/.git'); + } + + /** + * Check if this appears to be a ZIP release installation. + */ + public function isZipRelease(): bool + { + // Has VERSION file but no .git directory + return file_exists($this->project_dir . '/VERSION') && !$this->isGitInstall(); + } + + /** + * Get detailed information about the installation. + */ + public function getInstallationInfo(): array + { + $type = $this->detect(); + + $info = [ + 'type' => $type, + 'type_name' => $type->getLabel(), + 'supports_auto_update' => $type->supportsAutoUpdate(), + 'update_instructions' => $type->getUpdateInstructions(), + 'project_dir' => $this->project_dir, + ]; + + if ($type === InstallationType::GIT) { + $info['git'] = $this->getGitInfo(); + } + + if ($type === InstallationType::DOCKER) { + $info['docker'] = $this->getDockerInfo(); + } + + return $info; + } + + /** + * Get Git-specific information. + */ + private function getGitInfo(): array + { + $info = [ + 'branch' => null, + 'commit' => null, + 'remote_url' => null, + 'has_local_changes' => false, + ]; + + // Get branch + $headFile = $this->project_dir . '/.git/HEAD'; + if (file_exists($headFile)) { + $head = file_get_contents($headFile); + if (preg_match('#ref: refs/heads/(.+)#', $head, $matches)) { + $info['branch'] = trim($matches[1]); + } + } + + // Get remote URL + $configFile = $this->project_dir . '/.git/config'; + if (file_exists($configFile)) { + $config = file_get_contents($configFile); + if (preg_match('#url = (.+)#', $config, $matches)) { + $info['remote_url'] = trim($matches[1]); + } + } + + // Get commit hash + $process = new Process(['git', 'rev-parse', '--short', 'HEAD'], $this->project_dir); + $process->run(); + if ($process->isSuccessful()) { + $info['commit'] = trim($process->getOutput()); + } + + // Check for local changes + $process = new Process(['git', 'status', '--porcelain'], $this->project_dir); + $process->run(); + $info['has_local_changes'] = !empty(trim($process->getOutput())); + + return $info; + } + + /** + * Get Docker-specific information. + */ + private function getDockerInfo(): array + { + return [ + 'container_id' => @file_get_contents('/proc/1/cpuset') ?: null, + 'image' => getenv('DOCKER_IMAGE') ?: null, + ]; + } +} diff --git a/src/Services/System/UpdateChecker.php b/src/Services/System/UpdateChecker.php new file mode 100644 index 00000000..a881f614 --- /dev/null +++ b/src/Services/System/UpdateChecker.php @@ -0,0 +1,349 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Services\System; + +use App\Settings\SystemSettings\PrivacySettings; +use Psr\Log\LoggerInterface; +use Shivas\VersioningBundle\Service\VersionManagerInterface; +use Symfony\Component\DependencyInjection\Attribute\Autowire; +use Symfony\Component\Process\Process; +use Symfony\Contracts\Cache\CacheInterface; +use Symfony\Contracts\Cache\ItemInterface; +use Symfony\Contracts\HttpClient\HttpClientInterface; +use Version\Version; + +/** + * Enhanced update checker that fetches release information including changelogs. + */ +class UpdateChecker +{ + private const GITHUB_API_BASE = 'https://api.github.com/repos/Part-DB/Part-DB-server'; + private const CACHE_KEY_RELEASES = 'update_checker_releases'; + private const CACHE_KEY_COMMITS = 'update_checker_commits_behind'; + private const CACHE_TTL = 60 * 60 * 6; // 6 hours + private const CACHE_TTL_ERROR = 60 * 60; // 1 hour on error + + public function __construct(private readonly HttpClientInterface $httpClient, + private readonly CacheInterface $updateCache, private readonly VersionManagerInterface $versionManager, + private readonly PrivacySettings $privacySettings, private readonly LoggerInterface $logger, + private readonly InstallationTypeDetector $installationTypeDetector, + #[Autowire(param: 'kernel.debug')] private readonly bool $is_dev_mode, + #[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir) + { + + } + + /** + * Get the current installed version. + */ + public function getCurrentVersion(): Version + { + return $this->versionManager->getVersion(); + } + + /** + * Get the current version as string. + */ + public function getCurrentVersionString(): string + { + return $this->getCurrentVersion()->toString(); + } + + /** + * Get Git repository information. + */ + public function getGitInfo(): array + { + $info = [ + 'branch' => null, + 'commit' => null, + 'has_local_changes' => false, + 'commits_behind' => 0, + 'is_git_install' => false, + ]; + + $gitDir = $this->project_dir . '/.git'; + + if (!is_dir($gitDir)) { + return $info; + } + + $info['is_git_install'] = true; + + // Get branch from HEAD file + $headFile = $gitDir . '/HEAD'; + if (file_exists($headFile)) { + $head = file_get_contents($headFile); + if (preg_match('#ref: refs/heads/(.+)#', $head, $matches)) { + $info['branch'] = trim($matches[1]); + } + } + + // Get current commit + $process = new Process(['git', 'rev-parse', '--short', 'HEAD'], $this->project_dir); + $process->run(); + if ($process->isSuccessful()) { + $info['commit'] = trim($process->getOutput()); + } + + // Check for local changes + $process = new Process(['git', 'status', '--porcelain'], $this->project_dir); + $process->run(); + $info['has_local_changes'] = !empty(trim($process->getOutput())); + + // Get commits behind (fetch first) + if ($info['branch']) { + // Try to get cached commits behind count + $info['commits_behind'] = $this->getCommitsBehind($info['branch']); + } + + return $info; + } + + /** + * Get number of commits behind the remote branch (cached). + */ + private function getCommitsBehind(string $branch): int + { + if (!$this->privacySettings->checkForUpdates) { + return 0; + } + + $cacheKey = self::CACHE_KEY_COMMITS . '_' . md5($branch); + + return $this->updateCache->get($cacheKey, function (ItemInterface $item) use ($branch) { + $item->expiresAfter(self::CACHE_TTL); + + // Fetch from remote first + $process = new Process(['git', 'fetch', '--tags', 'origin'], $this->project_dir); + $process->run(); + + // Count commits behind + $process = new Process(['git', 'rev-list', 'HEAD..origin/' . $branch, '--count'], $this->project_dir); + $process->run(); + + return $process->isSuccessful() ? (int) trim($process->getOutput()) : 0; + }); + } + + /** + * Force refresh git information by invalidating cache. + */ + public function refreshGitInfo(): void + { + $gitInfo = $this->getGitInfo(); + if ($gitInfo['branch']) { + $this->updateCache->delete(self::CACHE_KEY_COMMITS . '_' . md5($gitInfo['branch'])); + } + $this->updateCache->delete(self::CACHE_KEY_RELEASES); + } + + /** + * Get all available releases from GitHub (cached). + * + * @return array + */ + public function getAvailableReleases(int $limit = 10): array + { + if (!$this->privacySettings->checkForUpdates) { + return []; + } + + return $this->updateCache->get(self::CACHE_KEY_RELEASES, function (ItemInterface $item) use ($limit) { + $item->expiresAfter(self::CACHE_TTL); + + try { + $response = $this->httpClient->request('GET', self::GITHUB_API_BASE . '/releases', [ + 'query' => ['per_page' => $limit], + 'headers' => [ + 'Accept' => 'application/vnd.github.v3+json', + 'User-Agent' => 'Part-DB-Update-Checker', + ], + ]); + + $releases = []; + foreach ($response->toArray() as $release) { + // Extract assets (for ZIP download) + $assets = []; + foreach ($release['assets'] ?? [] as $asset) { + if (str_ends_with($asset['name'], '.zip') || str_ends_with($asset['name'], '.tar.gz')) { + $assets[] = [ + 'name' => $asset['name'], + 'url' => $asset['browser_download_url'], + 'size' => $asset['size'], + ]; + } + } + + $releases[] = [ + 'version' => ltrim($release['tag_name'], 'v'), + 'tag' => $release['tag_name'], + 'name' => $release['name'] ?? $release['tag_name'], + 'url' => $release['html_url'], + 'published_at' => $release['published_at'], + 'body' => $release['body'] ?? '', + 'prerelease' => $release['prerelease'] ?? false, + 'draft' => $release['draft'] ?? false, + 'assets' => $assets, + 'tarball_url' => $release['tarball_url'] ?? null, + 'zipball_url' => $release['zipball_url'] ?? null, + ]; + } + + return $releases; + } catch (\Exception $e) { + $this->logger->error('Failed to fetch releases from GitHub: ' . $e->getMessage()); + $item->expiresAfter(self::CACHE_TTL_ERROR); + + if ($this->is_dev_mode) { + throw $e; + } + + return []; + } + }); + } + + /** + * Get the latest stable release. + */ + public function getLatestRelease(bool $includePrerelease = false): ?array + { + $releases = $this->getAvailableReleases(); + + foreach ($releases as $release) { + // Skip drafts always + if ($release['draft']) { + continue; + } + + // Skip prereleases unless explicitly included + if (!$includePrerelease && $release['prerelease']) { + continue; + } + + return $release; + } + + return null; + } + + /** + * Check if a specific version is newer than current. + */ + public function isNewerVersion(string $version): bool + { + try { + $targetVersion = Version::fromString(ltrim($version, 'v')); + return $targetVersion->isGreaterThan($this->getCurrentVersion()); + } catch (\Exception) { + return false; + } + } + + /** + * Get comprehensive update status. + */ + public function getUpdateStatus(): array + { + $current = $this->getCurrentVersion(); + $latest = $this->getLatestRelease(); + $gitInfo = $this->getGitInfo(); + $installInfo = $this->installationTypeDetector->getInstallationInfo(); + + $updateAvailable = false; + $latestVersion = null; + $latestTag = null; + + if ($latest) { + try { + $latestVersionObj = Version::fromString($latest['version']); + $updateAvailable = $latestVersionObj->isGreaterThan($current); + $latestVersion = $latest['version']; + $latestTag = $latest['tag']; + } catch (\Exception) { + // Invalid version string + } + } + + // Determine if we can auto-update + $canAutoUpdate = $installInfo['supports_auto_update']; + $updateBlockers = []; + + if ($gitInfo['has_local_changes']) { + $canAutoUpdate = false; + $updateBlockers[] = 'local_changes'; + } + + if ($installInfo['type'] === InstallationType::DOCKER) { + $updateBlockers[] = 'docker_installation'; + } + + return [ + 'current_version' => $current->toString(), + 'latest_version' => $latestVersion, + 'latest_tag' => $latestTag, + 'update_available' => $updateAvailable, + 'release_notes' => $latest['body'] ?? null, + 'release_url' => $latest['url'] ?? null, + 'published_at' => $latest['published_at'] ?? null, + 'git' => $gitInfo, + 'installation' => $installInfo, + 'can_auto_update' => $canAutoUpdate, + 'update_blockers' => $updateBlockers, + 'check_enabled' => $this->privacySettings->checkForUpdates, + ]; + } + + /** + * Get releases newer than the current version. + */ + public function getAvailableUpdates(bool $includePrerelease = false): array + { + $releases = $this->getAvailableReleases(); + $current = $this->getCurrentVersion(); + $updates = []; + + foreach ($releases as $release) { + if ($release['draft']) { + continue; + } + + if (!$includePrerelease && $release['prerelease']) { + continue; + } + + try { + $releaseVersion = Version::fromString($release['version']); + if ($releaseVersion->isGreaterThan($current)) { + $updates[] = $release; + } + } catch (\Exception) { + continue; + } + } + + return $updates; + } +} diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php new file mode 100644 index 00000000..7bc997f7 --- /dev/null +++ b/src/Services/System/UpdateExecutor.php @@ -0,0 +1,832 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Services\System; + +use Psr\Log\LoggerInterface; +use Shivas\VersioningBundle\Service\VersionManagerInterface; +use Symfony\Component\DependencyInjection\Attribute\Autowire; +use Symfony\Component\Filesystem\Filesystem; +use Symfony\Component\Process\Process; + +/** + * Handles the execution of Part-DB updates with safety mechanisms. + * + * This service should primarily be used from CLI commands, not web requests, + * due to the long-running nature of updates and permission requirements. + */ +class UpdateExecutor +{ + private const LOCK_FILE = 'var/update.lock'; + private const MAINTENANCE_FILE = 'var/maintenance.flag'; + private const UPDATE_LOG_DIR = 'var/log/updates'; + private const BACKUP_DIR = 'var/backups'; + private const PROGRESS_FILE = 'var/update_progress.json'; + + /** @var array */ + private array $steps = []; + + private ?string $currentLogFile = null; + + public function __construct(#[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir, + private readonly LoggerInterface $logger, private readonly Filesystem $filesystem, + private readonly InstallationTypeDetector $installationTypeDetector, + private readonly VersionManagerInterface $versionManager) + { + + } + + /** + * Get the current version string for use in filenames. + */ + private function getCurrentVersionString(): string + { + return $this->versionManager->getVersion()->toString(); + } + + /** + * Check if an update is currently in progress. + */ + public function isLocked(): bool + { + $lockFile = $this->project_dir . '/' . self::LOCK_FILE; + + if (!file_exists($lockFile)) { + return false; + } + + // Check if lock is stale (older than 1 hour) + $lockData = json_decode(file_get_contents($lockFile), true); + if ($lockData && isset($lockData['started_at'])) { + $startedAt = new \DateTime($lockData['started_at']); + $now = new \DateTime(); + $diff = $now->getTimestamp() - $startedAt->getTimestamp(); + + // If lock is older than 1 hour, consider it stale + if ($diff > 3600) { + $this->logger->warning('Found stale update lock, removing it'); + $this->releaseLock(); + return false; + } + } + + return true; + } + + /** + * Get lock information. + */ + public function getLockInfo(): ?array + { + $lockFile = $this->project_dir . '/' . self::LOCK_FILE; + + if (!file_exists($lockFile)) { + return null; + } + + return json_decode(file_get_contents($lockFile), true); + } + + /** + * Check if maintenance mode is enabled. + */ + public function isMaintenanceMode(): bool + { + return file_exists($this->project_dir . '/' . self::MAINTENANCE_FILE); + } + + /** + * Get maintenance mode information. + */ + public function getMaintenanceInfo(): ?array + { + $maintenanceFile = $this->project_dir . '/' . self::MAINTENANCE_FILE; + + if (!file_exists($maintenanceFile)) { + return null; + } + + return json_decode(file_get_contents($maintenanceFile), true); + } + + /** + * Acquire an exclusive lock for the update process. + */ + public function acquireLock(): bool + { + if ($this->isLocked()) { + return false; + } + + $lockFile = $this->project_dir . '/' . self::LOCK_FILE; + $lockDir = dirname($lockFile); + + if (!is_dir($lockDir)) { + $this->filesystem->mkdir($lockDir); + } + + $lockData = [ + 'started_at' => (new \DateTime())->format('c'), + 'pid' => getmypid(), + 'user' => get_current_user(), + ]; + + $this->filesystem->dumpFile($lockFile, json_encode($lockData, JSON_PRETTY_PRINT)); + + return true; + } + + /** + * Release the update lock. + */ + public function releaseLock(): void + { + $lockFile = $this->project_dir . '/' . self::LOCK_FILE; + + if (file_exists($lockFile)) { + $this->filesystem->remove($lockFile); + } + } + + /** + * Enable maintenance mode to block user access during update. + */ + public function enableMaintenanceMode(string $reason = 'Update in progress'): void + { + $maintenanceFile = $this->project_dir . '/' . self::MAINTENANCE_FILE; + $maintenanceDir = dirname($maintenanceFile); + + if (!is_dir($maintenanceDir)) { + $this->filesystem->mkdir($maintenanceDir); + } + + $data = [ + 'enabled_at' => (new \DateTime())->format('c'), + 'reason' => $reason, + ]; + + $this->filesystem->dumpFile($maintenanceFile, json_encode($data, JSON_PRETTY_PRINT)); + } + + /** + * Disable maintenance mode. + */ + public function disableMaintenanceMode(): void + { + $maintenanceFile = $this->project_dir . '/' . self::MAINTENANCE_FILE; + + if (file_exists($maintenanceFile)) { + $this->filesystem->remove($maintenanceFile); + } + } + + /** + * Validate that we can perform an update. + * + * @return array{valid: bool, errors: array} + */ + public function validateUpdatePreconditions(): array + { + $errors = []; + + // Check installation type + $installType = $this->installationTypeDetector->detect(); + if (!$installType->supportsAutoUpdate()) { + $errors[] = sprintf( + 'Installation type "%s" does not support automatic updates. %s', + $installType->getLabel(), + $installType->getUpdateInstructions() + ); + } + + // Check for Git installation + if ($installType === InstallationType::GIT) { + // Check if git is available + $process = new Process(['git', '--version']); + $process->run(); + if (!$process->isSuccessful()) { + $errors[] = 'Git command not found. Please ensure Git is installed and in PATH.'; + } + + // Check for local changes + $process = new Process(['git', 'status', '--porcelain'], $this->project_dir); + $process->run(); + if (!empty(trim($process->getOutput()))) { + $errors[] = 'There are uncommitted local changes. Please commit or stash them before updating.'; + } + } + + // Check if composer is available + $process = new Process(['composer', '--version']); + $process->run(); + if (!$process->isSuccessful()) { + $errors[] = 'Composer command not found. Please ensure Composer is installed and in PATH.'; + } + + // Check if PHP CLI is available + $process = new Process(['php', '--version']); + $process->run(); + if (!$process->isSuccessful()) { + $errors[] = 'PHP CLI not found. Please ensure PHP is installed and in PATH.'; + } + + // Check write permissions + $testDirs = ['var', 'vendor', 'public']; + foreach ($testDirs as $dir) { + $fullPath = $this->project_dir . '/' . $dir; + if (is_dir($fullPath) && !is_writable($fullPath)) { + $errors[] = sprintf('Directory "%s" is not writable.', $dir); + } + } + + // Check if already locked + if ($this->isLocked()) { + $lockInfo = $this->getLockInfo(); + $errors[] = sprintf( + 'An update is already in progress (started at %s).', + $lockInfo['started_at'] ?? 'unknown time' + ); + } + + return [ + 'valid' => empty($errors), + 'errors' => $errors, + ]; + } + + /** + * Execute the update to a specific version. + * + * @param string $targetVersion The target version/tag to update to (e.g., "v2.6.0") + * @param bool $createBackup Whether to create a backup before updating + * @param callable|null $onProgress Callback for progress updates + * + * @return array{success: bool, steps: array, rollback_tag: ?string, error: ?string, log_file: ?string} + */ + public function executeUpdate( + string $targetVersion, + bool $createBackup = true, + ?callable $onProgress = null + ): array { + $this->steps = []; + $rollbackTag = null; + $startTime = microtime(true); + + // Initialize log file + $this->initializeLogFile($targetVersion); + + $log = function (string $step, string $message, bool $success = true, ?float $duration = null) use ($onProgress): void { + $entry = [ + 'step' => $step, + 'message' => $message, + 'success' => $success, + 'timestamp' => (new \DateTime())->format('c'), + 'duration' => $duration, + ]; + + $this->steps[] = $entry; + $this->writeToLogFile($entry); + $this->logger->info("Update [{$step}]: {$message}", ['success' => $success]); + + if ($onProgress) { + $onProgress($entry); + } + }; + + try { + // Validate preconditions + $validation = $this->validateUpdatePreconditions(); + if (!$validation['valid']) { + throw new \RuntimeException('Precondition check failed: ' . implode('; ', $validation['errors'])); + } + + // Step 1: Acquire lock + $stepStart = microtime(true); + if (!$this->acquireLock()) { + throw new \RuntimeException('Could not acquire update lock. Another update may be in progress.'); + } + $log('lock', 'Acquired exclusive update lock', true, microtime(true) - $stepStart); + + // Step 2: Enable maintenance mode + $stepStart = microtime(true); + $this->enableMaintenanceMode('Updating to ' . $targetVersion); + $log('maintenance', 'Enabled maintenance mode', true, microtime(true) - $stepStart); + + // Step 3: Create rollback point with version info + $stepStart = microtime(true); + $currentVersion = $this->getCurrentVersionString(); + $targetVersionClean = preg_replace('/[^a-zA-Z0-9\.]/', '', $targetVersion); + $rollbackTag = 'pre-update-v' . $currentVersion . '-to-' . $targetVersionClean . '-' . date('Y-m-d-His'); + $this->runCommand(['git', 'tag', $rollbackTag], 'Create rollback tag'); + $log('rollback_tag', 'Created rollback tag: ' . $rollbackTag, true, microtime(true) - $stepStart); + + // Step 4: Create backup (optional) + if ($createBackup) { + $stepStart = microtime(true); + $backupFile = $this->createBackup($targetVersion); + $log('backup', 'Created backup: ' . basename($backupFile), true, microtime(true) - $stepStart); + } + + // Step 5: Fetch from remote + $stepStart = microtime(true); + $this->runCommand(['git', 'fetch', '--tags', '--force', 'origin'], 'Fetch from origin', 120); + $log('fetch', 'Fetched latest changes and tags from origin', true, microtime(true) - $stepStart); + + // Step 6: Checkout target version + $stepStart = microtime(true); + $this->runCommand(['git', 'checkout', $targetVersion], 'Checkout version'); + $log('checkout', 'Checked out version: ' . $targetVersion, true, microtime(true) - $stepStart); + + // Step 7: Install dependencies + $stepStart = microtime(true); + $this->runCommand([ + 'composer', 'install', + '--no-dev', + '--optimize-autoloader', + '--no-interaction', + '--no-progress', + ], 'Install dependencies', 600); + $log('composer', 'Installed/updated dependencies', true, microtime(true) - $stepStart); + + // Step 8: Run database migrations + $stepStart = microtime(true); + $this->runCommand([ + 'php', 'bin/console', 'doctrine:migrations:migrate', + '--no-interaction', + '--allow-no-migration', + ], 'Run migrations', 300); + $log('migrations', 'Database migrations completed', true, microtime(true) - $stepStart); + + // Step 9: Clear cache + $stepStart = microtime(true); + $this->runCommand([ + 'php', 'bin/console', 'cache:clear', + '--env=prod', + '--no-interaction', + ], 'Clear cache', 120); + $log('cache_clear', 'Cleared application cache', true, microtime(true) - $stepStart); + + // Step 10: Warm up cache + $stepStart = microtime(true); + $this->runCommand([ + 'php', 'bin/console', 'cache:warmup', + '--env=prod', + ], 'Warmup cache', 120); + $log('cache_warmup', 'Warmed up application cache', true, microtime(true) - $stepStart); + + // Step 11: Disable maintenance mode + $stepStart = microtime(true); + $this->disableMaintenanceMode(); + $log('maintenance_off', 'Disabled maintenance mode', true, microtime(true) - $stepStart); + + // Step 12: Release lock + $stepStart = microtime(true); + $this->releaseLock(); + + $totalDuration = microtime(true) - $startTime; + $log('complete', sprintf('Update completed successfully in %.1f seconds', $totalDuration), true, microtime(true) - $stepStart); + + return [ + 'success' => true, + 'steps' => $this->steps, + 'rollback_tag' => $rollbackTag, + 'error' => null, + 'log_file' => $this->currentLogFile, + 'duration' => $totalDuration, + ]; + + } catch (\Exception $e) { + $log('error', 'Update failed: ' . $e->getMessage(), false); + + // Attempt rollback + if ($rollbackTag) { + try { + $this->runCommand(['git', 'checkout', $rollbackTag], 'Rollback'); + $log('rollback', 'Rolled back to: ' . $rollbackTag, true); + + // Re-run composer install after rollback + $this->runCommand([ + 'composer', 'install', + '--no-dev', + '--optimize-autoloader', + '--no-interaction', + ], 'Reinstall dependencies after rollback', 600); + $log('rollback_composer', 'Reinstalled dependencies after rollback', true); + + // Clear cache after rollback + $this->runCommand([ + 'php', 'bin/console', 'cache:clear', + '--env=prod', + ], 'Clear cache after rollback', 120); + $log('rollback_cache', 'Cleared cache after rollback', true); + + } catch (\Exception $rollbackError) { + $log('rollback_failed', 'Rollback failed: ' . $rollbackError->getMessage(), false); + } + } + + // Clean up + $this->disableMaintenanceMode(); + $this->releaseLock(); + + return [ + 'success' => false, + 'steps' => $this->steps, + 'rollback_tag' => $rollbackTag, + 'error' => $e->getMessage(), + 'log_file' => $this->currentLogFile, + 'duration' => microtime(true) - $startTime, + ]; + } + } + + /** + * Create a backup before updating. + */ + private function createBackup(string $targetVersion): string + { + $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; + + if (!is_dir($backupDir)) { + $this->filesystem->mkdir($backupDir, 0755); + } + + // Include version numbers in backup filename: pre-update-v2.5.1-to-v2.6.0-2024-01-30-185400.zip + $currentVersion = $this->getCurrentVersionString(); + $targetVersionClean = preg_replace('/[^a-zA-Z0-9\.]/', '', $targetVersion); + $backupFile = $backupDir . '/pre-update-v' . $currentVersion . '-to-' . $targetVersionClean . '-' . date('Y-m-d-His') . '.zip'; + + $this->runCommand([ + 'php', 'bin/console', 'partdb:backup', + '--full', + '--overwrite', + $backupFile, + ], 'Create backup', 600); + + return $backupFile; + } + + /** + * Run a shell command with proper error handling. + */ + private function runCommand(array $command, string $description, int $timeout = 120): string + { + $process = new Process($command, $this->project_dir); + $process->setTimeout($timeout); + + // Set environment variables needed for Composer and other tools + // This is especially important when running as www-data which may not have HOME set + // We inherit from current environment and override/add specific variables + $currentEnv = getenv(); + if (!is_array($currentEnv)) { + $currentEnv = []; + } + $env = array_merge($currentEnv, [ + 'HOME' => $this->project_dir, + 'COMPOSER_HOME' => $this->project_dir . '/var/composer', + 'PATH' => getenv('PATH') ?: '/usr/local/bin:/usr/bin:/bin', + ]); + $process->setEnv($env); + + $output = ''; + $process->run(function ($type, $buffer) use (&$output) { + $output .= $buffer; + }); + + if (!$process->isSuccessful()) { + $errorOutput = $process->getErrorOutput() ?: $process->getOutput(); + throw new \RuntimeException( + sprintf('%s failed: %s', $description, trim($errorOutput)) + ); + } + + return $output; + } + + /** + * Initialize the log file for this update. + */ + private function initializeLogFile(string $targetVersion): void + { + $logDir = $this->project_dir . '/' . self::UPDATE_LOG_DIR; + + if (!is_dir($logDir)) { + $this->filesystem->mkdir($logDir, 0755); + } + + // Include version numbers in log filename: update-v2.5.1-to-v2.6.0-2024-01-30-185400.log + $currentVersion = $this->getCurrentVersionString(); + $targetVersionClean = preg_replace('/[^a-zA-Z0-9\.]/', '', $targetVersion); + $this->currentLogFile = $logDir . '/update-v' . $currentVersion . '-to-' . $targetVersionClean . '-' . date('Y-m-d-His') . '.log'; + + $header = sprintf( + "Part-DB Update Log\n" . + "==================\n" . + "Started: %s\n" . + "From Version: %s\n" . + "Target Version: %s\n" . + "==================\n\n", + date('Y-m-d H:i:s'), + $currentVersion, + $targetVersion + ); + + file_put_contents($this->currentLogFile, $header); + } + + /** + * Write an entry to the log file. + */ + private function writeToLogFile(array $entry): void + { + if (!$this->currentLogFile) { + return; + } + + $line = sprintf( + "[%s] %s: %s%s\n", + $entry['timestamp'], + strtoupper($entry['step']), + $entry['message'], + $entry['duration'] ? sprintf(' (%.2fs)', $entry['duration']) : '' + ); + + file_put_contents($this->currentLogFile, $line, FILE_APPEND); + } + + /** + * Get list of update log files. + */ + public function getUpdateLogs(): array + { + $logDir = $this->project_dir . '/' . self::UPDATE_LOG_DIR; + + if (!is_dir($logDir)) { + return []; + } + + $logs = []; + foreach (glob($logDir . '/update-*.log') as $logFile) { + $logs[] = [ + 'file' => basename($logFile), + 'path' => $logFile, + 'date' => filemtime($logFile), + 'size' => filesize($logFile), + ]; + } + + // Sort by date descending + usort($logs, fn($a, $b) => $b['date'] <=> $a['date']); + + return $logs; + } + + /** + * Get list of backups. + */ + public function getBackups(): array + { + $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; + + if (!is_dir($backupDir)) { + return []; + } + + $backups = []; + foreach (glob($backupDir . '/*.zip') as $backupFile) { + $backups[] = [ + 'file' => basename($backupFile), + 'path' => $backupFile, + 'date' => filemtime($backupFile), + 'size' => filesize($backupFile), + ]; + } + + // Sort by date descending + usort($backups, fn($a, $b) => $b['date'] <=> $a['date']); + + return $backups; + } + + /** + * Get the path to the progress file. + */ + public function getProgressFilePath(): string + { + return $this->project_dir . '/' . self::PROGRESS_FILE; + } + + /** + * Save progress to file for web UI polling. + */ + public function saveProgress(array $progress): void + { + $progressFile = $this->getProgressFilePath(); + $progressDir = dirname($progressFile); + + if (!is_dir($progressDir)) { + $this->filesystem->mkdir($progressDir); + } + + $this->filesystem->dumpFile($progressFile, json_encode($progress, JSON_PRETTY_PRINT)); + } + + /** + * Get current update progress from file. + */ + public function getProgress(): ?array + { + $progressFile = $this->getProgressFilePath(); + + if (!file_exists($progressFile)) { + return null; + } + + $data = json_decode(file_get_contents($progressFile), true); + + // If the progress file is stale (older than 30 minutes), consider it invalid + if ($data && isset($data['started_at'])) { + $startedAt = strtotime($data['started_at']); + if (time() - $startedAt > 1800) { + $this->clearProgress(); + return null; + } + } + + return $data; + } + + /** + * Clear progress file. + */ + public function clearProgress(): void + { + $progressFile = $this->getProgressFilePath(); + + if (file_exists($progressFile)) { + $this->filesystem->remove($progressFile); + } + } + + /** + * Check if an update is currently running (based on progress file). + */ + public function isUpdateRunning(): bool + { + $progress = $this->getProgress(); + + if (!$progress) { + return false; + } + + return isset($progress['status']) && $progress['status'] === 'running'; + } + + /** + * Start the update process in the background. + * Returns the process ID or null on failure. + */ + public function startBackgroundUpdate(string $targetVersion, bool $createBackup = true): ?int + { + // Validate first + $validation = $this->validateUpdatePreconditions(); + if (!$validation['valid']) { + $this->logger->error('Update validation failed', ['errors' => $validation['errors']]); + return null; + } + + // Initialize progress file + $this->saveProgress([ + 'status' => 'starting', + 'target_version' => $targetVersion, + 'create_backup' => $createBackup, + 'started_at' => (new \DateTime())->format('c'), + 'current_step' => 0, + 'total_steps' => 12, + 'step_name' => 'initializing', + 'step_message' => 'Starting update process...', + 'steps' => [], + 'error' => null, + ]); + + // Build the command to run in background + // Use 'php' from PATH as PHP_BINARY might point to php-fpm + $consolePath = $this->project_dir . '/bin/console'; + $logFile = $this->project_dir . '/var/log/update-background.log'; + + // Ensure log directory exists + $logDir = dirname($logFile); + if (!is_dir($logDir)) { + $this->filesystem->mkdir($logDir, 0755); + } + + // Use nohup to properly detach the process from the web request + // The process will continue running even after the PHP request ends + $command = sprintf( + 'nohup php %s partdb:update %s %s --force --no-interaction >> %s 2>&1 &', + escapeshellarg($consolePath), + escapeshellarg($targetVersion), + $createBackup ? '' : '--no-backup', + escapeshellarg($logFile) + ); + + $this->logger->info('Starting background update', [ + 'command' => $command, + 'target_version' => $targetVersion, + ]); + + // Execute in background using shell_exec for proper detachment + // shell_exec with & runs the command in background + $output = shell_exec($command); + + // Give it a moment to start + usleep(500000); // 500ms + + // Check if progress file was updated (indicates process started) + $progress = $this->getProgress(); + if ($progress && isset($progress['status'])) { + $this->logger->info('Background update started successfully'); + return 1; // Return a non-null value to indicate success + } + + $this->logger->error('Background update may not have started', ['output' => $output]); + return 1; // Still return success as the process might just be slow to start + } + + /** + * Execute update with progress file updates for web UI. + * This is called by the CLI command and updates the progress file. + */ + public function executeUpdateWithProgress( + string $targetVersion, + bool $createBackup = true, + ?callable $onProgress = null + ): array { + $totalSteps = 12; + $currentStep = 0; + + $updateProgress = function (string $stepName, string $message, bool $success = true) use (&$currentStep, $totalSteps, $targetVersion, $createBackup): void { + $currentStep++; + $progress = $this->getProgress() ?? [ + 'status' => 'running', + 'target_version' => $targetVersion, + 'create_backup' => $createBackup, + 'started_at' => (new \DateTime())->format('c'), + 'steps' => [], + ]; + + $progress['current_step'] = $currentStep; + $progress['total_steps'] = $totalSteps; + $progress['step_name'] = $stepName; + $progress['step_message'] = $message; + $progress['status'] = 'running'; + $progress['steps'][] = [ + 'step' => $stepName, + 'message' => $message, + 'success' => $success, + 'timestamp' => (new \DateTime())->format('c'), + ]; + + $this->saveProgress($progress); + }; + + // Wrap the existing executeUpdate with progress tracking + $result = $this->executeUpdate($targetVersion, $createBackup, function ($entry) use ($updateProgress, $onProgress) { + $updateProgress($entry['step'], $entry['message'], $entry['success']); + + if ($onProgress) { + $onProgress($entry); + } + }); + + // Update final status + $finalProgress = $this->getProgress() ?? []; + $finalProgress['status'] = $result['success'] ? 'completed' : 'failed'; + $finalProgress['completed_at'] = (new \DateTime())->format('c'); + $finalProgress['result'] = $result; + $finalProgress['error'] = $result['error']; + $this->saveProgress($finalProgress); + + return $result; + } +} diff --git a/src/Services/Trees/ToolsTreeBuilder.php b/src/Services/Trees/ToolsTreeBuilder.php index 37a09b09..1bb81bf7 100644 --- a/src/Services/Trees/ToolsTreeBuilder.php +++ b/src/Services/Trees/ToolsTreeBuilder.php @@ -315,6 +315,13 @@ class ToolsTreeBuilder ))->setIcon('fa fa-fw fa-gears fa-solid'); } + if ($this->security->isGranted('@system.show_updates')) { + $nodes[] = (new TreeViewNode( + $this->translator->trans('tree.tools.system.update_manager'), + $this->urlGenerator->generate('admin_update_manager') + ))->setIcon('fa-fw fa-treeview fa-solid fa-cloud-download-alt'); + } + return $nodes; } } diff --git a/src/Twig/UpdateExtension.php b/src/Twig/UpdateExtension.php new file mode 100644 index 00000000..10264d12 --- /dev/null +++ b/src/Twig/UpdateExtension.php @@ -0,0 +1,79 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Twig; + +use App\Services\System\UpdateAvailableManager; +use Symfony\Bundle\SecurityBundle\Security; +use Twig\Extension\AbstractExtension; +use Twig\TwigFunction; + +/** + * Twig extension for update-related functions. + */ +final class UpdateExtension extends AbstractExtension +{ + public function __construct(private readonly UpdateAvailableManager $updateAvailableManager, + private readonly Security $security) + { + + } + + public function getFunctions(): array + { + return [ + new TwigFunction('is_update_available', $this->isUpdateAvailable(...)), + new TwigFunction('get_latest_version', $this->getLatestVersion(...)), + new TwigFunction('get_latest_version_url', $this->getLatestVersionUrl(...)), + ]; + } + + /** + * Check if an update is available and the user has permission to see it. + */ + public function isUpdateAvailable(): bool + { + // Only show to users with the show_updates permission + if (!$this->security->isGranted('@system.show_updates')) { + return false; + } + + return $this->updateAvailableManager->isUpdateAvailable(); + } + + /** + * Get the latest available version string. + */ + public function getLatestVersion(): string + { + return $this->updateAvailableManager->getLatestVersionString(); + } + + /** + * Get the URL to the latest version release page. + */ + public function getLatestVersionUrl(): string + { + return $this->updateAvailableManager->getLatestVersionUrl(); + } +} diff --git a/templates/_navbar.html.twig b/templates/_navbar.html.twig index 446ccdab..30562ec4 100644 --- a/templates/_navbar.html.twig +++ b/templates/_navbar.html.twig @@ -74,6 +74,19 @@
    + {# Update notification badge #} + {% if is_update_available() %} +
  • + + + + {% trans %}update_manager.new{% endtrans %} + + +
    • + {% endif %} +
  • + {% endif %} + +
    + {# Current Version Card #} +
    +
    +
    + {% trans %}update_manager.current_installation{% endtrans %} +
    +
    + + + + + + + + + + + {% if status.git.is_git_install %} + + + + + + + + + + + + + {% endif %} + + + + + +
    {% trans %}update_manager.version{% endtrans %} + {{ status.current_version }} +
    {% trans %}update_manager.installation_type{% endtrans %} + {{ status.installation.type_name }} +
    {% trans %}update_manager.git_branch{% endtrans %}{{ status.git.branch ?? 'N/A' }}
    {% trans %}update_manager.git_commit{% endtrans %}{{ status.git.commit ?? 'N/A' }}
    {% trans %}update_manager.local_changes{% endtrans %} + {% if status.git.has_local_changes %} + + {% trans %}update_manager.yes{% endtrans %} + + {% else %} + + {% trans %}update_manager.no{% endtrans %} + + {% endif %} +
    {% trans %}update_manager.auto_update_supported{% endtrans %} + {% if status.can_auto_update %} + + {% trans %}update_manager.yes{% endtrans %} + + {% else %} + + {% trans %}update_manager.no{% endtrans %} + + {% endif %} +
    +
    +
    +
    + + +
    +
    +
    +
    + + {# Latest Version / Update Card #} +
    +
    +
    + {% if status.update_available %} + {% trans %}update_manager.new_version_available.title{% endtrans %} + {% else %} + {% trans %}update_manager.latest_release{% endtrans %} + {% endif %} +
    +
    + {% if status.latest_version %} +
    + + {{ status.latest_tag }} + + {% if not status.update_available %} +

    + + {% trans %}update_manager.already_up_to_date{% endtrans %} +

    + {% endif %} +
    + + {% if status.update_available and status.can_auto_update and validation.valid %} +
    + + + +
    + +
    + +
    + + +
    +
    + {% endif %} + + {% if status.published_at %} +

    + + {% trans %}update_manager.released{% endtrans %}: {{ status.published_at|date('Y-m-d') }} +

    + {% endif %} + {% else %} +
    + +

    {% trans %}update_manager.could_not_fetch_releases{% endtrans %}

    +
    + {% endif %} +
    + {% if status.latest_tag %} +
    + + {% trans %}update_manager.view_release_notes{% endtrans %} + + {% if status.release_url %} + + GitHub + + {% endif %} +
    + {% endif %} +
    +
    +
    + + {# Validation Issues #} + {% if not validation.valid %} + + {% endif %} + +
    + {# Available Versions #} +
    +
    +
    + {% trans %}update_manager.available_versions{% endtrans %} +
    +
    +
    + + + + + + + + + + {% for release in all_releases %} + + + + + + {% else %} + + + + {% endfor %} + +
    {% trans %}update_manager.version{% endtrans %}{% trans %}update_manager.released{% endtrans %}
    + {{ release.tag }} + {% if release.prerelease %} + pre + {% endif %} + {% if release.version == status.current_version %} + {% trans %}update_manager.current{% endtrans %} + {% endif %} + + {{ release.published_at|date('Y-m-d') }} + +
    + + + + {% if release.version != status.current_version and status.can_auto_update and validation.valid %} +
    + + + + +
    + {% endif %} +
    +
    + {% trans %}update_manager.no_releases_found{% endtrans %} +
    +
    +
    +
    +
    + + {# Update History & Backups #} +
    +
    +
    +
      +
    • + +
      • +
    • + +
      • +
    +
    +
    +
    +
    +
    + + + + + + + + + + {% for log in update_logs %} + + + + + + {% else %} + + + + {% endfor %} + +
    {% trans %}update_manager.date{% endtrans %}{% trans %}update_manager.log_file{% endtrans %}
    + {{ log.date|date('Y-m-d H:i') }} + {{ log.file }} + + + +
    + {% trans %}update_manager.no_logs_found{% endtrans %} +
    +
    +
    +
    +
    + + + + + + + + + + {% for backup in backups %} + + + + + + {% else %} + + + + {% endfor %} + +
    {% trans %}update_manager.date{% endtrans %}{% trans %}update_manager.file{% endtrans %}{% trans %}update_manager.size{% endtrans %}
    + {{ backup.date|date('Y-m-d H:i') }} + {{ backup.file }} + {{ (backup.size / 1024 / 1024)|number_format(1) }} MB +
    + {% trans %}update_manager.no_backups_found{% endtrans %} +
    +
    +
    +
    +
    +
    +
    +
    + + {# Non-auto-update installations info #} + {% if not status.can_auto_update %} +
    +
    + {{ status.installation.type_name }} +
    +

    {{ status.installation.update_instructions }}

    +
    + {% endif %} +
    +{% endblock %} diff --git a/templates/admin/update_manager/log_viewer.html.twig b/templates/admin/update_manager/log_viewer.html.twig new file mode 100644 index 00000000..64412123 --- /dev/null +++ b/templates/admin/update_manager/log_viewer.html.twig @@ -0,0 +1,40 @@ +{% extends "main_card.html.twig" %} + +{% block title %}{{ filename }} - {% trans %}update_manager.log_viewer{% endtrans %}{% endblock %} + +{% block card_title %} + {{ filename }} +{% endblock %} + +{% block card_content %} +
    + + {% trans %}update_manager.back_to_update_manager{% endtrans %} + +
    + +
    +
    + + {% trans %}update_manager.update_log{% endtrans %} + + {{ content|length }} {% trans %}update_manager.bytes{% endtrans %} +
    +
    + 
    {{ content }}
    +
    +
    + + +{% endblock %} diff --git a/templates/admin/update_manager/progress.html.twig b/templates/admin/update_manager/progress.html.twig new file mode 100644 index 00000000..c45a4e78 --- /dev/null +++ b/templates/admin/update_manager/progress.html.twig @@ -0,0 +1,196 @@ +{% extends "main_card.html.twig" %} + +{% block title %} + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_title{% endtrans %} + {% else %} + {% trans %}update_manager.progress.title{% endtrans %} + {% endif %} +{% endblock %} + +{% block card_title %} + {% if progress and progress.status == 'running' %} + + {% elseif progress and progress.status == 'completed' %} + + {% elseif progress and progress.status == 'failed' %} + + {% else %} + + {% endif %} + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_title{% endtrans %} + {% else %} + {% trans %}update_manager.progress.title{% endtrans %} + {% endif %} +{% endblock %} + +{% block head %} + {{ parent() }} + {# Auto-refresh while update is running - also refresh when 'starting' status #} + {% if not progress or progress.status == 'running' or progress.status == 'starting' %} + + {% endif %} +{% endblock %} + +{% block card_content %} +
    + + {# Progress Header #} +
    +
    + {% if progress and progress.status == 'completed' %} + + {% elseif progress and progress.status == 'failed' %} + + {% else %} + + {% endif %} +
    +

    + {% if progress and progress.status == 'running' %} + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrading{% endtrans %} + {% else %} + {% trans %}update_manager.progress.updating{% endtrans %} + {% endif %} + {% elseif progress and progress.status == 'completed' %} + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_completed{% endtrans %} + {% else %} + {% trans %}update_manager.progress.completed{% endtrans %} + {% endif %} + {% elseif progress and progress.status == 'failed' %} + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_failed{% endtrans %} + {% else %} + {% trans %}update_manager.progress.failed{% endtrans %} + {% endif %} + {% else %} + {% trans %}update_manager.progress.initializing{% endtrans %} + {% endif %} +

    +

    + {% if progress %} + {% if is_downgrade|default(false) %} + {% trans with {'%version%': progress.target_version|default('unknown')} %}update_manager.progress.downgrading_to{% endtrans %} + {% else %} + {% trans with {'%version%': progress.target_version|default('unknown')} %}update_manager.progress.updating_to{% endtrans %} + {% endif %} + {% endif %} +

    +
    + + {# Progress Bar #} + {% set percent = progress ? ((progress.current_step|default(0) / progress.total_steps|default(12)) * 100)|round : 0 %} + {% if progress and progress.status == 'completed' %} + {% set percent = 100 %} + {% endif %} +
    +
    + {{ percent }}% +
    +
    + + {# Current Step - shows what's currently being worked on #} + {% if progress and (progress.status == 'running' or progress.status == 'starting') %} +
    + {{ progress.step_name|default('initializing')|replace({'_': ' '})|capitalize }}: + {{ progress.step_message|default('Processing...') }} +
    + {% endif %} + + {# Error Message #} + {% if progress and progress.status == 'failed' %} +
    + {% trans %}update_manager.progress.error{% endtrans %}: + {{ progress.error|default('An unknown error occurred') }} +
    + {% endif %} + + {# Success Message #} + {% if progress and progress.status == 'completed' %} +
    + + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_success_message{% endtrans %} + {% else %} + {% trans %}update_manager.progress.success_message{% endtrans %} + {% endif %} +
    + {% endif %} + + {# Steps Timeline #} +
    +
    + + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_steps{% endtrans %} + {% else %} + {% trans %}update_manager.progress.steps{% endtrans %} + {% endif %} +
    +
    +
      + {% if progress and progress.steps %} + {% for step in progress.steps %} +
    • + {% if step.success %} + + {% else %} + + {% endif %} +
      + {{ step.step|replace({'_': ' '})|capitalize }} +
      {{ step.message }} +
      + {{ step.timestamp|date('H:i:s') }} +
      • + {% endfor %} + {% else %} +
    • + {% trans %}update_manager.progress.waiting{% endtrans %} +
      • + {% endif %} +
    +
    +
    + + {# Actions #} +
    + {% if progress and (progress.status == 'completed' or progress.status == 'failed') %} + + {% trans %}update_manager.progress.back{% endtrans %} + + + {% trans %}update_manager.progress.refresh_page{% endtrans %} + + {% endif %} +
    + + {# Warning Notice #} + {% if not progress or progress.status == 'running' or progress.status == 'starting' %} +
    + + {% trans %}update_manager.progress.warning{% endtrans %}: + {% if is_downgrade|default(false) %} + {% trans %}update_manager.progress.downgrade_do_not_close{% endtrans %} + {% else %} + {% trans %}update_manager.progress.do_not_close{% endtrans %} + {% endif %} +
    + + {# JavaScript refresh - more reliable than meta refresh #} + + {% endif %} +
    +{% endblock %} diff --git a/templates/admin/update_manager/release_notes.html.twig b/templates/admin/update_manager/release_notes.html.twig new file mode 100644 index 00000000..9bcd9e04 --- /dev/null +++ b/templates/admin/update_manager/release_notes.html.twig @@ -0,0 +1,110 @@ +{% extends "main_card.html.twig" %} + +{% block title %}{{ release.name }} - {% trans %}update_manager.release_notes{% endtrans %}{% endblock %} + +{% block card_title %} + {{ release.name }} +{% endblock %} + +{% block card_content %} +
    + + {% trans %}update_manager.back_to_update_manager{% endtrans %} + +
    + +
    +
    + + + + + + + + + + + + + + + + + +
    {% trans %}update_manager.version{% endtrans %} + {{ release.version }} + {% if release.prerelease %} + {% trans %}update_manager.prerelease{% endtrans %} + {% endif %} +
    {% trans %}update_manager.tag{% endtrans %}{{ release.tag }}
    {% trans %}update_manager.released{% endtrans %}{{ release.published_at|date('Y-m-d H:i') }}
    {% trans %}update_manager.status{% endtrans %} + {% if release.version == current_version %} + {% trans %}update_manager.current{% endtrans %} + {% elseif release.version > current_version %} + {% trans %}update_manager.newer{% endtrans %} + {% else %} + {% trans %}update_manager.older{% endtrans %} + {% endif %} +
    +
    +
    + + {% trans %}update_manager.view_on_github{% endtrans %} + + {% if release.zipball_url %} + + ZIP + + {% endif %} +
    +
    + +{% if release.assets is not empty %} +
    +
    + {% trans %}update_manager.download_assets{% endtrans %} +
    +
    +
      + {% for asset in release.assets %} +
    • + + {{ asset.name }} + + ({{ (asset.size / 1024 / 1024)|number_format(1) }} MB) +
      • + {% endfor %} +
    +
    +
    +{% endif %} + +
    +
    + {% trans %}update_manager.changelog{% endtrans %} +
    +
    + {% if release.body %} +
    + {{ release.body|markdown_to_html }} +
    + {% else %} +

    {% trans %}update_manager.no_release_notes{% endtrans %}

    + {% endif %} +
    +
    + +{% if release.version > current_version %} +
    +
    + {% trans %}update_manager.update_to_this_version{% endtrans %} +
    +
    +

    {% trans %}update_manager.run_command_to_update{% endtrans %}

    +
    + php bin/console partdb:update {{ release.tag }} +
    +
    +
    +{% endif %} +{% endblock %} diff --git a/templates/maintenance/maintenance.html.twig b/templates/maintenance/maintenance.html.twig new file mode 100644 index 00000000..05cab1cf --- /dev/null +++ b/templates/maintenance/maintenance.html.twig @@ -0,0 +1,251 @@ + + + + + + + Part-DB - {% trans %}update_manager.maintenance.title{% endtrans %} + + + + + +
    +
    + +
    + +

    {% trans %}update_manager.maintenance.heading{% endtrans %}

    + +

    + {% trans %}update_manager.maintenance.description{% endtrans %} +

    + +
    + + {{ reason }} +
    + +
    +
    +
    +
    +
    + +
    +
    + + {% trans %}update_manager.maintenance.step_backup{% endtrans %} +
    +
    + + {% trans %}update_manager.maintenance.step_download{% endtrans %} +
    +
    + + {% trans %}update_manager.maintenance.step_install{% endtrans %} +
    +
    + + {% trans %}update_manager.maintenance.step_migrate{% endtrans %} +
    +
    + + {% trans %}update_manager.maintenance.step_cache{% endtrans %} +
    +
    + + {% if duration is not null %} +
    + {{ duration // 60 }}:{{ '%02d'|format(duration % 60) }} +
    + {% endif %} + +

    + + {% trans %}update_manager.maintenance.auto_refresh{% endtrans %} +

    + + +
    + + + + diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index 5c4151d6..ff0a05e6 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -12826,6 +12826,12 @@ Please note, that you can not impersonate a disabled user. If you try you will g System settings + + + tree.tools.system.update_manager + Update Manager + + settings.tooltip.overrideable_by_env @@ -14286,5 +14292,701 @@ Buerklin-API Authentication server: Transport error while retrieving information from the providers. Check that your server has internet accesss. See server logs for more info. + + + update_manager.title + Update Manager + + + + + update_manager.new + New + + + + + update_manager.current_installation + Current Installation + + + + + update_manager.version + Version + + + + + update_manager.installation_type + Installation Type + + + + + update_manager.git_branch + Git Branch + + + + + update_manager.git_commit + Git Commit + + + + + update_manager.local_changes + Local Changes + + + + + update_manager.commits_behind + Commits Behind + + + + + update_manager.auto_update_supported + Auto-Update Supported + + + + + update_manager.refresh + Refresh + + + + + update_manager.latest_release + Latest Release + + + + + update_manager.tag + Tag + + + + + update_manager.released + Released + + + + + update_manager.release_notes + Release Notes + + + + + update_manager.view + View + + + + + update_manager.view_on_github + View on GitHub + + + + + update_manager.view_release + View Release + + + + + update_manager.could_not_fetch_releases + Could not fetch release information. Check your internet connection. + + + + + update_manager.how_to_update + How to Update + + + + + update_manager.cli_instruction + To update Part-DB, run one of the following commands in your terminal: + + + + + update_manager.check_for_updates + Check for updates + + + + + update_manager.update_to_latest + Update to latest version + + + + + update_manager.update_to_specific + Update to specific version + + + + + update_manager.cli_recommendation + For safety and reliability, updates should be performed via the command line interface. The update process will automatically create a backup, enable maintenance mode, and handle migrations. + + + + + update_manager.yes + Yes + + + + + update_manager.no + No + + + + + update_manager.up_to_date + Up to date + + + + + update_manager.newer + Newer + + + + + update_manager.current + Current + + + + + update_manager.older + Older + + + + + update_manager.prerelease + Pre-release + + + + + update_manager.status + Status + + + + + update_manager.available_versions + Available Versions + + + + + update_manager.no_releases_found + No releases found + + + + + update_manager.view_release_notes + View Release Notes + + + + + update_manager.update_logs + Update Logs + + + + + update_manager.backups + Backups + + + + + update_manager.date + Date + + + + + update_manager.log_file + Log File + + + + + update_manager.no_logs_found + No update logs found + + + + + update_manager.file + File + + + + + update_manager.size + Size + + + + + update_manager.no_backups_found + No backups found + + + + + update_manager.pre_update_checklist + Pre-Update Checklist + + + + + update_manager.before_updating + Before Updating + + + + + update_manager.checklist.requirements + All requirements met + + + + + update_manager.checklist.no_local_changes + No local modifications + + + + + update_manager.checklist.backup_created + Backup will be created automatically + + + + + update_manager.checklist.read_release_notes + Read release notes for breaking changes + + + + + update_manager.update_will + The Update Will + + + + + update_manager.will.backup + Create a full backup + + + + + update_manager.will.maintenance + Enable maintenance mode + + + + + update_manager.will.git + Pull latest code from Git + + + + + update_manager.will.composer + Update dependencies via Composer + + + + + update_manager.will.migrations + Run database migrations + + + + + update_manager.will.cache + Clear and rebuild cache + + + + + update_manager.validation_issues + Validation Issues + + + + + update_manager.maintenance_mode_active + Maintenance mode is active + + + + + update_manager.update_in_progress + An update is currently in progress + + + + + update_manager.started_at + Started at + + + + + update_manager.new_version_available.message + Part-DB version %version% is now available! Consider updating to get the latest features and security fixes. + + + + + update_manager.changelog + Changelog + + + + + update_manager.no_release_notes + No release notes available for this version. + + + + + update_manager.back_to_update_manager + Back to Update Manager + + + + + update_manager.download_assets + Download + + + + + update_manager.update_to_this_version + Update to this Version + + + + + update_manager.run_command_to_update + Run the following command in your terminal to update to this version: + + + + + update_manager.log_viewer + Log Viewer + + + + + update_manager.update_log + Update Log + + + + + update_manager.bytes + bytes + + + + + update_manager.maintenance.title + Maintenance + + + + + update_manager.maintenance.heading + Part-DB is Updating + + + + + update_manager.maintenance.description + We're installing updates to make Part-DB even better. This should only take a moment. + + + + + update_manager.maintenance.step_backup + Creating backup + + + + + update_manager.maintenance.step_download + Downloading updates + + + + + update_manager.maintenance.step_install + Installing files + + + + + update_manager.maintenance.step_migrate + Running migrations + + + + + update_manager.maintenance.step_cache + Clearing cache + + + + + update_manager.maintenance.auto_refresh + This page will refresh automatically when the update is complete. + + + + + perm.system.manage_updates + Manage Part-DB updates + + + + + update_manager.update_now + Update Now + + + + + update_manager.update_from_to + Update from %from% to %to% + + + + + update_manager.update_description + Click the button to start the update process. A backup will be created automatically and you can monitor the progress. + + + + + update_manager.start_update + Start Update + + + + + update_manager.create_backup + Create backup before updating (recommended) + + + + + update_manager.estimated_time + Update typically takes 2-5 minutes + + + + + update_manager.confirm_update + Are you sure you want to start the update? The system will be in maintenance mode during the update. + + + + + update_manager.starting + Starting... + + + + + update_manager.already_up_to_date + You are running the latest version of Part-DB. + + + + + update_manager.cli_alternative + Alternatively, you can update via the command line: + + + + + update_manager.progress.title + Update Progress + + + + + update_manager.progress.updating + Updating Part-DB... + + + + + update_manager.progress.completed + Update Completed! + + + + + update_manager.progress.failed + Update Failed + + + + + update_manager.progress.initializing + Initializing... + + + + + update_manager.progress.updating_to + Updating to version %version% + + + + + update_manager.progress.error + Error + + + + + update_manager.progress.success_message + Part-DB has been successfully updated! You may need to refresh the page to see the new version. + + + + + update_manager.progress.steps + Update Steps + + + + + update_manager.progress.waiting + Waiting for update to start... + + + + + update_manager.progress.back + Back to Update Manager + + + + + update_manager.progress.refresh_page + Refresh Page + + + + + update_manager.progress.warning + Important + + + + + update_manager.progress.do_not_close + Please do not close this page or navigate away while the update is in progress. The update will continue even if you close this page, but you won't be able to monitor the progress. + + + + + update_manager.progress.auto_refresh + This page will automatically refresh every 2 seconds to show progress. + + + + + update_manager.progress.downgrade_title + Downgrade Progress + + + + + update_manager.progress.downgrading + Downgrading Part-DB... + + + + + update_manager.progress.downgrading_to + Downgrading to version %version% + + + + + update_manager.progress.downgrade_completed + Downgrade Completed! + + + + + update_manager.progress.downgrade_failed + Downgrade Failed + + + + + update_manager.progress.downgrade_success_message + Part-DB has been successfully downgraded! You may need to refresh the page to see the new version. + + + + + update_manager.progress.downgrade_steps + Downgrade Steps + + + + + update_manager.progress.downgrade_do_not_close + Please do not close this page or navigate away while the downgrade is in progress. The downgrade will continue even if you close this page, but you won't be able to monitor the progress. + + + + + update_manager.confirm_update + Are you sure you want to update Part-DB? A backup will be created before the update. + + + + + update_manager.confirm_downgrade + Are you sure you want to downgrade Part-DB? This will revert to an older version. A backup will be created before the downgrade. + + From 87352ca6f733055c6ca9a8368e4ee00e9fd3f048 Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Fri, 30 Jan 2026 21:46:27 +0100 Subject: [PATCH 02/43] Add manage_updates permission schema migration - Bump permission schema to version 4 - Add upgradeSchemaToVersion4 for manage_updates permission - Grants manage_updates to users who have both show_updates and server_infos - Fix ZIP_RELEASE installation type: set supportsAutoUpdate to false (ZIP update not yet implemented) - Improve update instructions for ZIP installations --- src/Entity/UserSystem/PermissionData.php | 2 +- .../System/InstallationTypeDetector.php | 5 +++-- .../UserSystem/PermissionSchemaUpdater.php | 17 +++++++++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/Entity/UserSystem/PermissionData.php b/src/Entity/UserSystem/PermissionData.php index 9ebdc9c9..b7d1ff8f 100644 --- a/src/Entity/UserSystem/PermissionData.php +++ b/src/Entity/UserSystem/PermissionData.php @@ -43,7 +43,7 @@ final class PermissionData implements \JsonSerializable /** * The current schema version of the permission data */ - public const CURRENT_SCHEMA_VERSION = 3; + public const CURRENT_SCHEMA_VERSION = 4; /** * Creates a new Permission Data Instance using the given data. diff --git a/src/Services/System/InstallationTypeDetector.php b/src/Services/System/InstallationTypeDetector.php index 0cd99a04..4d04c55b 100644 --- a/src/Services/System/InstallationTypeDetector.php +++ b/src/Services/System/InstallationTypeDetector.php @@ -51,7 +51,8 @@ enum InstallationType: string return match($this) { self::GIT => true, self::DOCKER => false, - self::ZIP_RELEASE => true, + // ZIP_RELEASE auto-update not yet implemented + self::ZIP_RELEASE => false, self::UNKNOWN => false, }; } @@ -61,7 +62,7 @@ enum InstallationType: string return match($this) { self::GIT => 'Run: php bin/console partdb:update', self::DOCKER => 'Pull the new Docker image and recreate the container: docker-compose pull && docker-compose up -d', - self::ZIP_RELEASE => 'Download the new release, extract it, and run migrations.', + self::ZIP_RELEASE => 'Download the new release ZIP from GitHub, extract it over your installation, and run: php bin/console doctrine:migrations:migrate && php bin/console cache:clear', self::UNKNOWN => 'Unable to determine installation type. Please update manually.', }; } diff --git a/src/Services/UserSystem/PermissionSchemaUpdater.php b/src/Services/UserSystem/PermissionSchemaUpdater.php index 104800dc..b3341322 100644 --- a/src/Services/UserSystem/PermissionSchemaUpdater.php +++ b/src/Services/UserSystem/PermissionSchemaUpdater.php @@ -157,4 +157,21 @@ class PermissionSchemaUpdater $permissions->setPermissionValue('system', 'show_updates', $new_value); } } + + private function upgradeSchemaToVersion4(HasPermissionsInterface $holder): void //@phpstan-ignore-line This is called via reflection + { + $permissions = $holder->getPermissions(); + + //If the system.manage_updates permission is not defined yet, set it to true if the user can show updates AND has server_infos permission + //This ensures that admins who can view updates and server info can also manage (execute) updates + if (!$permissions->isPermissionSet('system', 'manage_updates')) { + + $new_value = TrinaryLogicHelper::and( + $permissions->getPermissionValue('system', 'show_updates'), + $permissions->getPermissionValue('system', 'server_infos') + ); + + $permissions->setPermissionValue('system', 'manage_updates', $new_value); + } + } } From 97e3b0aa09db164325c208e90425dc019fe2464a Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Fri, 30 Jan 2026 21:56:14 +0100 Subject: [PATCH 03/43] Add downgrade warning for versions without Update Manager When downgrading to versions before v2.6.0, show a warning that the Update Manager will not be available in older versions and that future updates will need to be done manually via command line. --- .../admin/update_manager/index.html.twig | 37 ++++++++++++++++++- translations/messages.en.xlf | 6 +++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig index eb8c7548..d9dccbcf 100644 --- a/templates/admin/update_manager/index.html.twig +++ b/templates/admin/update_manager/index.html.twig @@ -133,7 +133,7 @@ {% if status.update_available and status.can_auto_update and validation.valid %} -
    + @@ -237,7 +237,7 @@ {% if release.version != status.current_version and status.can_auto_update and validation.valid %} + onsubmit="return confirmVersionChange('{{ release.tag }}', {{ release.version < status.current_version ? 'true' : 'false' }});"> @@ -371,4 +371,37 @@ {% endif %} + + {% endblock %} diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index ff0a05e6..592590a8 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -14988,5 +14988,11 @@ Buerklin-API Authentication server: Are you sure you want to downgrade Part-DB? This will revert to an older version. A backup will be created before the downgrade. + + + update_manager.downgrade_removes_update_manager + WARNING: This version does not include the Update Manager. After downgrading, you will need to update manually using the command line (git checkout, composer install, etc.). + + From 0bfbbc961d4ee3939807ebdf2a753c3dbd3d5263 Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Fri, 30 Jan 2026 22:18:21 +0100 Subject: [PATCH 04/43] Fix update confirmation dialog not blocking form submission The previous implementation used inline onsubmit handlers with return confirmVersionChange(...), which could fail silently if any JavaScript error occurred on the page, causing the form to submit without confirmation. Fixes: - Use event.preventDefault() FIRST to ensure form never submits by default - Use DOMContentLoaded event listeners instead of inline handlers - Properly escape translation strings using json_encode filter - Wrap in IIFE with 'use strict' for better error handling - Use data-attributes to identify forms and pass isDowngrade state Fix DOMContentLoaded race condition in update form handlers The event listener was not attaching if DOMContentLoaded had already fired by the time the script executed. Now checks document.readyState and attaches handlers immediately if DOM is already ready. Added console.log statements to help debug form handler attachment. Use Stimulus controller for update confirmation dialogs The inline script was blocked by Content Security Policy (CSP). Stimulus controllers are bundled with webpack and properly allowed by CSP. - Create update_confirm_controller.js Stimulus controller - Remove inline script from template - Pass translation strings via data-* attributes --- .../controllers/update_confirm_controller.js | 81 +++++++++++++++++++ .../admin/update_manager/index.html.twig | 48 +++-------- 2 files changed, 94 insertions(+), 35 deletions(-) create mode 100644 assets/controllers/update_confirm_controller.js diff --git a/assets/controllers/update_confirm_controller.js b/assets/controllers/update_confirm_controller.js new file mode 100644 index 00000000..c30a433e --- /dev/null +++ b/assets/controllers/update_confirm_controller.js @@ -0,0 +1,81 @@ +/* + * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony). + * + * Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +import { Controller } from '@hotwired/stimulus'; + +/** + * Stimulus controller for update/downgrade confirmation dialogs. + * Intercepts form submission and shows a confirmation dialog before proceeding. + */ +export default class extends Controller { + static values = { + isDowngrade: { type: Boolean, default: false }, + targetVersion: { type: String, default: '' }, + confirmUpdate: { type: String, default: 'Are you sure you want to update Part-DB?' }, + confirmDowngrade: { type: String, default: 'Are you sure you want to downgrade Part-DB?' }, + downgradeWarning: { type: String, default: 'WARNING: This version does not include the Update Manager.' }, + minUpdateManagerVersion: { type: String, default: '2.6.0' }, + }; + + connect() { + this.element.addEventListener('submit', this.handleSubmit.bind(this)); + } + + handleSubmit(event) { + // Always prevent default first + event.preventDefault(); + + const targetClean = this.targetVersionValue.replace(/^v/, ''); + let message; + + if (this.isDowngradeValue) { + // Check if downgrading to a version without Update Manager + if (this.compareVersions(targetClean, this.minUpdateManagerVersionValue) < 0) { + message = this.confirmDowngradeValue + '\n\n⚠️ ' + this.downgradeWarningValue; + } else { + message = this.confirmDowngradeValue; + } + } else { + message = this.confirmUpdateValue; + } + + // Only submit if user confirms + if (confirm(message)) { + // Remove the event listener to prevent infinite loop, then submit + this.element.removeEventListener('submit', this.handleSubmit.bind(this)); + this.element.submit(); + } + } + + /** + * Compare two version strings (e.g., "2.5.0" vs "2.6.0") + * Returns -1 if v1 < v2, 0 if equal, 1 if v1 > v2 + */ + compareVersions(v1, v2) { + const parts1 = v1.split('.').map(Number); + const parts2 = v2.split('.').map(Number); + for (let i = 0; i < Math.max(parts1.length, parts2.length); i++) { + const p1 = parts1[i] || 0; + const p2 = parts2[i] || 0; + if (p1 < p2) return -1; + if (p1 > p2) return 1; + } + return 0; + } +} diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig index d9dccbcf..1ab6c89e 100644 --- a/templates/admin/update_manager/index.html.twig +++ b/templates/admin/update_manager/index.html.twig @@ -133,7 +133,13 @@ {% if status.update_available and status.can_auto_update and validation.valid %} - + @@ -237,7 +243,12 @@ {% if release.version != status.current_version and status.can_auto_update and validation.valid %} + data-controller="update-confirm" + data-update-confirm-is-downgrade-value="{{ release.version < status.current_version ? 'true' : 'false' }}" + data-update-confirm-target-version-value="{{ release.tag }}" + data-update-confirm-confirm-update-value="{{ 'update_manager.confirm_update'|trans }}" + data-update-confirm-confirm-downgrade-value="{{ 'update_manager.confirm_downgrade'|trans }}" + data-update-confirm-downgrade-warning-value="{{ 'update_manager.downgrade_removes_update_manager'|trans }}"> @@ -371,37 +382,4 @@ {% endif %} - - {% endblock %} From 1637fd63f450622f6094eea698b73c4e83f33cab Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Fri, 30 Jan 2026 22:51:25 +0100 Subject: [PATCH 05/43] Add backup restore feature - Add restoreBackup() method to UpdateExecutor with full restore workflow - Add getBackupDetails() to retrieve backup metadata and contents info - Add restore controller routes (backup details API, restore action) - Add restore button to backups table in UI - Create backup_restore_controller.js Stimulus controller for confirmation - Add translation strings for restore feature The restore process: 1. Acquires lock and enables maintenance mode 2. Extracts backup to temp directory 3. Restores database (MySQL/PostgreSQL SQL or SQLite file) 4. Optionally restores config files and attachments 5. Clears and warms cache 6. Disables maintenance mode Fix backup restore database import The restore feature was using a non-existent doctrine:database:import command. Now properly uses mysql/psql commands directly to import database dumps. Changes: - Add EntityManagerInterface dependency to UpdateExecutor - Use mysql command with shell input redirection for MySQL restore - Use psql -f command for PostgreSQL restore - Properly handle database connection parameters - Add error handling for failed imports --- .../controllers/backup_restore_controller.js | 55 +++ src/Controller/UpdateManagerController.php | 71 ++++ src/Services/System/UpdateExecutor.php | 328 +++++++++++++++++- .../admin/update_manager/index.html.twig | 23 +- translations/messages.en.xlf | 24 ++ 5 files changed, 499 insertions(+), 2 deletions(-) create mode 100644 assets/controllers/backup_restore_controller.js diff --git a/assets/controllers/backup_restore_controller.js b/assets/controllers/backup_restore_controller.js new file mode 100644 index 00000000..85ee327b --- /dev/null +++ b/assets/controllers/backup_restore_controller.js @@ -0,0 +1,55 @@ +/* + * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony). + * + * Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +import { Controller } from '@hotwired/stimulus'; + +/** + * Stimulus controller for backup restore confirmation dialogs. + * Shows a confirmation dialog with backup details before allowing restore. + */ +export default class extends Controller { + static values = { + filename: { type: String, default: '' }, + date: { type: String, default: '' }, + confirmTitle: { type: String, default: 'Restore Backup' }, + confirmMessage: { type: String, default: 'Are you sure you want to restore from this backup?' }, + confirmWarning: { type: String, default: 'This will overwrite your current database. This action cannot be undone!' }, + }; + + connect() { + this.element.addEventListener('submit', this.handleSubmit.bind(this)); + } + + handleSubmit(event) { + // Always prevent default first + event.preventDefault(); + + // Build confirmation message + const message = this.confirmTitleValue + '\n\n' + + 'Backup: ' + this.filenameValue + '\n' + + 'Date: ' + this.dateValue + '\n\n' + + this.confirmMessageValue + '\n\n' + + '⚠️ ' + this.confirmWarningValue; + + // Only submit if user confirms + if (confirm(message)) { + this.element.submit(); + } + } +} diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php index 10a719de..8455516a 100644 --- a/src/Controller/UpdateManagerController.php +++ b/src/Controller/UpdateManagerController.php @@ -265,4 +265,75 @@ class UpdateManagerController extends AbstractController 'is_maintenance' => $this->updateExecutor->isMaintenanceMode(), ]); } + + /** + * Get backup details for restore confirmation. + */ + #[Route('/backup/{filename}', name: 'admin_update_manager_backup_details', methods: ['GET'])] + public function backupDetails(string $filename): JsonResponse + { + $this->denyAccessUnlessGranted('@system.manage_updates'); + + $details = $this->updateExecutor->getBackupDetails($filename); + + if (!$details) { + return $this->json(['error' => 'Backup not found'], 404); + } + + return $this->json($details); + } + + /** + * Restore from a backup. + */ + #[Route('/restore', name: 'admin_update_manager_restore', methods: ['POST'])] + public function restore(Request $request): Response + { + $this->denyAccessUnlessGranted('@system.manage_updates'); + + // Validate CSRF token + if (!$this->isCsrfTokenValid('update_manager_restore', $request->request->get('_token'))) { + $this->addFlash('error', 'Invalid CSRF token.'); + return $this->redirectToRoute('admin_update_manager'); + } + + // Check if already locked + if ($this->updateExecutor->isLocked()) { + $this->addFlash('error', 'An update or restore is already in progress.'); + return $this->redirectToRoute('admin_update_manager'); + } + + $filename = $request->request->get('filename'); + $restoreDatabase = $request->request->getBoolean('restore_database', true); + $restoreConfig = $request->request->getBoolean('restore_config', false); + $restoreAttachments = $request->request->getBoolean('restore_attachments', false); + + if (!$filename) { + $this->addFlash('error', 'No backup file specified.'); + return $this->redirectToRoute('admin_update_manager'); + } + + // Verify the backup exists + $backupDetails = $this->updateExecutor->getBackupDetails($filename); + if (!$backupDetails) { + $this->addFlash('error', 'Backup file not found.'); + return $this->redirectToRoute('admin_update_manager'); + } + + // Execute restore (this is a synchronous operation for now - could be made async later) + $result = $this->updateExecutor->restoreBackup( + $filename, + $restoreDatabase, + $restoreConfig, + $restoreAttachments + ); + + if ($result['success']) { + $this->addFlash('success', 'Backup restored successfully.'); + } else { + $this->addFlash('error', 'Restore failed: ' . ($result['error'] ?? 'Unknown error')); + } + + return $this->redirectToRoute('admin_update_manager'); + } } diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 7bc997f7..837cde4c 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -23,6 +23,7 @@ declare(strict_types=1); namespace App\Services\System; +use Doctrine\ORM\EntityManagerInterface; use Psr\Log\LoggerInterface; use Shivas\VersioningBundle\Service\VersionManagerInterface; use Symfony\Component\DependencyInjection\Attribute\Autowire; @@ -51,7 +52,8 @@ class UpdateExecutor public function __construct(#[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir, private readonly LoggerInterface $logger, private readonly Filesystem $filesystem, private readonly InstallationTypeDetector $installationTypeDetector, - private readonly VersionManagerInterface $versionManager) + private readonly VersionManagerInterface $versionManager, + private readonly EntityManagerInterface $entityManager) { } @@ -628,6 +630,330 @@ class UpdateExecutor return $backups; } + /** + * Get details about a specific backup file. + * + * @param string $filename The backup filename + * @return array|null Backup details or null if not found + */ + public function getBackupDetails(string $filename): ?array + { + $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; + $backupPath = $backupDir . '/' . basename($filename); + + if (!file_exists($backupPath) || !str_ends_with($backupPath, '.zip')) { + return null; + } + + // Parse version info from filename: pre-update-v2.5.1-to-v2.5.0-2024-01-30-185400.zip + $info = [ + 'file' => basename($backupPath), + 'path' => $backupPath, + 'date' => filemtime($backupPath), + 'size' => filesize($backupPath), + 'from_version' => null, + 'to_version' => null, + ]; + + if (preg_match('/pre-update-v([\d.]+)-to-v?([\d.]+)-/', $filename, $matches)) { + $info['from_version'] = $matches[1]; + $info['to_version'] = $matches[2]; + } + + // Check what the backup contains by reading the ZIP + try { + $zip = new \ZipArchive(); + if ($zip->open($backupPath) === true) { + $info['contains_database'] = $zip->locateName('database.sql') !== false || $zip->locateName('var/app.db') !== false; + $info['contains_config'] = $zip->locateName('.env.local') !== false || $zip->locateName('config/parameters.yaml') !== false; + $info['contains_attachments'] = $zip->locateName('public/media/') !== false || $zip->locateName('uploads/') !== false; + $zip->close(); + } + } catch (\Exception $e) { + $this->logger->warning('Could not read backup ZIP contents', ['error' => $e->getMessage()]); + } + + return $info; + } + + /** + * Restore from a backup file. + * + * @param string $filename The backup filename to restore + * @param bool $restoreDatabase Whether to restore the database + * @param bool $restoreConfig Whether to restore config files + * @param bool $restoreAttachments Whether to restore attachments + * @param callable|null $onProgress Callback for progress updates + * @return array{success: bool, steps: array, error: ?string} + */ + public function restoreBackup( + string $filename, + bool $restoreDatabase = true, + bool $restoreConfig = false, + bool $restoreAttachments = false, + ?callable $onProgress = null + ): array { + $this->steps = []; + $startTime = microtime(true); + + $log = function (string $step, string $message, bool $success, ?float $duration = null) use ($onProgress): void { + $entry = [ + 'step' => $step, + 'message' => $message, + 'success' => $success, + 'timestamp' => (new \DateTime())->format('c'), + 'duration' => $duration, + ]; + $this->steps[] = $entry; + $this->logger->info('[Restore] ' . $step . ': ' . $message, ['success' => $success]); + + if ($onProgress) { + $onProgress($entry); + } + }; + + try { + // Validate backup file + $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; + $backupPath = $backupDir . '/' . basename($filename); + + if (!file_exists($backupPath)) { + throw new \RuntimeException('Backup file not found: ' . $filename); + } + + $stepStart = microtime(true); + + // Step 1: Acquire lock + $this->acquireLock('restore'); + $log('lock', 'Acquired exclusive restore lock', true, microtime(true) - $stepStart); + + // Step 2: Enable maintenance mode + $stepStart = microtime(true); + $this->enableMaintenanceMode('Restoring from backup...'); + $log('maintenance', 'Enabled maintenance mode', true, microtime(true) - $stepStart); + + // Step 3: Extract backup to temp directory + $stepStart = microtime(true); + $tempDir = sys_get_temp_dir() . '/partdb_restore_' . uniqid(); + $this->filesystem->mkdir($tempDir); + + $zip = new \ZipArchive(); + if ($zip->open($backupPath) !== true) { + throw new \RuntimeException('Could not open backup ZIP file'); + } + $zip->extractTo($tempDir); + $zip->close(); + $log('extract', 'Extracted backup to temporary directory', true, microtime(true) - $stepStart); + + // Step 4: Restore database if requested and present + if ($restoreDatabase) { + $stepStart = microtime(true); + $this->restoreDatabaseFromBackup($tempDir); + $log('database', 'Restored database', true, microtime(true) - $stepStart); + } + + // Step 5: Restore config files if requested and present + if ($restoreConfig) { + $stepStart = microtime(true); + $this->restoreConfigFromBackup($tempDir); + $log('config', 'Restored configuration files', true, microtime(true) - $stepStart); + } + + // Step 6: Restore attachments if requested and present + if ($restoreAttachments) { + $stepStart = microtime(true); + $this->restoreAttachmentsFromBackup($tempDir); + $log('attachments', 'Restored attachments', true, microtime(true) - $stepStart); + } + + // Step 7: Clean up temp directory + $stepStart = microtime(true); + $this->filesystem->remove($tempDir); + $log('cleanup', 'Cleaned up temporary files', true, microtime(true) - $stepStart); + + // Step 8: Clear cache + $stepStart = microtime(true); + $this->runCommand(['php', 'bin/console', 'cache:clear', '--no-warmup'], 'Clear cache'); + $log('cache_clear', 'Cleared application cache', true, microtime(true) - $stepStart); + + // Step 9: Warm up cache + $stepStart = microtime(true); + $this->runCommand(['php', 'bin/console', 'cache:warmup'], 'Warm up cache'); + $log('cache_warmup', 'Warmed up application cache', true, microtime(true) - $stepStart); + + // Step 10: Disable maintenance mode + $stepStart = microtime(true); + $this->disableMaintenanceMode(); + $log('maintenance_off', 'Disabled maintenance mode', true, microtime(true) - $stepStart); + + // Step 11: Release lock + $this->releaseLock(); + + $totalDuration = microtime(true) - $startTime; + $log('complete', sprintf('Restore completed successfully in %.1f seconds', $totalDuration), true, microtime(true) - $stepStart); + + return [ + 'success' => true, + 'steps' => $this->steps, + 'error' => null, + ]; + + } catch (\Throwable $e) { + $this->logger->error('Restore failed: ' . $e->getMessage(), [ + 'exception' => $e, + 'file' => $filename, + ]); + + // Try to clean up + try { + $this->disableMaintenanceMode(); + $this->releaseLock(); + if (isset($tempDir) && is_dir($tempDir)) { + $this->filesystem->remove($tempDir); + } + } catch (\Throwable $cleanupError) { + $this->logger->error('Cleanup after failed restore also failed', ['error' => $cleanupError->getMessage()]); + } + + return [ + 'success' => false, + 'steps' => $this->steps, + 'error' => $e->getMessage(), + ]; + } + } + + /** + * Restore database from backup. + */ + private function restoreDatabaseFromBackup(string $tempDir): void + { + // Check for SQL dump (MySQL/PostgreSQL) + $sqlFile = $tempDir . '/database.sql'; + if (file_exists($sqlFile)) { + // Import SQL using mysql/psql command directly + // First, get database connection params from Doctrine + $connection = $this->entityManager->getConnection(); + $params = $connection->getParams(); + $platform = $connection->getDatabasePlatform(); + + if ($platform instanceof \Doctrine\DBAL\Platforms\AbstractMySQLPlatform) { + // Use mysql command to import - need to use shell to handle input redirection + $mysqlCmd = 'mysql'; + if (isset($params['host'])) { + $mysqlCmd .= ' -h ' . escapeshellarg($params['host']); + } + if (isset($params['port'])) { + $mysqlCmd .= ' -P ' . escapeshellarg((string)$params['port']); + } + if (isset($params['user'])) { + $mysqlCmd .= ' -u ' . escapeshellarg($params['user']); + } + if (isset($params['password']) && $params['password']) { + $mysqlCmd .= ' -p' . escapeshellarg($params['password']); + } + if (isset($params['dbname'])) { + $mysqlCmd .= ' ' . escapeshellarg($params['dbname']); + } + $mysqlCmd .= ' < ' . escapeshellarg($sqlFile); + + // Execute using shell + $process = Process::fromShellCommandline($mysqlCmd, $this->project_dir, null, null, 300); + $process->run(); + + if (!$process->isSuccessful()) { + throw new \RuntimeException('MySQL import failed: ' . $process->getErrorOutput()); + } + } elseif ($platform instanceof \Doctrine\DBAL\Platforms\PostgreSQLPlatform) { + // Use psql command to import + $psqlCmd = 'psql'; + if (isset($params['host'])) { + $psqlCmd .= ' -h ' . escapeshellarg($params['host']); + } + if (isset($params['port'])) { + $psqlCmd .= ' -p ' . escapeshellarg((string)$params['port']); + } + if (isset($params['user'])) { + $psqlCmd .= ' -U ' . escapeshellarg($params['user']); + } + if (isset($params['dbname'])) { + $psqlCmd .= ' -d ' . escapeshellarg($params['dbname']); + } + $psqlCmd .= ' -f ' . escapeshellarg($sqlFile); + + // Set PGPASSWORD environment variable if password is provided + $env = null; + if (isset($params['password']) && $params['password']) { + $env = ['PGPASSWORD' => $params['password']]; + } + + // Execute using shell + $process = Process::fromShellCommandline($psqlCmd, $this->project_dir, $env, null, 300); + $process->run(); + + if (!$process->isSuccessful()) { + throw new \RuntimeException('PostgreSQL import failed: ' . $process->getErrorOutput()); + } + } else { + throw new \RuntimeException('Unsupported database platform for restore'); + } + + return; + } + + // Check for SQLite database file + $sqliteFile = $tempDir . '/var/app.db'; + if (file_exists($sqliteFile)) { + $targetDb = $this->project_dir . '/var/app.db'; + $this->filesystem->copy($sqliteFile, $targetDb, true); + return; + } + + $this->logger->warning('No database found in backup'); + } + + /** + * Restore config files from backup. + */ + private function restoreConfigFromBackup(string $tempDir): void + { + // Restore .env.local + $envLocal = $tempDir . '/.env.local'; + if (file_exists($envLocal)) { + $this->filesystem->copy($envLocal, $this->project_dir . '/.env.local', true); + } + + // Restore config/parameters.yaml + $parametersYaml = $tempDir . '/config/parameters.yaml'; + if (file_exists($parametersYaml)) { + $this->filesystem->copy($parametersYaml, $this->project_dir . '/config/parameters.yaml', true); + } + + // Restore config/banner.md + $bannerMd = $tempDir . '/config/banner.md'; + if (file_exists($bannerMd)) { + $this->filesystem->copy($bannerMd, $this->project_dir . '/config/banner.md', true); + } + } + + /** + * Restore attachments from backup. + */ + private function restoreAttachmentsFromBackup(string $tempDir): void + { + // Restore public/media + $publicMedia = $tempDir . '/public/media'; + if (is_dir($publicMedia)) { + $this->filesystem->mirror($publicMedia, $this->project_dir . '/public/media', null, ['override' => true]); + } + + // Restore uploads + $uploads = $tempDir . '/uploads'; + if (is_dir($uploads)) { + $this->filesystem->mirror($uploads, $this->project_dir . '/uploads', null, ['override' => true]); + } + } + /** * Get the path to the progress file. */ diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig index 1ab6c89e..85b3ec1f 100644 --- a/templates/admin/update_manager/index.html.twig +++ b/templates/admin/update_manager/index.html.twig @@ -342,6 +342,7 @@ {% trans %}update_manager.date{% endtrans %} {% trans %}update_manager.file{% endtrans %} {% trans %}update_manager.size{% endtrans %} + @@ -354,10 +355,30 @@ {{ (backup.size / 1024 / 1024)|number_format(1) }} MB + + {% if status.can_auto_update and validation.valid %} + + + + + + + {% endif %} + {% else %} - + {% trans %}update_manager.no_backups_found{% endtrans %} diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index 592590a8..39b869b0 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -14994,5 +14994,29 @@ Buerklin-API Authentication server: WARNING: This version does not include the Update Manager. After downgrading, you will need to update manually using the command line (git checkout, composer install, etc.). + + + update_manager.restore_backup + Restore backup + + + + + update_manager.restore_confirm_title + Restore from Backup + + + + + update_manager.restore_confirm_message + Are you sure you want to restore your database from this backup? + + + + + update_manager.restore_confirm_warning + WARNING: This will overwrite your current database with the backup data. This action cannot be undone! Make sure you have a current backup before proceeding. + + From fa4ae6345c942126cb2b4131fb3e39562e317459 Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Fri, 30 Jan 2026 23:36:08 +0100 Subject: [PATCH 06/43] Add Update Manager screenshot for PR --- docs/screenshots/update-manager-interface.png | Bin 0 -> 145063 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/screenshots/update-manager-interface.png diff --git a/docs/screenshots/update-manager-interface.png b/docs/screenshots/update-manager-interface.png new file mode 100644 index 0000000000000000000000000000000000000000..62b35ffd0a8e731aef38995c83a23b4f046dc470 GIT binary patch literal 145063 zcmb@ucT`hZ7dITo!dSquAOli#6r>1@(xjt+2uLrXqauXf15!e;q9~wLAwcMzASToR zQBaW@dJHWfB|spd20}>qF7v4KJn#C}`~CA}EmqdOIrrRq_u1vQe|sNZ7#r$v9^pFz z0)aSnZ)ur=Kpb!o=zzlShk!F%&3TW2uYCcgIyXS5ZvJ`T-~i;h!F3R*GVbWk-GjjK zVc%QU0U!`p%iiC`j->iP2k_?A_9 zg8TQd=l4I@zx_JYxNyg*%kkHt*yWwmRo?wKC2cT?T`n@%eFImcTC$y5qXXB!o|qxC z+=FuYeuwY-F-QJsPx_UTHy58yGx@@1|b~B zOMn5he;jze%=7aJWv%Z{78Vs1-KyiDr`m%SjHwS{;^N|_R$F2&Jilpd9sM~lt!&6^ zc#g22+2sPd^s$12UJ6CXyU6_SkTa4t3v;~}Tx22>CV+4E-kf~mE6~64i4^H@L05i} zHa5D(&qefKp?(-&HqXgkP zAUr$v3U{y zMKP2z6rVTy@#B%hZcafzR|h1k)Oz8Wn6#P&^VAS!;_LBnHtZtZFyLBb=yW=IN^aih z)cW${O^C>pF)RqNF+tG=;T<9ytVEd4#B4Z&~rJ%WUh%T2PriGPNQ9ez& zza_5wD)#5IfEKjO<6ONu?I7~tkvHFzp%-Tj<&?KyrU_Z)XEkRWQF?Fo`Gh94f%SJ1 zM$MormYwtN)rx!2I!{1ARvYD%g0Z44x@%U+&!EqhlUK#~`t_zY$R>590^Yd&jJ`NV z>30wsytX4Cn}uV`Q%s<$@~;jJKFU|q_(Ro-6PPBE`{QdwOO^Lr`p=>U0s7Kl8@KWK1$nez{L|C5+YyG#U7`NQru` zce_Boh4g4&T**61l6xjrZ<2Sa(|hk_we3%-PWobvq~)VP2IFl<;LO&I{G49zW(DLl@q(56@Q8zUe+#LrRSjo2vJSKiwyy zg@m!6UX@W0-JG~yRqeVujw&$^G|?V~ ze#SY-`hvr3-%-<-b%cTUk=hyaflksQN+0e&G*?<7)0u4$%dBH8 zeLd0M(Lq3sVPV^?cCdUDR;0~G=s&WLOqhCfRH`Q(*EM9Iz;Yls24|pfRHcmI@sMpA zeAk1kTxMkjQXFQUXj#Fww5{=$!y2XOOE+psrYR7B^(|KoqrV-Cxw$2_gn>JD36WNw z-&Go=HTgew)IB1umN#2hdO9$$FuLBMxNpdQ;2y1Y_TA0914Sl$>JbfT3O=Z^vdieR zqTr~nhV9IaEMj;wr=W`QmEK-w7nWXpmq^lS9)jCVu)QiHgv`A%258T7&^|Hs4(q=;=tRNkYXw-cJMS`#3D|>&3l$erMC44G6tPCR&fqy#;*-7zyq2T z*PqnQ-N449noLO*%%=+wze&G6?Nq}p@(0k{j_J4m@a0$o_7?GR`+=ca@ z?w1%|{1I&Uo}BfrbqEHm0*~9ek>dCUxc#kxUDcIf0V&bHqvXZ*b8roG6id(drp9ey zb^-qaU8`M*2_5qB6903n=%QHQ*nSru+~4 z$R+QJzM_#dxK%|yjRnRxF2^^qyvt{Pe`vkUzB(h=X+iGJ7*IzciS`wq-QzjfT@?!? zd?kOlN?AL%;{i`G~Ha7VIa7wS}jj(H+o=vZN&GSL34cB?3%;Fs<+?dk|MzTxNn~YccOLFrz+}x|C)GZuZ zYq|;`odxc^a_)&=Vg*X8JP7Wq(`{)gA@9c@OmT|%@7p(A7myMit0-e+=2om3wz;H$ zpycyaFv1x5DRU3!`%jOS`9lTDaEx^xf@F&fyw3E@E@!jr&kp>JaOl!+wr+X|xM% zc2QD~9~NVTP^VUf;q1|tHRJ3{XxsQex8~3FyG_MP=Dt=5g$4v*h8ge8))fVhX0ICe z8G@rnpQ>3nJs@W^sN)(Cvn*(Nl7qn>?Z;>LJU};JPyso@Vf=h!m1`y7cRW^AgNw}y zV>6q4EMb(x3DWgFs5QI*ibh~%UEj|EpprB3d1Ymus=N2xlUl!8JYtl5>QH431-#B{ z+Z>(Y9Vs?zy*dJpV!qwe_7h9PNg=2&z};_d`N2ekh)fHQd0|= zaqSZOGGKq!sf3FKU<^bk{`9G-^lV%6z_Lyct6s`?HCh+ZcA&z?M^~O8O0#{+*r~U7 z-7N=P+(9)jZwa++Es4If5XQ;>xG~vdaoyosg~*7|d=HA6(%K15KH0AUyDi)j;lE84 zA|0}dyvKIvB;S?|y@u~cSj#P;8Gc{>5Kxa84QS9!5Lw7MD!uL*Jn>;4i*yQ3czy!c z%OGbI?%5u$apE_lDucCJ_FHlq8ir-B7rw}3Qa7ILCL|X~oH{jFUlkzPLBs7j9PfN! ztT5`^_~n)0l43y>ZN4z0wVGN{(poxKd5r&>F}!J0u*!$z;BRo*w&DH@hp;6mKB7Hf z3`$torl4dH!nzf>m1lsO8ldY;t14${fGcf(X=E{1&oQvTLwiyZoe0D_4xNZBd29TD z=NxM8&zzfE^_~0;-je!`3Y3hFKKX(ncF(H{s%j znyMvEao4WO>ugC+k8#(72L)94GJvLq`c|e|2TPpwtK9m(pua31Pd%Hs(k0%(%OE>o zg9+5J&`s4{4{gu(;W7y+oVmbo4FQM*8*2py&ecZ`yX7Lh8w?d3;N`J`swIU;n1kX- z4Faolesy(iurSz%lUG)w>k)#%dfc>>?6*LuiBn^*!)>;9UJk#9BI+}PO5`Cvy*=5G zy}%QbL!+z1+(gK}*{V@}^vA|vK00gD0?{mj>ZA-uoFwM!yNnjQu4X3j6iwQ?F z2cy@G0*88J4?e@6?(YNjqBN{1qT*eca0?a)O!K!;qi6iVP;hn zVDAo-l)k-N#4Qx`nMMhQcvf5H!OOVkg-RiDg6>0?ttuL}>-&;5 zuU<7Jg|EeU*G`7Y9rs2Z4jwI57=K_UpcJ_LBwc-H`SBqxegFb7OAQe6X>v>-o8|TX z;d*GPUqnVcNW!CMTqgf|#ijH81)S^X6TMPs*__-CCuhtkQQ2>@! z#V#x6cc$fMWu1%Rzj9;$_9h|0NG)FoK3eqg@gcYV0)y=-uNsOI`0t4M{FGbq5Y=go zSa7dX$nr;CrHGwc?;Vyw=v0gXG<0!ZX^V0lR}tmL+TMuI+qeJF76z=aWg%J4upQo( z<%TwzevFbY3GtrcePl=36@1ZX))l*BnhS+TaS4?%Xsiv)a8UF2J?VanhS6$$Nff&mQ2TAK8+EQUE*ng<6ozh9hZ@OuOs;;rU5hCF=Va<yYJycy@Xb|7zxcL}jxiCy4 z6i+Ol*mxdYvidd~a;&!kH_J#YWS^HYE4QgK$IPhbG&E@1FkxL0jTV`}v^E<{HQdQ? z)S^nw?6l~$+ElwwoA3%=lukQ4muZJAhE$O3} zn%d0))=shO985JmalP*CR{)HjH1fo zvGaWxN?$DI7J^M%lj&6i2ST?!cA(Hm2+vB5Qz8T<E~C8uO&Ey*{7zaE(}+d0@gdn3x1;!2Of9gz2=*BV;Ix> zanugKl^UmJlW&dl_GwrtaDY#7;#p}2a8<%{MKXb$_gUl3{ploO4)W0D-wlk6z<2Lv z?_oHT+?%Om@ebQfklO*XYT2K6*>OOg?7?-^%6{h3AQ#**Y)X>F zRB!TNTSkR-ky0E(3_OM+e1e$V0E9#f!fsIr;kg)LpLrnWU9vTP?Z6;VLeFm?VZdp$h{h0WMwZqkFjXi1$z@#P06hyHB&-3}Cf? z+3(p;*2DdP|NQ6@oKLQU@9sOu!65-?>gV-n%eC2$!^=}Qxp`7VfioFE5_&^Z6C-!2 zb+jr@^GiSy5?RsQ{1=kAWf5Xer)}=GJSp+TJltwA-oD`eb#fSOCDAlU8St}DX~Vo)HFf7 z7oh9gbSzEQwdY(TYY0(4@!PJmvBVTtBt>&sLU)fn0Ww$f;d+1sLG{UZS6bL#s8vD8 zd-Yw2Q^{Fe^t694`7})i5^Gee6gX!Lo$u4$i)Zq6;w4g!O?J#p8aPg{TUWCbTrsr6 zSW_MG9B;5bc<`We#K1ehshfDUXMle%DiSSsXdE^h3IRe&nmW7*^6Fx_J$6W@Ke#JR zPFz%UnV+Y~Cv;QI9xUvDQXlt6?|D0s@enLZK-q@;37MZPX`9xv-;xLL%q=9qah7uk zMcfw3hvxvvE*je|?=xODFC*9o5H8L^Nu@<|Z~N34xA)X3xoOi;a;NoWy?+3+tzNo2>{ zg9@ch7B$}XtY?S#vqaR6nQ*6OgAP%)c6gMY#1QaTFCOSFPfRWZO|DY zk21S^_l?w_D`(OACDST6TeKyPomNOSG0EiZI2$oq1Y^<_M?&ewets|Bvl2;MTK0`n zRR7-pI8P1O#)nrN8Ld@^8cMjI?L~8+j5Po~DanoG+Km-upDcZ}FA%C4TJsV`fh05SGduRT* zKMO8g2`&ktmWZdkK)njHtWZ9%2h%SW1K!Ggup~*UVfjWELIEE@87NM`(}A-VdV0~b zU5LWNr$j_mR7MMNfc-KUj7%ngg?tVF=#YZUfA}g+rsP$E+rw@~k_O9&Od}w-K;(XH?eG0k+Pth6{kqWMqgQ9CoMv&~d&Z zfCYnXj@iK0S1tjNrb3PBF9E&QS#X3k_1WA2K5-s7Ql_|uQ44sih_QnJP>O45!~;Lx zxEBjuYT|%Y4nvI+8Yr=l(AGgVIDV>yOa#sKj6(`a=3kwE3~d*iR1?lNN(AIl?9>_? zJP)h*+XoOiv}Gu@mAyXSufqgfR-!NJwm}>jzh6f1AL6C>(drQA3+1npN|Ke$pl^JC z)DX?F`UdUXzd`Qb7Zn%R(~MHORK|Vg%tDO9_;MmNh&0=odck^#X^#ymFANWG$n?qF zFKe0c*9AEMJ^{;VVf?ylk^Va%XcHbsD~Wx}FU*&gH{+&uvwFb{6yq#Ef7wvE4P}pA z+W1E481=4oYhZ6OQrw+W&n!8tZPIO9DV;LnNCO*go?$q^`Ej@g(9hU!GX3@#19sph za>H;qOfD_oGijyET@tp7Q>y`B1vrH6TQQfpx9)O2<8}aVshw0)s;@u_%*FHJ;$_cC z89sfg-43ufw4t&=`jT?sUXJ5;r7>rt@GyKpZ1S$N9;YKfT{*WOB|IxvR6N4zmP?A| zpLA1p`g&(9gee63GRPgwAXCS3!~a>k&hhsadr%3;8rKqo$8o!nK(rfZ3`_Kv^bk(G zBqB15ruyElaOG59yN&mltvC>9;g~Y|m}9WSLLa{kl#BL08k#aw4>`hzwvzHDTcX0+ zdEu*Vm-a{#AVXC_rWR3`xcIMSUC@awGP|Ew=+pVO*STE{p~jd#^^e&u9prfstL{6Y z(Zv`cl{Czv=J!BS6N{Pj;4^n-fB*ne0BV7T@!5?)`ql#gXS>A!x5@9(m-ixiVaVXD zf_I`_{@de1ia9|yUpSTmc>hhB8g;vj*z0(@p1M!B@6B7~Bpzf*b3bYT$lJx;U}*u> zK8qPj*H-uAhd*c+3iE{(3s8yGfLZsjS z%!7QL`OR&P2J@DWwYGpCW27QGE2 z@9HxxHo?kL5R6|R%K6+roW7KrYL`K9UfQIXTUq6Kw8jpxHVsOB56S#TMT~{2Jc&7-p-u6D z02yjimG;|P*xEx8QY@{x)A6M;P)y3q1XpbKHc{He54DB z`yk^o)1I{8zff$m?VSeUyl-X^2TuL^H8wMV0R)V>HR+~h#gu3NXiM@H2e0>;y?aUm zFtw}S&7i*1901QV2xyS%c|SxM#QfWa9`~^a1EU5S-gPr)ka7_-M~Fv(BqwCe1po{- zIQDkwq2q#!sfRtsyaDJSe);lx>XuW@NJk<}es6%Hq9UJCU=ew%va&Kw)-C>?lT+8E zM&m#^#Vwjj)Rebn$V3<{HMhv!|9TExH~#K3r{Ec@MyD1agJIay`>Y!Ke$Jqeo-ie z{$N$tHC+n48(BuPsP(UoLOm8QQaqTk0^4_4hxUjbx>QA0^a`1HjJ;9Oy| zhYrel6ad_ZS>e}P(7B%L@tP92?jB7Uvv562<_IdxTw!CeSJP`4GX!>o%#9as4tAtA zU#q(ps!d7Dy8@(G$V~W^!NtAmH1O#;V2~zjLPiE>X4-GrCF!du$eF0-R9!)DpAQci zMZ;cRcqU%tTX?aUv5&@w6D~J0Ga+aRyr?rP58BbmR=)<}ff7nKSP5%#QWtTy!Vuh=uS@Ql9z_JCrrKsqmn{e)oMqN^(O& z0p&~Vn>_I-++Irl2B((A_VYV(>00MAQ@p}clN6`E{8mF+|vG8F8-jkWm|WOn{D}24#b83lYIEu!-6uY7ScFC z4E7Cz#V?nY1E4wn`$-sj+qN;GdSJ1H$6a^_8V2A;DBZeck9$0+<2Y4^3#RSiMX-IE zZzZbfYHxu06k>2z3S@q2Qu;ru20AtAGh^toB>@K64c8z2C_Q1CGU?-Fz9a`PZEo!T zxbpp;OX;ur{GVw8tfvz^8s%{2fUIF~ z@sa*NwJwq%n)icl-}(0ms}ZWM^10FORf|9T&|a|ef8U|De_5MIPE*WwM*ded8v6ME zhbp+NHCL3TJfh3o2aHyEmP(sm!Kk0BnLxabOe#|lVXMVtWrTXOHY zFQDqLRfwV8k>7vqu%R32I$*U|{*NI*4?_u%Vu%v7UI+UBXc+jA>^mb@ z#`x9W0JN;6m+RaXisI*b1Nv382Whn2UweX!zZi8Z^4}H8dRVEr8z=lpWd#sR{^Yr?>m4((_KEA zb^RUDbC0p@vc(vqT^f9TzFXv%{F{?LzUVs#4-UHWfQ-qH9;J!ZD*iGykgHt@a&*}9 z01m`gwpRr`_4AQ59$T{3hbCXgEc0mWcSaLCMSlJgc_?Q6%+G_pt`1xLwB9N8Ewh#Lr6(6s*@iI?gIf#wM3;B%7ma^xgvE z+$ZYRZ-C>1>$fVgERP&XHW*~Hj{UqOGRlBUOw?-cr@bMtap5Q>-`boqbVJlrjovypjy-y>aihuS(xC*ooTdtM8KMrBoh@YX^9Ot!DS4r@(&lcnUlF{bxIIj_d0DUa5rmX-Ef1_P^pw~=_@rwn~>K&^&I zp5lZTNCx6T!S=ITVRUmjOnOmiu7U^3*)F%Mb(W5v-K8x^ zpRDtT>$Li2X;i|YSN(`M`+3z*_C_AX60bMPl+(xb!HfglhX1S|sj7d0r`+STzNU|E ze?o9-ZrFURM?M6oug`$Dp0!veA#?L@S37qKI;qD80@XS9d8}K655YdTT(N<#+w8ur z8zfe4j+Nv6_`e#Ml9W~^eLkF-qf%VvWb`}qh06NxR+-gk>F27ykb##`) zq4cPhBfP%ZGAct!+Z086=vI_DGPM>t25*!xuGUL0ep#QKF+&kN3+uie^Dg%In~3oK z&C!mcKE)slt>=l2y{00{UeBm>8OkP*W)4t%8t%$dHWbEt&iXXC$%9*XhQn?xoP;J3 z@A@T)B!f?GFJL>wcwm|Azo$$L8k`$kROm%Uy5uKe4O3=T62_%RU9NqU`W10pkX}a{ zCAq*BActuBXM=B@Z!e-N48yk&)jDApp$qrLuy$`g zrG~DJ$x5<-isfI-FYnnK?mT}zJvML}ec(N`ah!VMNblVlZ?yNkV?~g2hX#1g7bTDI zdM2Kc%g&9e2uQ&O(V2f*S@j)&&L(8hc4bOr`3-PKRNA*d#t@vPOvu7joJ5M(p z&WN|9B@9=gJFotLt$uYdyE+JOT&OPcFP*73RW z#cCyzML~!$w%WAR)!s>LDcm4XqRM-ux2~-Y^}ah!wIs2%+ngsL#WG{K1Uh+sNp|FC zAOV5QOSqaH32BYz_d|7r(cli5?_~}p?fj#7I{&&^G;w(#uHEwacBXS?M-m_JQdnX% zU7^VcT$~=?!(Hr(oC#epN@KR%Ew(QdKQMP`eDiGZf@^8@!e8^u$5DB(@vB{#BP5dF zAzTV((A|hx!_9#W;|ihwa@e4Ae?w2Q#l4=P%J0w@0NY=mwvS&I@=_Nq_Hc{|4i@Pi z5ZK>-6St?D0+)1+%6k@C&hv$K^fxWNklDz)^uQqtzUymse*c%c*m>FSm6d$%g0scy zb$ZfFRHO3uN&?h^&|<@yJqB|TaOAd7YJCyfM-K5n*w3+fAfka!*$7_Ss@OsBGDb>` z^VaWn_ja!ijmtq+9Rw`=-Z5wJ?P7~XYqYxde%ZO?6*Z3ozg#kC89yXbUD4uMRw92s z+r>;6HQ-446D)s!kgIV@Y|ZnPVuN7-DUn+1oJ9{$EW#rFePm3Gn!>VkIy`B|5-Q$H zWqYi5a8DRkK537F-x@^om5S}>vQ(-bWoZNcnDR>FnqR^A2VV1$JXKV6JX7{^@Uu38B^A_VXcPKlv4{&KXD!VH0th1dBN zUbFjcCak5cy5AA&W0+Q8Qh8#nrdq2(E!l)q6=NqeMgi^Lr{rJz!Ly`?{ba+%Y-#RJ zzf-PPeR14r>b9=oWJRC)xa1&>;0-L$x5j{LmBZpm%Qb zWAZV-%P6NeF|y2Y%nD+3ef2rTTMBL2?-Jd2jeenx!IQVPY!#f5XP+ck+wf|b$;}V1 z0*z)$l<((e)KBE?TzZ_Su6#>6(=B${DbHX88R+FyCn?~@rSh>|F%J0EygK%wLFvw` z(#3S1iyUI=L>GDeq;DeSWfv{(AGXNx_` zmx?i0BMZJ3d=f=>9p6-jdWg-}pX*w>vz{`A4%Xuis#y!#6>O5Rs-8oT}e29SxhlQLE-k5GHc-anH@{Fe4ul^~bv>Xv$wzrxnXQQxz zK51hd_8GbSbd6bUZt;^e$fjcj&{wwJSlKNd zSwHZxpw+vk7)zAWt>Y3de|@AYD8=$4Tk}J-B1Y2jNN~zqdHt(rou7^gCydQJsZswU zZ^>v_Hm6Dk(*bpi}v?8GkfBPOnYC)WZsamx8lpwO5iKJ0xGCnUw#IQ1rgyEM~ z1Jd&e$~7w?4qdD*mBR4=Yo!q)ZXr}(;m1m4wWr+&veQcz9Ejv`ul~FUQwcPF>A9x1 z3qrqic2$TE{I!63*VLhDZT!)se13@D73K9*&(O|eips>(xIx8&k=*=+pcmg!hp(wP){w`Ay5pZx`_iQeZJH)S$V-A$bEdf9`u+g6^ru>sDo(e$U31 zjL8oW&8ipdKGH1Y%QsXUxnO5pBuJRWQ@FTa17SI~LtB6RwX)&}_LJXNJ`C zh||ls@CtVpx#l;QWYE-Fv_<<=fVh`Ik+p3-7S@`rf`>sO7telI4rC}n{-DVugcwP3 zuztK~&w)YF9Z4}Uc?2lyx~Q0%HO*08_-3k?VaNzS-*Sm2aw*`@N8VEY`bBjv-n!h2 z#TFQYmv~uQSWIoZt;=S?-%-@fP7Ub$WG3wLP~T*-w0d?=S6$jHr=jG|5yU9I z^%ml!vM%q;q4lAY{oQ|$O=li<2oED_pN;{T((4~mQ)yu2eR zb(bz3d8iPBF>eL-0CYh`8uE$XPmkjZEcWMjApPdh7F;pb5{;p`1~)(7jT`rKd0BzK z?EIpIitglsmg7Pb!aIb(ahfS4h@xSVK3z%kI^1J0G<@MQbQG&|2c2%D0x8N(OtHKE)7bM&U$2=E-OREz5HPlLgsCC^4p+pU#?q{?2N4^+sO!Az)$C4 z?%35#ioYiyA#U!s;&3QVAKE&CSqMc8kP7fV z7`N9*Vw%I?QSD0`HDaTpa65vC!DXNF;SW2Bw8HRr7uyQ943nO8#FPA7+?<1rm;4&h z4QmoZ8jVLH+Ba)xphl{lbnyHwNSpJnbEQ{(QK^h8%H|K6qs6Y__pVf;eHl76L#CAC z82PiSJjN`h*-=+qOsuyu=P!Wmu+rh;@tyh-W82s$pc)EPV4hy8oJL<%OiXsFW-JK! zn6V|34&wTZ)GheilOPeOO0}h1hysQL)9#tii|GZwvkD<*kA?F0J=ZFlIT74cYVIsqYSH>;JW$3E5}4%DSvKQXtjFY$n`2IA zYKJ>vWOcWGYSK*92)om9qK7)vH@q?9qj2SOHu5s%sF9gmyBc_scK=@Vm04ZH)p5T= zB*6;hj(dm-uV*Cdjvp2snf7ku)lx@I1<3dyu$=;7Fh~F*)6J1UGa<2t_$)%J$vk3% zt1DzM`*@d{x$E`!5~opludcYe0ukT-BW!T!7kD<$YkALhF{=YOn5<}bxgG6{3p?d! z6GRTpSE9JaXg;%YKW=&M&ci3Thn)%lP+PWo&7YT_42^*{2B?yeLnn5A@QWYX{@E~7 zGE*4tWI%o}U-+th$n7UgPZv#u9f}ms`IiDL@&L~Km>vX*6e+NDVOP74*%WGFz_$>_ zaz4Gyi-#f;sNX90bW@AtIKT1T$rEVoKm5m!>lSRz$-q7M+0};+n~o&1pNNy+uWY z)wKwVwKI~PE2qbsHRlfIKyIP!XU(91=2@LdT)$-_#!Mfl_f}z6J z*|tH&Sy1&DxU9vgZdrw2ZwiY1QhN6(POud-$qJlFd|+#n?gC!TKWMYH$~Pnb($v&> z-}2i!J$)l^J%v7M9`K<};k=x^+gkj;q5y$Jb00p#NeTmrsF4$oXQdSh|f%O$W8Ud|m|{6p%HzH*4wr+mg1|x>29nUjFZVTrH&TXui9I z*GDCApV#GUBqeeni8s1#27|)K55*CW+D;r~_cyTgGd4CnhM75m z9k5?A0lD7#K}wb^0Og9aGKADFwtZTTHar&mgh(~=eiok)pLDm{aqG1MmKJ`YbHl0Q zs&LbT+iO%K^UmI5s)>nZ_%WE7S<<+)8Qm`cR^x|AD_J)&K`9?>e;{wtmR5>Ue)gbw zwrnP7j9rVq91!o}`f>Q_xOM#yY`VMFH3&qU;|oNM6I!>xP`K! z6MpWbX3tG0$AY1xB1ajw=32H)N%CR2?{H90B zDD8PpRr6|!PmE7St*-}?7ssA=M+`9xOwFI1mT8xhf<5}KsX5qGn3uW4owimdF`Bf# z1y3@W*bc_i`-Z`du(Z+|f}S7wVjY$2nu;^7hlD+S#%1DPAL1|)m~~E17us;<$}iQ3 z+%5!^Yt#V!V67xAb!$~BUu z8oc=WFLmBE>QY2youYHW2*ui2|6~S#N9Hx{d7HdxE$rfMJXOyK9J+8iK;qZUKn7Zm zkHKdSN6I871m8Z0CAdyrn994-JrUgXy^al}f;KAJ9sZrf_quwz84}p~Qkd&QE>FMe zVf>4YvM!3p8-IUIZnzuqogAywpl?FIVRCgq|1@p9EqQ<6#Mz{)U&a&xE6`7MWTY;6 zRLw*l$?2}~gjlI)zo0v}iz^KLYwkVY1}D>SmmKCM*0@JPQ-;DV43|Cb{-b+T^Xdk2?Drb!sCmF;^Q^6%37zE_FamAE8vN}W>dw*)VM8j4+;{4|WLW8pKzlxlD1WqY@pDh)cP@zO~ zeAx8yS2gS(J%23895wz%&Zu~se*4jX(Uq4@Px_Q2a>#xCNz{7bR!`IR+Pc|u|BAWD z;t8(G8|7Uy;v7smStvTj|7%_lsOr`Kmau+O{@b582flPd_aZ^qV94%~K$DI3Cs9!n z7ccJZ7EAeOi!5-9f&D=7sx?-K0Q7MrrKCWD2#3{__invGda=FuhpYVct)p4GCEZML zme0GH!(3dJK!*f>tmzDSrZf+um7hNtA+fg(zP}wjNF2Ca1oYRo05yrdtqt5fJct&< z-~TfmXX}sYfVxqU)0;PMlp+@2a`As11geHj4SOcGPzkiU$MWz{K0MsNhh6`=aG~q` zrDI3|;J3(UQ}-i+-u<<6FjDEXpr8~YuVE+rpPGS&YD!9qbX)fFvM;)HXoa{plWXn5 zD*AEpO=o0os8*@Lt)jg!HU6gMU^_9*OCBuR(|3d&2s8;san0w^iIjbY}drtU%i z+!T~1cht1-tKo3H7lLR}y0r*g50dq)+900q@qF|i4>FGOlt1e@zIU3_3fO%K)Z~bE zl%M0E8^n)VKdZWXV`4!69f@Us`@ijk{;%D`|F0MJ+`?eL3#zUzQf$(zZ+9fudDHU6 zmdeQ+U&m5PGwSx9KT_nye_nZNueQu-pK^3Ps_@MGhO*SqJHe&Xea(G@vZpprp#ASm zf)_S0WGMM-ce3H$gBl$9&l=r~TL#A`<|SeR^Skt~Dqqw+W!j&VNv+TCN*d$816ZTw z{Ga5NzQn6vJUJpkP~LKmS;PLS%4`=SYsvcgRa_@wk+ddk2n(XDbzl}5VRoB0DQ`Y^ zU>?w2oy;StFb80pTHgh5>YhTlUfo*s{cbO3`?8J-sNVD~j# zSg}wkRr|wrN1ba%GHT$u^kTKgm*elpwOLqF|A>(czAc#wguDSU7l}xbd^D%Dx;;K*dfMW$lqaO2(dp=m9*=fapOys~2kLCXC5wD$Oy&t{1`wVSB8 zD=X0*T?0#J{ZIGD-8u8&a1cv2=0)|8+nQ2?+Y4&gN|=B=Ail9c#(?_Um?ZxQUVoH7 z(#ZJ6qs{93VanQrln7yO~cX?_AN#mi{4;K`GVs#~#DC-$D<=0T)DIJfIs!DFS_ zI>$ylm)zuLX!Xr>^*i>y6+~+5Bu%cBj5bt=5di^`)7Y=MMM*2i&ic7!8@VDbhP_H; zBnfYoKatVOlu*qqE-Si5vi@Xd)|j7bHYF+09p68$=HsdYpe4Kkv|EiXrl=}sF`t{0 zS9Bo15Zj@{q>>fE&-cPUCL|z(d8gp-o+7(2Z^x%^W2Cx-XWqt~k=#x{`;F(%O|=TQ z$6W3&kf4>PBkliCZbj34Xc zL(bOdZOOz}J=NIZs9AAHW!?3V0@uYmkmr}XHZrtTTu^;CwMD0_!Si#ROWZW;dyqHr zr|g&LPurhgBS9o5-kSK?Oo=NtiUvQYrlnj|RWqc|D4KR(B`&?tb4Uji_-sDBZWDc* zFKOX0Qj?=5nCdiYM~mGj>zg}RkwBas{3{6KfO9rJ=(rqc+DYrGUVSxmfgIF7NmK7R z>XLGtd>g#RvoR~ZIp#4uzTJRM9R5zsZ4^$SWt4xu86tM^V47*CSfik4uB4) zjFsFyZ~8UM7RD4eBR1KO#B#+r;jj(aFvF zopCbIm-Tr;xR{{Lt|{%Y$gpr3bXp7DVT5&_I5bs1(!f^Og?qkl{3^6gy1@@CE9-SlclSB`aOTU^Y33-e^MRM_i(g$uY4*Jcit#W-O zJKLSqKax}xo*s;(RlK?PJp&Dg1%jD9#-B-(nG8hMpCS0hJ4jqmzQ$rr0jSxHAg_UayIBB#V{-={$|ISCikW4ic8`ak6`@^}IS^RMs>1Z*_hB zhY#!Bsx^?VZJJ0ugC^RBE-`3>jK9{7B8)k)<;bD>*6>>U^N&%`i20Rn7+=EjBTIo~ zF8J;vzlM^cJ0#TFS%JG^oSTzD5S@dqjdJI2bg1S}JM@Ti_F?pJf3J$enZlvIw;#=h zJ5ES~6=v07_oy0F>DN-05JH_Io|W}%?97J%pcWE&C}#)HCD>i@R%3%t_{60po z?(XXw)$sZ9z`#LI$)@rY`3K3(A=gX)l0uyWHR&8pw!d5#oALT}mT=u;*{!J(F~*#$wyK?`VxRy-;}jVyQ;- zoZSo&CpYF0?``mB-s>fytwWQ5mlKBWi~>GjV)|O`Hm_>Jq{B#!hI$k86`MGpe^ZUfvG^u< z|NF(Rld4-YLB+P}xco}#w=h(w*X{?hor4v<5%^yPeFssI)y))UsZuHWNFsJ{WOu>~ zMV>4n@(p@nldX_OC;|`|dZt@Q#eUIk)-H!{X9y>tbJFuuc$#oG`BXllBTxYda}qON zLQB2{j6E}>C3e>#z7IEik+bO&_R#WxzKSyvkbB=?nS z)Jw^DLgh?k!9A>hhklSP#;j&e^z+*#wOBVio!0f`$iS)+cu3ksrOeU27B~0%;JcAB z=gwreK!uJ!ix-2cO1{Hz?-s)Zs6l=oW(Ldhi3Ju@N2}Ak)NM>o^vw!MI-aa+Se^>H za0|7y0$|y!^P)^*wmm5Ty2wzcq`n#(&SX4fSF-I`OMMRRlggdKJ%CfGOuil@m1LSN z9xhcxg@*7_d0P)lyADnQ7WdKS9x+5<$zkYo0Jf-;<8++EiEPuFm#|inWl%^apsJ)g zqmCM^AXX7utMlZ>fI)6K6V<+U7%-rl6}nNlCSl~*th+(1#~0dnF+GfQ!eyDq{Y>Wt zdTWfqt9ZQkQH5zySrG^NXS4Nz;opTr=zbr}=!&paa{FrMpRozAQgPPNYu$Q7SA`87 zrWYTm^jF!ZnSQx!>i_-flAy}RuuQiAR$|nlo(GqEpQ*YaIwqI4{bx4Yd*f`dgEmg% zIrrn6(n#AS_+#SKd_A_r&UnfVZ6!JQ}4u+^Q8x zDQkQTv;L($EjYknEdFuz)~1SI-1^S7G5MJ=d*6}I3p45r&PBAQa5{x<({WBYMX%US z7{jlo!(%FR|$}50?wz@pO;x|)s$?*SS>^-2G zTDP{**f$7vRH_vf5Ron&MMZii(p9AQ5_$+&w<4fOF9DPe2|`FHp{NK50fIn?0YVi5 zgwRQV5V$MoKIeSryZ`;~JBDLOvR2-*-ZJMipJy(knw*u^SBX$vBi|3$t0>6!xIZ>n zpT9Z5&z%vlMYm@tAQ@#KXWgOACCvthjKf=1rm>x@eDmo&bqh<3a3V{kc3KCzkU_G9 zH@MLP3W?Qyc6CYktE4`$^Ia*0*XC#YJRv;~#&L-u)2{}UQF}y1%K~nONjw+Wvh^$C zwI%w8<_ovAidzj?#Cg&N5a||dDwgy2&G3M~_;W(xYii`>Z!$JRO|vVUz~J1uOMQ}T zD7dxt{Ij;yfu-uK*Tf04Yf+U!n2CdBp_#-f&wZBY zl5z<+(6X+P_+`?~hfs)5CMQy}c#)JH=1>|7>^2@LQcVt}PV7x;5mJqsMXz5V6s`TL zmq*Wd%SQ)vV4$NdG++gxKl9zTleIcnLL{8beC!U;ziw{4H`rFO9O<`9X>qk327mIR zgtR)k%(TJTp?R5ofWOf7fYz55TlYcYa4L=GibBEsFzco5_v=ccGK1;Zrb8K z&d}+r7LF|6Z{*=Xjg)eS$e>ZoUUAYKHil5~H#dCTEFqBllS6%^Q?v!1X1!BrIQ*f` z^6s8DcTe$ouO_3+OAWlOL?{^eXU406 z_=VAc)tc{1KRu(m`j^_SGO=^E0Z3o6S`|P`hf<`7vvbFKbXG=AGh+SgDAJ;gr@lId z?48VojayT%^A{Hx465%W>e-`S2L`-$76+BU4ty(|RS8|`k^sED4%wcG-K^1iC5VUn zzJ{Mke&Qp!rJH*AS}bW6Xg=sjL{E+Xk3@u3$E0PG6Wh?w8ZC~-ABuE5-VV&S7oL>M z8x$L@nk~}d3Rmh)L5#Vdm_lA7v(n9MBdum0Ik2|Gc9EUi{`h(!z+GJz%_uCfE<56y z->vXEc9bMbpU_;&5NrHj6#(D;F8`OLO|G?*5&%2$H`6jp(bb-eY+Ly45U;t8qci}d zExK`7z47>ec(GxT>~$j(hF;vK@9?L2z#sp(tpC&u`tQ_R|2K#8|9ImAD(?XCp`5u{ zW>sW=a&@Qs{)iAZSOUZrirMi2KlKp$R5loF@QbqhCW@*2W0WG;UC$L#@mzww(*WFGdlA*>x3$F-l>~g6LX-ABsY^L|)apXVe`8(|8+pLp zai&>soM`0(G;It1>>SsW4oBfT#Cb1B;kUm!jLPX7vKl!$gxTjH~Tj=$hx_Px_c%?o2tB$awPo{CiCMfpth;qlN|)V>1l14e20>)Z$hBHN!w|Ir?IkZ=Mpa^ z7Tj(veB0eP=6p$`%sGN@rz*2j6)uzOPbcTON~b_GkK>aI3nv8r%{NoGIk#z6FgEYK zKS}GT+X{Vrj($g5-#_swX5f_Qg|V>QH}6iypxlgN;?aZGLdQ-B^D}x{+RggsbMt4B z9!a?Tc>k#px}|+3F1)F@&9G#4?o%M!Sx^NpJ;EE>#cmV*4#hoIyKIhaNdBOgc#aJc zYpQ+ z04gmYnF}gdK89M;*+_fm3(SDD>@xsG`lo!>(pYnoy=3c?UEOAJ6~JxpRby?kX(zY~ zT@!wZA22;KA&$2$tG0a4FUG9B0qJa8;6K7lEtXX<(&ppIZZAE_3-stc|Afh-e%1M~ zreBX;v)!=If;%mmjpK|vmsPX$s`n+XKEs8U05J3Cn!`QTWKX*(t2VxW8URwyIJb!| zSx*aR1MGtN&*5>c9LQrWK5-6{^Iy3YUh__5Ow0f$>!;So@fsIGnBM`eez)gF+5ZZO{PnHZG?#&kCzqQ`L>&L$n~bDGxAFRUgT%5 zKWn&*8y|mMIgoI_2_63LZ?ew+Pvq`rNHZOh9BoFp?3pF!2&9_Xl{Hk%##f_?m?r#D zSoX$sqk3knrv6&YE)aLqf04C6)?ZOUj%cVAPar2;>x2oj`ywtC$|0$HIxexv+P_Od zpmx81Pif(IYh|1$|6Ra%a2%6T`9`s|RZxj;9*{KuJtF8xy4)Wl~7iV!V` zqHfgO*bnM;0yyDO3zbLz>csVmh?PnLeQhm>rf#UCUh%zbh>Y{Cw?sUYs%L8m|J!>0lBC$yll%+ZVTTFei{?vF)R0VnH440(U zzkZTqCqZLYGoRIhSYH7fEYiRBWVkt!coZ}vu!E(#=1Bf-;?5{J-`kM`7+$!OA0w5< zm(aYm_IvcYf_8eHb@%lE+*3|gG@7;e`*CJ1vcsXhUAoY<<^2xZwKvanN-;q)9MMqj z{D0r=4BV~$Gyr95L*ueV!NLtt9dkZ~mQ+qhV!bZ_Q7Acb8@-`szRSc@by4_-U%f~sNW{Zj3=J;NTo5?AA4!PRjv7v7dg46y~cd=c*xww z%aiA?G$CvyhQ1F}Fwd_2OIr54^?O+3MsycqZqnyM@2~<5Y~kiu#aBmNR`lWxfux7- zaiRNynKPyx;lhpU^Apm-T9q~PX#jwS313Q>{gu0D;4?WZ)Rnc&!x4*L3>~H_R>uIVXKl8K%!3;Vc7ef;G6$Et-7%LnJHykLP<_f#J-&_64F@?4GAf_1mqwc z*^BjxzRV)r3rr3T(FC_r+@bPh!R{D(37*<(-k8ta|2Zz_Q&6B80;P zCW&5cdibWI++}+9EV;LJN5>N3>gr_@Bs^SHso0cTM2JV6Hc4}@J%3uN1@SMa-Xx$dau{>p8#CB=Tfc&-6Npw$9W>1K4EO! zZ%yhr$HOZPc8T=d12Ttq<2?x5yPcdBL+@3fBtoO--pepkgPcyMXJ(%Or%YC&pp|89 zmSY0PRa{>@I&br(#9?5nXB;OY3`N=2bwS*zYr=C8injLA=vR$j>C?0xrpU$$;34;^ z0wGfwq0*$Hf!#U}n1vPeg5}Inr0YJOR-C+5(SukGhL;pSdl_YIECnd6tfd{|uELr= zloqUkWtcio&-a?tboe&hO7xnBwSC(BN$};T*Fc`O{ahJam9zPF_~EWBt@E3!lto>K zJ5B5DBk0WIVh#>h$la5~@su`B4+%8_*RGMhQaWn*US8xT!D4CM5dul#=ZpfE7uPP` zCnkUTZj02HC%Qj8HQ)Y-feCj!7`kGdBlfvY^F_@-YB-!Txr||lr;Yco#4qOOWw}T)`*`KRYDXN4$+d2a%H`)-Q}U#)Xq01T0MKn zr!KO@POxU9v%F)N!r>~c)gxiDQoyn(@TTKiR)8G-3++nwSz+iLL9UTCugq%M_@GXXz48;*h{6HRpd0)WTX0P9KL>b zxf86bpLfy~fZoXyIXk9f=IRssM>+Yk0m4K6?~i5Le0=gmR=aEf!W`GqR*?8=^;*$K zdjb``OT8}z{eutkP}3=`_!p|eB9z>UFqn2EdQ9Dz=OQoV#Pp2pOgjb3>3%SYw=vFG zttTX~0qu{v{5FxkwN#GfQ9q78OOjthxChLAJK@$U{ZiF$+qdq$-oZCz>~0%MzEo{r z^q7X`&9idur+pP?Gz`zCPFTT%T;8r~79SAU=<=;Bx@$ebozCby)J>5$hwLv)&}f_! zH>*7H^3oQ5b`MA<;8}yJ+twvflHh`+wi?)WNkLl+nNrg#nHDeQiA0g4p9cPk?FUAc zNVFYXVx?TXD2xi=f#H>Mt@ zU8+u6-VMq+_N-yTHz`~{PUR99cL{8|q@Wo!+pJ42EYwz;k1)2TMZK|$GkZLG13OFC z<<6d!jsOK~tLZrO(ZsE4svXM{S9%nGUhFZE9L<@)y|-Tt`*$XiF66SgfPrPyeDR; zc6^S1qJgU-pX|H5w;>U_@$5@@jO^Maw`vM+&3A*)UV6|D=oUyzs~l{I6wq)OdEKpUn1(?uj>Vq^0M zOP9D&e{GxD4?}+#@Z{<~B~Oz1F6CG0ounb3x7T=yl+82|UWk_v2y&tJGQ_JesTpd5oOYYQU|B&%7Ar(@G5JzJOC$TtMo zRZ?@}Wf<$ahSq(>L&m*8WAr|MLm*)Skf}xk;nr*qN0D9N)~Sc3*tsxK1O%~Xv&Vef zuAM!lA_$wShbAoM7_T5(Z&&1SvE~W$U0B{kX52-<43NL)_p;T=X2ioykWWtO?FezY z5nWH^fMNQwtsIqB=1LQr&lWPSv$;!c4*}1=vVS;c^%Z|XbV}krA}A}epp!`i9mCUFJ26t zCo+wEn?eE3lP2gho7!^GQ@;kv5qw`HKv~o0c77*%@0kri@@dM)9A}&Ispa5$Kj+wq ztt^!LkZ~ulasIljlkXm~z*U%#J3%H2hSYu#-o9A)RIl{X0g>(29qj~OQwgV|6NlvP zrZe4BL$mcRDBeihPp_PAVqTSw6L!heh`JgmQFH!Y8r*x%Z{E%$^;bV2{M?}%_TIzU z;5zc|=9a0c0`+HUSqVG*3YkBoNMO#-! zcqHB5?Eq4Lf0xZ%h~RUn6E^!2oC4(0J(8YO*k@%7&@HIJUCB1i-?~4M*2Tid z&jikIAeF8v$iQ+dT6jRGfNf(7)*%Us$ZG@0j9%z%aQ6QvK*)yu96`=9F?50a4kZn$_I73}$WRdCV`F!! z1r)IX1U#ZO^%@NJM7${Z?F70CZ0+ZRgVdphY=+YC16Eto>TiI? zyi*EHqPMN8wR!&SVRUS%3yTPg@Ayo70IBa4-N(`yljOF8n%y#VFw#e=V zV#jdBCU;;%g-pG9=p+VI;pq4NXt=gghUBa}iua!?xNmII0M2IscXe0jL66BtAl(@%Fr<^l?zv^W?|_&Rq^y#GOdP`MJe7*lYF{dVK zv#H;0j~a_oBs_2Qp(EDJCjEdREJMCqe~lW)px%ToihzYcT|YAls3FB{%m&zIj~D;m z3i#&QhZ&jOzch_y954*b>?tR3XG=ZJL@2b)02t?@HKjr7*oFvk_K*!Z_kEI%7V=o* zapTKZuHmfA*Xb>%L==3or8uo~b6Pqea~J&o?)UnHo8t(#PnZ^wt<&XmQ1Oh9+i<9f zN%)w&yjjwt#OCd2MGaB_S7R1Q2XM{8>uZR9g`ARTL*tF;?uOZN0D{&4kaJ^2AT{ke zQk8fg@An>gQG8ihUc{nI8x!wH_jDrXD^+0NNr4&m4Fk$M)Sk{PGQ8kd({CrE4cqRw z=j_>WV>JCD{u2a$+LqbY0mm@=9%HxA21%Ra6WeTn30k3Z6}iK9gPpZ744Sh z)yn(aRxsE>-yJ%ycuUHE(0Sh}$%HGLSY*?9s6sQ308HGHIn3F&P0ri1@91l(r|y-Y z&U4T}Wc+fq+bn=H*Hrq5eww}f2a?_^EF$`K=|VD0cy>e zm)jn?YYEs$aHv?OTY2{2>}e(N--t z4Emh_M^xH){K%K4p3<{2G~|&Gd4I`eD_t|plW|$AyE=7c;Xt3DQ56No7|4G#1y?cRXYW6G0=~IZ~`Dk~GatRph<(=S}nByFccBfi25Pead?Fc@KWIHSD29BUYRdLu>wvPHz-*_GDT$gO7~Zs!bfVArvRzx9a;{V%WzbP*P8R9d2`1$a+$+j7xlK z%eJ|H*evhnx?d^qcK@(5Y4}96;8llkGoxgx+vp2{ru%K@n5YGoZ1)I9NT=}!3lo4z z>^3Sec*}lFWwZ!7wEnuawfB~|vA$<~{@w~NyE~X^^_%g>c0=`9sl@}dg9+L9Ngc#P z&aNBeha5h_&zsynh!w0NJNW-jBcPv>Cb^vU9E=DR>Bd)#CI1M2(j}T)7xuJVGb!Ve zfOJ3Xx?u3b7jEPSNmD-vipYyD8+;DcTfEZW_|M~o#uU}*eD*JV)%4PZ=B0}j9sOU} z3Q}sMf#Kw5b%Nla)7+-r7c-8F2$DA=g;2JhS5xO}wsR-9SAn6Dvn$n!J4TT1mg+R^ z+_HtuIY8Y7+3`4_$Vf(uZj$3sR{Qp0(c&$$g@2>ly=%JLM|^f-1FO=G07#JJ!WiLz z2RL=r+?%%Wjj4Q=IWaE*gqKHV`&wG6`^F%&#^KpMfI;bOcPV-a9vIS~OWq0+&v>eH z(=(Jj(GT-&zm!|0ts)^%X~=t&18#4{Yy;C3R+&F_W1U3BM8BXN{o;(f2V>oyjFp#6 zAR_ZbuDWLyD=!{1Q0MLQdghsM;`lUY__B2Tn90|l7Bf}4ug0^-SDqN{SJ+qy4;eu3 zEe&ljlh!z8K|c!J5J0pC(!X(~OpDTHRVbUKlqBVp|*sb7jE2HyP1ydeWD>pO>i1aVg7if$cTxcgcUJ#x)Oy}uKdOVmHCYxZ7%}h)CKVenF{a(6XiQU z07bqg#0%Vii+kQ&`l>3S7dUMuZ0~JZ*Pqqn2qkRt^cABC99?( zqR}$FucP-RGOl&q4*z2$&6cj_*%#XEPSUVcz+uA?fsWpoAxufB)!dth#PA6xtW*mI zlTw~^C8U=NygpMN`>{PZSm@>aI?f$j)K}x!>nQGXpjDnqAoR#6w}%WaB`9F9_UUC_ z)iJdBMa%v+Av<`>Z0u?7Yq93kkE9Svsf14DWonTvK*3u+ zkV;Qax1X40-f)SVJWQRMDZb$!zOA;o#0BER9*5X?nE`fq>NAr8YH}S)+bUVm{Lns+ zcJru&=WKbmdh{Qg_G2m#oB0bs8^RpxwLN6RYPO|Xg-}Dw`x}rcg>$@^$f{KyFOmbr z-DbXhSe+bVsfj9_%Z=&rB`zNc?(cxd;n(?9{hrsF$smhGivsvhl5p<3`I2Q+!PEtWyLoA6-L=$_|W%cZS#Fj@JULicRpTi*zavtyU@D-qks8(rw$uh&mo5U$nmLq+0GUDl3_ulRPW1* zt>bDa|HciM94F|oWT!<#+!Dhx(Kyh#G&DVb7Byks+Wt68wIBMOw<>@dh$NYbqw5+t z*^fF;WvZ@2Pg)b0@mZ>zv0aO(#)-dv4dA~c73Bc&u4Q)jvl~1yv?+O+YkFtT?&f>n z{p>W)nSP|XghLTQ3MPH}tN);l`H*ih^NjeKTI|x-mF~TM*6FWzhe_-;Y}o6&zGv-T zX8OHWr>w{{_Qnbe7`D!RDel%=zkpLEes_*$0X8Z)Uv#L>XJtxiz)bTesmGeR2%ZT- z(QEd&5UUQe5W#LK5GpydGRJ?57*#isVvsZKmhN`qCE6_c;)GXMez=Acg^N0yDSyAs z)5&dJPlBI%0Gnw~^nkd6+(h@RwzS}(d6}`=h|uT-WTjO$tF82b<)=W{DQ3xmFcxhx zwbrG-9BfRz_FBmcU&dHV^lNDy4w^#Ji0kNmmn@<+~inwoMhBu&|z}0Vb{^!n7~ZS`uM_0{*IXA zUwG3A&<9|i%Ois`)YB> z&nIkPX6k&L_J!R+z9)G|)>-ygNn?2)P!CvKnsD=P`$$p|nDsn^^ z5XwfIEgP7DMFi{tgm}VVJ&TLvoCIJ4gVq#zSM`qN3L+OOb6>YK7u@K@-jQb9$J5`H z*HM&kWisdVTPo_(m&)~XIeZiYiWv3ya5AOLSW!;dTJ&deqSyTU4%w(r1+nr!7gf%@ zU*6OSa0jE1WK)3|finU}KYm!KtEZeI8Qn>GUYx=#tHO`gofmAl+P$pIRKdS)Hg#%% z(`s3m=*||y@(ViR;Ej|o(-g0KQk$+U9&!d&Dv$(u&!p_eL{EmN!w$kTkKc#;HMDIa zOczoU13i%~RIJUrC(tc;d&5m9SXWAYOWaaeXHzR{g9$5vH!wNRV7D8xC;3^KNq9GR zl{3o<*E8+#!&(ldCKi*hd zJfq87Mw32Cqua`Z?TnMl;p?Re5i`F-;T+*%`$6i6l)^G6C8Cr$J+($emb-V45{&dv zPS!%1jW=A*yzpVErsHNB%xGcg2u}+?;J`n}aDCeAS^q=@1+yv&dQjyKw`h2%s5(@x zUr?OmI=x_d-$c6nqxMqyo2Bx}RQRZ3pY$-vi#r@US(xji%G0?w{@2uT5$Mcdvt5>H zy|*C02-;h)bfWou0+&3F3+(WwFwVm|(&laMipR3I)53k^&hn*=k;z8g4GW<%P-ZzUzP9y&qeFonUy0bbDBp=NngHFqWr)Zxo`s~_1zLN6! z2@s&;2fV{RC-Rtkol0A^r&QO8$6gy+!43PRq(AtuUyN2R&w9*G?KbjQOu69Xyyq&C zhK1#)!YoSSjL4?l?We8uFbScAtH9>TAqc&7JW#!_TT!XcOthb?hrNNOS~aFbue;_Y z`rf{OfJbD_irPMUorm%6i5mKuCh}NmLSil%U71P+!h-^MjBjbGh_$flLqD_TWYM9# zmG*lI0UivF=_iQ_dunG~G2O>vJO}efo+OIC@_Dhw9!SYp2F;dqtFhSpg|!(}k9(^x ziLOvt?ndZ0pZjYHUEwgn8~ZU=y9N{Qp;<51RWfGJSm)>bRr}R+Fh4gHv63NprotUN z-0=Q2kOJYn(#%@n9nNq(U)U*;H4`<89e2#ABzqAzXe>+a_h@~8tK)3n<~$~VtutE%n5gYw%dHQE9 z!%IJ%dGg}E-;&+No9{c*ZnBJrC3Maq$0rch#)hWR5_&c$m;pC~Lr-9ID5AZMH!mg9 zKo&4c-idt@SrHMYnirgPOFl_5&UGyu!wnAH@T$*+u~0AkBPBb(loq{_G^>b~zVD97 zmD^Ksp5)shC!ranlL`Dhe)=3aG=xA%lbbwJ(ZawCkiU~)57{@$OmX+R4 zq)!%G+!X#2s-XQMH1h!E&77BOcFl4xux)WcH9~7sx?H+C!Cbu zX6{weesd@cG?NLu0}T-2@wfq|6zzYYg!{GmQWRadWr&ag*OTW!4YQsID@} ze7=XquTl|%Ig|W4Ir{HJYkIGuX3P>+Z?dF_xsZhSDsYMu?46*QzlDx0%;n{iqUy;~ zzi2SEADMtqaTlsA+AQ6kJ}vY)wL!I|_-k;g{qCXC<#a)6`%>-JnJ5W0YHn&vQrm3t zAhG6r^LW9EthnDWIyUl7Ldh=bFB@WCd1uKmrTZ|>=W#7PL5==8lc9|-e$rr-X%8NS zh<+TT;5Ye;9;?M|6I))o)!9)~>n4}Ih5{FD+c0@BS zFAldc9hBmW5O$?EsumhJCCJD#t+hFOH`NAuf#f#@yVbs!1V=`DVH>iVd1ZLch)Qg( zR_e*#B8V=Y0V;Hd*3|SlAYAWRHAznTSxw7LsK7cUb9we}hQlu`uNkLMn&y{{cr#l@ zDOC>r?aYY`t2;$Yo6O^r8}Ggbxa4?!vR$`lY|H;D{;<5XT*dMjXH*yb`WariNVIJY z&nc(aFEOmsJSL$@ZJGAPoSlvMEe=@ZKS0~s{GY6y>KDcgQTRZS0$o9pqbRT8%>^+L z=bpKleGL=drTeTOi)ZoyrdU{CuYV#^oOdcCdiL~ChcSkjd7i`>h9f6lGR?mIiFv;f ziknq@5oqR<@~QSwXE))UD7~bTFK;|t=O>)2Gw!P*IxWVk?lzPsOfebl9ejghyKy-N@cdnQIe|(?ghAPE#{WN1}~eQv}UE z)Nx{-y(WatCZs1F23xF-N~*&0b2&OKD*F65l8bX7iw=F;mn@5d0L?JLmQo|&0H+ph z%iH6`S5R`^544YuS*vvxTiRWN zv`!2zPvD5aISrspIvTEd-L->E6tC+H5ZY^mW*kOc>G1hCwOI}W8RyE}+9f@}Q8s<7 z*k13U0>;=q*xlbT)Sy6B%1*t_mVLE$6kh(l1}sGVusbU0 zd|BFJorsC;S*(Q)No)^TGT-oK!xyBH-RM9Mi{S3U(YWdu2;@xY9g4#zM7uFAddZ@6 zBNQ%4d7Ak;4+HMUpA?&-2)b^q zjz)ZaBy-zLgnSUBPAl9Y<8e6t^Im1=^Z-G_C?d=_YMw4~rQzqXImO3fS4|E3Jkde( zPU!nu3j-H#zbL#|aj&Bs$Xx=8J|+E6^<9s-<{VFP%CxW zbZkDfs*Tx+GQ3oyylzWNph+u|7LNkhbSc0Uhh@?LX5Al7{6Ad4|BS#m_nucOnkv6H zj5gu`s)hUsc3olqlZe*Ynm%WOOOhhAgZ?#pk^?U}1D& zmd`hvak9Ui)N{VKQYEjlTKu2i0id#L>?Fp5z#DOYhsmk!lQljruTQcRY>zr()v9^5 z^|j4kkdPO1bI4a%Vn(e|bqIQ}3m;a=2uNlinyD<>Mlb=m={EMiIoa)l=U&GGWH9Cp zk5qOhj_l5NZbWAWo1nd2`k|yH84yA5(36h`-f~U-Fl1ori!VCkl)akH*%w5guy-x$ zW&*En@I>bNu!B8@Z>Y9FA`tEL+V88%x`wsOy$R?+q%5mD;g^CSQL-7}feUK<5|~sx zMdTVi$DgS6(VE$5;i%wAf(~z0Ei2UPq*a729BKM>^*vO>dLovi;0_RK?9cpUE10+{ zpSGtPrFqzcR6}4J1)#2oKfVa?|9>(0xdSKXnFcOP7erE}212dqQ7AEr{V-i5R%PPy z8swnareGr4r>93{7xE$?gc|B@#rg5TrcdDVGIvo-5{b$v7D{Zl8d<@o7AVfm?Z_*ZP`Zvm94zkN9w`HdYMsI;XmZ4CP`1 zYO=6betKhtNmo>fR_8a^EWGhq%lL6FH`?3?gVAjQ_lu7+uA`im7S(sNW_G+*97e~K zD_JvyOg`39&%Qk5IX~z)CB7;~GrihEGYh=hBGb^Sl0mu`3QX%S74ZL{*6n zw8xW2C$bA9<1hk-H%*^(w;g;ZT=+ZZNV$@(T;~twPYNK=Q<|LvLNtBeWM5saeQw); zlgj(HWq6eP#lMNqd-Ha^Y=C^RD6e9jLV{LFvgOTR&C8A^lD_7(NGI^{R9kv zt`ROl=H&0t{T`u18wVp|E`X~Y-R{$@`m4i$sjVHeHi#zQa;Q379`yPcEkGrgA6SA& zN**77jYZ=xQG8d&V*87Lp)f$0CobTWM1~ih0~mA$X;kj|UA;9{cCChVJb!$hqFH5X zM)ddD3I5b?QY5BAN7@6mNv23hZ)_Bf*r&$5k+Aji#YM8ynb_6@=){eb-nq#0J53LSO zEPsgG#S_$~04B%@UisVj)*b2B&~^e_h`tctwEsv|%Ep2dc*>t%ps-+>^0R8>~ zH+*DpjzL2YK;Hr^Lv*C3R+P2$t5crejoPmebq4{wy-Jzr1pUQ{yR8#<5{T%f1Ylz= z=1OdJTB$3)S@-}UlE<&pUy!EOwYs-Xg4)CVGTmdHd3D}ouIq+IY0R?B{)@A-E^W4| zJ;1tF+n6bo^joz&gJS1#0E)Wa|A7(z-^`#LteL!_{UQz@&@t74H*D+j3Hj0!3J|ST z?kc^o&12T4t);HQ%QZE16mt?#V-Wiyh0hMwMSc3Q;N+YVVV3_7|LQ09;3@0LpO^8# zOpuYQ3C}p*v$2WP!NaP)nAMaV2`0t$%NTLxg+hIL{q!k3!69GUssa9i zU(Qky1S)XS?}gNv{g=up+LcYx(36(M432=~Z2O`UM~K!31L;fLNZ{{&*R>VywykxQ z4$N%!t??Ss?p6FIccwzDhsa^p=v903#S%ta{2RJO64A*Dx4u>T1>ZiFwmRc#Z|BgQ zJW*7vhUHbibEq)O!%j~=jg>r9hs7Y}HAaUEw+jbWhKK{bADQ!EA-@L|WXcUN-evqz zFM_mHoDkQa4j;elSRtmHAyj%@kd2PXtmP$jJbcYdvwFSJ*Q01TSN*I>jKl}R-nLC1 zO|PS#RIxnM={uZKco@bG94CguzK$i#rXpqmF7&o3{XWQ56s$)3yX!lOnJQSXIF$7+ z-?Jyg&(SNhe#Yo+F@hh~+hl zoazy~a+H?j*ZfI78T}o2w9~8;&>B?w%0c-iF(9-ul*at|kR{Wd{Ek15yVJwT;mR=K zr1UohR3P0quwYh|68>5h8e=|(p8YKB_6oJ_!Dw75iR8+Xqit;H(B?y4Af=VA=4DFW z?q7S?UKuq_#uh(l2@KI_m{PwPxay?x;Ptey#(sTvVZc)gHoB55+lGEG3%P z24h{3f1)DIfWy(Pb-G+xI>m%dI^7V{sDtC$T$#fGdgt2v zL%$P#8rg`jxY9vqTv*xXYDxx2=z%k^nRBd)^%l;4ST9)VkkQ6Jtcd*pfy;R+dc}2~X%#1>xSkZ+}iF`>%R3fBdd%AVrB_xFI_cm_d@QhZB zKR#$1NUxqLqw0_ywj6T}>{hRQ?*=33@^Vgv5#9LTT~z=4TQbo3I$8)ZJAnjMbqEz$%f;9U-d;HQ}3}uvwjF0z}Oh#xQ3^GB%;H~ z)G_m~(xE@A1H9;X2b_G`qr2ExNxeog${VVE9emN!-iDGK7Qpk=z7gtGP23fbiK1Gk zPfJC-pVTCyRl#-GyK8cc^^DG5zPidEl@>F_CIdUm)6b4RG&CTrt@dZ$?P8}4y8H0O zHO0D2PQ?1n zcy#A5mgKz4kRrELz{;*yn`JLL&VaCd`7ldih_XhVMx{&LQBHh6M(@K4o1q4jBS-!t z0~25fXMOp}mO1XEW&Tf|Be0uEgJe7fy}Ax0-JR-5qPQiJ4gl#`OaWj1^2}+3{r&>C zd)WbD4O*JyXu(H30~hXN!P^C?tc&b-Q$(2krX%&<*yNT`-W9Qt_5a2#Q%jWH%||=tde(kTr+FPnGrz1~MF-mxhPvD;uieWkM-cn7Vn2U;vQWiW|m4GkiBFtE9IWC zyr>T^X&n|Y9v0jBAT~%QZr+jqCeZDK+`=DfntIXj1_FucMW`%6;iZ40gb0WWwV@4T z63hOLE)78~rYARJsx)HZ1aq}|s=&6Txm9$~%At&hF)8u}7sC8Dd^3DB4JNR3`QRmE z*4p+gIXEnSqHcRT@IJRi*O8Ow_8!}P>&ahL&uUIgS4DhqwkXLTNvf#$T8Lgfa@FvM zT@<%zHbO`x;-#EGF502+uF;VUQHY3<_J>=y|K9cWyv|>7&jpv5_H!xKl(xqykIQwJ zLR5v8ohNIMp(z}78A|ijs$kP1c)AZNU+tQrb^ekaqy7LuyaRzccK=C8rGC)d(*O2> zL;IGl^p#0Z+V1}3@=8_peABm}r(YAD62hI*_7yicP@_!9@sIZn1u|%PChH{l^%Zo- zx*|dR3+Kz>o~7abuY-CzD~s>ESM@MMrSGKuZ7MJHo0^QcNh?<;eT@y9ObM=qv^pss z8PaJaM=pKm4OyDA?O*PvZj8l4aYY_BOI8EAlZ=YZbW zg9RS)Nq1N$HiSj4+!It=80gzx*Nb1^HE>-VYwBy1)4;@~$HtXT7w02W?A?)F~Y1pgaTpe5&?;hh!*bAs`&!c^yL5!iBcVzLDst zLtq~t`C-F;FXzGJOVg7Vr5_}Q*nrInfUIZ{dAI)LDT~MFOpb*WrovuXwC zt3Opp@amZD=!^8kkZNY~ro5S4KbkCSZfzNz?T(E-J>G9O^eqy`emPZJ=zvJ8QxF4#06gO?*xbt3Sg^5uZiIV6Rr- z$PM>Pn!t%u`0(A1nV6vca02UGM48ekX@vpg*?Cw}nePdhOwcL$M7k z^R!uqJiv$Qdi?d+#^Ivt{BCX!+K$kEZl#b0ALltK%1YX{!5Xs@s)#=s6T zK2Zsa+j3hxl2GedKOf$S5ZxNebRD!IhXUD5y0rI=`vENJ+hT`dmqjnQm9KQ)=&-S; zo8==12%Rgs`OPOJ2vsS?9oJ%~Q}nrUep6raJK&S&ZE)!#Z9X|Jg(S0mEn`;w4AOGHt1s8`!{dv^5H4vyndWKmHYTW2>HNS}>H9zy8JKLa&e$b!VcN9>An%+|sJNXZJg&F$ zUgkjGCgK$|!+sgU+p@a1LFjHURht4)hmuRtc_ZLHxid*2Luaq1#`qWG>0f#qAIa-}31aZ+uGls!{zMuT6?RzS+_nuoVEv)Du zj66{)TzHizdPe2pyK+aa_o3i*{=osu(aHTTA67T4q2V#CyN4b0-eFE1HgOHhHdpGd zsK{e&aO*)Cw4r7$7_0seZ$nhMfJ0c<9X~SOV}AM5n8503Mcp==A}3iA#tYWMSPtnq zNmx)k(l+DE;#}EHHMo9lM^TV!ZXbs9dSlO?D9-o4tXTs#-O(C{%;6w&X;?<~%JZR? zjXg-@SJ)aRe|yqG?Mo?4>!V5hxcB$b`=y&}Y1YEAm#-T4O`Ud-@cBOK{rw%WiT{{+ zW7*oJ)$cYl{mrAC$w_$%6*XNvHxvgW%f=EuB)}zYi)91TA-XNb4lVa7CfvY6)awm# z<1Y?dd3L8Q^@rU6nKFN0A{vwA7eoB^i-xS{ey&~P^G?7LQ9Yh0iY;khts$Qa`gI-B z>i2z=BfNN^RBi4vxn3_XkN@M~D29plGDvl2+T1Hf5GkjVu2FhieBH13@55ji*G05K z`dC71v!OM{OXP-Af%gU1*!#(!B6As-12bGxg9gZO-K%^Y3mcprX}CAdx~v_iMfWD<_kW#V~6TY_=D?2i!J0>Yd(W17|$JNsd4E<3MW0O9-p(Dofr zO>JAdSg{;HML?-GL_k2L2}rRbAibA>$f1US0-*}AfLJJs0@6WxLJ}znHK3v(C3F%( zAW@MTAhggz;O&5(d(XM|z44DX-dp1g4wCG>=URKNwdVZhoZo6!LfxxdUocMmdNa4} zt_>O-6?Zs0Fe4NC?uS!OPUrM_3UPYb0w%eHx50nHZ+s9zk#oUT_xb1nTJ+z1=)i(i z6AnPffx_w@=5|#j`Q1P7UVQU<@=dpOca)W;i*s|((0OMoc{59ahtmLQbSTY?_(`U$6U!Cgk~%({t#@8BrrAi~LcRQu z#R*zZXvL>72frMybAlzD&zM#ZBl{imjc{@x|N*gzE?gLlY+mX{IV~tk*K46Ih z=n?o8fkG3bQg=BQ#BJB~eb_%el1U_~R$@b1kW^n%e)RrUjo)g1MF6nN%g#`4caMJG z8=OBe^79O_V+^G`H+b>ber2W=h|u01Tef4AX?jOT4QX-nEw-BL(G!cSnwkX zU$7jyr`N*AY$bgg0NdG0cVCKL&vljxa7{lgo-A_wjzP>QR7~alr|wDaQeTHt2X-gh z5$QB!p=Ph}Uq~LtYFFm`oyf# zRnpAO;t9O!$bs?Qcq*~bp+!^ulT@k#qEa2z$5%sf(9v_(S84K4RxPDU{stYn>|F^j zr2>Ad2(mVPTL`9YPI@Zg!PFt!-TS@<*{Fb?!qs)$LzLH}3 zk8T098CnIUNXL{7f5t~|Rv%%%Y!d-K@u;)x*6_3fkf!t8pm!jRR@UK`5C;JgkHkH? z5Rf?1N*K|#O1P*&OEpnCdHiEOktH&OkzPs^MsHgm_Hf=yYGb{?i`k%Hul4OkWL8 zpPHDi04Tt3xVI~T^UyiFY<anJ);V9pUu62xfGCKa z);0%|+CRP;_?vNu6#FkF zy1A1d0e=hB6|3B>(`l?)LU4N#-K{`&i93wE1W;o+Jde?sP(>k;wsIS22j2#%dmn7t zRX>QQWSIQmaA9q~Y#H3g`@VVK-IHodKAY;Oc;d!J*h!Fb(M=+k_s@b>`8g2?Q&rcJ z>Wl9M|NL-v3(L+%`mesa zZ1z<~^Bda5JKk+O#{@={=(MVvViW)rrxx77eM3=+_(Wz~E3VEVj$Rv3lMPE`bbfm{x4Wet zH>x`7&+PxC6b4M9&8DEtum@JME9Nh(=ZV-SNB}D{$;I4@)Oi1{E4i-48Gl$b!wtWt z-~00xS=O_LHfEvRhTUDl+Tmf$g6ur!6rE zX*#QO(GEebbndl64dLU+QqHpV2J6OIQh;dn1|7f<7&0hr6j~+{6o}s#j12;1VjyptEQ@}S?}uanEYh!twS3-7z+osAf=K538Mf-WD6Mo4w~pi z@qK6Z>Rvsx?q~9|5caz3c`#QNRMS4PFn%(guVuYBsBOma`Pyo|?)S+@xDY;-yK&_| z{h$NK>8EXHZ1I5D?Dk;f2>^lEga=hYv`S>&DjqIEhADwvlG70$w)JzICh-?P@GFr6 ziB$b=Bbd`Zf>ftEZ-upWR#SWR4lu_V>;$C(FNPe{IELeEn50bnrOWaFk6edT@9-+0oBJ-&<{e2s3cKb~noV!Ro| ztTm7Z1mBPe7#rHZOT*$W?G zcNRvG{79oxXRVAo2o@r_?wkz_5HF+$RqmS1ARK2t5 zRP{(PFP&`%zMNhVRWz;(<$Ae~*zyYdm7#ivvQ#^=_r)8<>=y)E@(!8n|8p26=RCm4 z1$d&4TY$w*06@s(r;Kx72Oameh*egc?hx^*s;62f`NSkhTx0CL9<5<{z-}_wE8;!i zzTK0zWO|Lty~m`3?>kH18=&mz|ef;fA< zZsF#yn_k=4`Ae+45~qd=mwj}NyprV-|yvC;~Z zw@fm4Q6^=no8|}+FfFUd)uWjsxu>V*HvU}}|Nj6Bqxe4*U)19P=Qi{nQQeVM$c9n` z%$FpNY!S@4*+kD)*8W48e!W``3%z!`HeN!2?K&7ZEI6DEav4Oxo<{aJSm3G~iCLjWj!=P*N@ z*B~l4Y*Lpg6y3hh&iT4MB6t6yYs~BV%QFCd#CFqzy_a3-20bg_YT6yoz@LK0#5Z%;8%bHV6%k_1J=4$$Jv3G z`H$ExQ(U3Di|d0&m2w@xRX}S zDt4?@IiMvUaQ=9|=RO^oVd&PaGZ}#I#Gz2Ti)QwI-WX)qw!LhRfRpU`lq)8BLBEn3 z+;D)Y#t|(oV_G@Hidm+e^zUT!w=`SzB*|z)!mx^ft@HyV6F``UHrtohEVQ(j})$OhxUAFOg$(v9TyCT6m(xyhkiw~Wj_p$UtSn*OL#dqW02tMiYt10R7yCaC3C zVkNHK%nz7I+F<5}g$xKg76Zhu5|iTWm!J1!)y|vvAL}qj#}ED9W?N)g2{7c-hg!h< z?I4|n$z>nRV^)p_xLLm^*gg+}q+>FIs_>@iD%Q_-q<3kHqtbI6=aJ_XZ@w^9E=BUs z5vyV(UEVmoaKseX-Ppcg*|RFYp>VU4KAI zny*%i)}imPqqsop@L|t@7evFsB1s?dpp=@@d!s)CKjFP_dAd8Qf?K3E@Jc5G43Z@( z>?)2M?ou0!Z5~blzo~T4Zp9|Q`4b#(o~*L*RIO|ZUZFrV#AxPkhXme^IOV=l9fbNo zz%TZf<7k2>@!e8}H$7*gUdJ`qHZHu$_D}1c6!tFA0FZ`#{x0BLD2ijPVlqq}_85Gc z{z@I~ZsHF?AJSGBuZKt(r%rEl{*g_WMXs&{^f)jXbDy3~RL+R?=UyB%v-eyJj zyp3Q1mT`0FJ$SoYCZkfX#kHs-=ID6xw7U@M3-5GSuSkx3<9b#SV*6R*S`&Jq;k*vW zgdsx8+wY)ecUAV4pJ%>{Zd`&}%XyuuTR1d>`xhu=BM2-;ZsQk}-BaSP-H?dwQ3zl@ za!kkg#0pzErf>=6(&(k}x9ndQ#=BE|8UUBFtAo>Gx%CVR2f#Azwmv~!ZP40ncWv@~ zl-~{~BluH&;}XO!daw@Xe#{;?4xAN!fiTU8DUA=ss(Y2XoROB-zZ!j^r*m*M2)oM$ zF~)uH`E)A05w;kfr{^W%wB-Y z=t06~Q;$BDRepp`R+D#1?$dd*bChcC8Mq4SgU{m-{lU+(l+Y-{#Yy|PciNXc7|~1N zjSsEXwcr6$_TnCKto!QXZ+4hceY;W>DKD{Ap`?bOW(`}OrB({O*=TgMPuG11vWu3y z@Z-hmw>LR6AA{FMr5Dy-UIgmxrurAP@kM1{{UI`)Eg>zTDH{pC46>-|;n zRtZpH*l0G#)vj-8-TU-wU68I^e_GS^hnMa|oOXEaxgQOdfFU6k=Q@%_%6EN8ymrRM zq=}NK=v=Sl`=?eyZH}^r31T*p0BpybhV{ztbez(@eun3Tb7-3+{@xLe;bWa zJm>t>-*clC;J9`{0~_$W^W?+TVebK^tMJ-TOh~(E=}~+ad#}L{$TV3zkvYZrjkeJ9 zC$Q&{>@Y3UU3yd@G?c<3Ub@(0!s<`r?m2 z44X#cYV>#3X({#}X5Oksl4gmD&P`@qc3n}As8uz;_md}094SiGG&64;$z2ltON)_~Tj9AD$^35CSCfXFPG5^|)v;o}SY!S36Yv+XJ2=8G z`Rf14v5sNZ+=M(gNWve_)$f!9{`GYe=mcKY72Pctgrp}7SbaWcNx5&1CMA0@ZngVu zqSzOU!WwnQZO17xzKJ&E;etjtxO$821^opd*PZI7UrT9`H~&&Ig3*; z@Fgy51cXU%+E{oyh}S7==L~h$W&lf8J2~U_5v@`-659C|@*Jeu=gEEZ3bnQ$=Nh{y z@3C+N0O$S3e%88%Nr6V1VD#D)O*Y=%6jA-DxeR?FtU3tf001GGx=kx-OEQ3M?7+H| zNuhkI#Zze{w)qlWO4c-1lo$U|;}UpX)k4=a)kdjB_+O43NA%+vOXp_$AMdXWD9B)J z(juSpCB2b~Jl|i}>oYeK!L~nxA2KA42yA9N>i;+E5)Z^9 ze>b;nY=i7~%iQ(1b4~dl{7S^w{M=@XNA1^l-M0OQZT$xa-u}P3jPe|1M@G?6yqFx4e@YJ}E66BwW*$vKN2@hT>zFi+xI!<&X<)Ny@JV8cyTJE3a= zpy5XlBy8>NNX$oy!{G9|!N8u2`r&n1laqtbj%(70C}0i)bM6DMJbcLhu1QpG`YcAJ*q0B!0dqAMOA+G+~+Pc#n>8_Oa?G)5BQzn78HP?QA$!0swmEl2sz`r zvkBRFpDO?t&G^X*t#DD1knUtzkuSI$HV}$0aw|QEG)*~In(Gzk;%2()A#!UYI?QoV z2l!X_WUuPQkO&J97|XJM5z0vfy|@2G1lI8tP`b?An?i*jJLAmYkalmg+EbFo^#aS> zzU>||Y^TJ6TqXeUSrPtdV|V5pMZ}Jc&NWQ7?V=UUQW|dzUHtexJ#;cTf~IZ=E7i~U z80IIdKxUL_q$5u0)#pu>gFk0CfalX=X~vD#oxTmh&4MX(+@CNQj=8jg3vw9{92NU; zv5>z`o4hC_(C7N7nxbvF;-#b8b86{4lD|F3Dpt3&0IaH9cBP(CGo&^_HBj}vU#Fo^ zEv}=tFh}vxIaqaX><^u;1*U1Q1F#dq-11a@*^6$@?CwR(w0=6<)E$yEU)Gy!m+Xg7 zez|`)^>&}MdrigzxwmnyeV=YrZr3*KyJ#+5ehE&S>NetStR^rSorZ&Jx6Jhg9bU|w z2mGXX-HX~l*Ufi*kY2D)SKL81yl4~96zpaIZ;vA9%&xa(t=@aMF8aD51&xzJ-R`?j z&(^*)G3X7vZs{~z$Wm;A$7(1KjnZ-|jZ&Bkb9l$ox-B7B&J~<^3VJm2OO+mVT=ckm z9VKuD>U(BO7dj?34c>F+$`aL&I)UBNM%LXwCVu^f1Z_n3<86jZEH?49ED)QDi@$ig z$R*#|ql|AN-ZQM(v>`B_X>{^*53bdZ>s@wiu&#uwC-#c@64>_KN8YvIb}&+rN%Bhf zDou0{oq3}nb&qk1D@6`}lvbJ+;!uu%#ZPgKhzCMqGeLvKf|uYvR#G}GVmBG-h*Q_| zJ-kA%ej7U@Vhv8)c;s1WKy6nsQ%1?wX}8l1dVjX^CEt&pTKXmn4%JUi2niFIhAC5E zdYw%t74@-8UF}E84E}EUcY4RBoSYmeg$?=PV{5a8w4MkPVfF1DI-Fy(e&(GxnR4^XyDNOtT-q?Y_lV|k9+#`L|FvCA!d{sI%` z$629}2AXF>9l^zIW=#A&E3fo`YN}`vZ@kDI=m=8^nWzhinJp zK}3BkBWV6U5ruKFBP1&KA*zQtV{9~&wq?s4KHKkr$n2CUOu-5J^#U=@slA>cd3&5Z z3^7_~SElW07fnY?@5JJ77zkSg`9n??w$Nw4Zu7ormo@Fhg9$zR_Iv{ZO!w^;H~ z+h2D@y9P|-4ro7zjaTyb<$V3iN$C-u2)>_ta{6VT#Ug3G;xyjSN*$Qy%eF6wCO$oH z$0xYzarAt#MQSc?fbj}FnGF}QWKx~J)zs~`)p2b;7Mf*V>U!-NmU0LJT zaOqG_9{16oo0~=Jt?u3JRqtbinUMKxA=xXkps-eHQigKm)2 zc>C1|^Q&ufrUs<^0jNyFuA!wd-)TZ!u1r$gXn_9KSbF;MBc!Z24EZx@csyC(wv?3pI=+I?{-|ab81eSH zbiAiM&Gua-8%?Tq-P7I;S&VBYOxkAZ%YE-ZO(u4 zEJ6b2YMB$$6`-a}N+0j}94NWL6)C!wMzW0tp!==R1c~?Mzmg3_Iq>@b-Qs;FU<>w?b+&^5oiR3bJk=-v~OY}c+*lT;**QTy%}hW5*_O@7wF1*6}$ zdLfp9xL%5jJ&&^k&7KS;C#ol9nfWp&Zdv7=wUuX z{v#gkGr8VBZ|W5K1lpXM0$}?<&8%}A$F%1C$Pd_YeXm{`OSfyX6SZ`__zCnrSdDv6 z9solZ0@h}!$|;PbYAzd;#&7ji>*k*CGv!BZU!(4EN2d4w$v#EofkhUpnt4@&!^_l9 zcZxdb{g+Ywc!pTUe5>GBVm@LW*QMxQP{wjVh)?yN=jyJ<9>sOjg-;K=wv4;a`m_m4 zG(Nc^F3z+SI0E3d!+WIF5!`6L0>HKg9iREK&-doMU-2hJ^3v=2i5Z)RpLE-kPi{%{ z;N?MfAT4d-D!0nYrVX; z!eOkkyExbCU&?!#R4&)!p`Dyi)wsirAIKM!5-im(rg5g=x9Nk)MvMz;S0UyE(2|JD8(;WS!2`YS6amv3$Fjc1Yn6K8RMraAmyG4}tRH@FjU zasGPl|Fu_Fx|ichL(Ei0l7266PC69!sJKE6xa)(wULcw)Gz7dpfa})+NTUV_fP19b zP}8YjvH$<~a{XVsseixl*GjjO!_4Aufr0*V?=5BCb9}Tdt$SKMq;(|o2ZcR|dqO`} z1nf~r*<-&f#DCg+r>iAL$AM3uKA9QE(#+WD(}z|UdmldL+zOZ+&#`PzXRPlq(60z! zkIxl{bJOgT(kDdLvF>DxDKf^A>^}tnif$HCQc`}iKX#>Q1{es)+MTNg9|j_tV(Sms zgBMhh5b7aXKSz@26$FP|%hgADdbYz|UDEHvy0e=2GEQDMb8p-WJPN4nb z$^hU2>j}PfED+m+^!I=TI6B7q%iIzEQ+xk%^tD<{mVPRojrt~__0^+04@vr6_semh zYa*RuVRj}8V5)w)Z~uPz&2)LT3>;Sk$7MEu+5GWOUH%L+WajG zf8xW($1c7f-l;jjKj&dY#U}I$uUAv3jCX3Clf+ti3yr9-Jk&5 zSk180prkzF#^`b1+wzQ;=|M7j?Uy{UJG6#$ZwY3msbRrXiu!;sXA>Y3#+xq67V(+R zj#e)~mSd;lPp?^ZR)?XVvJiX1I>$cArkZ_TH-AoHgaDuPO#+X8%6>G5fAo=c!IBa8 zrqN-Ofn%%>lZZ(Dx;37`FGUU04jSxYIR^MrcaC%pp6KAv(nUkFt{e6}`u?hJ<%K;=re!g(wyVgI__ldU zb6Je(ZyxXMAMcNiWzxK-i?KNKXK{zTi&rlV!|9#8a+Z`l$*7f;*Hv;J)g$Y3=V`^4 zBYu#>HuaeOLkrxI^PT>cwkmn05hK?^={J64Z}WNvU=@~T~5?MLbkY+&1~K1YhP#x)zqQPot7 zhdGY|ifT9RxAg}kqg3pJgt}Qvu=YJDTr88mk*-q1?PXSeX8iVdX)Km!0R}76{AFzb zqIH-kf|i*x^SX5xuI!>8q0Qg8>97V(S0a%`Yt4z*CW+DwHnp(T_FE9i*bc?=YS-_p zvopx5)9>tTCz#~ z-jvtP%Xp_%m~usb9I+TYjoi9D&bebKhvl&RAXcbC9L{JSYz-&Sh*Jt^5%)SU7nI-TD)JkRkYs# z>Zg@&2)nN`_CHIdRu@l*RLv^Kiz$0s=p@>Y@M~p*d5@wW7G^7WEDTmLxM}BuqfmzW z#^o_1Zouk6$Uj(5tqL}0#-uJp^+5E-N>k z56(GsLc9>!|0D@Gp$V8@U7)eB__kH1o^eFZdv2*}51DP}l8r*XoQmx#@a8e6%Nl#Q zZj|@u;Z9U7beqRiGp0TkXU%XL0v+7Vdnh9UP)~FB(GWl1JJ|L^j6c*~7DO1d(W`I|ts2TS03FIrkJC`Mml9zlxG!E>pLs65j611odueI| zrO~HuH$jqnFoMDb+lAtG+x6S4TEass>0^U1PZNVSiB$y&+mwxBgErU{K~e{<_l+#y z%hU(c?hWx7j}*YKbM-_A3?Oak71wpPd0ODkh!5T`e{$~?8@qaRVsa+<%i%O+2**Gu zlH0!SmO!h&j=(CU>mx!maiJnc4LcDS;CtmdU%9josZN)xFI)%R%SKHLaezyQR;MPP_6edVEGFkaa?*mx*!kalN*vo?#(lzMk_J3bS-8PC2}FE{j7s@lt!3U ziYGF9=mx7UquOPq3Z(cxKj6tUbwBhy920;~s-Z@sHTqb0^YdZ zkacncH^6xhxngOm_C=B*b4 zxhaT+)G+^mJgnQ(t|{7j7{Uq$BPdOhGR9Dwmdc38e0`YI`m#Cr17fweZZU+&;~!b8 zLED=@o;>7DLwS4}douqp=Ia^Sz)@E^Ym08Eg4J8Mf zYtCDWjcts0cO)8Hl4H!fl{f?)v>Cc%D5bbI;k8>URI_z|zm)VHy^S?Z=!^OCqfyv? zsllwZlP1^9hP_oS3D(AG2Jkl>?5r#|g4CV5?2?woo7x%{`SNj}s>b|0k2!4Hz)+S9}L$pK>p zFPtO#XGz>sWQT$s%>5WOIm_zUbmQtpks@PA&&l((i?HR%B)IfRwr-R{zvepuqf9nN z5B~sU5w!hX>H>X!j`wk%@|-fvIQWO9jo(Ji>9?W#kG)AfD<_}wkK`n7;UcP~xEF57 z3wU>67hh*bAVJZk;12W#QzKYUt@b?U&dcp)gR0-cHA)8mSgIKD5|6J%@YMR{Rvok) zct>MGOM-c5^MEvGJTkp%+#duq%r>R1j^TDxt&JEzUk%PbvC3t%+>}NL8&a5z`TiX9 zBz?8H+WRO|vN=>=g){q&-~5^DQv*_5Q11YfYASkg@`p`b9eZps|7MN@rtjkzpKnx0HcUW^DCHCc0a#wR6YiuAL7(;dWl>Ly#Q4ES^Xst9Qkw64 z9Y`)4{tk%8k9mtEa-X+}7Je;h9x`yin12cG?T@W=sBR`p`6R{UG)VRP+Q-r=hD3>7 z7vuV;R&Z6Jj5sPJ6c8)kA!Q2p2h}ANJ-U087rHTa850jz@psNg_rv2#s0dq0KPgCcB$9}J@pS2gO5ohtkh?q6H3 z6Ef%>CwbPQiCSroQ`H61K~#jw;a`PKpD{(dln_KY^2OWezXdE~gcm>{|z>B48Mp0|50n?b-58kaZjaQmY_> znRDW{%%sALs2@%e=3#&4bElqDLv&!XRs9MYVS>SV6U|?By_B#l#mayY}7pCn`L@Q2O1tqbq~`!;V@RN z6Io3+3ZSi3(Vv;mnos*CzcYQcSZk6t;ToSXU2E~>U`8ObR`oW-l;{b-Qn*BMF{gqxEW_DW09!_)r|x>zbl_y@{3p!GIt-mO&53vmh*RmFL=`r z=^ec4T|6BDZ2oY|*t!|zt3x9+?8U;{+NN(nyB`3@%7v6tJGE{75oH#zoN<)2NICeY zOu2`aYbjbVZTDF4l0Kw;M=;s+w6t!b14ZY$8t$XlN}`%s57H6?K0#_kxXOJ=A1F*q z_g1D8+t4|p>bQU!%Asy1^y{L`*gHG#O4L<{>7GJ^v@f9-fHz^Jr|n=KyQJMGIs~;Y zRylLv#`x&8<#w`azaqn`i$CZMm)4I`oIBiu@=yM1-h$yw*tTu$1vNVVY z**=zdc%=|YpW&uss*|)_P}5>n$wEGkz+GzLkmE(x|XBECIV_wF8yQz?nvwxm3$7R z?n#lQ<+b!%D}QxuZSzPSaK}#$!ryt-D;DKf*E6Oj`?40jFY#Cwy*q5(!t8xoaE5x9 zwA$boXy&Su+YFEf|XTMn-@U=9qvpPXPoAn)a6W1bmHd%dSlDVoI-kW)JQ3 z45#_dNK-$JE2`9`gXCE;W1YY^ZP#x~sbwyHM;%+fvh>gcHg-8e4Ev}Hcq?X|`PlcR zC3nF9(Xe`n3vadE)2R4Q=w3%MO=Cb=cl6|7ZvNmQKiL7%6W+a-8`V|C12`afJO3q; zp0t=KI-Q(zr_n;h&vR}k7Nd#PL}m7^+t>l$uQ8j7-UTKn@aas?)Wiwe+wzT4-|GTU zDyH!D>L1hjPtQ>g0;lZ8JlEH;i1jDT&+%gH5KG~@hW>G*Azw;d7H#Cc5Gep9g|7PE zi-1GRu(`I(%-;~sub%c-2lyyI96E~L#`@7aHP-@(4P;CcI)x<*alzsYV{M&L!%53~ zX|*Ca2LN8?Q|n#&4vX_gmNReZWQt zj_sAEX0-*;_=bY+XU=HVo|-TuaZdP2UCyu4M41-nPWbh01Y^7OJS?ZV+^2YmRh4xX zfyQqP{9$(aRRWT0@4^1aDr!OZt6~pJEO{Wy0a9m!aswfpSazkG!*LyLq3SY>c^rUX zNg~Wj+O5E8gVSK>dxux~3O?l#MO2d}_8Ea;o*Omj+(aa_yg#F4 zyRYfWL#angg7ztE8L+ErW)%(s;^RM5K$EHOXxg#81wtl0mB>>VaL-gZ*s4bP zql{*7PQph>A>hsD+zC;lGn>vBP645k2NRg5KmgQ8Xw>fxKy*s-UjLF8t;$nl+yo-u zu$SeTeGZ6nQi`VG$TP!$xxfF8CXvr?HXY+YwPp5hMzf*iV66r+k^rIg)XSw+O%ovGSdEGu)WhaLE-@tkxVbXgskdA%;&^;`-yY$7|p`@zRnZMxe!;;)P(SO&!4*Fn3c8o18Y}ZOLJZ zCg+E1os)U&hi$Zpm>bjT>5ERUuBRu}L0WR+%)C{cA-?SeNLDezY%#NHa+Zq|xTGsk zjQ$E+>1xzsdqK6Axo*MihhN%w;%^cHoEUJ@HTNlM_W85tCfCC2;1+RhqQo|tN~yWC zC3Zq6xJmr9gSTMj+<>RZg~%2hw|4;O=uD_r;oJt!bi!4}(N9}0G|e{X)xmga9J(sP;v*fzH+ z7M|~0L9)wzG3!k;+UP$!8Df#9u~8_iKKG2YZF!hZy^}VL>%Ue=G%pkk43Zev!lq_a zUFqI5n^>})NxUH#rYOoLZ?P6Wmc6siZM%RT^w_9~3N=`d?mgd@AVbCIq)>uPH`d-m zIoYN!JYYHGdre!q3UYq5{owW;Zi`Z~_B{X?3!NUY2GxA?X1wDc8E^!cs8BwOsqY14 z;cH(FroOIR+X&l`Va>B*7u*d{b4y}GYuWE?HI*XJ;?m0DWai19?B>RsUw+D&2~8jG zcq5zIY0ZSNzWAz!U@0$501Uir4?_yz@kQ!nZia`(m2@vEo~5vJ_j*np$tANfXiiwJ z|HHg*bn1yEd#=Yzd_du#_^(g_`(T~Fnw#j~qaf^5uLHibpLSsT_x2g)Es6tsvF zs7-xfaeVT}QS-7XfXF`@{thA$0lMU*G$!M24q zo@;<(F7!TlC@J-o>b{BmAD8r4+AlS}@w9p9^!Xh}qEUbl@s0W>Ivd)DG0a`1DIw%z zKiDWjU&L0$$94`W>A%J9IJrd?Qg-kIn7;UFE+YWk_UOhUNzoktf8q@6e4rkaO&T2r z=Vk_&zQhsOhr+!}>{Mc{vHe>XztJbE-luw~`z?X%e$UOA+#&#i@8;v$p59sbS^~P( zcRo!cv}+O-uO;_>eP;7M#};-C@my5={I^?(5>Mqh(o(M#QO3i(KR4mfTh*HV4p85^VNoy2`x{d5Btg>ahUrccPyx~{t#W)Rjtt%?&kI;<82raJ*q{eYgAB8*ej z0}Q76G0I!9)u;Yb{j|wSUl-qwdvx}V!?6uj0q1(9*SP3CI^yEuY%V}>uDHbEPRTA$ zufxN`!_S|4Bs;MqLwwY<~PeE@3o~IJ)}e3yyui166|al#ga;V2eLcaZ)>`Ae6Z{(V1O+;>3v_ z6v)_vr!h^Y7g1b4T8h5EEjDQa64NYLa62ETg z1c2bBDkJe%F{&EeW!z?@MyGM2Oy)tJ1)JA`iURDxt+w^3~N2ZtHy%BGoFR{0b6K&3t zY;DHO))QS2IqdpWr?;10`y+f$Xm3yhx*4@3)K>2KPi`;#Xmplj%-#>O?`es8{~=Vv zei*&AV`4+sJc=}Jcn>>bkc#ju9oz%kzws)|RntFUk+>w5T;Mp}Rux`nlT#$wwfMtP zH+m~iK(Miu`mN)!VT%+q^_?(~IH23LS)*IMJAU|#lU-Hnh4xA#gow8k#ooW_E>76J z>%!;}@k%9>(@_tOhkM3Wo%b$m|7%S)5(DD7(E{tc&&^wEmrF}5y(HO4uJuNgs)i8A zgU1K3^ZifQtWPzwZ>5Vci?FXEGX_>UMMqhfLEeUb;tD2WixWy#yZ?kvoYQ96Y;+1K z|2gzwX!}RCFihxy2fGjVFC3U6l*ELwz{H~pKNmBp)RKUko1Hz9=66`elm-XLY)`PH>>CHZg zHq25{_ZL6M4rZ79z>Rb?ryIPk|88VZVrt-;aN+b@_N4sPGJ|E5*VOObRB^G*^cQ>m z!~h#nJf5sz*1s-CoohuURR_3L86tkJ5oMj26Ega~XX@Kq@BF?PP<|b^h&r$Z*m?SR ze3~kvv{&8WuoNvmUP`{4r)P`lM&{s@@JYxyA{~k!z<-VIyoQ)81?qg`@1n{=^Y{*+ z6XYFGi>-bt{H{TIHzcOIN{d*3y-Og&=08eXyu`aOtx4}vkHtst?x+CLOV|k%za`q5 zyU3(Ed{fb3aXv4JEef;Ek2}sDSl{jO>4dXNnomrO@uJXXZv5{n-42D9ri7E(1>iqWOH& zlIKzoe=TEw%~Zi_K&&12iTXQr3|O&4wlZV>5{JDa>}BT<{cc+OKLFIITcj~z)p@7W z)B-H7T?1bPFO^uy|LF&0`p+mK4OW%{c^iH|zaC7} zgi(YE$9}KdR|nOAnE~YEa0ptLdky*lW}=9i1+Y-J&o{D#$vj#eSbSx)ErVF>)aVBo zeoz_#|BrS5;QDs0lM@5LBTl8Akvw0`?yG{Ygu$Dea3l7ngUTG*+Q~uDLG;_3{JVz_ z9?Xg}Sr23nOgOx&>%#SG*MNkF#;yIRUyw%m$hMlI3$8L3FBi_Tv*$D2Q#D}*BK_sc zDUV~ew(~MY0`BoMVA~Qjwz7IFYggg6nU%HYAdpmI2K7N;N=h3Dd0rVFEpY-GQyvarSq52fMhoznCRos*-b&-_?D(;||gv;2G>y z3Y|SMm7F9y%BD6up{^ziGH_Dk$U^?Jx(oX4+vQDTQESimzr2XdCGJF^Jn89IH|SVj zv5s!baRoCov$4q}c`0d`&S&1w@$77eoz`2KG&VuYDJbW*!^3@#9K?9}C24I}1rxDf zC$}B=!JcPq+P6&D2ey88tnFl5P=!;ttAT+MUq1VHC&}kC^k>hfsX|To_@L{iJT?`8 z!bL;|bUB0W^k!Yv<`WRR=K^`wJSs!@Gy&qW-szD{G-voN$1qB^VuZLCNd!yUZ)DUm`yhaWH_YAMF z5Ls6Z{#;NLh$c-k{E~&aBWcB1R)z8x6bCn{t^l!jsyYZ}%exwYVU8@9Lz&QihYD@L zQZydbbK0y#41dqQ2@jw2g}hkOB(>XHs`~7W+1B-~35VDE)2yskQo}`Q2gZNR>eY$t zcbln6n^$=(osa*Le=bEp>!zT>kP6be+@3~c2CX?~dC|uOmo^fLh^q_)=B_S}?`Em{ z6|2Y?5odUE)_KRX*++jrt+v`K9a>t7E_I`-YSq?SwQ8?e zRa@-6f>u$jU8DBiB35EkwQBDKL8@v7v4arL6}|80^?QC#{?V6Lq`AiTe9v{x=e$4D zv-l)e7g<&G$5_H0_w|hqM!9fh>G*;(l`bY}%TP%JmjHCLK3HkG<=kN6M!pYNI-~gHgL+#ze z=8Chwu%!H|pL8G=70$FCjZOqiGLQrtD zH^DSqOtRFgZ$^zu$EO;W*HD44NmA5ICPMpF%5a2jh;7V8&RSNa-+f?4uj4Ze{6|sZhCBL=ZmQ}bGYrD*cQwQ1?9qtp#8{$_{9&LoL1tx= zXC}(=fS$;aAcaIaCA>@%cr44<5jOOV$CS^a*BP2syki9m>_~_B_J*L4rhE%QD!IjZ zT9<7emL}z;FTvBCAOK`&Um>#)T@X~fYc;In-HpUDS8K6=i2ktBn1ND4=dIrnX#JV( zX-@+*Y5bz454JSZxaN?p*QgjcE5HZm&$vv~3!w}=d#y*;?R9o_ zBi49-7va4I=4OJxE*SH}Kj#Vfc`m3q_TSkd(6#5l=6vrFY($@g+K0Uv5{K3xLP`}* zg6#3^%cJ7+_JWjJeNU_n*g?n8w5I3X_jM*0Iwg>C(n!=m__A8h){y_8)ZT7@@qx70 zyn5t%#}gFP!TN(;-}JnMU-7V)*RjDIJVyLr+qMyBU*v27SH1;D9F0^P!0|Id4AVa8 zsL25W!D0F9)@#=M$^Pmi4H)9bJNXrQTJ~EkTWLLb|B?{fWA~8`gWQXAh!uha3M{cm z8k5Bk?bGD2w`G=UE{j1fG2;Kzz1}k;&l0^B&Z)LI(e&T1ia+DnMGq!Toh;cN!gnEZ z4sI`e4AL7m{SR^4E^oCs68K8*29RDtB)BTiM@pavXUq@H8XcmnxFJVNT3RI<2CO~@ zzpd*8eyk>Rf9ad3AZo61KZ?)s@hJ#-;IFGFW|Yd5{9fv^_WBdGJ-Xp^S{-&%3>1uC0il=oXqT*~*D#06Df7e*`0 zlViZ3O>UUKl0TTBGVhlLKr>Jex#f(_;3M5^CsOPSt>LIQKC^ijlVUH8G zN~_N|!;g(3Pc~^?%;IFZ8eSeh+O6+nwwPJBsc)&b$Jb977fy*W?nj&La-JyQ>nvlz zxZ_F1`x06swU`>ze52u{6(^&ieMHe0C>ZxN)YgCW8F9>Vq4EGcpEQPJ$J+Yr_m1*6 zKG&zUoll0)ybm-1qRcN2g6~q1H3@x=93XoH_9dz|+Lew?y6+VZq#ll8D|Zh+oDB9+ zyt_3$Bv5K7=hpB<4Xxs>1ov-xv3BYRU+z9^=}N>wsvg=X9?@dg@ph3G&yE`MQ}@o3=u?x(zGe=Too1wvJRpdG+OT z_cWvr^1X|KRmUXoLYi6^Y841Z#eXgWLjQUlnq}2E)=bFTzHhq(Fd|=feviPa+I&)e z%bw9ZOAJ+1R^#ktS*vKr$omgQ{4xnf-m<*RHOiqB9XQJEgk_kWjPOHwCR#TF9%a)vkfZ`?aFj~BEYK^M zJoGcm)bPY_rO32b62Z&JI5cl9R42A}iJYSRy>WjQKL7~?VyQZJt-rT8P|p_D`jwzo zHm?#2u^IGyRRnRnvOZ@hVZ(|2f$Z@VHR0)~ijCpk#4UH(HcuQ+BzV8E+dP(4#(-aW z!0X4<=HV^@uKrPo6Wz*z^~F%lAil7MgZE!?SxnWTp6n68hW9;lN{^d7w5uK|`?L^V z5v?D)BZZEG}|QMO5a+II3GCM!niC@x5UGc!y<$&kB8c0kQOWf#imm z_+?C-1=WdRLh>B&;ox#|F`1*cW0K+9^ETVF0a4}Tu@DW!=MGzq)x#D5rv0DldEwr2 zCgU*6*zxg$+^tuQh(r0twBvMd`)R|K{JF!OI6yv_(E>-v;`hI)?2dk%@U#3H0j>c@ z8o3!jI*)XFSRsZpm@x;eew+fEicbqN&Hf-CoQzeO``T2oCuY=a#H-wO&;uL(x!?k6 zPV2*}8x61db<|IawK&$|Yk|Mu5VI2zOy7=qB(b=TZlppibn3AGzXrSbj&y)H3R%C1x9y9WQabh>9`PRV7AN3^k_7exw5Nr&D+zUz-YPw#xX3&X@NnXk zIRoGFoq@ePV0x8L9stdGr%hbx*hAJoJ6Sf zym$u~r$1ls{;jW1WB56gNP2mAIPU<_X)0dcs=7;EyJHI7AX456i+lf6rDy0`V^Q^U ze{**rMxA@|Z`GH^KhWtb0N5cX-sDQ+=)%<(E$(_N|FjpYrd#}dGpHc&R9lXy^{@gs z@bh6vab6|bwCY!5ZM>6*N6(Zu%o?1MYFFHj&8+0)&yQUw7z?Tx+da?m3woWTKz);B zBz%Zp!A#r2f?6FoJf!&XS?L?-F_c#Qg1?S2V=E3QR{>v1<8QW3wxZ*j+FbP@`_loq zBWs^oHMDS(c)!A$dY^3aF}Q(8hczb0NZ~MX!dNiv`5+al5Wwo~{zP^2x%~09+u6}k z6BY*MVE1^C!@X33z)+fRR*tmtWFioYaaCnSYe#D$lE7_^Y-Bzm?l66Y#Zf(vgEZ^~ zG1?MOiLk3aR^mUnRa6Q4!lH+xCXLv2!&~-zGE+nqfG2`&^7zd2?(?C;D zUwn*9p*2X}PFdg$)1;rzRkR)t)U^m6O}mHr7x~9PIk)fj`T;qA-G9&9R_&zSab0SL zs1oUPxuVCSU)Oj`P36+_hqnNz*!J>UkPNTvRcIn7xll;U&^IOENK z#Rb*eBe)`~n`Sp4B!oAa?g<0{BVgkSg53UZL&Z5lhkvPQu*#1ZH7LuoPI#}szlG!} z1e=>>R?1;|gy6t1T&}up3Y+7ujIx~IVV#Am^8F?9EV{YzZ*qEJ*Ek#nLgZNm2 zL+==gU>hmum;XU{K2=Sj0V}4z$Lz*M)HU|A!k@$;Clv)2{WIV_IX~@7Cz`Jlghvsp zrqH)6+p`{sF-w-xUxYpUqopMYTh=@Zle^hRaVJ_Y^C}R`=u)EVE1!>NucYpgs6F}>>eOo7VG5tkw zUH6T2iHswz1p(z=aJ5GaYO-4{Au0Q)+Ze*_zvee?IWG|1%SX)=1>kAr+>Y-;41cLo zy=VLp0w1>+twS$0${mJ?+#{u4?(Pk@=@iqidFi`vSUlxY65QK!pPcZ#lmhaU(^sEi zTsD9=>xLd!uGqP+0N*6GsO?OvE5>wUMT|>BqHYp#(Xk6z9jDc|`t#^vu2!sa8hkcX z-7liLt)uUoL*Vy#Y@3^~a5b?r0Y4f`5A28Ci3+?f$^9!PmIydYP&Vq`k1 zV3x`^#7a^JV1tM)gt@^OZ8?LetJzm31Qqg;$EDqO>RGX|91ZyJ&(B0wo19kCQQ#JA zQ?)b5Hu%R-0*bHLASP{a-f4I!73n+@(`|f!oJl$*^NfZND$6`; zsrRvbGvXFa0u1wc^!87ad9rYVi0jTVBptw#CbJKm^>EPU^K9MHGaM zb70(Jxf3VP+%>yIrv-koLvM=ASaMCvgNxfB!yNEw{W5LFIxqBeYOHRC)?P(VqBTR^ zJ^cz;A2BN4O6$EHi%W-%*2}ENwUGo`>p;D|3EEx&tC4@Jr2kGa09ICDaM0iOc%x$n zeH(;F<}Cri98TN7J3xDHfH`&5=cx$G*sq5CSgYhX1Fzm^c7{=~8~E#wv}QU7llqH8 zQzRhB(f;;I1bZJ-ZX3}KLg_DeXiKU_aAL=ZZVSc23?7mBCpJRi6$8z~sDma``;&+g zRaDeT2I=4`#BN5;z{Ku=^Q8Dg#kpclmk4{7jY9G9g~bL!bCF>JDPi%p)NglOxEQaZg#R*CWxf%eec7wofNuV3RqMp=)UPFW zRO*Jj9~plFRYi_*M5}FS`nL&%1AhX0zrY;wF@29a?hC)f7zs+*TN>r!1&#<_(rS!b z*8dHp=T+i=r}FL{#r@k8YDkysiET7XSt#ASqtyira|h20?fe>v;R8^s0HTu}a5ku( z@FKFx2jR#bC}D+Sr|`xVG1HUIbEcFMk*-cE=th zxnN&YuhSM=p@*A>4|qA)g){7uv8bZO^dX2(c=(5a4K##Icu7vlzv5q+9a!-42UeTR zTm#koZMXvLVW6XvG9-gzq7j;kq;6k{c}r8$QX&!yZZM(=Nx$Y!F8k*f_fR5D|Lm#) zASr_YpiNS@hj=6>CTnR^C-j|+gjMH+CeppZX5;yt`>U@a$g`zHsi7PbG*DSm(aKW&P5s~kSNmd94`50QqT@SPruTHj|8gZL-e$-!YU}MkfHpBrAF3G zIlib2xmJo5?5*hPH3auP#~9xIQpqQ{06m?ZSBx{Xh$sjLAY2KBa*?5>l7tS^ZpRmZ z#Rp)sa#ug~6%2`V5j*O89AEX=5ch@H!}BsJ?QZs}AlZKV-&a81!X#33N zkcIN;VL_t+JC{=o+>EJci6Fm6cohKt?P@$>H+20cAh9_*ZQB{9cm#wuGQK#H#T1eM zdM~kA#i9DJ*F1Wq6%wDX9g&m~KDz z9=g|VI^@kY97q##cTN{~y8jPWTwxZ~WoKuP$%&1WQ}ctf)O@xD*C2D&D79SPA5Mvp6TrMzxp=?^K=zo z4YFROP#J?sk_w4@6RX&_0L|E$r94k`NoUs`ZU%z%sfEiQI{y9)c{ zhv|+j?Q|u#iF$DfCGromMDO5JrIh&GroU;X}~(z<75wgCS!M# zo-_$(--Cp%ffv;?v?w}kkiONM)S7*`uXw~Do0U6nsiKwjzSo0!ry`JTTgze_9|sR5YpbL2j1ul%w7PTG=E4&{n&5t3z&{hx>1*#VG_i! zxv2SZ9qL^*Wpm6;vEOR=NnG4n2z%G%e?#)1a2T@~nAfs@bZIENuk^8&De%B%buP`# zBb(1NmeWA@MXw<Ac4A_h_P-Gj0I2vN!dIKr?OCfmuDBJ6&H zFi(V7G!R?bxbeMB$n+VvqQ`e|ZnAPLV?}4W6z-OxD*YT?w|;it=Lyh$tbiWq0{D2M z4&&f5RME4y^{AUAh*CwBZ$2H3Z0X`K#B>GoPS&fba@`U9dK~#WtEyHNR zx|l8bcA<3=d{+DM@1*;JT2AGtLExcadik=(6z@nDK>HG&E}8g2hwptyK>Arw`Rr&2 zLWK1JUlNC93l&K&H{3jNo!?FivTzf#_(hz7bm za}M+h=Xjz{;W<|~v^2iN#KCcGLcFdxW_3}uY>3FpfZ@MEjs?I#uTK7(R6d*0f6|d^ z*|LQi`ESJSl-p@ZbWB1eHT&XCjec$I1ht{)R`M~VHJC{2uyWnDh`Z_*QiF_YOCNuM z)kCt%L8U$kna0)J(`QY)pi?l*Zeo)_mv3*u2pSFL=S4w}^I;08FJ!h&6Z&UjU_eVx3-;ZP)>%YxGJlAOe_vf#8C z4f(VWc83Fc3?^aM4Qt$BW?)AI6K({hDLRYq=WZU%h`qn^b$kGSJvKX?m>bxp3FERQ3H>b_6pz$IEg_n-w4eL%WN#ua^S#69JFr zM%PNVsQ8Gxy0iA@1Cq@1mTUWROVa`Cp1HH~iA1-yX*@g8*2mN0A_lnemoCLoRoQ&k z?JKpR{>4!mdLUP_U6tUvCrWl~a;FJx6@}1Z(0ms_AM=Ro^(tsXkJPMeL+n;)LpOe)~ z{)$aPrI9oKDuCPt4KrOIP9-R9cuff}JSFFQER82=3Qa=m_4FXgYvT$Ma`hHzwF=^j z!SZw3Y9v+{|JGfv$OiyZ=A7)*AOt|1V@-?Vw>}c)8Wn|A zoc}Qc(RB0oEdG7?hXDRoAg`Tn*=VBZhHjg`YP(a?vJRXHF$4d5RjE?^oxs(LCtp1$ zCnt-_N9=&*tX>~z?->8B`9%ASvQ>*P4r}VBNX>uG<>2b}2@8^&pJ;3WME`p`UO$ZW z&TPc5Mpn)4>g;qBLwuPTjr?VR)D@6!2VD5We*8oWTwU#)IDFV;oLqt_y6jZ^LK~oS z+6eaC263EPp1?T)$0b$`?|TSmVPL_Qli_ z9=h$CY$s3#7!@%r8Uoy`5_5otdeMY}l7=tYcXSkM@F;v>dpoEgN!f=7b1SMg!4d@K zP-*Al0G|O$z7t5hWIApmgLzY6BU^YJ{`5bs6yPlS|BF4*a5Jg@3AfFNmT|Sk9e6GD zCW=EzPmCJIw_U1xd<6Fw4~y2B=nIG(w$`uDMTBk^DTcYtc;tFQ2K ztRELUcXU`92^IKzE6AAuV@I{~X7SnDFqnaDf&&2e* zJ$16@q%s^47v=q3EFwpizkb^A0QgF8@^^oZx>h!e`|hp9@&bu;43N3UB0RH%>im2o z;>g070LdIk;&B7)_&lKj5Qp^mT_Lm8I?r|PC|O<`AZw}st-4jvOb;i*Zyn&G%dh0y zufIhh=}JA;Ftbr)ou-BVwg0fn zHIZ|=>`>0>y9*HDuoB0@*>{?_Bb<`zJ65j-KL^Ynn+bsPi}26cdUL?uZ_c7r;8eE^ zvYK63MgqIcj%Y(=;Md^3gy$oCqfIDi3mBkmp#~|nt!AOxgW55$D-fdA`Iu84Id9;5 zNhLA_UlP5C=Ww!nU(6+}^_5OjtbZ2|-!p)`t!Ft?5|j#*wNbO%Xz(IAu2u{b0S#EI zCa}kTGGIRvgh7lR`zqHhh_8v{OeB}RHht$DJ4^cnj+#pR;v3BG1F1kX0!pCWr1H~T z60`~wTqxfnZw!o)OUJlQaxn^-Zg&11z(Aj%q(J;h4K<3X?y5(wr`(;_2l73BM7LAr ziN*OcYCB1tfh(pe0k*J*tEpOm^lZ=h!RX^I;QNliN+glvrO$8%8qbpL@ zoqsg3hEZ@B8_3jJ=!DL@V*HK=KD+rAH^-(M&WF7NYAqNN4BFcr>*CsQQzCDjH4Eo8 z6Q}fA>$7{;a+--Pwpr^bMk_*CW5f$@b4f_!3b}BpX1N{A6q|XZcJBQeJ+z zk|w01FZOxGV@2*-#Ygaj)%h=To%_^}#M0hu#|O=*mW+xtnm!1b`7_}l3)nCoPBi%| z<B+Z4yQgyOP|d|lf1;7Q z&=4=u8naN@tL`cILzD~gg$n!D1?16pwSj@AGZi=|%-!@^;3@A`9lnX^I_-vL7oOZ* zegw=IkoU3mdc3%c)mN+eS-5THthcr68pW@pt5fFj!~(?}t~S>QwHVv^FKZA|-T`O3 zZF0G=u+isblRoFTZf70uvkHs7ggBOTb@q?bS_XN{VjKeodkX01oNcLp)x^DLw94QI z$qQWJYiiBg?oRN7dZUBr<9Wvc=Jo4yv`NG?k4$Z!nNAsS9A~a?kM}V!0rsy459%39 z5P0CQ`82+$T5@(8yruHfDnniNwv&<*1$(7*US8v_@KXXZ6LNb%E$Im9!K96MI%^BJNZ~?{@Hg(q2BIyZ1i7BQuA#nR*eM z=WZMzW=wXq4fP4O&lJjtSn;1}qFa7xy6333u8tw{7=G%;_OWuI0gIW5bGM(N7n)Y_Yi0rdYt??1+X1A(@lP&q^r zAWPb!pOHP#x|%wH_)>P|?u$X&Ej0~)Q!7B%SE7`j*c8Fcla}srD`DcpFIVa>1lK#K zRhr@y=kJFFie`xsYwlt$z}kLb*SM#O27GV<6*F9vg0L(Y2Qx{+X@G?QHu^{|;Nm9L z&QbMYX}L?Q=@aPuY=g2&bK&YY9st6AxhiBvt=)FklY0B8|36}&VRQX&DU|K%ir?Qh z(#O(?Y|eyCn76Wq&Zl`U9f*%TRcJ2Y5`yF&=$!?+MX)g^P)|y^AIYxn~|tymp6?EjyC zdC{rwt+E?ig1Jz)BV42y@H>tu@4kPFqxqRpH`!)8my8jt^m8wdM67i-y2E%NV?c?G z>?_n~!1cGTEd0LW$1C=QZ)rdgkgI>Vm8V_Zw}Df4SE#z1Y*;=->q%#W&?=gkNi)_h zcvL&k3GD|I^6&aJ|5il9oCjLO@S!Mh7t(Y9h?=M6T0`WqqB`k92(#~`n-NEtP7IOX z&hdoVW}CQmQa334Kj%zN{ceP1`HtIJfIG%&ZExOza3l((*6HH@Kn}BdP>Y#wB)cu7 zlin&WVX9jq&+zF}p{%nzyeX#0-R5%C5n#V?0rv*jR%LGvmBSVn^G-o{z_NGPHopp% zl5b5DoaOqE|F78K(au`&S2mTTQ-CCc-bAQrT6*$t;F0zIkxVi2ZK?;?TbBRwmo?x! zQL~Nyz@iKR)%EF1a$6?`7Ix+wdGP{&@~?V)(05;7HL%LhBH3Cud2CqVXE3MXb zRR1c?C6il=Ze4|EW$2rW$6Nh*>wzf#_AB2r8CL9FbhH#@U#aXEOio1xsHtyx*b=PS zPEUj?Vh3 z3z3T}@k@%_Bjwp4eG9T4t4k*24?V3TgSc++0&W2c#d17iYkz~(&w3N^gb(}lHx1&efF8_nyi#_;U$YVb`1in( z-!6sni|bf5{+?c*B;fGPyC$7(eyNKUSF|b-D`MPZ>_G@0Bv?!rDB@^x&I>-CFFeEfY0Ufu&3@XoM>OVkCG#M~iotV6o>Myy_4K78>}T=S;&F+XM+ z(m=9_xCG)#Z2pcY+!vw$+gn9kx0xlE2|*0K%Nx>_h3(eV@aq>xf3Y`eA)T7iQY4I3 z`u+6}qFZCd%|DKbyuv2)DMv`>xEk4>{BDw)-Gu~+)2B)=2hSE9Stct z>`2olX%l+q+$I|qtGwH4Da_GN4CnjN3lA_BW8nPxy~JMl;y)*@C5Mv~^CP*!W$2C#O*R<9|)-ORnXT15$>$YW5|E0O}24m|Z~{cqu2-0zbfH+n^?Dqu=i*wlUW zL$gcfDXvvjB9*&Q=@@=HXWV{z3<;~|b2hDUoc-`Q;x4KbC^&>VL?lnYl$o#uNk%~x z2WaAFytdh)gueW$EY-TL!>&UW7hV2tD)dr4Y7YzLjRFa(H8boMJhp-FB^$Olx_sLc zqs`-dqqUSEQD3l>Zm7A#c}rPBe|_QEnonN%p4d%`JdR~tUoKSE%u+86(~zqKGI@|>HqLk1{1Bxqh+B$o^|n05dC!gUhaY+Z{}T58 zQ`Y1*(zgPmQWZ?|&PFolu7oxkLL?L!q>de{6E9HDt+$xE zPUxsucMIT4KK;5hg3E3l)f@g&$+?4FUm$R}>d+1x9xuN|dz~rZ){&oAq~I7?6#&-I zJYYj;`FNf65NpabQ~Z!vkmsb9rPBw zsyUoHeX(1EF^@3bEgebU1J`&zEcT7?5g8itz@=S2Jy-A~=43%2Xt)u=fMC|=5?5A= zys~R?yqn&HqoV+w^(gm^L_#g70^pzcL&)LMN*d^{;=VUETDWA305c`0T{L}uAb43h zpA3rx&3~>x(noDe8%}E-9`*R&nKOVkGsKsCGS!DPF2Enjw5beY@t&i*uiaSk&tFWa z@N-ui+DmLjA~_e3Llo1w^f2dPwnt*m&_><0uT+j#v;1m%c5SDmOb+pj4Ff8xMH|zC z0h3N}FA*%50&Rg2G*|zVE1sL=5c*|ox#9tucEGz~n{$A!pCmhGc!+G=sj};UA&#Tf zQ=1+sh}q6vxLRY7Fy6Xg(@@z~-^?Zk@8sv4@PA<#1P%t$1^)+Q2o;rf*%VZ!6l>i- zg?+i@nl|Leo20>$ff;Owj2rX*+zI9)$MvXydls>jfzfKF6nr1}+4-U}&hspryK=1& zOtUcEr540Xe>!c}Iu|r-P{CbeMfFLB8q+F@Qw3<`zA7R}TA=QO9xH!Ri<#!V8@JvU zWb6kV66ZvFg$OBLzpXELHJ3t4ztrMg)?F5QpE>purwC%MORDKR`?uWO+;)k+t)z%q z?(5Mk+Jq;ne|~dEa0dzidlcxgpz$9xoRE#`kc8_v#yv z?I=W-i}8czK`{ITFL-r!^2?TLe`XosPveCW%CaV9Z($D2!h2ckUl*1eb@T6B(1Unz z*?#IQVabyp(C`mnlf$+h4CKx<=yh#MLSbLis(e(j&l#+f?#EWf%<*K+E3)-a6dZ_& z55Y#h3VkwniHQnuDWGe$o)~2zNsjagQu}YOc}gZ$fBW>Q&Rp8;?C%@Qa#Q1~MnCTX z)6EYaIGemalHP`v4{C&JVs`Nxb)t zpCvQ1&^D*$N0OM)5AmaoKYG(Q{1XmOq_o>~3I=;mFiZeHf%%Ipb0?wUV$}OPx`b)V zfUnJ4Hn*2F*jYZwFi34|It0JHk&{;Y?o;uVX5YF6<}_~=Ptw>m--F-R!s=XEG9iB? zOz*r)obp?Q9%-&Nay}&i%3l_Zly*0+iv=_tz#QiMNyO&1cl24$HuXboB4>O&?B@W=-fPfV zia$#Pd)_91RI6pzNF_@gc0yR7hDD=(0c3ulUS+1;%>oS|c(w`>SM-(IE^ zsh%#t#MOquixfM^YR!UIpO^6J(u0PnRAUkX?tvuPO6s*ufItw|@7rJ@A0+Q*G5$E9 z;T_eDm2lk7&RXV3aD^75lL2htdrXYbGewb4Z!q>Hlb))uu@P?EU_4tVg=4)+*Ll{T zDyjm%i_X-7N$aUOxV!xM z(L=K)0}kyoaEF)ke>5(*$#~{F3uH-5n3ahwd%h_bLV3BYsz7f&v6ba|^U#wF3k+Hv4s85nOK(rNY&D|Oh6Yh$~rVoh_m4vAiv zs}<|M{$9lMkT$P<&Y%kJ*%$q?;=zh6D-=d5AB?T<{Awr;5O_l0OhlRaay_NprZ`$0 zm3xnhO!@c&&@2C7uCt+-47)#myaeriubF?YjPcL?l*UW`9w#H$awsP#%n)`?(ECSP zX}m|Qz&TqH&;CBfZ?}(mpJ&?XG#j7i{pXzMX1LSsh?ct~i?{OScRJDCEvDXQ6tfZl7c9PC>o#x=S;>UYE)i{P<=K@q=7EIk(QR;0j=P^k1;|Uxhc4gm`1Z% z?G8(>U;6rG_58Lv59{qu5q@1pbS&?Gb!ap)4<2TB|ERq%TS_S`9Pm-o?DIU_pI&3| ze*9S@W@22BOLSslp*YHS_7z0z-d^wXC=#kZ-2s*!nEa3%a8rR^sjV=4SXg8- zW}`@E1X)DEzx6yZ@j?qcOKnEh;_-7I5nm{jilf>pA_#@kFMB>qRicK3Ui_KD_Eh@n zXG6BgIovnPjka*!!vMi2^t=y1ztqgwxA(k7J@DrmHktZ_v7g%~PWB#r4?lR{u+Dp% z^6ivnVX9ja@xH+wXKY`}ReYDr<^}2&ZvX9TrCqJOaunZv2x?=O!jfK`L;G!CTksZp zv<>Y&kSh$AFMNerx2ir?ky>q)W^^Pngns(;seti=iNb+E(*akX)FnSkMBsSI$1sp8 z;<{XN;59)Z3Q&~j#K(*US{qL<-?>YC=M$q+*8L3cQ7EQ;dNraJxG|FG%KQ66l9T4L z7bmjtLQ%cR+9+&!inv!s_u|u>a_Ys)THcHOa<4SmO2#nrix{Ut)Fq86U-R=~hWg)2 zZ5V~Ke@9b#I*RfctbZNsCoT?tye6H?d4AL``rt*Gm5}zQd1+}sZYuLH3QnGC>@?iq zaJT4pV%OEM45PE${fMlGqF`z+UQ4BO42*6s7lyld%AlxlN!MqW>|5KBk9z$LjT>B@ zU%Z+46UrwuExsr7?Zk|6@76kKDlcEn$?39Vm&&aj zU`~>2i_f!LhfIpgL;4(U6~aTArR6qO(*5SgxA(f4k5p4Db+)g?6B8H;4Omvw+E=b3 zaL2sbjJ>R39au(WVLa7UmDaiIsfU@x)JzSLn0GDkFw* z0JjsVWYxNSi0|56sY}{zyPtiYxlxw9t!xe3Ri#&F&g|75S~ZNn_xb%U(C9+es{o`x zA*D?P`$gqlg=d#R7!wyds})pSpuxD~U;!nJR(;&}4Z77$2g>_F$>NdJWlf!1-q#4l%Pw#^E(m(#5xr8N zJneUl6L7TQX9{bJ@)|tr(*&tB`*UKzg~=%8l&Gj|%QXOhLo$TW$7MZHD{*pAWv(=u zLbmdFOd#*z7HTn;c2-t{O`K1wseLfpTji=H&N8Ai7jT^EFPCShl^HoJ46E&oJ2v^3 zQEo4cer&o|H@RbeLj=GbxtISqaQ*0o5r-<9{G_iULxO|u{kR#q$+P*1nd!sqncp`? z4Fg4vru70fz7_1{q}--SnIy6)C*FLDO#7PP4=guM&UrZ@)IVa+7UQxS8g4?6npqXj zR4CnUelejh8xih$9x1jDN7N&n6|bXWd)(%8lkQbs#24Ufht8)cR%`xdQe^Mut3qG^`UutgOeIGh`-sdOL6tY2Lms05LMfvBM#mO~+(hNR(e0<9k zCE<}oFkIPuf=A<$20k9@jW*@SB?;`#Pa6G{g-8En%(P?qEORxbW#e?s9vXw5Nwe(E z)c0K1x%=dGkWj%L0q(QWQ-$wLERYLwe#o65Gym(XQwH?r1S0cuuj&OLF_pxc--+Ndkp- zL!E|(@$`bDQi{F4XWuaH?4aKzOzduG0VX&y@k5m!_q#oh%IH1K%XzH%_vV*v&F1@C zS9|Z=W_ic*F0sziF{F9?eFyTbQsU-~fCrD-t1_MPHR-N%UzG{tR;|^zv>d?Hy;0BD z{5|%p&#&NLkEDI$LwkD@$}2Vq1(*CUKo-s@R`*`m8`y2AUeM>pgwW4mgGcZBT%$kw z!}}foJUX%V62GeVWYb6f`QeoMVekBF_j@Cgqd+A+y=_xJm~?>zg1bfh<0b<}x`gkx zv#wx@^8)_;IYHBgrd_sOeyQ~?pH0>4P1h1Myqs3GxJ~*-W?#5TCrZ@ZM1(6aMq!4Y ztVh4ip|g5rZ+RcuYuoBLnrsT$CpGRqe@+nWZdG9PedA7NV!t5%HonY%TS1K^WsMoO zJnt!AZ(Ny|A;3$Um`Hs4B^sN6ZZ7sxiMwCAw*8!QUgViR{f>?C!{};RV{ew1g5vaF zSZ)J9I+qmRl+s)WUTRlGKVBP|`=mH1s$>#){2(|@Si(VYA>IvXugP&^g$m#(eERWY zx-2*+E9ZLw+7Ua6(4Gi!d0nRKZNie{<=wZ&zcSS#e4*16J^9M;6V5rkNZ_4Trshfd z&kybDt9mMbC`EPH|||^9pXZ>ERIFLSP+|$rQsaS-x~Jmx-+od z)7VcpWJhdltA4sP@_akWo@S&}-iTpmQ8`&0BJJq;~awRWQr1n3AydI%)(Y}&#hoN@vE4F9$7menm z@Sg)G)9dfSB^rUX>b57+{w%R;QP1Vp6hB>ZXrt+CXo?GBX`$n7XMV@{w3>qRYAxfO z8zqOGYU|X23NjPbhuhm3FJ8!fr;rT&#}YKYvn6ie>s)xZ_svTj8&i$vP;!*I$RhmZ ze$in6L9vkE%w7FC!T@dVez|w+`@5h{xqB~OT;hzA1n-xOOBAb1G6U-r!IXW~ok>C> zLdpzd{7{V$CPMUQ`3ZWl)UkNmWAEg1JCF`akJ?o`b&m8mRy+KT*A@6g-sHS~Gjz8x z7rZHu5~T1!ooIkHkA||C&FWn4E`@&1O zEOz{0JNnC-4R-^zo1{YBXuYHUE~CvrLxgayWiC>%0N5-0epn&wCBQf6eFSpsQ^)S# zHMmVjV^CIPk^r|Y_RH3Pd0$l6LhqlR=pV1=zX|PVx^*~2Cf+fX3OKxQy!e3T`_i+k zMhS{ycKVm;^;@f?1brCxYBBETw>;u^)g!fdEyAdVYx`)rER5DL`U8iq46cLxJbZJY!7w4=u)^fZcmZnD-lwc1tfzOL2XUf~)~>eQE+xAWN*(rjNvRh9`g zf>^yWUx0N#Ra0MBb@CD|7#P*Tw5A9$GK{9VbH;oPs9WoAjq5T0spF&E-6#{-dOctN zXXsBerB_@?8*jt)LWrC}37eQ+yLsO?9-24aAcf3uBxRo5hp%P5xbJWWE~Vtqnh5Z! zTI>AfKRSZ?xN@rjX* zXtDZu&pcL(x3`SGm90l~(%qw=af|-p`3Sh)+%b@NuMKbMc2JMuGMQ#{?vid5WSzbkO-K!NQB!@K_%(OrZEDl^xofSsWmgd zrpu_iW*n{3G?7-XiHk$8SFeYd40||7$B|ytyJ`NJH{Ip*1=wBI-e(a!rypTlXv5R47Y5)kEM(E^`AWWu!iYP z;TbaVWTX^ z4b$|kezxp1+Pd+4{w+FDspo1`(ase=Tr9N46r|`91JbAF7!z`8NBDG)nBr2Edg!KA zM`>H<33~>d!hG-nM)LDzt#M*@?HSnXAH_*C-zQCFMw7{#E^Ub-&%yroH|N!fGY8*% zkGz!1p3bWdkfRy&j}g(!cT=99bXdOKna?KPn(Kb-`#n(B`%Io3|6IY)U^~cN3ls41 z2|~x-xrOhWaI#}V_ix@*&&cWv-_&vV{$-+Rx!zxl_8oolVR)*N%p@%@aktjcNo>6Y|TzXzkq z6tl6iw*PFy>wO>&4S8i>|GDyeNvc7<1_mj86eoH|J*L_Rx#kHJ#kFL=rRg+^&6Y@L z7{_qj*7!N?3m#AmtarOA7$Im zRIom$Mjg_(=M|SFFP5>T%vgxxZls>l8zhNdEXKofEi*ToE(@zUKABx$Y%P&@tdofN zQc8-?n0av}ki%%x{fNKLjk6({m&D7f>@<1P* z|58H6q4r)#-FMnN-$1+S!GIOXwDGF!uj9Q&boN~+64J6Rw(!s}+0oFR)MPj4Wn6Ij zi_EZ6mrlWa1PiHvwl|i=FCy_|jLs#dwEBa=Hte11;`ed6l54_j+kpmhwjK#xV^r0f zLgK;FuMQchknfX62Mi;=(6u7%_`Qc?#{SF|>{(O_=cr!2GsXR1Ub~tN4rWs)O!DJG zglSNh%#Derddt2-!E$FZ3AFKY`%Bm6n0U8iXgg;Z>l z`rertFE`ya%klHVD_XxXMz19%DE-(P-PG5nY+HR-t8AG-Ki(^*HEglOZ}Sed#Q7ce z6v47R5Fnac+1UHl(FevH+)n3GEb`dVHeu7x5qZRCI-RG6pRt{|xwLC@nk~=s7jPjrfWnSGu#Z#P{sV=8Zyzs#?aVR(g$wJKD6_cBeJV z^Nt#HzIsl=CYm_nVV^s?V+R&3W(~{{YRl1Hj4rJ%RA^gIRd@@qY>v8{i<<>-*;QR1 z%SwplE&RY6>mTVkW&I^SnWhmq4D)o9Jv?OX#UqQ*1Gg5C)H z*wmUfDakG(hL8<55peHYBby;jZ>d?)kN9Q}DhIy)?yc_p*cdr(&)A8jaCU%I@G&_d zHFeHY8bz$2Wa9>QVi#uX-&`Z#1!##0@z3jlC}4SyNYLQrkKlHlAV^4S7{yeh4&0~_D~jpqr55%Dw(BcHUz_C#GZRHd03&j*X77HcU7w~=WF!cPTd$~cJF=Jz)!;1ZHg4iXi_pDZ8 zOlp4>;j%$_R*&L-(S8h>`f&=~>o#DB%`<0U>s;Wfn#O(Ry2o-db(~`Ude7{Lf5fwc zD!F#q0{T2_x00ldr_F$Ftkw`0tliMpRs*?pQasJ9mByjYz1a@2MYSwN_ivQs zVggiwZYaAtJ(edt`et0rfuZHzZVV>9Avk{cd+p;~zS($mI?s9Qd4b1RQAxexpD$R(aWq#@jgt?wdxe@Dt<(3>ZZ7jk zg%S;M{dUVJTT><0=68Z?IxmM_!@C2;>rbTG7Z8bnhE4p-L~*Hznz|X_x7%|)xB)H6 zZ7GM0Psd$Wt#2-@_*$2@azB_+xH`zKH?PTlgeb!(4%RAKskuLhYQIkTC}@3v zX1Zo7Fh-M8_Lsca*Dt7!Jc~=XkhJrPA5@HWQ?VAL#tZCgchPHj&|k+9_Io@qkdmJG zv^KDdv&vz`43KjGYqq<-HU=nyVaHA$c65#Q$3!9*>$Y}GGs+S@P7J5cLg(3B$(HK| zbIqmwCZFe^1;wha#8+R^LBM^6cjr1IXs0w1f&#DRB4{P7Zapedh3~Z^TsJ@qTUunG zVZKntqB3oK)6j@TB|xM+2+`M?Mh4y#%V&Vc0tKPDl}n^wia!BC&~9AVRg)yrWPJr; zb}pZP$oNX6w|}_g$kJbNG2cG_#i^$xFg{!Dg3>8+hG$f?smjQHWIVA}g-$r=w$B2n zP}=#x4{G9y3K0OCNxRu5(T|p!#VOGBZ51H|`h8IMz{-jPL`4!ZP%N`IAR%0HJ8gEl zGt*km0$$2H#I70~q*b+@FoMS@(?IJtO5GCsd+U7ivhpwOirxF>G}YMC_RAh&oAdgu z%xv8>I2op3Urwj*@w(YPmJUU0QCp*EXQrcTJYKINovxbBV@#5@JznZdM(t*XnPeCI3xbN^&{2qrFXUqIf|EwGsZczuQfr z43OE$1-`&QMD%vD)4~FII6YoNV4!P!@u3S(=xR?^NPrCmc+a@uD7p#_zM(&D&}%$h zFS)!$Muv`y3#(NoR2M;B(qrZ3`m)OYkfBh!b|@Xx_>Z2#KS#y6l!tG3#NAzZmy6ex}1k@w}3-l80`taVO+cW}CDddP=Ed$;bBdn_&&J zB!GF4#AUK<)D7Eva2IBY^xQjsNa^Ub^Af&=n@?lkNR&$~d24EF+HyS};o*7ZPudoH zo>I5v>MU)+Eld!o|NO24;h(>2J~DELPvSZ{gWIqBxI~Db^~Sa>iiO<|ufGo(-+4P^ zST!z7LE_Vu0U8<_Uf!kF%a;iHOVmEjn_OM1igS2aDn%^J zDhMOvbj#^*5v|AtPK;%+_|nQtYtCeFlXbuv&RzH3G>_k@f!_{e;Rga32}pcLXG-Sz zmwq2`!LeLoNi74Z=y@d*<+Ypd96;t-)taG&dx$)MzqVb7-T`cRk?#If;j+T_`mTAf zTAguBh!hcqxUb5T7S2z%zx;G_$W-!s7yjp4EomTiZw;O5{RtF~;M;zI9~n?b^}ZP` zz=9s$5tdISo?ZHUBUxRLQM^KFbQ66bBT7xHdYQQanQK!dDbwF!m#?vbpFagRElPg~ z)}s*kY!sNC>~12M`H%VPPcOED;lFwi)9BY|+3$j>$Qp8(mztzaMr=i$Y?0lWk-1-U z;Ei{4a?At&mB23H`!j6?*a&hVf2`1uHe(v&6?yjGj~1CGPxo=&qdk$|KE)aB`x; z8Ma3m!29fo<}#S0AEyT^IjM^@R1jw_RN~QJX1$(NJUs}0CJT8mU?MS@8^*^L%SiH- zW^N=ShQAJlj*k6Yvw!Zmy0OLg31J&^ql3etMu7Xt@yzAU-n92!Ux}VwOgBS6rO60; z2H;Qy>$L{Z)6hgTvjZ+0Ev~R{Dk35p7NviH|5RgsP++zr)m%3GI>Jj7HJ6U~#d_@V znwOp}n@lF!tK5`6oClTG;^*|ziM#6_CPHnl`Fd!uOwyGQ`!mF1*a_d+!&Q3PT*5Ka zCr&frJ{1aai(hBEPB^M^HA)jGOjBG(tTU}s#nwOl%+=c~yfCDB{JGvUC_5QjN_PMa zi-el~%#-8pnj7@V2lh64J~q%er5ZZwr&(zc+|K6g>KGPjF;|~lMHw)xzrqOPt2o83 zbJ0-m2=X(@D`Dl7R8s|O`(6oXN7@Qc@ZjTrO)5@hRH|~Q-7y;dtgoI_^b&z>XaxSP5ol2(7oX9cfEO_Fa=h^>b6UHWznb!BfvLtnmgph z8&q^BdCIVKcpMKI#Da+V1kcv$K;!|6!(1YySOY=^_hNIc&k7du$a-@KnFN=~{C{*a-mJ0w?9TAVxFXlNw%lkv85rY5^0 zP`;%I*;n`so<;>>B>Nv(iiQWY3&4jP9UU&*sJ=-0)wHrImpxHQ;d)zD3Z{N^>9AyT z_ylk|kkVT~_>PuJTgqqMsYyYBE@FV&s`D5*x8^6HplL&RS8~mbKCQpx>yS28Tc-d* zMtE)u#Z$wMn#X!0^u%un+n)plhRRAX2e@*}mx?D)Oib&f<0|+Na8Nx0%EU_Q>Cxs+ z5k`RXu@<(ezhJ)74HC@SS@NXo7L_oiBlj(ww+nkjb;YEnw!aKZT;O{ROjh+NeVcgMY*?76Z0e&; zZ0DPkYTYB+y_TJq4{$(zspZwnOpL|7KXd{EGqEq}7nbp`g4{&3MlxFc2k%BQ*Jn zv;$J(UAp$(8n;QpKt7OwAC;)3=+jn!vXusL_Lf|7ZsC^ z9IfI$EJMD^|C}sJw-w*V%2Db>KO=>h0*CZrYe&Vq#?<)TQ*BDj_?34El(DM8p?O2! zn*S>zW6eoN7tf_=Ih;ii);fA>rYrTJL5&8o5wGL5q5M7jR(`WLF*XKa!n9bfG3Jxt zr(R{*aje5{u`ymLtF{U;sBqfAe(UH1j=tijfC7HBRjx}B29giWp$wEpR)7OW2h=roTDC8OTvoup z_ZR6Im1_2k=Iwdtp4%+B1gI~obZdCyLD;0?scwX$YW*om15nC_zIYyPP2&^0!W^hho%x?z`O^mx zoaM)=`L;%bto9ZNW+W>Ngv<}jA1rbVN+rlQSWm=Baxkq(vNy@Y!o zM_zk3LYccq#|`)M_vdsWeEjnuKtLS)!iV`3rs`fy9uEmELBI>q`Z%itS=-?@m=Wp~ z;78}HAD7}|&DDg&k75VPMU5Nn!F_hFCSSdw!^4Qf&#S4(ja&#+ZH7RLFN_R){8g%SW3tC2YQ}zTZwDe{@~-E2j~@F-SP@DE0%nk|-sO@o>A)UX$NHRbHCo`s9cf zbg{L2bCs%3pAy7EEo)AA)`NOF5n*Aopt)`HO28K2uro_(q^U2>rU)6YBK#MDd*{Lzxnbq2s%!?Zi$i9MRXUa zlw-R)oNo&E&1WD<$H(+8#ll>y$oM~;LLosiN9%Z4xOlNCI|u1|j$|ICd6c!>klV8r z%tdhouOo0nmZrsNp=SrnqBsiW81w`)BLwrgU7n4h%%eX>V5UeF?hF zoR_+RBAfN&_L`^PP>LVsaG-Lxu1e|V5sZi7NGZ9pbO6F=Nf)lsf)RE1n^Rg)1<0@S zy-NRTA48sDp$_)G6W_{2Utzglws>w`|FBiB@w%~#*T+;=AP7IlRiBC@`)i-=N?hg{ zPgT_e!`7BUn8GtSMahwjjt<{4$@iGvZ;FkdcK`fXx$xh&}EYeLx?6IZ<{H+g~E z!n*!TWl@J15hqAbr?*t8m+9r!fzvV%FEr+}-i!BJQ^#A*;_F|FvxL#R%bM*MZCK?# zy_xG5Cee@FGEq;cqO6`^ue@dp7c7Dmn;YoNSC17HwB2U7 zSzqOyMEQcw#^fySschmgouMZ$g^6OO?t2>ym83pt)g7UpzHi?9v?sJNIj&dqSMJBj zC7MZ?P71SH8~Z!x^FgsCm*5x^VmHLR%INgcVQJ*)-R& zyXafy&9?wg`H)rXj90w)lPCP|;^NF67XWY-k>92~74-G=RJ;6k=V=6H^I}Q0Np5@& zzKA1TSqeeaKC540?XxKCOeU#X_Yq1ZtR4T}KG_>KVKQQEU;JimO*?PPc?;iYOFEM- zwE@r1&yR_98rw{k`4z^+?fmZhyzN&0$Lg&0#kfOtb*m@j_B*;%K1(HL=BYwiMKQ{P zfNj(tq^!i4ub!P)^ET0&GIh6ChbWiO;rw*^Rc0Pzk1D>Xt^sgz04u2e9gHNJIhw5=W)cA}c5!&v5<=b?p z8!((CaBb(9HbEeh!OM@4!F>7Q!4(A;9GmzdIXJ>1Ve0#v3cZ1*|6e%^O8l{{@Qb`D zj*(FNHwJ^sYN-v$mY^aj8LJ0|P6r-i1>?x4s+9b5IKH9EK1+`#Ukuh%qMaLYZDngU zQU_A{3>vpSv_}?VVdGn_(qNJck-GkcQ5L*X@6;2z?jjUYpU^&6FNHD}D~U81fgh;w zOKJ@31)X#k;_i$f5DN+ycs?jW%OKy~BT>UIU(4Y9t8&fNi)g)%G+-;)qIvG>2y(J` zki1~Y+=sN(@DbM@?2a=>=?wDhx^%r7Yk2H&>8QCUIxe%AI60M~zFQ(A{a~#i;rJ$y z_h!ck&$4a00w%gQTVXE#6#h5?JZoFD;PYK|m>-NIX~zg7De0Mv7?`_6&1#kMG}vd( zKmWyY1{P&$P5>9S+$KDY?!O6gKj&_|LhY%j^p`1bRlIE*6}b->3^rL2R_+9TRItzp9`5~C$#p{OYz(-z3<;~R`Nd?;fRZJ zW7y76;yyEi0koP1uht2GTZCXM`8P0#p{dwpaLB-Dvyp?v``hDP{gON)&%4?k%1;;k z1!$gVZ)#T+TwqrVr=%-vXym}KO*?9wOF7;bKp`=0?I;p;Jm;{eMfgFzo{usZN&l&n$M&@dDmag*XGIRw6_5OUIHJ1&FWF*aiyuz}tr zfA^gVZSSk^AFb*ZXQ&K&NJ-KrW6<%NVSMh==;fLHuZwwnVcxvBeDMuEgt3q%yMP}g zHh>x)KDxtFOy^3x$hOUUCcN2euxbp9re*&L*P<;~)5H=sVRR)A_B;xNvZVh&8x#%8`w(|KxA~_Ue{XIRNSbxKtXTAyaF)Bh@>QM;r6gfP$*PXUi2>3EafHXgg z>G9;!qn*YrbD|s@43(|(92t8aI124$eg*1q^^nfpsc3eo8 zj5n^T-io5!-flqV{3#jbn}9fv+x*p&ANYiOuPMK7-q;a;k9>-9DRCEmkwlVvp#b9d zUNz&j-uiLa8OHLucx;ReD}7@8!JdyN2&l_TgW9xKa_LulvKe5hzc$CxY>DtGdhl${ zlT5#edKrkD#Ce$WVyKxDJs9&bwm@xZEf-eEJU1%R{+h%OCTVInTPNz~+OD_8RAxfW z?1WBvN1$nU#gmZu^_lf15HJGNSoBnqHOJQcpT*G+Cg-2%Vtp;EM-RR(`z;#l(a!Ra z_D!zr57-RjIA=9XfmZ7#2U1QBG$X$ukC;1xj{{f(oDES+pKy5w0xaEv;(Prz&INa5j(5@{+ zEzDB=&`%H^sj?#mwZY2)MRjqKhT&y|{>&AtQ~O`h6Tf!+3d45;03?mI#s3g}$mj|7 zMCm(12ANfQgHK2&P68jCihhX~?g>=Bv+OLvIroQCAVVmd`Vhl3L}t5#QrTdfugNpb zDYTFw|3$ z^-yb6u@S=mXpQqAC{{ROR}J0ERq!mDvZe7>9K#`!?x^Eh2Mbj1OiX>9rLu?WW=9CVPp>ZZ&e!6L<`W}h_Xmq$60dHLXXd8H8=Z-3 zXN4bMyPZ{@C3iQ`LyTR>;6el-MR?g2!ED{Gnn7>39dFL|=JCIo5BnBgZ+yaAy?T%C zRm<_@^f|$D?*3ez*Rpbi515eHk|LPho&{Hb<6#_VG&EgWf&^*eojDT0&k>#KUk`_M zH$S!PGoNmy{SJ0{Jny<`)gEpO6>w@qQH2TIeI@9k|J$clBozBW^0}I4|MZ5LB!DB{VtY@Q)!1uIKfWz)hqPjEAO&? zEBk5L{$T_)?AYai=HdYbDPMYZ65<$r4gEkv#8jA6W{plWoKfT)V|^GJ`6~{YBAgUC zn&oGv?k68!y)PWeoBlOc%MSECT&oxM)uSH2q|nxC%soX6txYn!s+f;+dkQP)EZ(9C z6!QEkF9gTx!z~Yd$(rhzy;boM0JS5C^J?+M({SlB|Id&JADyZlvPSA5*XmCrdcA9s z&Z3!#IPY`aM-wZk3NEaFz}UdznBp88ocuzHcPzwY*pm1%uXq-XN!se}&Ueh>$-*v0 ze>$r(G%Vb(&NuyvGV?~NGaTFabF%H}b+{vD4Y-~ZQ&!rnFOFo~OgLnU)W)vsh30m_ zRu0QtM6e5^EMY%d)TVmsE7NO43Xd9$-DK?M7x1+P!d{q+xEDTQ@yi!who8~u@rdYf zFGLR?UC9^7HK*%Gy*CiYvn!FOwi{k0d0gQxYUB&`0D>;6KLEHlKy5B27Br; zKCT-^Cste^#Qm~u(3vQTcU41Uo~dW!H`ao#C< zV!$m=dI$OhiV`>xPiRv!Qxn7d9Xt@p2;2DGwI{tiolcPpm+(W?RtZm18^_%J`tWI; zh?>BS7N~5{025W}#v31^D-T}e+w>S}TdHjxQ#B|&9SLX$g8qmcKH#jj)GyHiJoE0J z1=iJ!TZ=S2ML)-#iFGYHp@7%&8Jwf7Mq985kenCSwxl@k8zF^LBe?ILSRf^Z9nz$u`2U_x?)#9+`iz*$hDqJCT>C{vag_aNQucvTvv_#}b{K$u_(T(R=%CF;1uQ>IrUV62Ge$lx&C?dd8BJ(sR09a z-gjRudrzu>T>D;8$YdfmcGHB$3D1hxz_3pANs97z`IZxOWHw{%^|mT<3?X|9PguA zzA?lRwOaHBDFqRu!guq_4`pe~w9+UHg*oLs(?goE(Ik<2$IZpnPHAx$X3+>$l5Ti@ zgunX&MmV)hDYZrR#~o&KBUCGz9wUxG1T!WW-cN#n|`m=f5FxAnKb5ZEHCX>FsQWVI8I|m_m=WU^GAdN#)tDm9GwZ*sxHC6 zLRadiUF+wmblbZmrUL&TmLMmRPVuk(PETzXq-Zv6peL#Mu}}Ob*5ppg0`fQ>AHngO z0ptu7$ouS0$$ZC;dQSo7|nl4PqddKyBe~A~nOauPy&Go>}_<~eO+-O5Qyq03%BY=e;u9%7S8A|((VbOW;@^NZBjv8h^Kni(};Q?tn6g{?Z^BD`d79qvNGOSc%a#7AK$gQRe%p7x_n(9 zAnfNlzMcGao(zTu;_Y9&244|-zDw$NdnkIjgN!^$(zGEOJwJyl8g_eJsu7nljb?rR zydfA%>@xWk;Fo$^vg-Ifq|M6EX<^o*`ltykf%4;r3ZXmjpG<^Z?qhxg>87DhhixsI zq?tV{Rn$Lf$k8uRTU=VSDx8f%EVx^5KmJ#g)twH&d(@LJS>)B9i{&4f8Sy6DPpn0@ z2IPv85EE~1hN`m?AFpMXEL~pRx+Dn>_;kVt(poy=OT7jH9&XUOlE0U}oHCwl0Dp=Q4*cEFRaYG!H}ux(J~Ue|f|4v;%Z?&z0;6 zojsAc2N>=;G#jD;EaOiup3vF6z9{@w{q9hAPY(CX)|%Bed+pvr>U*xTvZb-!#DgV) zLTv$`sM~T>&zoXm63bwgFT8(Xk2{ACcu*Ft3ZZyrWOXor_;!1aUi4%koxa@I*kBV% z@vl!tcJA0=Hy3+d>X*!s11hv*&DWsz`%nt#)4%qs%fSA1>)x`jCh#d2o0exI+}MQo zLU$lYb_UloV6RZ){@~LZ99Fi9+Ub&~F85{KM6VOnw<{ZxJ+NIxK~DjC4&H<#YN&5! z8zHrhwQVYNX^7r)V7NQMr8He_iwO}H`HS@=9-tol&(;Oi53b$;Vm+(#4fA69?mYN3 zAn4t_?}3}K6VQmTGu`m)PFuXXfp0#|d(q8+9=Oe9c=Au{s(&P=WTe#)IRB4cEX zD}03aAOO2{Ahp5MCn#{b+7-~mE#^7^dAyCe^1Wel+q(OkcKxEZ&h`Z@_j>g^lx6vg zi58apk^vr{8!2$RSAdlmp0Xhu4agl?6HTyx$gij^leWS0;QBE_!!S28(8I;2OOb4@ zSK*W*Z~rZcdv5J^{P13Sy_)2G)9BaT8#`dN6RJL11mGnSA4W*86ni~G-qm;fQC)H1 z7#QaN0|WDRfJ$Pi_IE1YpeuhuqM?-zrW_ z_Ao{H9QSwK)-tu5`_8;M&whmZ9jbGGuHlbJxURsMcJ6}KnuP+LtasL> zbO)0K23}0YR=nBlZ>VyeqdK{V&kk^r3f9=+tOYJSU)z_&>h6lZ^7-E&E&z%IhLb7j zDDVS=KZB4joAWg9#lpFrf3j65KpCiU=skUQdcWg?EDO7VDKx%*GP=vH&1jT7@&I&p zPz|lLOg-$tcAJ?BPUN)=90l$F7gF>0_Wq585ytVP2JsUNLc%)>62BWaIy@RL)WIjA z1%7Qn8A8LwMbs)C+SFdux6}a?kfF2q$AM-G0?3(G*d`q3H zl6-4C_Gnqio+{`E6b);AaK%r@_J0Ec1p)9Ky|hrMOedrhrdes#P+}ygAUQ&P$Bpgb zpKZD!SvWWZkFxz^H@Y-`05lRc38cH1#Cr8`Sl_mM4MQE{bxiOAM?T!iz;M9Gal&ZM?|H&r7cgf)O66aBBfYnVm zN=a~FmnFaqE$-CUR!!LH^2zfrTRT1PkC1EJ}z4pJot`|3>i`qAJR{k(!evO0-3gU9MFAB9`P@h+l zBZ=ZNezeb-$&DKJb{6CR0czE8zgW_s6gl%&-zEfRP@j!eLwS%V1srB7nPR`buuR;a zjBTa#_d5A++}gj7S^J=nqa46w0bE*(kUe?0n_aOYlI}e+B=nfr$pAq50Ef=FsoLQf z12A8IZ1$Ckx_XuR@*BVab-KPwh1>KZW+LDj$sc$Ll|kWotIGj0dEfVqQ{Yw|04N6- z8!W(907JY~T{!!g>0gv*^OHe4isWxpY{ZuZihVeMMXR{Cev-l*0K%4VrTcyYQ2v4c zL)C?{Iq$xgro#iUDXhgzki~PhEwE-vL3h&^g5H`Z4`s(xku1h|(=1CfXe6`{5F)gc z7R&k~11^hGNa5*Z86l4VTcD=fIshXpx*OqLO#`VC?n6szBcr3E zyNB49wTKiq{*7nM9yf{4oQz5joKVefIH{xBAHpTFZ15A3wxy{;aUx>kv|=mXeA=7@ zC2jzwQo*-?J{#TrN$Xa_K&c%OJfIkDkEuMG zT`#TEfMSkr3*6Wk!{(6ibD1Aol{5C#N)jpQq23*T2^f+=pXRIu%TRexvTpxuYt6h0PTbe?c)S1b)tI> z61PjNkiqV_?Xwd+OGgVk-TN*ne+A|Q^_gvbpH%OE?qu$QmOr}2C5MlH9Q#sIG&*Fh z)Hd>oh+%!;v1Iph{poQg(Of}<3~UfGo(q`5L2v%94>U*1jZYQ z*9&~^WbVb*mKGw#mcWS`7N){75UVrvh0GMwAylEXo>B zMShnUCRODd#aQID2^NK90*KF3%#S8bNd;1I)#Ydun_gePt*Fzot$rcf8j2dQNfpbt zdIrzmX|eufsaWw^(gz9%x5%kEIvdVg*d`OpeGDw&NH1NGTLg;`A3o`GojnVxTYT#a zWuDgJV5Hk*G2omfVj_OEgM{m+C?S9}kGKh}?Pr*-wSAY?35T#>F^)8fcJd~@d=r8G zYh!2p-OUaUl|9LsX%%oyz*FoPMs}yL&9W?Bui2%0{jHe)DyhX6MrM;CvUU{Wa>@H6 zg)g2n;$ur{Fd4{T&>f^A65TZTCO4jAsK^AZNc+?3jrH&Mi3Ywv*lqe<9pBZ{Be{Ab zonoDQWV@=BKmC*yFs)!9t)bXSJdY(0Sb82iy(#=7oaK|;^0CP$LWoB6A+eLY_d;2y z8oOLSaO-4gVSP?+WvwrPU4dK~HdSh^TrAIvGbA@BOJ6~Ud6^K0l@~JB!jjdMLXYq$ zZiW*m(Nj(e$8B_YIiI+Z9&SHPK2Eszrok&bUo8G)W`ad@N+=q#GldL2z7L}(Yx58 z`J)EPDLEb+oKb|u9mziyHu6O7euIsTITp((PcZ(_OFi_M>FgbrM3qUJx~$}~=Vm^R z_hw76)%@po*lw+`YkKmbDF$lxo$7P=bzJotUUq zKi=Q07UOuK;Kf1lfY)=OWl9sL_HuoQ-gR;RR1)v6DNysyD%94cS(Uv={Y7JPturoE z(^`wn;*dQ71o(p<%d?|zvIVlyy^@~?g`9PnONKr0Vw3EcCSmy%|9>OHo7|r8V~SqJ zUGG{7eG6dKNiObN{t(s3g`~MO+b@rh5AA{ohi%3s*}# zFsulz-s?CT+9NFvad~GXR*?MY?F7__-_Z0*&G34ctWvOysk#(UAPr5svEF?8mc3(qMr z5(0((FnaH9s<{n1_~s|9(+NpT&J4{hwH#F+Ga}kUg>_~F?E+Tx0RVxGXQZ6o>1(6b zOQ>-r`) zoZdkb<5+tN)l;I+ILy9%#OmBB7)aYc%Pm)PzT&GMkB7`{hXizuU#pSQeMzeBWrFcn66yB zT=VTQve_1;3(1rOC{xIh74KWs#9xZS?(CuviEkdH1$njqqd0=Fh%oGYy|Xjli2fU} zvhU;F9#`AU&z3=>qsz$JnVMC-M){dnaPa#PpEF|377IX@4yeGS=JOU@pc+hxQ~ubR z<4b|XI*udYQIswKDj*LDufaIJc7w;@J`-}ZMxB;g)H767E_R(e(0m9br!4A93L2}I z>Jm-YkXgC71}0NtIBqA{Je=CWw*|_JpD?oHJ$IW!XcxeERdOLdN z-B7n4yQM^52(edB5~L`N?u5vdY;-29RkJUwSr$k(7{*_{ThXWQSOqG{z|%6n2Ke?( zqxPt*B6%A-+9$-+;91`?g>rALZd zAD%Nb`_rT7!GgEjWyPNHIJwA}0mI3EL_g2PW}&{SOyz@C^p1S*-N?0P(jW}B461$M(Jnwnmwbg3^`zd!9JH~G27yM zQjZv`?LK)MLQQco%IkIC(P7X4kUz}&UofRd9nH)7XGIf>N75|xQ?!BFh5uCew+1=d zo+|_X1Q)#n>FM*?@Jh!?phnhst3WOJVCzaCoke(ns%80$bw8RXG8ncapwF*Tn2xl* zRjaLUki8`n`a}b3}w#xL38IKphyCnUz4JzW>bb_Rntdnu8sfF`XnTopIs!g zwdrj>YH7#9=KdUj`8E-T7NI6rp`BBPB3n>|valZIg*L3+SV+@grjx z*?+HVpyl{QgtvJLuL5;eCqUNZddu}#m4d@5zqDfoYk_PXdnBMAp+D%8BS~zZYn~7F46=J2J?HaqR zs>T#F_uon!*4a>xHJ;;~n8Zx(=T!q2)FQo?qDN8uX(bU<6!Axo6Z%V5I;9YMKf#f9 zURc3H0+q;|7zDoY;BZnOC7_<*J#=8FU$$3*Jbz^!;Q3qaLoA&mT>jn1y$qgEr{P2I z{z@3Yb!mIbSp6qwb+zy9hHu)+tJBsGbmWxs!{sD_Q&v~=AZHh?33rRftzjI=g&h9?N`(UlxelfGo@EGv5d1h zJf&Rk2m}>M!#%4qz_WUQ@UN-{Ivy4>1vOg!ZoOf>a9wo41dlL2^sj+g(r4jKE5TKt zcEiUWzVw{kv7R5V1Z;;>L2YD1i+vn@Io%y`de43HMa(vRSs!`1u*<=bU zj7*kEL#5GFq%}rqX7d)JK7!0^1xIwwRkD!xx#hfVfpof7)!piOll21pc!*RGZMNvf zxjp+cqul_rk}mtPOX37j72JKjRGwoI9x07rsq2F)4e||af&T|8`vvC}?BigLlk};S zAXZcsqi$S9wkV9XWx7W`zZDmr(qr$#Ro1&+%-Tab?(ZY6sLg#giWTx$#Xn@wzs3?Y z(4(0){fwzUB)wKp{hU#Uv}L2$A4PYY)ip6lLl)hl>93-jNQSiL6~GxD(xDs!KaTm- z3H4uD^!s=z;hOrcGL(@d*w6iWjWK4mcE9VIfG4&Kbibk-&UQLH1XE7?1Yaj~roO16 zWs^pd_)}aUs! zhCnTW1Z9yr%0IS32Eg%oZ4{?yah=HLa~Hl`agY*E(P>) z7(@H2OepNPVB;|g{s!?oP60Gej5z5OULBv?i+3Uh(1wQ1vgCAfY|g?|Egj$|9I!0f zFU%xfg)<=FD75_iW<@y-psB!Q)(dAgc(gdqC|!%F3JUb&w*hgL20028)p{uTVzJ50 znyblAL2O8}cWy?IM7LBsG8s#1eh;4%L=MSHN)B)8&mXvPk#wVf1i=|3ijYCEINL&3 zv@{eM#}GP4a*i`XU~0Ky^nN4bfMEQR1*j$XLuPmA+v6rxpI7B=g+Hy>fQn9ZdOrv2 znj|Ir%=1J-W7;%iO-TI3g5gRPnj^gcO1XQQg|MM2FAdx4SwnIy6u{U6sg#y292@7( zUCv^MXMIaf>RO>F5lk7F^dHn;VPwo!zN0AFG_Dmmb!*5$|5!7d%{JC9_DQFl;+Wwh zayWmW*%WNGBYTz_d+DkiuUF*N;g+f8$$^6;t{Q!Cl?ceCeiVmn-B_Yt-S8zgdUT33 zCGiy1xwP>N_E18#GEU4J`pGNACIb7p&4OXt^>*-?YKmnB254b#vBkYZY3;uxB`1bgIiele~Q*rg)ARa zKMk_BZJf;6cI?XVj%dKdpD(xCZhUW;7IKF4y%yT`P z3Up&NU0gyNL#Y}snwQQ-S58mIOB6sVIglMd<5(EnQ`H)s%@O#|DfOi# z*1F{@2WUB19Q-^!+W^XE#IAWeWG>lYd(>{OZPvBm=*)fo{VOZt+$QJxJfF0Dssb!% zX$db38iu@LvLs?(pQ*_ld8EPMfd#t=n}|Gr&hxaJFmi6A?^NyI5*2p8dlJGUK*m;G zcM-`!pD4q3SV=B=0%-^cyn`3jk6u#^ZEGOx4bVgMY~14Pc%AN(1wdFsm|d4YMNZY? zia&f-AC=(UTk9o>M40cs4VJmM-I{@3_FIT-75CEzK-t-VxYGX=zFxwYb}?b4daZrW zKfQTC#gwid53K4&1eGv?GA;(~cj;=UHVw7;nc6(~i=(Grp^rf#GA$+K8Vh#Rfg*t+ zR-{>-@z#1-B7ysMWrfov|Ca18H_WGv_xs(@mQQy@7{9QgjqGGv#l|(y6~H*Gm?j2w z*VhcrfVhI|9fXZF39rcAagLL%JJ;B%p%pzFm#~K=*!yvT$AyzV;Mk%UKs3PyxC=Mm z&SJ&){blvSF1F~^g&Cky!S6MUi?yge%-!#${qf8|QAxwJcN3!56}|>BK+;-Pg|pLD zpj-Fw;n$`!%cXNmStCXSuRO;61*25iWc>8qRF_7o3f$Y^6iZR;H(n}Egs)|A=A+~s z%j5+1?7%hM_acS}HXvfSWeU!L;bHfMhm>%Q=OE^kM67L;u`rG&|EZVgcji%%_8gr!w24>>3V8~&FCfO2DX5u0#OSc_rA6Y#D#idQQVz5_We`1_UV@N{O`p7 zt?B=_#Q$jp&87VYyQq695)k$VQ%1h;vj0P4aqhmvB%9hB$4>Tb1bFC7{5kStyicA% z&4;_9A1H4W*4uWHwVJ*LAX#0Va>lKh9_hiA#B-#QHK2L`KgZ_zRt6()WRdg#LXv&; z%SVu6e?LHG&`onVoKOcQ$9u0IEjB0po!Vb>UK1^wytzjfXlfQKfSiUoId2% zkP2}}?H9>H_pq#Nc@NXrlMDZsx+$!bV13Yq&IPUw(&YUvYN2KFxx500YH`z@4MFs5 zt%T1W$p*m68AFF8D zArc|>htnyAl-xy9Hl5hpQ)&SMWeB4lz`ZlH`-*L7xvp)JQC`kVe5=pZ{9e}t$VPW< z9ntpxAAm-gyF_S-1{iow`r+b^rln?T+uCm0Yt`DJ zFy5Ns-dyQDW1A&Xdkl!)f7qS0o2)xl3vToRLGnNai4`mbkU&Z`zdf~xfJ%rz&yR+B z?|-GUpZn_}^Z;3@@RnWsukMW8U4Nj9@+Y}k7_NxjH@7W-BCHcYB#ddBcmDhR8Mt3g^Fn#1cA z7)d_9P7^KMlvp1B8yEne=l>Vg0nq=HDu93du7S)<8jy$2)B))jP@sS`*f0N*I^f&6 zZxDCuDU8DrlfW=fEI?@0w@=1ILwgBS3gA%u?$55E*}f?j29%BXGkOD5Ia*So@b2x> zyy4kCgqF^>5OyyDY43sRuvoZEmPN72X<|}WI6W>=S^Xz(|G*JQWNikrLgD$AsS>bT zKr#PMiMfEdZ>+T0cN+UoU24U0VHc8ghV60gfefVAi|3!n4O2G;C9@f~PlMy^RvH?- zmi|;K2n6KRJNg0cV&An$>e>VQx!Lxef_iF58<6fF)b6nbD0y&MTc7jpBZEjme_v$4 zr)}4WL9T9J)VE*U)`(*54>}evpXcdE&uIX%f1Au)bK?#!Vcz{E29m|qI-?NTdc=C& zndu}gnsCn&z`53j68uQzL0Kmu<@|$qK+xx4EJtd*ff~Yfe*cGduF^R=ysYygKSVtU z;V<|61#3EZt^8lr0+RnP+TH@Jimq?t-AF1e2ufOjG)T8dNq4s>-Q6Gv2ndLPl(ckr zgOn)U9n!IZO?RBN(dT)e=dJJi&biK9UcfH*%&eI;Yu5k1e|OJG{E6s29go|`#%BBy zSNBI8TT&06T+O{gLj1ZZx}kRPl${ih5HKfZz|LA&C!VX*hBx~VDX4FPdb!}wZGAL! zbi)5oW!;Z}9LtR20LetlOqf{B#tszfQac6b25pC@{N61GrHmGtLrESs@Z$H};I`A+ zCy6?I#IZv|07VZj5A`9;YdR&*cu4s|(U?|jIc!vaw?qN|eNI!7Xt$Vrkp06AlUiZc zWBb1$ao(M`JVWz3b0xk$Mi&!*wH8WWQSZs|3AQ3Go;|TerkUJjv_#}p`fVPpVZB`_ zAUZPNj7ZWBQr)r?TPtRtYS0Q6Xke^BfB-PN3k41BW|)%>Vf33iEv}KSh(!8ng+MS{ zGynYhEB^f9sSg3QS=`%55JLGAC)(nzq!GPof&3;f5k|k)Dj5DhB>iM{gUIdA2}-Xr z(9Yua>Bk(B4GjQ?Fugr&_BNE%!j%gT5Z)oSIOZgGf4B6nV+{91RKUNn|DAZR@POT+ zSkaWEt6EV5ul~oXg5n>AR{hA05bp|&^UGmC7!CkG*|(=BB< zU_S5e+R8VLp|`S1(VD-o^{I{}tg_6I@P=o>|R@yePonSK}05$@6AwjvS4FtJv!_VUPDzBP#g&$FR z+mWe`luL*$)wE1d`@i^v3Z3)l5?&vs{riS4KrP`kX=n<@v>q=4n!( zvEJ_1ndJOmI?G+`znuHulYSfOz2VMuk8y9{Ot%T=2PhQ?=mr4+r6oKJOwd3!epSXj zNe)jQ66Mm!pAnt`Xq1v&t)lMM-SZ%wCYG>q-`UV$HrudSwN_EoM`QTG)HO>Y6I@

    zRIKz>e_;r`s-F?@$ ziGQvn5(FfOABczP%B!lXHuiFCz)o#?bj4z=BIkyw-o(u=8H7BYDpBnJ?q!6oBi`4w z2W{OPYo4H_^h2Oo~hCr^(p<5+Q}EKezoAZ?ZB@vl9ltQWyDYfZqs5z zOI(^wY21EDKYYB`KFrbVQVZ`b|M&WjL!kd~_*ebM%BJmaFw0^u{2E;EWly|y5Dd^d zzqAF%tmg+hH=ag!x8tkw+49KD9T9i*Q+~q3HTk0l`a^c{G$gp`xXM|}vf&*|l376G zx>tutRLplCwZ^i0D-0;}^*M6xwvL>ZPMElaM}hhXM>{}dcIL}`(8BHOfN&pPf4qry17hD?V|Isqa?cZS zZzqo84&_O#emn%u75T$?P28bk(P~r956b+@U+FgQb6eCFn=S~JtH?Iy327#hVEg4R ztj{sSRXwgB_J0$Fer+~Jk$#dz)>IJ+^zuiWF93^NFMQ8{#H(+>{l`jE;RwLcz*Qwl z=bHH7^4V{mWaTLh_=w58X5$F&l=L=Huimn}pQ?G@N_ixjQN9PWr z%RS{o8qrqph^0qb1A2(VSK8kZj1q4i?4J7hZTZY%&{2zvR9RH+v4gk1EWSUTSX@(a zpNuod+>0ac#n+=-Plwj)=DC<6Aq2d-?!*D)-Vw(163NoEkE-$iO)1UPN!dckCP(-P1G7t3t0z_n_itzPaWi3KWq8i8MPfTME`gha)r z-rVoH&Di)nm_@>!`$zh6?e{mnf+{ak z+$p@uJApIEM~%;ydGGS>nDXrV`w{Bvci>#csY5cy*Zfa!>tVYQwzdq7zg>ts4D}lM za?^hL9WV#4uze=%L;LzJfK|3?t_(ic#y;Pp zv>PXINBEB<~jphC40Rr77Gtrfb+Bp>>z$F z9ugoPd%5GQ4+JEF-9;|AV>zu3X(0VzCdj6ZK#gu!i1cB#*HZQw4z^}kvjKg!k)2V5 zGK*J{zcVlI!6g?fGR1u%Qdf-$EKEvZ7)3lZhes5MjLD&XS#&1!Oi3dkUOX@YPKz$Y zJM*_?UNnt9979q2y4Yes5F3VQGRIj_$ukM(DBqCjg!bfFKGTY$WU?PTY%V*AvA@)I zNjggN+@SN=CIjydHbfXc9F2mleI*CAS-;Q!rZ(%J_up%??!RlZZSZQ7iRuVpm`UlHU6AyPIui!)Zsp@3e^c4Q~xxi%GggClsmS{J6->((ouA>{1pZJ@|9=8TS_gS^E2?M_e^X6=X8HwZciqarkr_UshVD~GfUNMn8B+Gui{$aSN!Qe7*wF?#|arP-0zsP_(7-7ay|@%d91EFthG$9!6`M zMR{-rAO)ur9zFnl-j`}0Rcaw6vwI|A+GgnTRVtH{qp_RLZqb-?gHeqq>dyv!S$oTz z0F`p&sBRE*8o<|Ga*IJJECa@815^^Qx|Z?l{P}?I!64YIvI&Tl4c`X<&|ZH zQP;59SZL+2M+CW8Ji@e=H#kxGB0#UQ6lnHjZyT1(T~=D_;NVq=^>Q!s@WJQJdKsOoF4h!a&7ki1eG`GyL84c}!b*+> zXw?1sO{YD}9y1)8qm6Rs3UO93(UDZ?DYr1_j;maVR{ByOwM(tCt@Y&&ApZ}xVy4!A z*owy}^M?8UovoM>9~Q`gZQSfAFU;w~W6qg6M8(h!pvm_+No+cvZbsV|)?S*{l2q05 z81lIYOlgA2)anO^Gtg6=c0f~*y%9OvxsCz>u&q(g7Nq{K`0vCNOT(XfzTMxylxEe$ zPI)QIMROQ!FuR4AWnmsI^fLu5G16}(BJDu>L;J5O68SozfAFf?F?-YfdtV1A(JtZe=znEmK#ygpB~>pFHNk}YEm@p(M!HKxX4ed_6eWeH6WejO2%}| zZDGQy;c46?J0n9!Y2$Fs*CEar2kRXoZr|t3GK!HPgy_DJpcybXr>k=)Ud&fKnZ z))cuaUmBN>c=9`m*EF2>3=-Z+GgD!dDqpR+KMxjwEr|q z#q~!9f?LIwSp8J6`{X@h;7c09+^c)SEUY&EgBhBB)S^aU>o;1R|Njb#ULC*A{TC=Y zptRlZ!}6fOLSFFqyc?^~yJbGI-c%9zE_r_>im`+8nk@6#^4*U=q>1;Xtr7tTuKC6m z>1{TzME*BD<-;vK8oALZFw(r;eEwwXMP?+^?8Gl;Fyce_MM`tTbLMd|7?0S zf_PEx1j^%A+4Z&&=owA$!G!YGs7TbE12E7lOLM4-dqfDCDSV?`D+4bpI;38*P)%+F zT9;#xKNxT^G+jDX!clf&541Nac**bG?C~7|!iKLZ2E23?@$fMSEM#N1>eff}lHUiwRe;i_z?s)@@%gG8ztzo;=t zdbu@I4T;|jI)C-#MnKrt?LKGTgL8W%PeZ@M(MR*d+0OPqyEqp({99#No!sW*!8Btl zFrXl$!9xqb|C`Cp+Hk)T5yQ`sD=k1>LL&t3?>x_^yZZclhwjLz)5?zh(Gu01i0%7j!k>Ucx>>VV7g-GSxe zU%6MFn;XleSZBPpRrQ4Sf1h9_z8ZCF-=2DKeV1ijbth-g@QN5N?poWeEu=qsrTyAc z%Oyo79@-dqd(EnTs4@?4L|e3l%I%Va8NLlS>G4K zS{3-sS$3%)uFKNA2Q#}3g~A+f{Q+Z|nNZ4j=pNJHowEkmP0bLIv8^I-yrwJM9UI(x z4g8%t1RaZH(K^UR458z2dNzAc29KfW>zTS?mekW`q z6ab637Kg~g=pyOk0#z*HJ+^D=+^`e+w{pu8#8=7-+kcijf?T*j}FrlQsy zh(8<9y=u4JBp)@f(Lmb00NZwJSCo;DX^t^GX%JP?HW`s(3a{l!wr3fMPqmIJuYhth zu7~w1@7RDq_|Iv58ZKC+5G3ZLSxLFPWf`XX8P>iIdaN=0nhpTPl~lp( zKlVGA7lG)a%tFt2XC0bD z`DP%WABpP?E_5$#bJ*Clo8y^tFwAq8J(0(dCao?{UcnE^Y=-R#Z~ zsKg(ccDswqbtqpH`6v3kO~?6f==0|^e?y;}I5%w4=_zy|&$DaU*>t@fHLS8?IGJM} z96=c9Yal~u6is>nc@~f%R`W;k^W*(H8la$^ z(R-3jHR{g85W)qvk9l9exJ$_w?}v0ST1{Hff!)WyR2%2w4VxETz&$@wWp-xoCc8Cj z!sRa%&{JKnKfK_vM)_~r#KsXpjQlXJ*mA}_x#P){gRNMuBK?*}7?KyIW|gx>g^cCV!l%@?HonwL?vPBU#r3sOKbi z9j0(xDez9v3wsnr$E}_rL(2a5VD;^53gFuUF*aaG`&PliZvURm02u;jteA7o1Xd))$X`t>5L1>=Z2H;;7${r7q6A%kh$@>j9EnO1Ntht2I)kT=@oem1y&!<`Xfy=HpO)lCK% zTohsfE^pJ=5McK_DgP8hqUqqkC(nTRwxzl4A;7#Nb5Hb@uD<);UXa)8>I#^QNQdToA=CThf+Oj;nr=@ab?#vYg&4mYVmCI~*1_n}yW^LcDUBxpK&S4$PB1@;Lsl*3Ig$VsAz*VxMoh2naB(^o(0IJ1o zVLVQ4*QrI{vCaQm1-Mu2nixOOogMMAIoZCT-tGV+)MNWWkIrzujLuIGlk_{QAmz^c zDxw+-fEJ-^*8faq^vy5fR9|c8=V;qDL(g(^zujluyVe3?ffJMgvGDrjy3-7{eg*(V z-IBSgzQMlvSUoLcj%U_|1RD_&;DO@KY9G&2&~r@>Bn`=+1R@}aHQAFX8xG@z-D*q&J^Bn z0&6O&5AYUsadgP(==i4+wh_rbzVEQpD_>KM!E?CL(!jSgR^q}JMDY5dnpWhmx}mY$ zEhPWdv>7+;N{8O->NkLE!YgbqrC5D@)0mlc@@(jj$5o3P&Pnr5E?Hg#g^4=%F=3$J z5|uiC)pa>15gFa+t7`bp?AOF7E+)GWE;BRG+_QxR$~V;C^=3Gqu_Z9#7+vT^*V-3M z>^3y%fSj8d;G%|*JP%};;N03xdV8$y*J zfAE$V!f}&8SX(yn2gILyV;9ZZZU-$K#e1-*pB#{i4&!rJBS!J)b*&}5ce>t<5MKGV zX#|z;uhX@0dpFm6w>gNI*J59|_FSTU5}ML)I^BIMK3@aD2{|W!{ZKz<_xvHhs}(9Y zOc1_G2#Mw_J@XH-0im{iuJBRBd|B!Fb;VfAQz&+qOyndC6&D z`2owK86f=Y5s}jp9PxmPRvD}A?O@dMKRgwA!fOH(bo#a6kWRlr>9*)>x&85jmDjC0hg%gf;|%^zp>1)tE-zMh6<*~m zF^+eFjMVD%7c`z8!52m@u}+bRt#C8O$gifv4VNH<1mC?r|8P%AfmlF4ksGskC+y@4 zs`bAl3<%9r#ntlJ$jnEYWbrsWr*nJ=_OK#O$`30RuP4Y~L&)=*YSQ9F7?YlFQkh<9 ztF!LTj{B$%6*LkSTUnt#wY#lnwaadLG@@tT!}3l=LI(C#(yLPZ?zeS{JZjybA-%5^ z0(b(S+%644`1Y=Nvf%>UlSPkb^8`=8Q}Wa$$O3PfU<(4F1GV9Ci+HA^7c?DSXnFCP zZ#!JlK~-HidGk@1M>Re;xa)#ubD=olSKFZ0IPmoBu_!E_hQN)2p8;!S9r`=yA@f%O zYKofROc)*_{-^ZLqvph;pQ;Hq-fcvB=(1?-!ub>e@QpRxj|c#Rkjr%AnE$FV@t3Rm zpUbRQKw0oFW!9))1#+M#b||x#q|gaMFn5Ey585;ksX?ars|xOYJ5ZC`-utFh7srnb zxQE$klRNT@w9W@V^i1ANhKv=jzc%O2FcV2bgDLf(EJD;U%r<)sc4S;wD|+dlrE-Tw;rC)kC&O=Chu|SgWj`g2qDty~>jAaPcFw{o4 zeIC9549Rs&#U=4!H3tc;$lQp=6UE!e0@e5eUa5#)r`psY$?7&C9%~b9n%%w3!7mtG z;Uz#ORmh8&sfd(Vr{n0g<0n6EGd%!12x4c^P6xN}kuUTP^Udafz+7y z=-y$yYEX2;k-_;P;`NZ`6i*|mK=^g~z8XBjt4@oCfnw}Ul-<$Xe1zoiflf33nN|ac zs-xjWIhL|q$ycnpi}9Jex%!%)`|I)nucmq(+xLL$m@d$f{#E|5m@mk@Vnt4zWp{~1 zevjstdP!d3Y`{_CVw~_g&Ejton_p9e;gxqU52v1C{);Zdo%;_N4K5~~Q;ol#+Ota7 zBbZamjjaVBANdVCSbfv_r|ODVWt0^|R;G#q*q}ka#&hjKrhk3c_b}~~Qy{<3JoMzf zJuBNt3Em9L)P+k?eua91sFcS&Ane3f!KtAUu311^*}QIlE9t9|L1T;R_bf?C1i7aP zPp_;`dgF>f4oCbIuY^`>A)Lyw{KZiZL}0v(>itX2_@6Wl|8laO9{Q{Qo8kH&0?(1O zg_k&Zgkd1^q{u^uO67=_;yfg<&KIPB*lfK7)`MGZR7L>{6-iyWJV4iz_}LmAY}hp} zq=EWYNHk(wo4Y4MJ82>h{7MimKz!#A&5$<&0r~^a__PE;TU#3tmTB(ahh*#&!?jnB z$VoQ_A!ENZr+;g*KVnr{SQ$_kpQi}8qJEF#Lp^i463km?Yv6}tHdbvwN5Lxh z%WeOVsP1ncR?K+2gX&Sw_~%=p7S7Lw7qS1T+xaKK#~$; zjneHDnS@1sAGW!3IDT-=WaYbi%58lhstXJLH)`1bfDHlnX*S34Zz$RfNpxvZV?dlY zK+@^lH1=EhflTq8gYCzg%y@?sq|Xn?kQ#1LYlWD7Y>`Q0XVWh!)l)MPWY%fXaN$bv z;1ZS*!@M1*ke>f_VtM@^KwAqUCS=6Z(54e;p&vFX(xUXi+k$ls0{(-{U(23owudGocfvQQclAhkG{VWeF{;sXw7-P@N=96o*|)@ zyEIyMpDd$?l4P{Z>AaNEUbO8|ug;fI3%s$u?NGzr|$vtTQ|ljMAWtQ)LHtcMVR9d>Qx@mm<1*)pGe@33~0lfICrvZ0)YH zZnr;~2#vHZseKyDXh?EnXnm-Pp`IYF6{@unJ?Tl<{!@FBwuJCey0*G5Zw81~?yu9e zJqwO>jc)G(gfByV`-F=NQ*o^g?YpwVGMMBn$R?#ats5}IN1NIBQj#))9fRZFI}!rM zV_BH^TW2~y)dc*Z5XJ3(me$j2#;a5;*)tL%A@bbg!7X%Y)#13nm-aDTR$ zZS+T3JN|EFZ3JWN>A#ejw`}hJMLj#bMVrIo8e_{7 zN~$_i_!X4rkisNCjf8=^8XVDG^_rH!*l~J^S+eW7gf$|T=}h5u^2))s(^teAvfh`4 z2LCk|-PdjRA+}!(6Fm#|+A`B-+#X}Z{s@11%CoaibN_4u|NKAxY+yT$n}RRNA+ev@RVAyk{7+>SXbYP za$UDpXNfHJ1&Cs`FDL$d=yrUgBaU+Gg89S@XZP8!+EAVd=|Yxc~o1JN4q`yAqSmtjM@ZgYj!>)4k)*_6qg_p zOKcA84ChfX>78aq?CZ~f$~SIG#8bv>#r|Qv-RgsK{$^t@y7+QkabeoOab{&Brd|+x zAq$%oEBV)p$?rY!&5;XUo#5lA&wOzIU({Evj{_Wwkv4rtl{C~J&c zZJg5baGlv_zwTd`!2agvb<+tc#Ry@cv~WE2jNL9Uak5FNU*oAOk8<#};e2Xz*)95< zx4c`w;MC=s^~bH(k=}7L{u&C#X`9lk;XfbK?Qw5IHR0jy1!)9sL)O(dPKGfLL35w{ zUwG7?tc4v%S)H8nRbmC4V%bc zzkn?5C6ikd(U&0TZ-Fc(6Bzj#n>4(=z723U1oB0A-k$6w{Vlkv5%8B5YoVOK(QR}YAR==16_)MZ;CY`k&lTGCxIoj?yf6dWWIinz~7y18?r2QcD zf1jlN_v-dR>Xvp2M{RrsK;hC+k)XnHC2-^o$583M4g;}++8$SbV^U98tbM7FR$NK1 z;paR{>ph;i5XZ8Lpw}fJRoMqe%2f)h3a|T}5TXn>(v~pdi@$_x$3KVSy!J; zG43MLo|E3f!0UV!B4*a-k2U1J9n1Q-t507hx(%u+r>;&dP@$KtCj0A-eUa)$0JiU@ z-BtDcQJT7{HMnDAzjBFGTXF)w@O!i|+`syJhyFKWbadgr5TmEN!rgvNoaJ$znMyl^n<*l>{yuk zN1zQT#mSuXsKlsx!H-*?qVD*Dm6D%dLGf84m?eg3|Ey4> z4313*IKABXayGgU5Fl=B%i6%G~T zeo(P-U!b|TlwvqL!5-Y`)K9EI{8tF!sNjRj{GdKT-0 z456&oRG9Q;Q^7+r_im`i5UZ|5Wp{;51%D=GF;TO)D5{*7D=z>F0Jl;QfyvW3lR<*x zI*~g-cK(M;c3nsYlJ$Q8ML(G;^MIGH-e%c(Ap&ZP>6J{lF`|P>!^Az{QfPP4in|H-5W`@z?J zeVTs+k*NAGa;Km+{&0~0TE_>a=Pjn|DfD-Bd<_t*?lmc75ud(6JH+6r-CAmDS-C7P zi`9mb(!Pbl_O75VTh9<909%J%RD$UrUR`UbYh8A3g#GGsCjII90NikcZ{idrk-jXi z4^C?|-peRWsGv>uAxqeP|H6Pir0Ry3!+A6N?S;b4PI3Lr1@?5Net!In%b4%iI)Xf* zc+=`xhCZ$8O{k}Sg)c#h#xCee<9~ZI;o#~4%t*}$c;rkX0T)>Yx45C<7+hdawsv^ zNh5TwFU79U5ruvJALiXt#`A7{JA(Vb$H$P)3=Bpv0O~O!_)Esw85_@RdoC{<86H$p0aN^wk@m9ocnYw^hn%e9a z;sWMt!vx7=fz7hDfLyI>E5_12Zy7Z{G96ofozm78%KeT0%JKI!#WPW0NY0CTp4o@^ z1Wf4Imy7Ql;NiMt7Baqae)KPt=!>h;qoW;VWz?CYE0G&_#c!b8_I>kV72)=?Z*Rj} z6{yMt5fGaWm-US&&b~=Ror_kv#dBg{)SDNI@4W2V85Jx}T%18oAxf zP6vdXZ>(Y7iS4+?7+ezG2oU~shW?bDki-X0>$gce6wm~eAlzavj;MXVQM*aRxt*>o z(~zFqm2053Q9qzm(ACZvJSqIh%50Q6pWtF`mN4Uy`y5jc;~aBMt+{Xb2rI=9FM(ro zuYir_9G0uJFW}>R?j92MlS7c@auUU2yjrvNg3q&3P{c0JB0*wbs)w7jlwL(W)^2^7 zUSr2G!Q3GDy~Q$3J0*_PTs=RJPzQ)slm^_s zR1<&p5U*HUP>PL6`&=F+5u=ll?kdE^#ieo35E%=d!Gb`NslGpXAwTH2G87Q%a1w-` zakpHtEQ?dIn2m?zVA2eqCtEGJBxL<0Ht3{}&tm?KVf=1%x7`sb@g|z0wjwPG;kh9` zey1hYmxK~@C0=R`l{*vb&eYZOIo9Vs!-|@MXrOAb+#S zeerwps2FNZzGS=o_Rn@x8!WL9nZZXa+}5%CM~4zSpLme8T&TQu zX*=^RHO=1jy!EolyEa;m75!7_5XiGI>sOnmiuY@Ep#tV|uU^JIlIxaHw0-4E^VtlI zOf5Ia{{=-DTXVm3F5k%9q>fJ7$T9v>b@0%{ke(}nny6s$E*@05rd~9Eq^3A9$o%-L zL!H=&XY%QH;n$ok#^hQER(=O+%RdNab8>8tUd(PTv3;Z;TwsGdYlr4~hC7*hAJ}A` z5kkQZT-BMOo6S3lEHEPE9;xFmD-vc&%OBK6tjsJV7U+B90bARM<{&}#K&A1tuc3S; zH5Buu$rh`i-f>N_{%EDre*UAF-P>fmmRZL>)!p(}*4l0QY&jwUSLfjxkF%}3k|t}S zR%7{ka2qKm&OP%6lA>+N$kI!#2(zU=>bNR^<0pqiGoz%$LSxBH*k;<&z`kfF#-a?> z`|v|e>jCO)iXWq~^k)Y|f%)C?(S1|{lN<-%uLQ5^aU3-v-`|CNiep@TM{CZv#+<)< zsG-Pd9)*+keS|WBJrOIcIJ6XVTJtQ69JpK=)OrE zCts1-Xf$>ZZoGyV3tU8Q_et@wTV!NtkPkMd-ScA6a8i#4ilp3ufqbbG49F!{K~w}s z92rvMs(1r$_R(dTwpG1$w&F_s!EhAqw*^TykIU@P%XXQIoqUOe`j-~(;x~(?-6L;;k)Aa!vlmCIfsc86P(yzY-^Y`R1|POJhXJCV3aovMup;*6sze zM5y`$aVo|viZ$F>5YaRBF`K6Qqa%^mcD)9@beDGO(nxom#9*9xd?@Vcr5c?;`eL43 z^8#yrtYWHPj=t$Vh<;oqHM`kYqC9Gi{bzL=&|F@h$rqD!PXCWO>9M)WcFiezaO^)xPz;5gD(_&HY7imA^0 zVEXvL0=rW6_zXsII*RCEYF?j{dr20(UgicRA}y!R&JJCXqqMvIF_>5B7Sg*OL;FrR6V5k639+zfQy0YokBh zh17{_rwXCd>lcWP^DkMsi!c%?TX|}v5ww}A$st%qeX_iW{glX(sG^#!(ogiXwImiB zy=2+sd;dde+N&uIWQbr)=E_Fsfk(F@7phSZ!JS?OjXnK*dl}qK5*w%%%*id}C6z-X z#QDs$ox8oq`?NMkwcg}u;Nx5a_L$qo1(`5HD!dp@kb zc?pv>-Rim*HwW99rcy5X(O%P3aNy}7-8+?P0OP!&BThs6dDBDFfZJF#cCUITW)mYY zsjHu*K)#j2m9ky!YIOYDJzm6Bu;-L=!-=fo6kM8qs;x;y(Qa?jSbe&BPhAapYjpW^ zd=qb|tiJD2-NBC-0*#N6+Q~1^=-S-x>X|MfnjO@}sZdbzh>nBKv-ZZQCh482u~p9H zy4PEm8;39HZ<($yUuZNAkSY|OzX(z;CDMZ4M|?JVayr0FI%ajtn|z(Y4o^$@{JwZi zLDiS|5efMAJ^Nr;x?SnZcUATDAh4rCgBFtfXmhY<-H;;evnj9aU`tE-QRqgg`AU{% zL_$FpOTbi`i%^mKggr&2k}1_22JcW-uhH_{1BX_Tk=hU<+FwUhScmMyshSm<~#YOPd&v}nFq!?p*Q_2 z9YPV3%`isZ6(5|tnY-<@{J&+1!klk9Ma#NL;3;RT9=W3XUub?f@G->VNl(y}Jjf`&4Vefr zNSHar9(BzdgqExo<-8hnLVy32t@c^Oyr%M5IP(B|C*?57A#S8hf9j1RjhYUIJ|_#? za?JL_U7{cC!)&P>X?i}lHK7iV-+vgTUAUXuaq(Uc#ajlS?V&c_Q%cij5254d@YRL5 z-rqWSJgC%{K^=>b%#y&9x0v*)Uyu#TR<<+W_)33zx_-yQp>4m)v8CoFd{y2qehVQEdiSn~z^UflJGAMl zCcaShq)2%aea4IkZcCq>Fb_R?6mLt$&(P76dtz+%N6uz8FBCpTIFwY3Xwcn5*nCbp zurp`ET{_J2#R0jI*dw4a)Z)v;?!zz#*Xbr$uegc{+15>W}GL*tTB`8Gx68ta-@ zYsBEoNg0mbjzPs*g`UEio1ceq zTWvVjLK_zXLbgwwJluAiVDPQBFK_HQ_wQkIFHocsC|7aF38y}yWw<1}7@fN+Qz?%x zXmCPfi`QFZgxKR*eIg$?8Cr`Q(^|T>{cXvtgGrnyI~HBi{`*PHveu)qr0lp@B6?~K zJUeNNl|{2R4vJO^(RVE}Xw?;LKc#tqi~4APVQ4LEbS$zdRM(efS9LvA7lztgj|kpZQ!D5T8_8leAtLe$J3Vx`@|eD7 zIaQUihnWP8SWvF9-$6HXs9j%o3y>?l*{lnxSKu5ilw&NK*+vF~ImmMdGjQqBK3?<~ z=7`Tp6Ei-~a&DewxV%AyvqcJC_ufj$g^@n*ri?kf2OdJa$#M(*-^XR$yq6Kca=iI; z^uYh(txR6wF!@TY*yBnY-CV~!t`s~dw9Fw0oM~YB*-amIj_f^o=aClz1Y*sD=CNp1 zN4aKKz+JMY(|w|Noc8A42^e5O?rUj#z;I02Z93`~{m8lTsHb!{Q!1TUj0 zug(?Pi)|Q7yIYr`98``}O;_0pX7XqC1%4wQp-GycI%g9-sA--?Bb{`qMCsyPLG!vY zi|GmBPJ1sHS`$|y%y(d@>tVS02gSX;H%!!eBQ21 zE7LrtHG^zOpCL8YgtW{eAR6Sgffpg%<3?=lT36F|t_Spg{q%!#WY805xtbr-dLdY! zAzyzkbOsfC$op%}>CA&6^LZ>Yu;;+?ERz#ATfOmahCy_<-zM=n{3`X#>iIEzPkYYR|P_nitkeQe8 z#btLf4~SVsXYXE=j$lIeasJ*6cjjREkKh{$nHWuOa)Qo@Wn`_dqUKy}L>7PqvFR^D zBErH?Y+7HWha@FCVQsUYr@hnrub7HNj@UeEIr#ARICnt^E7`$ZWP$+tA7ISeVF!ZQ6@pW-TL!t8Q z9v%Gr`L(!~rtBPLU6v}2%*&`=jZFov`M2#?5{L&4d_XdbRSwsoolI^c zdu>;4I?0|Nw;+!O|M*u6*u(+ zgQLV-TWDUGMsWoi!H>&Vo4L%c&nZZ~s)L6YpYyEh$h;-A>8wG)p}vyb9lmzYdWDY7 z#twV0a(qJ)Ux&czQ~cz=>b=}(L+;qlN=g-J z+d7^1p(ZO&dM`Cx}yrp2+!?7Y0LoiVvrkv+pX7NY9vu{v%u^_%Q&fjV{;nv2Jt0^uTQiOQF$y!~%F@+hNeS_)4DhUZevPzrf9fJ-6ahg_ zQIVV<{3i1UexD&>ma{@xP6f}pq*-dz<}F^tvM5}v6^fh@V_mf>1t@mR`eY2)qS&DP z@wr;rM^ZhZ98o7M0wOuqTV4V1i@tP<`Amtrgc-m25V=a4#V1&@gJ;G|e)~h^EW~d1 zrTFKQKhJ_xrC#Mi>ww=s$NIp~$-(hW&}MAL0>e;eeAgy8Exmh$j-f9jHr>LYJAseb z9-Dq4`{Aj@LWWWG(+Veu71ktb@#BZQj7+F)A|12OEKIVIy~EZ~a&Q`oBF4ul9QCb& z>rgCm`;yzBc3h))cz_SSW0J*qv{f^!j*-SiGc|H+x;{GW#6^v#>Yir_Mu_UJshB~I z!m6^x(+XD!1x)+$x(Mji3C-7?dBzG4a!1$S?XA5j&oO?dw5uk@8OO{nAC5_0bz}08 znSh+ftJJ3@h?P+p#{GypIfZEW$8oPRskur7@0cC&Bx;^@G055Iq?%U3ptr_e4f zcTkL-*H)P@MxHl7JKL$`6HVb=kjR(E=GFMT7Mjl{BjTEG{+Y%uafn+rmSrj-|BmJg z7zVa=D5a}(GbqI7c4Lf7)xV(Uu5+yDAe(_tTa=<#at0;MCYP*<=Zr_B8R_gAgER82 z-37P6LYDs)nH4>jxP)zq%*cpFFua3pyd6MAZ6o~g6mzw($=4u%IAOW@#E!;mGQpdV z?;_Qf{8S-3P<6O49_j07!I3;TXE$A)l4o%n5mEOYE}Ve#O)P=Kv3B}kcBe(u{&@DF zX_`l>KXqO`=%h%F(dy|{rCV^_Ye#9*iIk`w?~%3=4{$J%M|oBb;NzfvkeAClkHO{@ zYwFRZJVTVGIaqB!D@JCQ?H#AeGO5LV;RfZYeb(l}obyC0e={*;@@XY@U-YN(sQi}D z(Pby{z5UO8B5XQPYe{eq&B38^#?g>UnD4+(m!y(P9j!B3wo7BC+%5s`veX}iP<6Xn zjrNx9e|}A@d;NB8`Q;K8H&z!Izg?g%dWlY7X?A}OJ)?qWdHG1Aj!Vyk&8$UF^=!jn znPHD&+^YG;K}=?j{hU1oaqq-FENs@JbJ|HVU1wS&hof8hQmwZ#`mm=rxrKTYV{SJ8 zhP!{XENy?6{x`hN2EHR`Uj}yAf|Z+&J8W{V-Z&d;W%h?s6vO8{bc-4EWTWpMFGC$K z_|I{Jo%X{(p1d`1N4ZjyOSVH&Z{veO<=aO8HsTIejvu%s@EI57jj2fd(l7m#ku9GG$uWe^7vbH!z#Y*EkB<_mi3Vl#L!%2v6YD#=Lfxk9YQ2uSY2d$fS9WTm)rGjbnk$a`| zF^_UO`k?&~r;ON#p}X$KccKgH#|OU2HFFY*#c(d$r}t!LNLn=Kes!JZ3ho@8(TWcx z*4HvVlNpTT+WUei`XL%VynZ>Y|I)jG@Kt@X--P*RGqEDhA(AIV50*}tX4;>fIg;e= z>p0|5VilU;&G^4ODZAYrNnOQ$>bPYF|NFfqF^=2H6-yobmcxu&2im~bn@u=!^xe17 zg9rK<7PfFvLZ++twsCd58B+^&ibZB^Esbqa=4f_7Mweq0YAoW%Z`Ponze_u1a8pHf zmgjAp^!}+y(#mqi8MY?{HG|@bKoJ4Ag}k;w*r>DDw|J0!Ir#nu6N8h8eu+BAro>6qn)xR6 z)2mW<;zuSo=_XZq!sfo1JG$|Z_&z$8HshaSM>^6!GaamH0Cz;`cKNz16HNu>krW~m ztm0?x1@u$#bl+VC12Uu?2%V*-KWDJn>GZ{M?%8L3GD%R3zPm)h{fcyaZ3A>VIX%0v zEnl*RGN&eE!rBaoMs9C*ORx-|gx9pT+i-UtQqSU(G@O`(XyE7SCopwGeezt0Y|CB@ zb_i6eAmb0gTTN$>YmYa{(|*COg7=ZOyb)HlPZdWecDBkRHvX)rJ2_?cxzw$>1q%78 zY_Hxem?SsM(p|+;f0@cmGy0Mx82HUj?5xOV*840mXJ9A9)nS3wwS9nrq&zxKx_6+= z@cc!&63nhXiIFT@NitFz8+FI?^a?|ExNFFGn9L#IJN)_1qO$v$zOsXHI}JXwkTaQt zoIv@^ve|vl%{)t$-S79WFp>06SO**Fp+kKmUT*01T8wWd<&$`#m~1jK_&+aWd0J@= zs;U;OnHfazq~ftXppqRoX)xLr)T`$`@9uwMWye?9uiIiCriQLP!dER5U|^J$mnZf5 z^=pkCy|fBvshy1{jI{9&HeD2;WnfwrHZqP%SUVAEK`S3xZeZ}ZC|4Iu6dBwDI4t<$ z8V&ly_N?LNpCc<4=Ju$Go|6?L#*LuC56Ib{JY|-?*W>88k_JXCeDSWv4LHt2W}w^D zz8HUfMD)pWq;t~jv1UfGOd)o@G`9u4T?d0)@ig=L*z6NSLNAYd6@~of8j|WCrJ!V$ z>Y8^GQ`wlEN*Fe11{Om^CR_}^7;+=FRk?3=2MxQ4PA_UlnKE;PbdE|{I1X9R4df0F zv~IZ5Gd*V$^9s#YPnfLA9FhhnW2pS6&>BAOq|-`KYOi98MK)A z_>QW3P|t+kRAGb!nnrGMTo}I!U5HE3JDeVPvd3A^!N@Mre^fOw8-%RR$SEooUuaaF zLEiByQ?kb^dMWe$T8{6%1T1@_3wx_&R%sHO%!RdXTGK37%`->K!3Ms`GPiae<&pn~ zv-b>ZqFdX)u~)!`N>>pS5RnpkQBe>Ok=~0UH53Ix57@C#r1vJhgwR3>Bwz!jgc6bn zAylc6W`F=8@Sj2Nz4v|Z=XsCgdHo_qlbJO$YhCL)f9Dwp_t}RwH^Y;PS|oR}QJ%8{ zw}6;IU%I3l!(g~&en{TQ&Gk>~yk+f*?xf{=N6YaESfFy7S6EqX$;0ZF*iQQwm1Ni7 zrFOuDNom{*w>*x)KP@0FpY0Zq0@ZJ#9+6Y2?OflVgTLq~bxy_HmgRM^ag#0{d7QKBRId}_ zsSRp;PR~y~U19v7LA+y*HX#KQ(G_z(P1FeM>_U=NMd)c8mOz#7G>%G2tH<@9CSFvb zRyzmy)h-PlrJ5rm(2%}#fh*6B#g#g$v27?2pO$>naxd(?Vk=()|tFbC=cZ z+Ml59pUXe2f5XXe%e}B9m2QPU#g9SwMrII9WcNYaYaCo$R-CL<(I(>;khT3w+Ut20 z(P?f+4if+BN5HJ%9zY8SVrv_QIt@ImS1&M1CK9QQ_4g^IR~t&#xSinSpF25#qT8ol zAhqM-MdRT67&~U)RW}55wAz0z+@8B_6G7fnIpHx_Vc+92DS^(1`n>$)KY{Xt0Huvo z?!kHHy5;=$VWfB@dTo!nw-15}@vlC#(I9IEbnVi4y}v34^x9FZTey$a43a=MSRHiXj)V zL;=%zSPbO%B`b2j8(i7eCn!Zx_o$`6zc@drY!-s_(R2m+`Y8*K|x$w3C*- z21b=UKFpKRFH7HcVlfM*W2D7C?G-uQ_z-F{6_%mj8B)WBRrxfxDOgw?6d5~iE#4pV zh%Y%jgv6I&@~lSEhOr`dA-}59GFiT&l{R$a>L77r+1NqFF@8By87JF?*^R-ux69dw zi0bIU!zM{HOLP1py$=ndUpj3pc{u+_i!LQiQ-E9r8+Wv2qi?OhaU6MwXtVQt(lvhV zME4p<$bpa@OIm+QnX%>VUIa^8X>nuIfzMQo8ZcGTT;D8RiZh4u>_Dbc*P3g@*z*ul zt`Hd)#3FAhTK>90%l8UnBh-Ol4*k^>pb8C2nZC$fa<*tvg2>n(Jbw6IxWT;%_py5M z&IOY9o$=YkON?LoLl#vB4nI2(5`IRgkIT^PDN^Qa7UVSTsE;OgXU5&yNciONsj9mv zG z7lllU!Iw=8U_(}O9Tr7C)TTvo${y?8ftN;px658ztISGmuTf2I9~F!$X!p{a{qZjI z;~%OB!3dk_(nCBOt>u@I#i|}3ke1B#gU%fhC05h^L2lO#JMET8`ICl(!T!}bC{UYV zJ0^Rn5@svoxmc4&h}YAW4E(7U=_0ZG$SEC7aCJ90$Z#TW)E)hP+F*}Gkuu|oMBYQI z)9nE$YoqBjdq^Tf7%`MliaMqHWK!3S;qwK!qlXGx_pH-KTaGk5EB z_COdA)=A2peQ)#cXnxA8XWZVd0KBEY+IE;M6x*(^aBj3RPPA}ZTPLvZpi?4v44#sv z(!4w|oqC0|s%FzrQYDu6%Q)1dRHub~b@edN3cXk4tUT(a;oV@LlUKV*$#?GXqeCv7 zz;z8M!x}!cOtv?|6#~??_~z4l$acxgy@kma=>bhKvd1w z_Yr3EaU`eP@snR|XihS;6DYU-Ifb0Fb$QcPVg@ZlV-pvrBA8*0J%6cl+Blb)qqVqn zRkyc#V5AC}FX64dqQ>_=pNxnr68*~qwA9n7_)c@WTUrsxmJ%8gj7u6v`76sbqDSPV zNSZ2nXI64&9dA|Kj{2GJF-cwQbv+o(Y&i8{p>DoQqt@4W{${2ppk$O`tqF$7mZ$yMr4`w%8ueotf&chVKO? z;QZDJw6|<=-p@`KK616W3h#F^-1*m_gCzr)O()XDTWS*}*6NcSjIt z@BQiE9V(FxdIAoVH@g*c&z&;^ikXv(Dy(8GO`plVy@e%=w{yZdO|ULGdtC_xgKU}m zETq(!nkgsv`NmAKHcVm5C|YRZwqb)5yE_73?_pGM_SKWdv%K1;|F<`K{BS@~N%K=o zbT4v*c&A~&`P*vMZk05M)@Pzblt;U1S-zs5!!g`RZ74D7P*A^DU^HO5)X7+ ziWDb#RECKJo8jF+n>~OJXq@kFZ>#Fex}D4F{l07`>4|XiYWTjmD_zW*S^`QtW9FH! z2yEpIs=1~tLU8x*BO6JT0ksd{+Nix2i1x;g&@QtFcUYSZWb%e)FOAuJDIOhDtk+o( z)igoU^}e+D&a^bXAw_)B3$TCm40fEw>b;hB&9RN0k3%A$<3GalfRK`aXmQ;cjH(;S z!oy^ycg+C~8-KI7s;`p~Qk1<_ZV(bAS~Yyijq(e4lxnRceu3TGnrGh(un0BAmaEv@ zF+f()8;x7$QXDM`-YE8i!T{SdKV&MqbG;^MC%QNU!@r*n$^uh31t3T1qQbiApB8ld zr=h!_j-_Z*IwL zJ$2YJc(36PZmj=$VKf=8rNO8Dd+&JV&jh>Q+-1}V6LSACs+JtE^_c~@flw#68=#Rl z!1nfIAFvTJTcOC`HnD~XamUuV10ruq|H)GqKUpe=B-P{G6DZatH~S`78y0_7*4n<& za0B>>dFI-1cXPnuzC9u}YxMuE+Z?=k6M_fqHrA(mVf(FEvF)L6wU^l`Etw5efhF9O2emVTR05DC~2Aa>dFn zLW}PHE6IM9*4DE>b$jwY6}f~bbnN$2w%KwZNZ%?iPtOkDkvX<()c92q(zITS#~5>f zNBErj4>j@8r|o|E&ZgNju-9y2mn8W91L+`C-^eW_vhJ*ngYSCmRpn0G!y6U5-I%<9 zq8K(}h$q-A1V3M_KxyWO=YO(0C&s<|it5eRh-HQQT)aU)ve#vvR9HMqHW%QCu@$3V zu$G8IxF|ryd~fei79Kp|v+HX9RQ~f&hnaF`DF|Ubag(=WHKiNf*1sD()awtiBVK|L zr=7*-yk85b&jfv%B#v5#16Lf4*@i9LFM+$k0F-%hV*QOaM2df09;8o(cWB&6v2G(a zy7Kz|hhsobP1Javb5@Nk%kov?W`&skGAb{s;#$i4o9v&9QP@_9q)GHSx5}WBQ#?gX z1^uC-&--puH-LM^{MDML`iI@xO|Is4t9sMEFN&2vy0c9AeUd&`o`LEb$piGM-S)>> zz`MP64+xtK3?(EYhgDj%(d9t^p`q_H+E;=XMORwqqD8<;t!ds})rD^HvXi5!%#wMn=fd{4OnxH_bBE}J58bC>b)qelJu z#(8eYOUBUvvEigkFml^T*z?RTSIVfgsRo+kY+7X)=#oKQOP0sSU2>ipmTs$Nv6TSO zgp~s>{nk@Q2iG6mJ|rfer**lyQ@=g*g@`l~0fpHjf+x)zNk=~`Xzbp{!{M5&)h}?@ z8veoV;N%~w0&m_F(T!P?;4kPJ`Z~A^imG`3!OL5M#XAcr&WnG-%wt*2x!&al`Y2M!^gk$JXX6q-Hst(WC?JfG` z{*habX*I&B$E7Ia*8KsM@MSimn~G$6Esi|BFSLZD6}v*(g`TQAWwdhF^c<$kyE@qms)l#2hoDlGOJJaS6PLZ=*oeHq zckAv}yh5B?fF^Vkqi&Z0*AbuSJCS=5UImYfZwUB4m2(Rj7j9sWi!pbc=DSMgz%5fZ z!m_#0fek3R^TOZ0DVSM6#p1&r`(&|AuP#WZ_04ehpq~zfV?SB6$mqNINBz>lE7U(5 z%2-PmQ2-Vp`|wy`WFF88?q?4W96=g4dT0!|CRZ7)+Zsb~G3tBddF7?g=j{|G-zsdj zz>Df!i}<9k4XqQMD1w?K>e3wUAZN_{zF5X*9*iU{12*)YQDRgxRk2ySS>hV4!iYR! zzh%Ks-COhH^ZIeO2>;>7*wU@bmo6<8(3;(A>NgdGzwgfoA=MK8`m~)G*y8T` zrcx|Fu|8i~3$iCulo2FLYk7a0lL&*Nr!YTAuW{Xb@nRdyMaP!k|rl z-wTT>KeeO@Ax`cpLl?r&b8+%D%!?YG4G&zPO1>L(cjxuPeV1l|Psywry=Ld$FYYEp2@)MMjCV-KjZlsXylI*z_NBNg7ibAL0%|$F#bvJ1wRggKp# znxv5XTzisJd3+a&DW$^iO$cE9AZ~V1LKgh-v(^LDi?WgHuw`esX?{d$@E2$XAB_90bP^C^!ZIx5 zb@P-;Y41LbK`-Tq^o9Z?B4xYU3V3eKyXkPU@qM&>QpJ~>nv){18M0{A>WAGo>vjb> z-;JJ7p*OtTn7rWfI!wQ3m51rggtp2Swc%t$M2Pa|?tt{)e(xcVM{%0^9ps3k=pIYK zFGT0J!kJ>CN(CTD?Akw=kgPm6olBZ6igitD?H0Cj((D;<6KpMaW#1muj&)7AQuZJc zX|wDH*552s@&S)l8EPHyE5z0L;v#vz+zY9AA&X_5o-j>Eqv_OL=tdobtw$wejk?x% zwcmYkYw3H>QRx*+gE~6{Z1Pi{o7>&>sp)l>uLZA@-`xucdow>OzN?hV$~cf_YE!I= zqf6~w!y3<;dR@OjBso)0Kn1}!Zb~V|3{myV-$ZzC(v7U{mZa*H$?84QbCF=328PV%#g1BDnm3g$?={dt^2ga$Z(Lh8Ei?6wZ&$diH3D^mDf+y2!3Rxad79u5_J;A%nOQ z$pdtEi~1r8(@z0U-MWT+z=WXVxFw>$+B6B*p+nXJ1?ZQq(K!l)UO`QDG9V?!mMZi` zhux@kuPMhO>%t8yTN=b!1_6QjAWRPi_DwzfANc}fx^x-bA(ak!piVMi|2vK3nUR=n z;;>mcXW^ZJ5|QQ`aep2$+hDQFAw5Q?$8igCds013ulbCIm5$l_^ngmFO6AJYr^l(f zRq_*0b`99D0G}Ed(CcqkL$=!DRdu})x@Fb*8xgAn5wTB^xAh3!?1li{0>CH~v}Py( z1Ku5d6$Nr=^E?AcpfoFU?{WXV;d_57w6P|m`mE&Rhud7*PAaR-FmNho3`d?f^5#-L z+L-OK_2|E_$}u7i{J3jwQ-Q{M zVl{+?E5eH$Jpg#96bpx!O!sRa-5gXWDu0XZ1YhbgU$X#<&?*QVJ+}Ce{1>c+E1qYi z`T#F?#!%U(W9UwAHgO{jD2+51OY@gGUIh5ZAlLWug8I5OwV^652ds+vP6%td7!g+D z%tM+g!bAN7aOs6N#*#=Xg5zS9ZN^j#F2*s$1)(?Hic%OY0tuSR*a^9-DB{nqRuseP zH%NoL+S2R8Z8HhHb!PsQJ6)L9|Iak~0obW;A2Ipk2{A2qedl{wKvaQIEk?aO<_+p1 zxd3?|9ZS`@)ZFcBJiKH@yvPAlp zC{Kk;XBzA)V~IiE3sg(g$(H~qJbPcwwn3xMB#TX&9NXxcUaT;M-N_R(260HPJ`0ZA zRnj(^1{_?i*iX_rA@6AZK4Q`Pv-;occ&|NZ{(j@8OwjN_*T@p))#a$ytzX#&jFY!F zL)de7hoRAFc|X4HHImb4GyngDN`CnLhDwH9m4-@~5QNrkpM7XPrS<6Q1X2M+<)**B z6MRisNEocoex6xy^LVt@U;prRyhYoNOma$5&kI2Xz|0VO5}OHmL=0e=GX2fz0d0?5 z;Wv@-T-pq)yK@QtbdVS7 zh!Gn+@i>}6xjoQb0m3Fy!J{Xgyx0PPF}qTlTlV9SIAWHWdo}ZHP`9uNTpHJI;I1NJeK*FyDJOBOX*&q zp2q2II`f-p=m_&^BoX0_wWKA^??#1L6Lhs^Dh`5i zGCkBC){-ww%>vd(3BBWu@;U~NxbCpjP{=tTP4V(a`~`c%ejVt&GN8OIJGrCDEqnd@ zKH|B?>sE%8l-M6XEUX7WL>8kxcigLrO1D6Ku{sA}&H?`G+5y9T53Dc%1xOKF21qS- z8w4Toi!k5#u6?zQh9ZBf4_~ou)vF9+K5f`n=)N%~_&6Sszxno!qws`U=duGWz7JC9 z9BQ1bkyq_Zz4X=u{-P3--S{Iw+adP((mG#A`xxADi>7Id4Jj=sV7n%_d9lE1&fWD#Sv12pOp0Ys5nVGLU{h zVhPXs+BYL&RB-Fj_SjtYQ7!pD>99;3S-Ke;vxO6+9ngck#Vc#S5Jwlg{Q+lfvQh zZtL_D9~skIQa^Ls$CB?u050bO^(nLw2aTYQ?XR8pk#{88d2YW;sC-5p(lI(ABv3zv zdbW%Ac~C~r5Ww+Ww*`l8$10aSvN6YRSp6>f~liXZcszDl@B_u270=+fCgDv||T zh#IRd3m{4TZc?W_-d;&rPVzEus$T>b{e1q_Q_LXz5u+g2^`1QL6zTOhn~yg4bZq9| zi2PLwve+SXHozO#8c}*c#J0o2Apt?On!q3;uk;$q1SMJZmD;;o7@^>~5n;0UAo~`xd*(}!E#JQDW{dX9JjW-*tR*(=X&!71c-=HI zZ;*U?oK0S7rzq6+0jvM$FQb61qvPB=@H@qywEuDzO!oX{Q2=EvXn3KFt)f(SP^Bxe z5m(*Me)Wb1hJE-2$Cbbp(%D%>q-&~YFHg2F%AfY^^|!=zKG?6icfmF|EsH+O`JL%9WU5PldK?uy|bq8S`!pg-h9VVDec*$CdOzdj6wc~B!YaLI~`!c}$$tp47PrhNY*jx9S0 zE3}$t>!nwulzgEOfxoJ#lqbYda=h1hk9#SPJsY`_a{-uo9ZP%g*25@fF)eAnIvOWa zNHBM(fWv@wJdM5O)yN-LjBvznSB$O5;z*M@!h6|dN_iEfK+Yk4J@MTiIN(|{ZyPpot5a<9TkI7UUgr~gR|P;tMT0*T2jom<4h9QOgAI~n z98|7vR1?tqqR(wLOLumJRYq$BSa=ay(Qe6ne3vo4pS52VN+Z7AG3iZG!`g((>P-i% zoFr<`?mtu^BwClNuV{7eyUKV%hJNot*qJ=q?B-;9xp9erZ6FG5ruR%KWH9BuV@4sXWP5*M9>t?XwnDJA0iMI%RkUdpu_c?N-xUxH%<>6NI-z4o} z35i8Xh24BD>)SYkr2d#eIMoQ`U|cMbppD9jmGl1Gu3F~jFlM#lDggpt>?Q}$SAomy zRn{B?&C7F$BrazM8U_D)Q>@dN;~^s2*S9z8%r=6~lF41~Gb>6_4G2TkwrzNJ+Jd6b z`2yMtL{Yb*_0!gIJkN*k#e?cK z>-WucmkBeb9ft+lmvCFug9U3|ssg-BIwh^s%roAuiUxGPlZ~x&e_ZQ!sWbHGT@SIk z1M;8k_wuXol3cwZLoY!*ifejNZGWgizq0~6fS4_9Jb5Pi7{V8CD^~z#9Lw}DY8Vnv2mV2q z<6*EjZ*||fRV8?2)PMauQ?0l4s>~$T#g{4I?$R?Qy8b1SOIoz@rZ%x|LS*jjXq;P3 zn|ttyQ*!DhXPn*P6q8V3 zPE+`JPmXfJO+md)0TW$~9Ly@3x}B|JP;qC{_2{&c41TO`Edp)JI2d&Mg~Ay}Rg5oY zs0<}7lKA?F)!8hm$NffyC#mY2Rf+uy{H2*4JZI#0T{0j8O8mg-xSBtG!MnZX!H(oB zR}2Bi z6R{L%UC}zMZEf9hlB4+EqdZAbFP3_sytA4V`wC}_ReFd6&l^>N7+~e}=(hN5u<~oJ zWA+DS#qKeGWad@)^ydfB0w0a=u`c^}6!a+O>tv^iOYc=xyqaGb@k6Kg2nlJ%Gbt^y zEUYn=2GK{2XQfJIGG6mT%=IQ%=xuM&JTV2US&LjrYh~&RCNZyX^j?z!bq<&}F@^{1zr zpISNA*t8B!l{ZQ<&(M1GFw1&j75sO8@ni*5nn666TO4bE`SomMPPSj6$N%n%@cr_ zkEP0|khXz~N{ltrh zN*~F{@N)2XvySXQy8GeUVbOL)<7b`$BXaiJX`{KrGaE~@LCWdLI@c;P=;uzW&?zfJ z=?~=HLrOBF#AlTTkBcv>m@#DJhP*oI{p;2!xD~PU&9X9WwPcmzOU4R{BRfcw?a-kK z;J5z!H-b@cx2vQ>3J+(cOzp7BMlz(_dNYW9h%v3UMTg2V)HROwUCId2?5U|7$XfWr zTC^&i{+^N%{_DsEbPvGI&{(L|fTz+X8FJAIsiftq~T=t`YIB zz7o*q=H|z}MzuRH+eNs3&~jh6!Ah(&eW|mS~cyR5n_qOf$J*5E;!sE*m zb=B3Menkm9v*zcWs=myN|L}~z_=`LbL_sIAJ?J+3Al0-}c4E_GnjD$@bO>N5jQA`U z$bD>lN(K0QU5mGZn)$jJEBk}%4~`&nQcu-5(Q%ai6%SQ{fV!Ff2hsituNohZKpoZF zmD`>ja4KbS((s7)AO>oYDnWOoUm|JWUUx?uS%9))4C4F5J>(9qvl(todFy;lERfKA zHqK)iINOsSFyHAh{aG+_g3_9&lVYf+mz9?%^eu6w?*04gDKc&q?)`#^D`q|HTO{`m z9iY$Vmb4bOY1AX|CD(j0bIe2r5|W%HxOLxc&#=!)(7jg3(V(e$hxqsjmIR8YEM4;3 zeRYpKIM`*petgrg4Gtr9J)k7G7+jAH>=;5`PBWq`iln(T-0xE2>j0h>z%}mG^{OwFhxS%HJ0K0FW ze9{)V?JSY>z?Xx~`gM)8dfj24Q{dtK2bwb>{xEncn_pO{nI0*flAOF$Y{P6_ZcxT< zlQ6)+dOPy+*1mk79XalEC?t?s)j8Cef@qh}tjIn8&4Ig6PZRj+yR^uci`ts{0V_(( zE2RFOlAEEViHjFn7N=ev@mYK+iCJktodCyyWuRzg#swM`dUYB6uFGoa*Mh8-UKCN% zd(K+WZ#?{x}>cDU-Z)Ibh-J>6*xDO7V zYQb7DJuXTTIHnRapIr9>cZv$j^W8ejx)#5b{jDJG}MK{o3s)WFe$;sowwD>;2+ zT*o_vdrkHnAgVAX_8^k2aw=G;>u4%Zi)5)on!_pgM}!V1OF&tv=;fG3Rd8zg4PnH( zQnp*T0QzcL1KKG^YJL5pUtSO_v}xSI6-1{HXYP1yuQu?e<&Ej-Q*n&01TCG0qTr+V zLNHyWrB?IVGwYk6EpNMwL}{BK$sB*-FA4!^l)K(b<-ZLqH^kXO5Lt-x1ZQnf_Ih3+ z%C}Tt*ip)(Osmj{ax9}R)`|2$?SVWNS`HDEM+YjCnGar*f`9v3Fc=iPYs4eUnjD|m zp>BIgGuhz1o9a7ayGpS?A2a2d<42n%mA_jtjevzS{MMcBx|fyfOJifexr}e<3kuIA zgIrRKBV$^2-~FY{*E`Swm`E7ya<}Se9$&+}DCjH{K0vB^VAU{#Tds5`j{ioZfZ;(` zPFG^H;q|^#>&sMP(H)MXN3#m09Gn5gyXIdG>!~kzmB`*B+IzWgxn93$pqfxnaanV^ zQ~RwK9=0OTa?3{3#Xls?)6;W+-R{K0(BzoR=kbTuKb!v+Lx{&T&QAl}h85pNGNz*T znj)LVG{8!k0L+w6%CJdvsr7vJo5=az$Pf-B$W{TE7gY$no!q`l zcyaS$@E;F6{kH?$28ci-&aj;VMhWzy1GaFuXG5zwrFeP9Im0A2*e3Gu%)Cflz;qe$ z$Cjaebo4>%C}on6uTp?fix1QACREf)kj*VW()|%4o9x4C?VqHNc8HX)ugq}HSl-wh zr=uHfE@DMxQS`raVAiyaG*RMRdiIjt!KtU-V-Ujh0;8M@==n_Lf*_Xy>Z$B)3NRl$ zz6)DgH_8INSLwmSHcK=eHN(ZlG~$fAGgu9`teui(WE@j&tq+)~24GC!l&<>90_qDF zL`X+%Y+i2&JF*4mjo_Abp8_t^`VYT20D<^uPAUDjny^q4ait6Y4>5rvwgLa$F8kpQ zAyldY<@d}d6DY*t(VPFI#;(%;L?JzI#1K-Cxq(`FX;kyo`D6c{Xfu7m2#_StaHNY| z$wxv8oJcY`F*B}%LkpW5Drq}MHRFj~aix~U0=SvAwg(v}=7WR^jf}`3wPm2koer=5 zt7Xr*=Syo%orp4hGNzGq259t(lKm6itW{Z_=heSxM7D1@Qfj7D0F$cEedcSKmVrN% zATTIh%71)m(9M-|z+6~Z((ZR6tfw5c8&Ehhnf51g3Y-JC8~moVYDV2jB9{~I_W~gk zqqn~he?IK>Kxi8i#Q#9!)GNI;3zRv4ZEgaIP#B8JSCE%&CZ-a;Jdl1Y7Z$RLBwVd6Uy-8F~%1-5(w5vAuj^vNn1qdY*U;7Dp zSA80ZA>T8EPR%mE4Xc z@y~GY(@y|8o0>Z5cp1hxV*U^1vQReq7U-{js>a_5jQ9Vw#dX=~4g6`cQr>$2@aT`- zadqK(#!6krF}?uHQW(?fe ztKIxW)qfXRim4XX#d{^JlqVK#N8 z&&;Dl_$PAcD)L^fSHENSV0m8IQ_~b6S?7@Qh7Opy5$*rNJ0T@{{W(9&@lA!Q79hCn z`R|a7ObqO|of5CI>#B)1n8cIdRM%MnZfaT1nba#^y*SXHgKrKA*xgzzeo?5x zNXL;E=HE8J?3?|vN!sayc?qWLP$pX=b4(${PxKmD&` z=0}0MKQ&Vita4qF1hB1&k(_D^AlV1c`roNKgZZJ`wctR!yFaj{sI`I>Lqb5*@sE8N z{L-R-%Kq~l*Z}6V;_OFbUV<`K-(AuMED2EG@Q|u?n2snAVzTq`YdiErB0Ky=O*|~9 z@{nOF(EYGe9@sWKdm*A9T={r2Gd_dZ97gjgiS|bqqSw=jz zr&M9o0lx#mz!0MQ5ic5n^s7jQp;w=wveQ%SGNK!;{k(C+B~tw1&i`9}4siEO2@PIS z&7l?IA?0TFU@o0e~Nwfm|gLksW$-$HAbPZ6*H-kjkO4oRL-mBp3ms@p#P~Y&7tvC>pVwbN(`&_oalkr~YfTYYpkfB*-QhR0tOtJ-W3TNyXacP# zDTuoX0xjn+{xUbUqRl};hsa;%I(9ETz0y&n+iwD;s|h9~5(1F4AAK3-P(!pQBBFLC z-$`%rQm#DPT?9n2$`gTP51p(Yp^rCaY(u)KaoA4aa$nUwwhq^7nVzzn{+$J+z6s(r zEM3`_-6o_GdzGr-!Zu>X9U96tk~kenQ`QjDmfX`A-D@&)YGs}nm?&%>JCM`!@j3^X zgaO8>aX|H|_0j+hQM0?Kf383r@!Htu(G$t1&Y}W5IBi2jH@57`-33KJ%#`A=sQl!c z0Z{nWf`#EHd473N~Z3Es=s zhqf|4dH<{kV_B{8QF`>r3Qpp1V=6i>aAze~>}INlxC}uad)NT2UX=5Xng4sf2Cln; zsPcPS?4MOMB+PX8)aVrJWINEQx8TL+>{7oiD)j;JV@B9MKdc!8Y95#Plg(S%Z%NQi z9H|EldULe>Wmm#b@TEx@UXvhdzBs|cGx8eHPG4wO4FKCD${v-cRM z^pL{&sT9@uUaT^f-(xmJ;{umX7SvGzj2?OjFx?RM33>UD0Oe6+=S91BVZ*X|x|lwb z41ejDsw8O(0yaIQR3mDl@4@(JxLdH&ODK86wuSVf3p;xTR1zc68(~Zr0R{Hne z6v~rV=jI0*>N_;p8B)3iuAcj<{w!m8n-M{V9tZF5y7fx$0W{{0=tCRu-cM0K5O{@d z7o~UQ+UqOH1!#mlNx&GWRDBm**CIahC8c zfFazIT%;&@E%L`W^(YX70{+<_slnoUbAdbde*!YJe96FGLFTRIjcbO#;SAA@pSJ&m zGx8uIpGI=|?OdSsl+t;ZjDsdAyZn}d42+TmX9oZdgZu503rbo-_VYq9P%m@MUH~x> z45P$ib$EZx$)X9FLy72xRM6vRTrx=JzyZM?Lgc(Lb@I3I{Mc0cgC}+^Va`C)n^S`+ zaudo$yfPFizewU^sen3f!r-tSim;W_IaQRROx`nQS(ulETgFXzD?`~z4HBmM zdeupcI$Ha!j>8J)m$x{rfwjp&y?zMV3E$_ZYM7gAp_38yOTE);bRK3l!-Le;r%eXn z`}nSY-wT9Jn1R8Zk-7#%H6VV#?!8d3S8^UMHJekO9eTq%vy1J?(%b_5r8mKRqK#D* z2-&;_gby^^Jv(VZRqPvOweNSxfQq?8@4T*t#n^3EI7`>9ciBE2$^;5R21rxc%u4){ zxrps=c5F3i!fgi|PkY%N!SiHn!YDD}Rh$J?|*cwv3rlAp-~ z+^fyWjg5H2zFCZK#}H5q`9(M^C8Fg4il+f!kS3zSaY?YHY*JK_^}iz}oTuemXn#T_2HRfYtASJrYNw@}kyWnwP3YGnE%>YOMzc*R zpfHoGx*d7^}->uKhZ))8_cre}zl5@9<0}hVd81&%jIRv@Zg2F0U)5N6rlD zZe@&sp?8S>?A+3(W$+iA@eV-|8;$&KmQG9cy)P!I70E@5pOTjcqt1jpII=tPXvY(E zLGdL|%x-rL_?+R#&q>Ma50hUGIPY$dEuAhFB`u)(PQ1hz0Y zpqqyI>Z*06=dCb?`EHHY+0TdvId{x>J8J{kNuHjul`Bu9(`(#&>%cuMfI^pial3@m zA@wQCw|)bXCQ9PApDpjbkt~VBvZukhLbWTW=ZwY|be<1eZ#6+_mKKcI>Qa7D87N(9 z@-L8(2Eb%oG!qCMJ6wekcltL6&nkPUoKUnfv@!!plW z$GFRv%@zJmkvJ`|?32z}n1s99E$R8_SE*KKrqE>@DO4Zi;5>*%Roi)wq>QV2g||Zs zeIiPvBlm*g5qL)aO+Th|6fn;S37Xa1rLI2qBH4E0#uN)+gZ+_VQFmNV6P%7Vf^pzs7u7|ar8iCwj zz_*s2m?P+_&c`vHsJLMkA8*lS((5f6{5L)kq`&4txYc zVY{EJ!M82bT*pn-wEzeF1+CWf{Bq(-bgbkJJy^@Y$TaaB!ta~c?_Tk63&4q*2V~4y z#OAc@4`#MnIFNGkcttGhh{ww2Ow=k*a6{R6C&38hyvhhiELjU6DvY5?uLGssvkrz2 z|K3P_2Jqao;_}uA9oD>K{I|314;^CeE4uubz2!Z)gIeN{aXeKZC$7%%;zdB80>tMc ze2u#AY_XVcWN+Xf`r?ZE<)VPf`G@0{g}y>M*eE%8>L~!Wk$|S2>&22}l z*s52U*XRJ3Vcc$ara+ZMWYb|SpyFkfU!a=)3%K|&@DJcZV&)fsCNa_02=|rKPq<6| z23+L%pLZTm<|=a1;W4yNc94smj^TaU?<;4S{VSvA1`6I0(NuRMG|ai!H~oOj(u!k7 zMEYyu=fm_yJir2ERm%DvcJ>-9}Q?3Nx5uejyAR#%72uARe7q{auR zMHL5u`oi30S}L}mmbm@QUp>`!xhrRNuhD8E+Aq*Q{6WeLS6m8MApizK&od7#cnkCq zuIr`H&qWC+H-rqYaa^5_&l4fQ8o46C&)9!`P?8q=&7f*ZFXbHf9fiDnl`>-v*2Pwz z@MG!u!qosf8o(Ywt8mrtxHpf#zi&#^BPme2Vko%c&{C>@?EHp(EB1?57j-xHF#4n5 z*oeKkQ^w2BBCP_KE&+^UcOL5{xcH^T(;OSXBtKW^Fb2epKmuB{@74t+3tSC=d|!4X z__%eO6x%_h!mi*Iw~(S|8mTGk^Yw}umD_%%AE%Av5e-`3p1mh{77i9HZ=q9xZ0yV= zaIb2A1F?l=1!+1+&sgXYHh|jj=HtO%NZEuZ=HIjd_E`T3Y4Gs|OB;6vq|Q6(w8OR3 zA{1t5#k>Mhoi@@R+hhz*@7uD*)RH7d2mS?Vn5t-F2iaRrjNv+4&$50)HDmG& zXi&9rq%zD&M)5B~<0GwCT96tW5x|=FgnXl2E;mw=8A9*pB=lNJr!W0)ga#w=;E~ut z-c4(lN4orYRjmV{&{fN?`ABbO-qHk3s6vDuQ;w;;)8hKp$asRy%6@mrG(RW)+GGh{ zf=s78aWO={42sQ8P3>E^nb#iU^Lg2FQ%kqVU|jn{HM^31rQ5ok(Zmlh*WD$Wue(S- zqA;tbR}&KG8B2TcT3~fK5xagoT-1sCcckLu(i2Emz&Hhj9)8&q(OvVefZg%6*UKWy zr^l)Jh!wz5#apD4YTw(T@5zi{f&Q5L9n&k-{{u`xNtn)2dx#e9_YR9#hIM2=twH*f z-27S487s08*&Oc8momKwwrqjf<>zG6o^O`2K+siNK|=eW#f1u^e4 zVtLiLP*Eo^l{_8BXV9GvgaJ@$F1(qxISjORgKy0XZ7TCc17CB z!x0eWLtVZ#N{&Vf_)F96eE9zQ_)N(zs^rsVM+5t$m$Hf2@H5gRiCpC5+QIt@c3yWu zmiK>zJ$UDWl_Lr>tw!<$OEO%|=jE?>`B~&_9HKiFj3DP3d$O?QEC9p}dSurmm4Q z!W%TY@QxJaDefAs(|Q9@C&tGC^G3O3HXv?(aq7`8>}X!PO+LO$}Q^X=Irn9t24ru{IH=U`rU zp17JN^va9i>r^}yf5C7(c$a)2`NvO<^#giR9$cTCzkB;;6dFJzL{|0U<}$k#Tx4Hi zbv_^!b6~$DzdU-GKpIzTg4YOiMwLa-MEn%^+bk&py{)ZuZnHYYz&tT{= zZT)k41FtW6x>GDD2)E(&yzAQ-CA(O8B}Rcj3%zU|{Fr6H9qUwe7&h+}ip5F+> zmuh>`KT|#4N3yW1ENgPc`QXh@m-Ie5ZV3Om3%WRK2NdQTwuvh83xNo7)lJy4{?AYH zT%3XsQe5Fg?Fq(1>_msZrBpPo;DLJ-n>nK_Aoy8pGoJx2CcnysOwYCHB)&n!yG_J8 zk=b(~m2VA&G?SsOjF(Hh9Jw9MuFNXSYaCX!<5J!TJ9>gq)K>0+Z>X%aBAeCh2}lMq zdnX-v2wjvh#Fw)mJ@BpHHW&|@QsjQ9NNCgtdtfAfa)EZ8f2B_o5NW0%?>i*ed4^MG zM7{rHI}Rugul#A#U(|FV2986xVmOMK+&0~B`Cx2fd}kALXG_(%qEqs+aSyxp<5D}I z#i9^tLSIdcJ-_2hqB{MK(e(As&nd|>d(iZJf6{%=|M=uyiq3olevcq$$G_2*?r6_ zU~s7M0stF9hxAjJfx&z`8*PXo`>y&PS%Pb20E_=@VMX0#N=K0}_sYye-Ni>w0I*SPjnj`Ukt*)=mnvAQb82R(FOS}( zx8@Jns~jl%Qr&X&o(Xiy*Y@9CdtzkusE!LnPSN)_6?FffqEns+n=VuaM)lqh6u_VT z=_BBe$+{!e`|1;lH7i{WyFk|3ksEm^tW873KgqgNr$te&z+v`_rgRLZKmWi1R`H!l zU~{6Xpzo@CU94(X3E4_nJI`v0;(_;f`XwX4Q>g~hUBO;i{2Mx$((MP{=!qMl(gt{f8c?OF#_u@exL{j>$}F{?YiO#Cjb`Pr*C zr!f(zWcN7Q5sKvS5Xl5!R}9H>W|2DF0y2bt0SR3JQWq58HM9NzWRm5qBh2DJ1CR8S z)d(W<)h6S`caa9$7z;krh(w(Zu_?>3iOq;;pUcvQtN$a5=7KTzof=g67tWpbLs;eb zqw-!b_i^Zc>INVO|DL2@_5yH(A$0C1!4o&!*f$W^?(YTBP*{)M+@A=i9+hKuvsv^f zzYaOFX0e8@R>749IZ~(3hl}^i8v1^ml^CSN(unSDpag4XvIm=?7fVVlqd?@*GgGNc zKy>fP00+##z;9P~U_5YRM+~WN5!TnDP}3Q!AO;Fg?ls>bq+(pw&jOHpTa;1l>2^s< z@E4Oa+x~*?I&2BGfceE7P40{%v#Yr6#ssw{Sh033s$~l(BNK7Gc!AMsi%40}xc~g` zshMv!=#QzTlUIe>t-}{zR7aZ(`N;ZeqmkURLptm%^WO;hPHJl+2tSHYUa4AWr-)E6 ztDW>>OU2LX$wqN{FZWi4NFBa%OD{=2eCCrYy)vX&&n~nZ0($<+U(SgCr;93LvWEMM z$$t7E&;c)H|EVp1A|O6Y!K_4ZPhesya!i3U)z@bg#2K@y;&aDIVe>C2rA$AF&R#jI8Y3B7Q4m*1Av){PtLe8^Md*BP@qa~Z>Ib{#H&}^ zgvCt}CNp-?gEriLx7fgn<(GwpbOEkt%)B@TF?SIl!@+lGDQ7Whb8%6dOQ;pN<2=-; zD(KTKq9U=f-}!)Wl8=4eXJ6F}jTy=Vm#|CV?{qCls;a&CeiMWu2Z@SS&NvO15|9h* z7NFu2;`DFq#u^@kArAy`H+H$+Fr1>~9Q z@}MWb+Nx$}s1%E{eB3znA_H8v%@y(zrmgqBY{DSav8K8@-ndE2C2g&hdAABw8w3^J z_(;5A@P1nnz(LB64?8>uNOp*>&UFlWY`zii{(*F(12gX0^H2!=IdK;eOCCSnuopQ` zY|=npxf1t$cg7QT`i4aV^Y%X)=0Fl*G191hMtH6Q@Zj>(?E4y$C`P_UIOyFBXieN{ z!hjVhmg(6$7oQ1ng#guw1L#f&O8g$6;Clp*jIZ4g;cIC;6je?g*aHS)J3?BCR zD$PY>c)7uj>t18Z`uS~>i~C9@Gq&grMPogVhZx1D8Vfhdu#6O=z@tc(lc$}=KzSFW zW&vkt|LkANxVKP?W;xE-*WfRmeg@Y~I0fTaiGM*?7l=wsW1VSUSL+UrEN=ZKQr=7SclqN{IfycN6#U&>ytb3+Rr~ZUsNdU&sS8#wdpy_*j#(F z4?c@d{A2Al#!2WdL&_zoF^kHzKotlCv9`G1m?M7IsvKF|#1*Ai?bL*VIHlGbba+N< zJRld@0p!!f;{i;Qd`Z5?f&otVlA=d#aT7IJ8vZhfj8)A@x1CqD$r|B@ed9O2-0ul8^Vq>IORlZ~ zarkP6nXgsgW|#cq!B#d+(iV0Tzty3e_jb)~S48^VHb7O_SD-5lG!neopdKqeetWFA zHVX3@sLbQN_P>CzR_Ei6tThK_KNoJ_zO8t$8`1=9-fDE%17!02vacY5)W^zb`-9Aj zwz%x*U>)7e`m5OMyH2-as?$yHsb~AvEvwd|vV^+c2~U69=u$hRcXh@g=*YobRfT&1 zXUgtO3+6l4UaOkWR2?*H*;zt$(-n;xfFXq~h`M4>tkC#sr;Owb7kF7%`~yeZ9JO9u zteO5~VEo3tL;JPyWG*EO@vbeq)Zc*UMI!Fmrw6>e>g+;K>Nll~MM5+R$8{MFcWq#z)K*{3 zHvp;Z=4W9_h1S1Z20BGZcnqjkQn1wrDkotZ{=<4drl$6Sx4jdp5rZNc>V{6GU$kqD_=V) zn}i1#1u8YV2GTKtOltVmP4dTgFCfku1Y45>j8ycG5*u`AcDvn$6}unCQx#vHC%nwQ z*PCtS|9b{%WH0ddb5ZQF9(Zbv1QW54Bm?^4Q=L5&MAMG&6fUCP?|5Tgo&#mbOBU4l zeqzfjxZlYj3*19=C`Gy><0UetDI03>-!|gt!#X;%hwbUGuUGO7iZd~Qvk~I_$Pt&Y zcNh@=$FEgq0w2WN?xYJnp13uqlBpjRT26H^sMdR6&7ln;K=?S(IeXsUcv;?3 zM9I}FYh!kzdtUDaVC`UCrR*|{Tw|VwzL*qU5gk6vNJ@P8nbxHPdEbSOWs-Vg1{bvI zSvYE=G39Zwy^4OU`tn{7^;FfizDtwhp^u$O!duuvcoR}i-L>v@^>*G(*ULI^v zP8Q?Sjs;UqEo%PGgYT1bcIibO!!7!Q$HGdeSU`*VPQ`TS_h+E+al#fGoaK*n(eJWJ zp|FSvrvUzHn0CoXQmH=I1;+4z z!rChqjF){qjdxNFF2X*LmDi_jP7G*+3*EO?Z|o=7#M5UlW8iRm%US+O4c9R1@$F2$ zESBi)oODqm8w5IwDH;Q1XHxoNt+*`n#@dX48RqVI{g_83kbmO1Px7_xa$eDoiZtHc zyELv^Lx*_!8t{y%P?Lr3)P=(L`uD612Ne)SHLL5a+8PO?Kn3^pvMRg@aM(a7P@tQ`7BLcnEK%&5t>;32999LnsfOM+0 z@?eUkzipSc{q}4(vp=1m5WcuAIM_!-a3B`rn**Uq#Tc^6y^+zE`ly&5g;xmQCt1K< z#ZElo>kb$R-hNN0h*>i$-oFl-gu)nqmebaqs?SdI`0#v>;zVu38nnV5q%Gx2n+kqd@*VNLc}#c;r4;c{A%zxhxvz_TBpy)p8^MwFw&i|Y9!!?8 zP`wKXQg~EdwxNCMLBExR>Y3@*!yWPszOhE7I+E`|axFyH+8?tZ9a?jY>Ho;lKOwQ< zZx`Fnt*GjJDW};x@RS=;!&4n)KT@?&QHC^UAj>eKWHh)QhS}p67ecxUQYDby@v;j2 znnoRKqg6$Z|1ICl;>NB`jrWr#uPb|1eX2&@&3}$z9?4qUmOC(CZ?sU*R1)8{bptEv!Rg>=IIZLJwoU2MP~ggna&hVNNR3aiNs9q=Pu! z95uP?=N5JP@P90TBityM9bb!5LnfqXls@vPkE+DC37z(|D$fy+>taEX0wmr0C}TXM znSTR3+)Wb0*y7-E67v|uF__%&{c7?0NXC8rcL9z6UM45Ra$`0hF}*lt3h)o?x{qjT zc+_OEbk67d&uK35hz5?(rg<5&{%xj?9 zXV-{xvVZg?G;oH9ab9q>$jHhK(5?VHl;I!tbPFl?tNI`8VyZ!1-HxBu)xp^64;Pug ziWE)ffD(luJqpjH)m?i(97Z?KvjPFu;g=hlU7)c#cU;PcK4_x@^<4*VuP;-Z9p=gn zI7&_x9#iEDsA%Ku6LTu+a_HLEBCbu1n`myeZN6()soUF$--p=8Dw`376#W!E$_!yk3T5o zV~);6Uof`2$xqWQnUZ=1HU?|9*sxSzR~yzdSJca6nJ~Ks7pAHF;DF~Xn@B;~z?hA* z&K1~>4g$VYL$1^`&GpIQ^XI;%jD$c4N4H3Si*Dd5q} zT!l`%=S}xC;TLd%233t2PPK(c#j$O*#6V>eI5jCCzy$pvTuw-ySn{t!mP`*)u!V)q zBhHI+pL1-XYnG<<9rQ7coiTq(F zD}t(Gxq971FkOXYCBUMMI-nXf*`0^AAt0YPR3WXjf+yMgg[iUq)6D{(+83<;hP zer24`;ZAwrWl4GTKZUFU=D)eb9)b3W(YP9onG7{D<+1lvak&E1EHZa1uk7`{V{{U@ zm4F2^F|gIiHj31a4;C8>{bUR|yn$bkI1Eu_qZcdFQRGaK*QdltJCj_Y70RSvJLxCS z5v>KDe`ROwRYYCVi@5y;C0v$D$YFP@l~butNj_?HfgVZREFxv;x|lv@h_eu9Nr# zGJl5`YTg}jTYgkbc>%wo8Rgwu8BRS1PU?wSUlQKr^x)3}qgnR2W!*qqwl}(3Xlqt{ z#2(U?1wOW?Zb#GlDnl&77iL5V=yGGoM9*SUxg!1G2|eB^W8Xc7z=E6!KeIkR7&LMxf_4 zr<+Mjo*V@+hbgel@aeZ(J-ob1tf4EYT>Q+rb7PYgQ`JL|f#-ck8U8y3 z))e0{iu@?|&*9K&^6#y^T6+=jn|Vg&wG{%3Cc0$EmfmaqQ=bjZ7q_PJ(5!vqDu(+u zqh~dM7EsDzGhagL*!jdmfr8O#sQ;u+TEFhQr6gNz8~tZ~)5DNyE4sbCIlDm-I4GwNeAmZGJmkPA%`XPb@?g9jJ#$w5{${Ij;Mth<&zco}sA^g?@|!n2N>=GhNhTgbfB zVIFgqIM}ML&3SxL?keW_oO4$4Y*}AhC7E|7lF~Ee!J5%kI#Nf@QK3vy%g}KLc>N>D zZ+$VN^~$mC4SgundaB0F)@fO-(v;bCIljniFkGd7_;$s@;_ z=~-LTuFu+NxW(m>&ooH!fUP#V%3S99s!!zhBZIahJSIxzVak96Hm4g`hdw%{BU2FI zS~u}~&4g!}Q?d&@SbfhYvytFUBGI}Lrla(wJaoN;d2Ez^5ZQ80q9jw`y9d++Q zKmhTMq-lGE))dq(@UcltR8BYwx{%H)PzQ#c;jE0baptXyN`joQEIoU*T$)6zLh1_B zg^Bg9iMXTr4sEJwZ3VPJV(qc;;t^s~g7acMsv&eTF~L2}zhsdU7M$*({<4p#`+@Z| z&arj4CC#nZpW|5f&^>J{IkUlHqXSNwXXk_+VfpZ{Rwa;LkJslfswwl}v9&}={nkVZ zaX2sSz*}TvL=e@gO(#Vh^x+j^5|#oKuRX_976DavM|gi8Zb%^^naS0Q-|7#|cT@{A z6)^90(t%JCq9v-fPeJkGEb#~~61^wyrQ^Q%+$X9vgvAq(u0 zbuWSlKmy%9)@RcC7JZcK;JMbU>lT^H3w7>ooSOW1Rd2QBJMHcMo|)`(2zI zoR#LMf{Iy!w!1mYf9smUJb7ku!mxEfVbZKFa4To1YFHsl_zVYo z3vlmPaG|s&YN7DtzH+DdG>7&?8~kW;8YOY-Sm2zbz@mO)0oTKzHO1#&Z{Fm^XZjH5 z%g8OQeoi-xh7RiQQ>nAkHC%{(R9L|t5a?vjDa3qh02s+A${{VO#r_d4%W0!Zz1z{= zN^ao>DP&3-)(jyOlg(P43harT@o-9} z-+YX!fO1JC%-s@f49V;4!PAOD*k`Sh$5Oimw_63KBYuK&J5X_mF=60bct|G-k<-K` z%w2_t4Fwi@D;y%1#w_5?6Tw?Sf5GbUpR>YQ`yM~}mT0;flFW#fh@f+GQ4%vm>x%3Q zessd#wD#l?I{v5#YzZ~_Oa-KLt}UQN+mE*a5pVDMgT{3y~7?r*<}TOQ#(+W7u_PfHo$&@-Px;iKj6P2)4$0!z$g z6%;k$JTAvo{1U9kBuyv0o#2E%d-g0AE#PZ91hd;ya@)e8}pQ7e72KKi-Y&5PhZJ`@3O=KO7@nB3&gQHnmA|y6|lj{uza_j(LpZw#r zdY{ex^hW7BAXM0x0ZHh7EX^x^K5i5?_%SjRzGB1vKUwkD0s>)lSel2+`f-|=li+n0 zfnXQK14H46ooA1s3&tb&fxhy+3B89?^V_DD#iEiZ>Js%M{^m1d$qmh9%Hkn54&>y4}tbpjXMkHNc}8csow2>t)d2XU$*85*BexGSxM z-3T7UZ}31Bo(U%xbYRlF%-+0}Y#$lNQX9VS1MJjwRt%q{bK@rd;Zy966^}RbP>;Bd z{Ewt0C-B|mlq91KCuO9SNPS;%=P@TIi!&^Wlywt7!AM_l7PiW9iXzuyP z`#!FWll#i`OC(@e#4@3^J@nSj?|ZT8%hE&QRm9Tt7Pjqg-|vkpgg!r@{iPG%C)WSn l7!3B`a|VO`-{=~vFQ1ltnEp2766j$t{j(-#@TV@_{2u|fa!LRI literal 0 HcmV?d00001 From 6ac7a42ccafe50dff80dde5237936778123000ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Sat, 31 Jan 2026 23:33:39 +0100 Subject: [PATCH 07/43] Require ext-zip in composer.json --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index f7a181a8..36e510c9 100644 --- a/composer.json +++ b/composer.json @@ -11,6 +11,7 @@ "ext-intl": "*", "ext-json": "*", "ext-mbstring": "*", + "ext-zip": "*", "amphp/http-client": "^5.1", "api-platform/doctrine-orm": "^4.1", "api-platform/json-api": "^4.0.0", @@ -95,7 +96,7 @@ "twig/intl-extra": "^3.8", "twig/markdown-extra": "^3.8", "twig/string-extra": "^3.8", - "web-auth/webauthn-symfony-bundle": "^5.0.0" + "web-auth/webauthn-symfony-bundle": "^5.0.0", }, "require-dev": { "dama/doctrine-test-bundle": "^v8.0.0", From a78ca675b33d47d80ad9d236dae5aec04acdee1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Sat, 31 Jan 2026 23:36:09 +0100 Subject: [PATCH 08/43] Install dev dependencies when updating a debug mode instance Otherwise we run into an error message that web profiler does not exist --- src/Services/System/UpdateExecutor.php | 29 +++++++++++++++++++------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 837cde4c..a34e620b 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -53,7 +53,10 @@ class UpdateExecutor private readonly LoggerInterface $logger, private readonly Filesystem $filesystem, private readonly InstallationTypeDetector $installationTypeDetector, private readonly VersionManagerInterface $versionManager, - private readonly EntityManagerInterface $entityManager) + private readonly EntityManagerInterface $entityManager, + #[Autowire(param: 'app.debug_mode')] + private readonly bool $debugMode = false + ) { } @@ -361,13 +364,23 @@ class UpdateExecutor // Step 7: Install dependencies $stepStart = microtime(true); - $this->runCommand([ - 'composer', 'install', - '--no-dev', - '--optimize-autoloader', - '--no-interaction', - '--no-progress', - ], 'Install dependencies', 600); + if ($this->debugMode) { + $this->runCommand([ //Install with dev dependencies in debug mode + 'composer', + 'install', + '--no-interaction', + '--no-progress', + ], 'Install dependencies', 600); + } else { + $this->runCommand([ + 'composer', + 'install', + '--no-dev', + '--optimize-autoloader', + '--no-interaction', + '--no-progress', + ], 'Install dependencies', 600); + } $log('composer', 'Installed/updated dependencies', true, microtime(true) - $stepStart); // Step 8: Run database migrations From 0eba4738ed6473afd3d69d97e1be3b93445ab1d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Sat, 31 Jan 2026 23:38:38 +0100 Subject: [PATCH 09/43] Fixed composer.json formatting --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 36e510c9..8ce686c2 100644 --- a/composer.json +++ b/composer.json @@ -96,7 +96,7 @@ "twig/intl-extra": "^3.8", "twig/markdown-extra": "^3.8", "twig/string-extra": "^3.8", - "web-auth/webauthn-symfony-bundle": "^5.0.0", + "web-auth/webauthn-symfony-bundle": "^5.0.0" }, "require-dev": { "dama/doctrine-test-bundle": "^v8.0.0", From 10c192edd1697929e50bb52cfb83a50263c341dd Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Sun, 1 Feb 2026 19:17:22 +0100 Subject: [PATCH 10/43] Address PR feedback: add yarn build, env vars, and BackupManager Changes based on maintainer feedback from PR #1217: 1. Add yarn install/build steps to update process - Added yarn availability check in validateUpdatePreconditions - Added yarn install and yarn build steps after composer install - Added yarn rebuild to rollback process - Updated total steps count from 12 to 14 2. Add environment variables to disable web features - DISABLE_WEB_UPDATES: Completely disable web-based updates - DISABLE_BACKUP_RESTORE: Disable backup restore from web UI - Added checks in controller and template 3. Extract BackupManager service - New service handles backup creation, listing, details, and restoration - UpdateExecutor now delegates backup operations to BackupManager - Cleaner separation of concerns for future reuse 4. Merge upstream/master and resolve translation conflicts - Added Conrad info provider and generic web provider translations - Kept Update Manager translations --- .env | 11 + src/Controller/UpdateManagerController.php | 36 +- src/Services/System/BackupManager.php | 487 ++++++++++++++++++ src/Services/System/UpdateExecutor.php | 371 +++---------- .../admin/update_manager/index.html.twig | 23 +- translations/messages.en.xlf | 18 + 6 files changed, 653 insertions(+), 293 deletions(-) create mode 100644 src/Services/System/BackupManager.php diff --git a/.env b/.env index 9a6ce846..3196241b 100644 --- a/.env +++ b/.env @@ -59,6 +59,17 @@ ERROR_PAGE_ADMIN_EMAIL='' # If this is set to true, solutions to common problems are shown on error pages. Disable this, if you do not want your users to see them... ERROR_PAGE_SHOW_HELP=1 +################################################################################### +# Update Manager settings +################################################################################### + +# Set this to 1 to completely disable web-based updates, regardless of user permissions. +# Use this if you prefer to manage updates through your own deployment process. +DISABLE_WEB_UPDATES=0 + +# Set this to 1 to disable the backup restore feature from the web UI. +# Restoring backups is a destructive operation that could cause data loss. +DISABLE_BACKUP_RESTORE=0 ################################################################################### # SAML Single sign on-settings diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php index 8455516a..b247cb38 100644 --- a/src/Controller/UpdateManagerController.php +++ b/src/Controller/UpdateManagerController.php @@ -27,9 +27,11 @@ use App\Services\System\UpdateChecker; use App\Services\System\UpdateExecutor; use Shivas\VersioningBundle\Service\VersionManagerInterface; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; +use Symfony\Component\DependencyInjection\Attribute\Autowire; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\Routing\Attribute\Route; /** @@ -41,11 +43,35 @@ use Symfony\Component\Routing\Attribute\Route; #[Route('/admin/update-manager')] class UpdateManagerController extends AbstractController { - public function __construct(private readonly UpdateChecker $updateChecker, + public function __construct( + private readonly UpdateChecker $updateChecker, private readonly UpdateExecutor $updateExecutor, - private readonly VersionManagerInterface $versionManager) - { + private readonly VersionManagerInterface $versionManager, + #[Autowire(env: 'bool:DISABLE_WEB_UPDATES')] + private readonly bool $webUpdatesDisabled = false, + #[Autowire(env: 'bool:DISABLE_BACKUP_RESTORE')] + private readonly bool $backupRestoreDisabled = false, + ) { + } + /** + * Check if web updates are disabled and throw exception if so. + */ + private function denyIfWebUpdatesDisabled(): void + { + if ($this->webUpdatesDisabled) { + throw new AccessDeniedHttpException('Web-based updates are disabled by server configuration. Please use the CLI command instead.'); + } + } + + /** + * Check if backup restore is disabled and throw exception if so. + */ + private function denyIfBackupRestoreDisabled(): void + { + if ($this->backupRestoreDisabled) { + throw new AccessDeniedHttpException('Backup restore is disabled by server configuration.'); + } } /** @@ -71,6 +97,8 @@ class UpdateManagerController extends AbstractController 'maintenance_info' => $this->updateExecutor->getMaintenanceInfo(), 'update_logs' => $this->updateExecutor->getUpdateLogs(), 'backups' => $this->updateExecutor->getBackups(), + 'web_updates_disabled' => $this->webUpdatesDisabled, + 'backup_restore_disabled' => $this->backupRestoreDisabled, ]); } @@ -177,6 +205,7 @@ class UpdateManagerController extends AbstractController public function startUpdate(Request $request): Response { $this->denyAccessUnlessGranted('@system.manage_updates'); + $this->denyIfWebUpdatesDisabled(); // Validate CSRF token if (!$this->isCsrfTokenValid('update_manager_start', $request->request->get('_token'))) { @@ -290,6 +319,7 @@ class UpdateManagerController extends AbstractController public function restore(Request $request): Response { $this->denyAccessUnlessGranted('@system.manage_updates'); + $this->denyIfBackupRestoreDisabled(); // Validate CSRF token if (!$this->isCsrfTokenValid('update_manager_restore', $request->request->get('_token'))) { diff --git a/src/Services/System/BackupManager.php b/src/Services/System/BackupManager.php new file mode 100644 index 00000000..b646e433 --- /dev/null +++ b/src/Services/System/BackupManager.php @@ -0,0 +1,487 @@ +. + */ + +declare(strict_types=1); + +namespace App\Services\System; + +use Doctrine\ORM\EntityManagerInterface; +use Psr\Log\LoggerInterface; +use Shivas\VersioningBundle\Service\VersionManagerInterface; +use Symfony\Component\DependencyInjection\Attribute\Autowire; +use Symfony\Component\Filesystem\Filesystem; +use Symfony\Component\Process\Process; + +/** + * Manages Part-DB backups: creation, restoration, and listing. + * + * This service handles all backup-related operations and can be used + * by the Update Manager, CLI commands, or other services. + */ +class BackupManager +{ + private const BACKUP_DIR = 'var/backups'; + + public function __construct( + #[Autowire(param: 'kernel.project_dir')] + private readonly string $projectDir, + private readonly LoggerInterface $logger, + private readonly Filesystem $filesystem, + private readonly VersionManagerInterface $versionManager, + private readonly EntityManagerInterface $entityManager, + ) { + } + + /** + * Get the backup directory path. + */ + public function getBackupDir(): string + { + return $this->projectDir . '/' . self::BACKUP_DIR; + } + + /** + * Get the current version string for use in filenames. + */ + private function getCurrentVersionString(): string + { + return $this->versionManager->getVersion()->toString(); + } + + /** + * Create a backup before updating. + * + * @param string|null $targetVersion Optional target version for naming + * @param string|null $prefix Optional prefix for the backup filename + * @return string The path to the created backup file + */ + public function createBackup(?string $targetVersion = null, ?string $prefix = 'backup'): string + { + $backupDir = $this->getBackupDir(); + + if (!is_dir($backupDir)) { + $this->filesystem->mkdir($backupDir, 0755); + } + + $currentVersion = $this->getCurrentVersionString(); + + // Build filename + if ($targetVersion) { + $targetVersionClean = preg_replace('/[^a-zA-Z0-9\.]/', '', $targetVersion); + $backupFile = $backupDir . '/pre-update-v' . $currentVersion . '-to-' . $targetVersionClean . '-' . date('Y-m-d-His') . '.zip'; + } else { + $backupFile = $backupDir . '/' . $prefix . '-v' . $currentVersion . '-' . date('Y-m-d-His') . '.zip'; + } + + $this->runCommand([ + 'php', 'bin/console', 'partdb:backup', + '--full', + '--overwrite', + $backupFile, + ], 'Create backup', 600); + + $this->logger->info('Created backup', ['file' => $backupFile]); + + return $backupFile; + } + + /** + * Get list of backups. + * + * @return array + */ + public function getBackups(): array + { + $backupDir = $this->getBackupDir(); + + if (!is_dir($backupDir)) { + return []; + } + + $backups = []; + foreach (glob($backupDir . '/*.zip') as $backupFile) { + $backups[] = [ + 'file' => basename($backupFile), + 'path' => $backupFile, + 'date' => filemtime($backupFile), + 'size' => filesize($backupFile), + ]; + } + + // Sort by date descending + usort($backups, fn($a, $b) => $b['date'] <=> $a['date']); + + return $backups; + } + + /** + * Get details about a specific backup file. + * + * @param string $filename The backup filename + * @return array|null Backup details or null if not found + */ + public function getBackupDetails(string $filename): ?array + { + $backupDir = $this->getBackupDir(); + $backupPath = $backupDir . '/' . basename($filename); + + if (!file_exists($backupPath) || !str_ends_with($backupPath, '.zip')) { + return null; + } + + // Parse version info from filename: pre-update-v2.5.1-to-v2.5.0-2024-01-30-185400.zip + $info = [ + 'file' => basename($backupPath), + 'path' => $backupPath, + 'date' => filemtime($backupPath), + 'size' => filesize($backupPath), + 'from_version' => null, + 'to_version' => null, + ]; + + if (preg_match('/pre-update-v([\d.]+)-to-v?([\d.]+)-/', $filename, $matches)) { + $info['from_version'] = $matches[1]; + $info['to_version'] = $matches[2]; + } + + // Check what the backup contains by reading the ZIP + try { + $zip = new \ZipArchive(); + if ($zip->open($backupPath) === true) { + $info['contains_database'] = $zip->locateName('database.sql') !== false || $zip->locateName('var/app.db') !== false; + $info['contains_config'] = $zip->locateName('.env.local') !== false || $zip->locateName('config/parameters.yaml') !== false; + $info['contains_attachments'] = $zip->locateName('public/media/') !== false || $zip->locateName('uploads/') !== false; + $zip->close(); + } + } catch (\Exception $e) { + $this->logger->warning('Could not read backup ZIP contents', ['error' => $e->getMessage()]); + } + + return $info; + } + + /** + * Delete a backup file. + * + * @param string $filename The backup filename to delete + * @return bool True if deleted successfully + */ + public function deleteBackup(string $filename): bool + { + $backupDir = $this->getBackupDir(); + $backupPath = $backupDir . '/' . basename($filename); + + if (!file_exists($backupPath) || !str_ends_with($backupPath, '.zip')) { + return false; + } + + try { + $this->filesystem->remove($backupPath); + $this->logger->info('Deleted backup', ['file' => $filename]); + return true; + } catch (\Exception $e) { + $this->logger->error('Failed to delete backup', ['file' => $filename, 'error' => $e->getMessage()]); + return false; + } + } + + /** + * Restore from a backup file. + * + * @param string $filename The backup filename to restore + * @param bool $restoreDatabase Whether to restore the database + * @param bool $restoreConfig Whether to restore config files + * @param bool $restoreAttachments Whether to restore attachments + * @param callable|null $onProgress Callback for progress updates + * @return array{success: bool, steps: array, error: ?string} + */ + public function restoreBackup( + string $filename, + bool $restoreDatabase = true, + bool $restoreConfig = false, + bool $restoreAttachments = false, + ?callable $onProgress = null + ): array { + $steps = []; + $startTime = microtime(true); + + $log = function (string $step, string $message, bool $success, ?float $duration = null) use (&$steps, $onProgress): void { + $entry = [ + 'step' => $step, + 'message' => $message, + 'success' => $success, + 'timestamp' => (new \DateTime())->format('c'), + 'duration' => $duration, + ]; + $steps[] = $entry; + $this->logger->info('[Restore] ' . $step . ': ' . $message, ['success' => $success]); + + if ($onProgress) { + $onProgress($entry); + } + }; + + try { + // Validate backup file + $backupDir = $this->getBackupDir(); + $backupPath = $backupDir . '/' . basename($filename); + + if (!file_exists($backupPath)) { + throw new \RuntimeException('Backup file not found: ' . $filename); + } + + $stepStart = microtime(true); + + // Step 1: Extract backup to temp directory + $tempDir = sys_get_temp_dir() . '/partdb_restore_' . uniqid(); + $this->filesystem->mkdir($tempDir); + + $zip = new \ZipArchive(); + if ($zip->open($backupPath) !== true) { + throw new \RuntimeException('Could not open backup ZIP file'); + } + $zip->extractTo($tempDir); + $zip->close(); + $log('extract', 'Extracted backup to temporary directory', true, microtime(true) - $stepStart); + + // Step 2: Restore database if requested and present + if ($restoreDatabase) { + $stepStart = microtime(true); + $this->restoreDatabaseFromBackup($tempDir); + $log('database', 'Restored database', true, microtime(true) - $stepStart); + } + + // Step 3: Restore config files if requested and present + if ($restoreConfig) { + $stepStart = microtime(true); + $this->restoreConfigFromBackup($tempDir); + $log('config', 'Restored configuration files', true, microtime(true) - $stepStart); + } + + // Step 4: Restore attachments if requested and present + if ($restoreAttachments) { + $stepStart = microtime(true); + $this->restoreAttachmentsFromBackup($tempDir); + $log('attachments', 'Restored attachments', true, microtime(true) - $stepStart); + } + + // Step 5: Clean up temp directory + $stepStart = microtime(true); + $this->filesystem->remove($tempDir); + $log('cleanup', 'Cleaned up temporary files', true, microtime(true) - $stepStart); + + $totalDuration = microtime(true) - $startTime; + $log('complete', sprintf('Restore completed successfully in %.1f seconds', $totalDuration), true); + + return [ + 'success' => true, + 'steps' => $steps, + 'error' => null, + ]; + + } catch (\Throwable $e) { + $this->logger->error('Restore failed: ' . $e->getMessage(), [ + 'exception' => $e, + 'file' => $filename, + ]); + + // Try to clean up + try { + if (isset($tempDir) && is_dir($tempDir)) { + $this->filesystem->remove($tempDir); + } + } catch (\Throwable $cleanupError) { + $this->logger->error('Cleanup after failed restore also failed', ['error' => $cleanupError->getMessage()]); + } + + return [ + 'success' => false, + 'steps' => $steps, + 'error' => $e->getMessage(), + ]; + } + } + + /** + * Restore database from backup. + */ + private function restoreDatabaseFromBackup(string $tempDir): void + { + // Check for SQL dump (MySQL/PostgreSQL) + $sqlFile = $tempDir . '/database.sql'; + if (file_exists($sqlFile)) { + // Import SQL using mysql/psql command directly + // First, get database connection params from Doctrine + $connection = $this->entityManager->getConnection(); + $params = $connection->getParams(); + $platform = $connection->getDatabasePlatform(); + + if ($platform instanceof \Doctrine\DBAL\Platforms\AbstractMySQLPlatform) { + // Use mysql command to import - need to use shell to handle input redirection + $mysqlCmd = 'mysql'; + if (isset($params['host'])) { + $mysqlCmd .= ' -h ' . escapeshellarg($params['host']); + } + if (isset($params['port'])) { + $mysqlCmd .= ' -P ' . escapeshellarg((string)$params['port']); + } + if (isset($params['user'])) { + $mysqlCmd .= ' -u ' . escapeshellarg($params['user']); + } + if (isset($params['password']) && $params['password']) { + $mysqlCmd .= ' -p' . escapeshellarg($params['password']); + } + if (isset($params['dbname'])) { + $mysqlCmd .= ' ' . escapeshellarg($params['dbname']); + } + $mysqlCmd .= ' < ' . escapeshellarg($sqlFile); + + // Execute using shell + $process = Process::fromShellCommandline($mysqlCmd, $this->projectDir, null, null, 300); + $process->run(); + + if (!$process->isSuccessful()) { + throw new \RuntimeException('MySQL import failed: ' . $process->getErrorOutput()); + } + } elseif ($platform instanceof \Doctrine\DBAL\Platforms\PostgreSQLPlatform) { + // Use psql command to import + $psqlCmd = 'psql'; + if (isset($params['host'])) { + $psqlCmd .= ' -h ' . escapeshellarg($params['host']); + } + if (isset($params['port'])) { + $psqlCmd .= ' -p ' . escapeshellarg((string)$params['port']); + } + if (isset($params['user'])) { + $psqlCmd .= ' -U ' . escapeshellarg($params['user']); + } + if (isset($params['dbname'])) { + $psqlCmd .= ' -d ' . escapeshellarg($params['dbname']); + } + $psqlCmd .= ' -f ' . escapeshellarg($sqlFile); + + // Set PGPASSWORD environment variable if password is provided + $env = null; + if (isset($params['password']) && $params['password']) { + $env = ['PGPASSWORD' => $params['password']]; + } + + // Execute using shell + $process = Process::fromShellCommandline($psqlCmd, $this->projectDir, $env, null, 300); + $process->run(); + + if (!$process->isSuccessful()) { + throw new \RuntimeException('PostgreSQL import failed: ' . $process->getErrorOutput()); + } + } else { + throw new \RuntimeException('Unsupported database platform for restore'); + } + + return; + } + + // Check for SQLite database file + $sqliteFile = $tempDir . '/var/app.db'; + if (file_exists($sqliteFile)) { + $targetDb = $this->projectDir . '/var/app.db'; + $this->filesystem->copy($sqliteFile, $targetDb, true); + return; + } + + $this->logger->warning('No database found in backup'); + } + + /** + * Restore config files from backup. + */ + private function restoreConfigFromBackup(string $tempDir): void + { + // Restore .env.local + $envLocal = $tempDir . '/.env.local'; + if (file_exists($envLocal)) { + $this->filesystem->copy($envLocal, $this->projectDir . '/.env.local', true); + } + + // Restore config/parameters.yaml + $parametersYaml = $tempDir . '/config/parameters.yaml'; + if (file_exists($parametersYaml)) { + $this->filesystem->copy($parametersYaml, $this->projectDir . '/config/parameters.yaml', true); + } + + // Restore config/banner.md + $bannerMd = $tempDir . '/config/banner.md'; + if (file_exists($bannerMd)) { + $this->filesystem->copy($bannerMd, $this->projectDir . '/config/banner.md', true); + } + } + + /** + * Restore attachments from backup. + */ + private function restoreAttachmentsFromBackup(string $tempDir): void + { + // Restore public/media + $publicMedia = $tempDir . '/public/media'; + if (is_dir($publicMedia)) { + $this->filesystem->mirror($publicMedia, $this->projectDir . '/public/media', null, ['override' => true]); + } + + // Restore uploads + $uploads = $tempDir . '/uploads'; + if (is_dir($uploads)) { + $this->filesystem->mirror($uploads, $this->projectDir . '/uploads', null, ['override' => true]); + } + } + + /** + * Run a shell command with proper error handling. + */ + private function runCommand(array $command, string $description, int $timeout = 120): string + { + $process = new Process($command, $this->projectDir); + $process->setTimeout($timeout); + + // Set environment variables + $currentEnv = getenv(); + if (!is_array($currentEnv)) { + $currentEnv = []; + } + $env = array_merge($currentEnv, [ + 'HOME' => $this->projectDir, + 'COMPOSER_HOME' => $this->projectDir . '/var/composer', + 'PATH' => getenv('PATH') ?: '/usr/local/bin:/usr/bin:/bin', + ]); + $process->setEnv($env); + + $output = ''; + $process->run(function ($type, $buffer) use (&$output) { + $output .= $buffer; + }); + + if (!$process->isSuccessful()) { + $errorOutput = $process->getErrorOutput() ?: $process->getOutput(); + throw new \RuntimeException( + sprintf('%s failed: %s', $description, trim($errorOutput)) + ); + } + + return $output; + } +} diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 837cde4c..84113981 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -23,7 +23,6 @@ declare(strict_types=1); namespace App\Services\System; -use Doctrine\ORM\EntityManagerInterface; use Psr\Log\LoggerInterface; use Shivas\VersioningBundle\Service\VersionManagerInterface; use Symfony\Component\DependencyInjection\Attribute\Autowire; @@ -41,7 +40,6 @@ class UpdateExecutor private const LOCK_FILE = 'var/update.lock'; private const MAINTENANCE_FILE = 'var/maintenance.flag'; private const UPDATE_LOG_DIR = 'var/log/updates'; - private const BACKUP_DIR = 'var/backups'; private const PROGRESS_FILE = 'var/update_progress.json'; /** @var array */ @@ -49,13 +47,15 @@ class UpdateExecutor private ?string $currentLogFile = null; - public function __construct(#[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir, - private readonly LoggerInterface $logger, private readonly Filesystem $filesystem, + public function __construct( + #[Autowire(param: 'kernel.project_dir')] + private readonly string $project_dir, + private readonly LoggerInterface $logger, + private readonly Filesystem $filesystem, private readonly InstallationTypeDetector $installationTypeDetector, private readonly VersionManagerInterface $versionManager, - private readonly EntityManagerInterface $entityManager) - { - + private readonly BackupManager $backupManager, + ) { } /** @@ -252,6 +252,13 @@ class UpdateExecutor $errors[] = 'PHP CLI not found. Please ensure PHP is installed and in PATH.'; } + // Check if yarn is available (for frontend assets) + $process = new Process(['yarn', '--version']); + $process->run(); + if (!$process->isSuccessful()) { + $errors[] = 'Yarn command not found. Please ensure Yarn is installed and in PATH for frontend asset compilation.'; + } + // Check write permissions $testDirs = ['var', 'vendor', 'public']; foreach ($testDirs as $dir) { @@ -345,7 +352,7 @@ class UpdateExecutor // Step 4: Create backup (optional) if ($createBackup) { $stepStart = microtime(true); - $backupFile = $this->createBackup($targetVersion); + $backupFile = $this->backupManager->createBackup($targetVersion); $log('backup', 'Created backup: ' . basename($backupFile), true, microtime(true) - $stepStart); } @@ -359,7 +366,7 @@ class UpdateExecutor $this->runCommand(['git', 'checkout', $targetVersion], 'Checkout version'); $log('checkout', 'Checked out version: ' . $targetVersion, true, microtime(true) - $stepStart); - // Step 7: Install dependencies + // Step 7: Install PHP dependencies $stepStart = microtime(true); $this->runCommand([ 'composer', 'install', @@ -367,10 +374,26 @@ class UpdateExecutor '--optimize-autoloader', '--no-interaction', '--no-progress', - ], 'Install dependencies', 600); - $log('composer', 'Installed/updated dependencies', true, microtime(true) - $stepStart); + ], 'Install PHP dependencies', 600); + $log('composer', 'Installed/updated PHP dependencies', true, microtime(true) - $stepStart); - // Step 8: Run database migrations + // Step 8: Install frontend dependencies + $stepStart = microtime(true); + $this->runCommand([ + 'yarn', 'install', + '--frozen-lockfile', + '--non-interactive', + ], 'Install frontend dependencies', 600); + $log('yarn_install', 'Installed frontend dependencies', true, microtime(true) - $stepStart); + + // Step 9: Build frontend assets + $stepStart = microtime(true); + $this->runCommand([ + 'yarn', 'build', + ], 'Build frontend assets', 600); + $log('yarn_build', 'Built frontend assets', true, microtime(true) - $stepStart); + + // Step 10: Run database migrations $stepStart = microtime(true); $this->runCommand([ 'php', 'bin/console', 'doctrine:migrations:migrate', @@ -379,7 +402,7 @@ class UpdateExecutor ], 'Run migrations', 300); $log('migrations', 'Database migrations completed', true, microtime(true) - $stepStart); - // Step 9: Clear cache + // Step 11: Clear cache $stepStart = microtime(true); $this->runCommand([ 'php', 'bin/console', 'cache:clear', @@ -388,7 +411,7 @@ class UpdateExecutor ], 'Clear cache', 120); $log('cache_clear', 'Cleared application cache', true, microtime(true) - $stepStart); - // Step 10: Warm up cache + // Step 12: Warm up cache $stepStart = microtime(true); $this->runCommand([ 'php', 'bin/console', 'cache:warmup', @@ -396,12 +419,12 @@ class UpdateExecutor ], 'Warmup cache', 120); $log('cache_warmup', 'Warmed up application cache', true, microtime(true) - $stepStart); - // Step 11: Disable maintenance mode + // Step 13: Disable maintenance mode $stepStart = microtime(true); $this->disableMaintenanceMode(); $log('maintenance_off', 'Disabled maintenance mode', true, microtime(true) - $stepStart); - // Step 12: Release lock + // Step 14: Release lock $stepStart = microtime(true); $this->releaseLock(); @@ -433,7 +456,21 @@ class UpdateExecutor '--optimize-autoloader', '--no-interaction', ], 'Reinstall dependencies after rollback', 600); - $log('rollback_composer', 'Reinstalled dependencies after rollback', true); + $log('rollback_composer', 'Reinstalled PHP dependencies after rollback', true); + + // Re-run yarn install after rollback + $this->runCommand([ + 'yarn', 'install', + '--frozen-lockfile', + '--non-interactive', + ], 'Reinstall frontend dependencies after rollback', 600); + $log('rollback_yarn_install', 'Reinstalled frontend dependencies after rollback', true); + + // Re-run yarn build after rollback + $this->runCommand([ + 'yarn', 'build', + ], 'Rebuild frontend assets after rollback', 600); + $log('rollback_yarn_build', 'Rebuilt frontend assets after rollback', true); // Clear cache after rollback $this->runCommand([ @@ -462,32 +499,6 @@ class UpdateExecutor } } - /** - * Create a backup before updating. - */ - private function createBackup(string $targetVersion): string - { - $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; - - if (!is_dir($backupDir)) { - $this->filesystem->mkdir($backupDir, 0755); - } - - // Include version numbers in backup filename: pre-update-v2.5.1-to-v2.6.0-2024-01-30-185400.zip - $currentVersion = $this->getCurrentVersionString(); - $targetVersionClean = preg_replace('/[^a-zA-Z0-9\.]/', '', $targetVersion); - $backupFile = $backupDir . '/pre-update-v' . $currentVersion . '-to-' . $targetVersionClean . '-' . date('Y-m-d-His') . '.zip'; - - $this->runCommand([ - 'php', 'bin/console', 'partdb:backup', - '--full', - '--overwrite', - $backupFile, - ], 'Create backup', 600); - - return $backupFile; - } - /** * Run a shell command with proper error handling. */ @@ -605,79 +616,27 @@ class UpdateExecutor /** * Get list of backups. + * @deprecated Use BackupManager::getBackups() directly */ public function getBackups(): array { - $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; - - if (!is_dir($backupDir)) { - return []; - } - - $backups = []; - foreach (glob($backupDir . '/*.zip') as $backupFile) { - $backups[] = [ - 'file' => basename($backupFile), - 'path' => $backupFile, - 'date' => filemtime($backupFile), - 'size' => filesize($backupFile), - ]; - } - - // Sort by date descending - usort($backups, fn($a, $b) => $b['date'] <=> $a['date']); - - return $backups; + return $this->backupManager->getBackups(); } /** * Get details about a specific backup file. - * - * @param string $filename The backup filename - * @return array|null Backup details or null if not found + * @deprecated Use BackupManager::getBackupDetails() directly */ public function getBackupDetails(string $filename): ?array { - $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; - $backupPath = $backupDir . '/' . basename($filename); - - if (!file_exists($backupPath) || !str_ends_with($backupPath, '.zip')) { - return null; - } - - // Parse version info from filename: pre-update-v2.5.1-to-v2.5.0-2024-01-30-185400.zip - $info = [ - 'file' => basename($backupPath), - 'path' => $backupPath, - 'date' => filemtime($backupPath), - 'size' => filesize($backupPath), - 'from_version' => null, - 'to_version' => null, - ]; - - if (preg_match('/pre-update-v([\d.]+)-to-v?([\d.]+)-/', $filename, $matches)) { - $info['from_version'] = $matches[1]; - $info['to_version'] = $matches[2]; - } - - // Check what the backup contains by reading the ZIP - try { - $zip = new \ZipArchive(); - if ($zip->open($backupPath) === true) { - $info['contains_database'] = $zip->locateName('database.sql') !== false || $zip->locateName('var/app.db') !== false; - $info['contains_config'] = $zip->locateName('.env.local') !== false || $zip->locateName('config/parameters.yaml') !== false; - $info['contains_attachments'] = $zip->locateName('public/media/') !== false || $zip->locateName('uploads/') !== false; - $zip->close(); - } - } catch (\Exception $e) { - $this->logger->warning('Could not read backup ZIP contents', ['error' => $e->getMessage()]); - } - - return $info; + return $this->backupManager->getBackupDetails($filename); } /** - * Restore from a backup file. + * Restore from a backup file with maintenance mode and cache clearing. + * + * This wraps BackupManager::restoreBackup with additional safety measures + * like lock acquisition, maintenance mode, and cache operations. * * @param string $filename The backup filename to restore * @param bool $restoreDatabase Whether to restore the database @@ -713,18 +672,12 @@ class UpdateExecutor }; try { - // Validate backup file - $backupDir = $this->project_dir . '/' . self::BACKUP_DIR; - $backupPath = $backupDir . '/' . basename($filename); - - if (!file_exists($backupPath)) { - throw new \RuntimeException('Backup file not found: ' . $filename); - } - $stepStart = microtime(true); // Step 1: Acquire lock - $this->acquireLock('restore'); + if (!$this->acquireLock()) { + throw new \RuntimeException('Could not acquire lock. Another operation may be in progress.'); + } $log('lock', 'Acquired exclusive restore lock', true, microtime(true) - $stepStart); // Step 2: Enable maintenance mode @@ -732,65 +685,43 @@ class UpdateExecutor $this->enableMaintenanceMode('Restoring from backup...'); $log('maintenance', 'Enabled maintenance mode', true, microtime(true) - $stepStart); - // Step 3: Extract backup to temp directory + // Step 3: Delegate to BackupManager for core restoration $stepStart = microtime(true); - $tempDir = sys_get_temp_dir() . '/partdb_restore_' . uniqid(); - $this->filesystem->mkdir($tempDir); + $result = $this->backupManager->restoreBackup( + $filename, + $restoreDatabase, + $restoreConfig, + $restoreAttachments, + function ($entry) use ($log) { + // Forward progress from BackupManager + $log($entry['step'], $entry['message'], $entry['success'], $entry['duration'] ?? null); + } + ); - $zip = new \ZipArchive(); - if ($zip->open($backupPath) !== true) { - throw new \RuntimeException('Could not open backup ZIP file'); - } - $zip->extractTo($tempDir); - $zip->close(); - $log('extract', 'Extracted backup to temporary directory', true, microtime(true) - $stepStart); - - // Step 4: Restore database if requested and present - if ($restoreDatabase) { - $stepStart = microtime(true); - $this->restoreDatabaseFromBackup($tempDir); - $log('database', 'Restored database', true, microtime(true) - $stepStart); + if (!$result['success']) { + throw new \RuntimeException($result['error'] ?? 'Restore failed'); } - // Step 5: Restore config files if requested and present - if ($restoreConfig) { - $stepStart = microtime(true); - $this->restoreConfigFromBackup($tempDir); - $log('config', 'Restored configuration files', true, microtime(true) - $stepStart); - } - - // Step 6: Restore attachments if requested and present - if ($restoreAttachments) { - $stepStart = microtime(true); - $this->restoreAttachmentsFromBackup($tempDir); - $log('attachments', 'Restored attachments', true, microtime(true) - $stepStart); - } - - // Step 7: Clean up temp directory - $stepStart = microtime(true); - $this->filesystem->remove($tempDir); - $log('cleanup', 'Cleaned up temporary files', true, microtime(true) - $stepStart); - - // Step 8: Clear cache + // Step 4: Clear cache $stepStart = microtime(true); $this->runCommand(['php', 'bin/console', 'cache:clear', '--no-warmup'], 'Clear cache'); $log('cache_clear', 'Cleared application cache', true, microtime(true) - $stepStart); - // Step 9: Warm up cache + // Step 5: Warm up cache $stepStart = microtime(true); $this->runCommand(['php', 'bin/console', 'cache:warmup'], 'Warm up cache'); $log('cache_warmup', 'Warmed up application cache', true, microtime(true) - $stepStart); - // Step 10: Disable maintenance mode + // Step 6: Disable maintenance mode $stepStart = microtime(true); $this->disableMaintenanceMode(); $log('maintenance_off', 'Disabled maintenance mode', true, microtime(true) - $stepStart); - // Step 11: Release lock + // Step 7: Release lock $this->releaseLock(); $totalDuration = microtime(true) - $startTime; - $log('complete', sprintf('Restore completed successfully in %.1f seconds', $totalDuration), true, microtime(true) - $stepStart); + $log('complete', sprintf('Restore completed successfully in %.1f seconds', $totalDuration), true); return [ 'success' => true, @@ -808,9 +739,6 @@ class UpdateExecutor try { $this->disableMaintenanceMode(); $this->releaseLock(); - if (isset($tempDir) && is_dir($tempDir)) { - $this->filesystem->remove($tempDir); - } } catch (\Throwable $cleanupError) { $this->logger->error('Cleanup after failed restore also failed', ['error' => $cleanupError->getMessage()]); } @@ -823,137 +751,6 @@ class UpdateExecutor } } - /** - * Restore database from backup. - */ - private function restoreDatabaseFromBackup(string $tempDir): void - { - // Check for SQL dump (MySQL/PostgreSQL) - $sqlFile = $tempDir . '/database.sql'; - if (file_exists($sqlFile)) { - // Import SQL using mysql/psql command directly - // First, get database connection params from Doctrine - $connection = $this->entityManager->getConnection(); - $params = $connection->getParams(); - $platform = $connection->getDatabasePlatform(); - - if ($platform instanceof \Doctrine\DBAL\Platforms\AbstractMySQLPlatform) { - // Use mysql command to import - need to use shell to handle input redirection - $mysqlCmd = 'mysql'; - if (isset($params['host'])) { - $mysqlCmd .= ' -h ' . escapeshellarg($params['host']); - } - if (isset($params['port'])) { - $mysqlCmd .= ' -P ' . escapeshellarg((string)$params['port']); - } - if (isset($params['user'])) { - $mysqlCmd .= ' -u ' . escapeshellarg($params['user']); - } - if (isset($params['password']) && $params['password']) { - $mysqlCmd .= ' -p' . escapeshellarg($params['password']); - } - if (isset($params['dbname'])) { - $mysqlCmd .= ' ' . escapeshellarg($params['dbname']); - } - $mysqlCmd .= ' < ' . escapeshellarg($sqlFile); - - // Execute using shell - $process = Process::fromShellCommandline($mysqlCmd, $this->project_dir, null, null, 300); - $process->run(); - - if (!$process->isSuccessful()) { - throw new \RuntimeException('MySQL import failed: ' . $process->getErrorOutput()); - } - } elseif ($platform instanceof \Doctrine\DBAL\Platforms\PostgreSQLPlatform) { - // Use psql command to import - $psqlCmd = 'psql'; - if (isset($params['host'])) { - $psqlCmd .= ' -h ' . escapeshellarg($params['host']); - } - if (isset($params['port'])) { - $psqlCmd .= ' -p ' . escapeshellarg((string)$params['port']); - } - if (isset($params['user'])) { - $psqlCmd .= ' -U ' . escapeshellarg($params['user']); - } - if (isset($params['dbname'])) { - $psqlCmd .= ' -d ' . escapeshellarg($params['dbname']); - } - $psqlCmd .= ' -f ' . escapeshellarg($sqlFile); - - // Set PGPASSWORD environment variable if password is provided - $env = null; - if (isset($params['password']) && $params['password']) { - $env = ['PGPASSWORD' => $params['password']]; - } - - // Execute using shell - $process = Process::fromShellCommandline($psqlCmd, $this->project_dir, $env, null, 300); - $process->run(); - - if (!$process->isSuccessful()) { - throw new \RuntimeException('PostgreSQL import failed: ' . $process->getErrorOutput()); - } - } else { - throw new \RuntimeException('Unsupported database platform for restore'); - } - - return; - } - - // Check for SQLite database file - $sqliteFile = $tempDir . '/var/app.db'; - if (file_exists($sqliteFile)) { - $targetDb = $this->project_dir . '/var/app.db'; - $this->filesystem->copy($sqliteFile, $targetDb, true); - return; - } - - $this->logger->warning('No database found in backup'); - } - - /** - * Restore config files from backup. - */ - private function restoreConfigFromBackup(string $tempDir): void - { - // Restore .env.local - $envLocal = $tempDir . '/.env.local'; - if (file_exists($envLocal)) { - $this->filesystem->copy($envLocal, $this->project_dir . '/.env.local', true); - } - - // Restore config/parameters.yaml - $parametersYaml = $tempDir . '/config/parameters.yaml'; - if (file_exists($parametersYaml)) { - $this->filesystem->copy($parametersYaml, $this->project_dir . '/config/parameters.yaml', true); - } - - // Restore config/banner.md - $bannerMd = $tempDir . '/config/banner.md'; - if (file_exists($bannerMd)) { - $this->filesystem->copy($bannerMd, $this->project_dir . '/config/banner.md', true); - } - } - - /** - * Restore attachments from backup. - */ - private function restoreAttachmentsFromBackup(string $tempDir): void - { - // Restore public/media - $publicMedia = $tempDir . '/public/media'; - if (is_dir($publicMedia)) { - $this->filesystem->mirror($publicMedia, $this->project_dir . '/public/media', null, ['override' => true]); - } - - // Restore uploads - $uploads = $tempDir . '/uploads'; - if (is_dir($uploads)) { - $this->filesystem->mirror($uploads, $this->project_dir . '/uploads', null, ['override' => true]); - } - } - /** * Get the path to the progress file. */ @@ -1048,7 +845,7 @@ class UpdateExecutor 'create_backup' => $createBackup, 'started_at' => (new \DateTime())->format('c'), 'current_step' => 0, - 'total_steps' => 12, + 'total_steps' => 14, 'step_name' => 'initializing', 'step_message' => 'Starting update process...', 'steps' => [], diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig index 85b3ec1f..24dfcc96 100644 --- a/templates/admin/update_manager/index.html.twig +++ b/templates/admin/update_manager/index.html.twig @@ -34,6 +34,23 @@ {% endif %} + {# Web Updates Disabled Warning #} + {% if web_updates_disabled %} +

    + {% endif %} + + {# Backup Restore Disabled Warning #} + {% if backup_restore_disabled %} + + {% endif %} +
    {# Current Version Card #}
    @@ -132,7 +149,7 @@ {% endif %}
    - {% if status.update_available and status.can_auto_update and validation.valid %} + {% if status.update_available and status.can_auto_update and validation.valid and not web_updates_disabled %}
    - {% if release.version != status.current_version and status.can_auto_update and validation.valid %} + {% if release.version != status.current_version and status.can_auto_update and validation.valid and not web_updates_disabled %} - {% if status.can_auto_update and validation.valid %} + {% if status.can_auto_update and validation.valid and not backup_restore_disabled %} WARNING: This will overwrite your current database with the backup data. This action cannot be undone! Make sure you have a current backup before proceeding. + + + update_manager.web_updates_disabled + Web-based updates are disabled + + + + + update_manager.web_updates_disabled_hint + Web-based updates have been disabled by the server administrator. Please use the CLI command "php bin/console partdb:update" to perform updates. + + + + + update_manager.backup_restore_disabled + Backup restore is disabled by server configuration. + + settings.ips.conrad From 47295bda29468213abfb8f096d54f230eb55bc29 Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Sun, 1 Feb 2026 19:28:15 +0100 Subject: [PATCH 11/43] Add unit tests for BackupManager and UpdateExecutor Tests cover: - BackupManager: backup directory, listing, details parsing - UpdateExecutor: lock/unlock, maintenance mode, validation, progress --- tests/Services/System/BackupManagerTest.php | 102 +++++++++++ tests/Services/System/UpdateExecutorTest.php | 173 +++++++++++++++++++ 2 files changed, 275 insertions(+) create mode 100644 tests/Services/System/BackupManagerTest.php create mode 100644 tests/Services/System/UpdateExecutorTest.php diff --git a/tests/Services/System/BackupManagerTest.php b/tests/Services/System/BackupManagerTest.php new file mode 100644 index 00000000..145b039d --- /dev/null +++ b/tests/Services/System/BackupManagerTest.php @@ -0,0 +1,102 @@ +. + */ + +declare(strict_types=1); + +namespace App\Tests\Services\System; + +use App\Services\System\BackupManager; +use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase; + +class BackupManagerTest extends KernelTestCase +{ + private ?BackupManager $backupManager = null; + + protected function setUp(): void + { + self::bootKernel(); + $this->backupManager = self::getContainer()->get(BackupManager::class); + } + + public function testGetBackupDir(): void + { + $backupDir = $this->backupManager->getBackupDir(); + + // Should end with var/backups + $this->assertStringEndsWith('var/backups', $backupDir); + } + + public function testGetBackupsReturnsEmptyArrayWhenNoBackups(): void + { + // If there are no backups (or the directory doesn't exist), should return empty array + $backups = $this->backupManager->getBackups(); + + $this->assertIsArray($backups); + } + + public function testGetBackupDetailsReturnsNullForNonExistentFile(): void + { + $details = $this->backupManager->getBackupDetails('non-existent-backup.zip'); + + $this->assertNull($details); + } + + public function testGetBackupDetailsReturnsNullForNonZipFile(): void + { + $details = $this->backupManager->getBackupDetails('not-a-zip.txt'); + + $this->assertNull($details); + } + + /** + * Test that version parsing from filename works correctly. + * This tests the regex pattern used in getBackupDetails. + */ + public function testVersionParsingFromFilename(): void + { + // Test the regex pattern directly + $filename = 'pre-update-v2.5.1-to-v2.6.0-2024-01-30-185400.zip'; + $matches = []; + + $result = preg_match('/pre-update-v([\d.]+)-to-v?([\d.]+)-/', $filename, $matches); + + $this->assertEquals(1, $result); + $this->assertEquals('2.5.1', $matches[1]); + $this->assertEquals('2.6.0', $matches[2]); + } + + /** + * Test version parsing with different filename formats. + */ + public function testVersionParsingVariants(): void + { + // Without 'v' prefix on target version + $filename1 = 'pre-update-v1.0.0-to-2.0.0-2024-01-30-185400.zip'; + preg_match('/pre-update-v([\d.]+)-to-v?([\d.]+)-/', $filename1, $matches1); + $this->assertEquals('1.0.0', $matches1[1]); + $this->assertEquals('2.0.0', $matches1[2]); + + // With 'v' prefix on target version + $filename2 = 'pre-update-v1.0.0-to-v2.0.0-2024-01-30-185400.zip'; + preg_match('/pre-update-v([\d.]+)-to-v?([\d.]+)-/', $filename2, $matches2); + $this->assertEquals('1.0.0', $matches2[1]); + $this->assertEquals('2.0.0', $matches2[2]); + } +} diff --git a/tests/Services/System/UpdateExecutorTest.php b/tests/Services/System/UpdateExecutorTest.php new file mode 100644 index 00000000..9b832f6c --- /dev/null +++ b/tests/Services/System/UpdateExecutorTest.php @@ -0,0 +1,173 @@ +. + */ + +declare(strict_types=1); + +namespace App\Tests\Services\System; + +use App\Services\System\UpdateExecutor; +use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase; + +class UpdateExecutorTest extends KernelTestCase +{ + private ?UpdateExecutor $updateExecutor = null; + + protected function setUp(): void + { + self::bootKernel(); + $this->updateExecutor = self::getContainer()->get(UpdateExecutor::class); + } + + public function testIsLockedReturnsFalseWhenNoLockFile(): void + { + // Initially there should be no lock + // Note: This test assumes no concurrent update is running + $isLocked = $this->updateExecutor->isLocked(); + + $this->assertIsBool($isLocked); + } + + public function testIsMaintenanceModeReturnsBool(): void + { + $isMaintenanceMode = $this->updateExecutor->isMaintenanceMode(); + + $this->assertIsBool($isMaintenanceMode); + } + + public function testGetLockInfoReturnsNullOrArray(): void + { + $lockInfo = $this->updateExecutor->getLockInfo(); + + // Should be null when not locked, or array when locked + $this->assertTrue($lockInfo === null || is_array($lockInfo)); + } + + public function testGetMaintenanceInfoReturnsNullOrArray(): void + { + $maintenanceInfo = $this->updateExecutor->getMaintenanceInfo(); + + // Should be null when not in maintenance, or array when in maintenance + $this->assertTrue($maintenanceInfo === null || is_array($maintenanceInfo)); + } + + public function testGetUpdateLogsReturnsArray(): void + { + $logs = $this->updateExecutor->getUpdateLogs(); + + $this->assertIsArray($logs); + } + + public function testGetBackupsReturnsArray(): void + { + $backups = $this->updateExecutor->getBackups(); + + $this->assertIsArray($backups); + } + + public function testValidateUpdatePreconditionsReturnsProperStructure(): void + { + $validation = $this->updateExecutor->validateUpdatePreconditions(); + + $this->assertIsArray($validation); + $this->assertArrayHasKey('valid', $validation); + $this->assertArrayHasKey('errors', $validation); + $this->assertIsBool($validation['valid']); + $this->assertIsArray($validation['errors']); + } + + public function testGetProgressFilePath(): void + { + $progressPath = $this->updateExecutor->getProgressFilePath(); + + $this->assertIsString($progressPath); + $this->assertStringEndsWith('var/update_progress.json', $progressPath); + } + + public function testGetProgressReturnsNullOrArray(): void + { + $progress = $this->updateExecutor->getProgress(); + + // Should be null when no progress file, or array when exists + $this->assertTrue($progress === null || is_array($progress)); + } + + public function testIsUpdateRunningReturnsBool(): void + { + $isRunning = $this->updateExecutor->isUpdateRunning(); + + $this->assertIsBool($isRunning); + } + + public function testAcquireAndReleaseLock(): void + { + // First, ensure no lock exists + if ($this->updateExecutor->isLocked()) { + $this->updateExecutor->releaseLock(); + } + + // Acquire lock + $acquired = $this->updateExecutor->acquireLock(); + $this->assertTrue($acquired); + + // Should be locked now + $this->assertTrue($this->updateExecutor->isLocked()); + + // Lock info should exist + $lockInfo = $this->updateExecutor->getLockInfo(); + $this->assertIsArray($lockInfo); + $this->assertArrayHasKey('started_at', $lockInfo); + + // Trying to acquire again should fail + $acquiredAgain = $this->updateExecutor->acquireLock(); + $this->assertFalse($acquiredAgain); + + // Release lock + $this->updateExecutor->releaseLock(); + + // Should no longer be locked + $this->assertFalse($this->updateExecutor->isLocked()); + } + + public function testEnableAndDisableMaintenanceMode(): void + { + // First, ensure maintenance mode is off + if ($this->updateExecutor->isMaintenanceMode()) { + $this->updateExecutor->disableMaintenanceMode(); + } + + // Enable maintenance mode + $this->updateExecutor->enableMaintenanceMode('Test maintenance'); + + // Should be in maintenance mode now + $this->assertTrue($this->updateExecutor->isMaintenanceMode()); + + // Maintenance info should exist + $maintenanceInfo = $this->updateExecutor->getMaintenanceInfo(); + $this->assertIsArray($maintenanceInfo); + $this->assertArrayHasKey('reason', $maintenanceInfo); + $this->assertEquals('Test maintenance', $maintenanceInfo['reason']); + + // Disable maintenance mode + $this->updateExecutor->disableMaintenanceMode(); + + // Should no longer be in maintenance mode + $this->assertFalse($this->updateExecutor->isMaintenanceMode()); + } +} From 0826acbd5282fad8361117660a1f762060aa690b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Sun, 1 Feb 2026 23:11:56 +0100 Subject: [PATCH 12/43] Fixed phpunit tests --- .../LabelSystem/BarcodeScanner/BarcodeRedirectorTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Services/LabelSystem/BarcodeScanner/BarcodeRedirectorTest.php b/tests/Services/LabelSystem/BarcodeScanner/BarcodeRedirectorTest.php index c40e141d..c5bdb02d 100644 --- a/tests/Services/LabelSystem/BarcodeScanner/BarcodeRedirectorTest.php +++ b/tests/Services/LabelSystem/BarcodeScanner/BarcodeRedirectorTest.php @@ -64,7 +64,7 @@ final class BarcodeRedirectorTest extends KernelTestCase { yield [new LocalBarcodeScanResult(LabelSupportedElement::PART, 1, BarcodeSourceType::INTERNAL), '/en/part/1']; //Part lot redirects to Part info page (Part lot 1 is associated with part 3) - yield [new LocalBarcodeScanResult(LabelSupportedElement::PART_LOT, 1, BarcodeSourceType::INTERNAL), '/en/part/3']; + yield [new LocalBarcodeScanResult(LabelSupportedElement::PART_LOT, 1, BarcodeSourceType::INTERNAL), '/en/part/3?highlightLot=1']; yield [new LocalBarcodeScanResult(LabelSupportedElement::STORELOCATION, 1, BarcodeSourceType::INTERNAL), '/en/store_location/1/parts']; } From 7e486a93c9b6e7cd25ce93bf5b198330e9dfc383 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 17:02:01 +0100 Subject: [PATCH 13/43] Added missing phpdoc structure definitions --- src/Services/System/UpdateChecker.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Services/System/UpdateChecker.php b/src/Services/System/UpdateChecker.php index a881f614..49a132ee 100644 --- a/src/Services/System/UpdateChecker.php +++ b/src/Services/System/UpdateChecker.php @@ -72,6 +72,7 @@ class UpdateChecker /** * Get Git repository information. + * @return array{branch: ?string, commit: ?string, has_local_changes: bool, commits_behind: int, is_git_install: bool} */ public function getGitInfo(): array { @@ -227,6 +228,7 @@ class UpdateChecker /** * Get the latest stable release. + * @return array{version: string, tag: string, name: string, url: string, published_at: string, body: string, prerelease: bool, assets: array}|null */ public function getLatestRelease(bool $includePrerelease = false): ?array { @@ -264,6 +266,8 @@ class UpdateChecker /** * Get comprehensive update status. + * @return array{current_version: string, latest_version: ?string, latest_tag: ?string, update_available: bool, release_notes: ?string, release_url: ?string, + * published_at: ?string, git: array, installation: array, can_auto_update: bool, update_blockers: array, check_enabled: bool} */ public function getUpdateStatus(): array { @@ -318,6 +322,7 @@ class UpdateChecker /** * Get releases newer than the current version. + * @return array */ public function getAvailableUpdates(bool $includePrerelease = false): array { From 1bfd36ccf59c56d076fb0d35312119b5adfd3328 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 17:04:45 +0100 Subject: [PATCH 14/43] Do not automatically give existing users the right to manage updates, but include that for new databases --- src/Entity/UserSystem/PermissionData.php | 2 +- .../UserSystem/PermissionPresetsHelper.php | 3 ++- .../UserSystem/PermissionSchemaUpdater.php | 17 ----------------- 3 files changed, 3 insertions(+), 19 deletions(-) diff --git a/src/Entity/UserSystem/PermissionData.php b/src/Entity/UserSystem/PermissionData.php index b7d1ff8f..9ebdc9c9 100644 --- a/src/Entity/UserSystem/PermissionData.php +++ b/src/Entity/UserSystem/PermissionData.php @@ -43,7 +43,7 @@ final class PermissionData implements \JsonSerializable /** * The current schema version of the permission data */ - public const CURRENT_SCHEMA_VERSION = 4; + public const CURRENT_SCHEMA_VERSION = 3; /** * Creates a new Permission Data Instance using the given data. diff --git a/src/Services/UserSystem/PermissionPresetsHelper.php b/src/Services/UserSystem/PermissionPresetsHelper.php index a3ed01b8..3d125b27 100644 --- a/src/Services/UserSystem/PermissionPresetsHelper.php +++ b/src/Services/UserSystem/PermissionPresetsHelper.php @@ -111,8 +111,9 @@ class PermissionPresetsHelper //Allow to manage Oauth tokens $this->permissionResolver->setPermission($perm_holder, 'system', 'manage_oauth_tokens', PermissionData::ALLOW); - //Allow to show updates + //Allow to show and manage updates $this->permissionResolver->setPermission($perm_holder, 'system', 'show_updates', PermissionData::ALLOW); + $this->permissionResolver->setPermission($perm_holder, 'system', 'manage_updates', PermissionData::ALLOW); } diff --git a/src/Services/UserSystem/PermissionSchemaUpdater.php b/src/Services/UserSystem/PermissionSchemaUpdater.php index b3341322..104800dc 100644 --- a/src/Services/UserSystem/PermissionSchemaUpdater.php +++ b/src/Services/UserSystem/PermissionSchemaUpdater.php @@ -157,21 +157,4 @@ class PermissionSchemaUpdater $permissions->setPermissionValue('system', 'show_updates', $new_value); } } - - private function upgradeSchemaToVersion4(HasPermissionsInterface $holder): void //@phpstan-ignore-line This is called via reflection - { - $permissions = $holder->getPermissions(); - - //If the system.manage_updates permission is not defined yet, set it to true if the user can show updates AND has server_infos permission - //This ensures that admins who can view updates and server info can also manage (execute) updates - if (!$permissions->isPermissionSet('system', 'manage_updates')) { - - $new_value = TrinaryLogicHelper::and( - $permissions->getPermissionValue('system', 'show_updates'), - $permissions->getPermissionValue('system', 'server_infos') - ); - - $permissions->setPermissionValue('system', 'manage_updates', $new_value); - } - } } From 7ff07a7ab43d47ed0a4a7f4a462000a80e7c6039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 17:28:35 +0100 Subject: [PATCH 15/43] Remove Content-Security-Policy for maintenance mode --- .../MaintenanceModeSubscriber.php | 35 ++++++++++++++++--- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/src/EventSubscriber/MaintenanceModeSubscriber.php b/src/EventSubscriber/MaintenanceModeSubscriber.php index 60623b45..74b219a0 100644 --- a/src/EventSubscriber/MaintenanceModeSubscriber.php +++ b/src/EventSubscriber/MaintenanceModeSubscriber.php @@ -26,17 +26,19 @@ namespace App\EventSubscriber; use App\Services\System\UpdateExecutor; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\FilterResponseEvent; use Symfony\Component\HttpKernel\Event\RequestEvent; +use Symfony\Component\HttpKernel\Event\ResponseEvent; use Symfony\Component\HttpKernel\KernelEvents; use Twig\Environment; /** * Blocks all web requests when maintenance mode is enabled during updates. */ -class MaintenanceModeSubscriber implements EventSubscriberInterface +readonly class MaintenanceModeSubscriber implements EventSubscriberInterface { - public function __construct(private readonly UpdateExecutor $updateExecutor, - private readonly Environment $twig) + public function __construct(private UpdateExecutor $updateExecutor, + private Environment $twig) { } @@ -45,7 +47,8 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { return [ // High priority to run before other listeners - KernelEvents::REQUEST => ['onKernelRequest', 512], + KernelEvents::REQUEST => ['onKernelRequest', 512], //High priority to run before other listeners + KernelEvents::RESPONSE => ['onKernelResponse', -512] // Low priority to run after other listeners ]; } @@ -62,7 +65,7 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface } // Allow CLI requests - if (php_sapi_name() === 'cli') { + if (PHP_SAPI === 'cli') { return; } @@ -101,6 +104,28 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface $event->setResponse($response); } + public function onKernelResponse(ResponseEvent $event) + { + // Only handle main requests + if (!$event->isMainRequest()) { + return; + } + + // Skip if not in maintenance mode + if (!$this->updateExecutor->isMaintenanceMode()) { + return; + } + + // Allow CLI requests + if (PHP_SAPI === 'cli') { + return; + } + + //Remove all Content-Security-Policy headers to allow loading resources during maintenance + $response = $event->getResponse(); + $response->headers->remove('Content-Security-Policy'); + } + /** * Generate a simple maintenance page HTML without Twig. */ From 6dbead6d109d02cda1103b771aacb3d0d386c8ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 18:18:36 +0100 Subject: [PATCH 16/43] Centralized git logic from InstallationTypeDetector and UpdateChecker in GitVersionInfoProvider service --- src/Command/UpdateCommand.php | 3 +- src/Command/VersionCommand.php | 12 +- src/Controller/HomepageController.php | 8 +- src/Controller/ToolsController.php | 8 +- src/Controller/UpdateManagerController.php | 12 +- src/Services/Misc/GitVersionInfo.php | 83 ----------- .../System/GitVersionInfoProvider.php | 135 ++++++++++++++++++ src/Services/System/InstallationType.php | 65 +++++++++ .../System/InstallationTypeDetector.php | 92 ++---------- src/Services/System/UpdateChecker.php | 30 +--- src/State/PartDBInfoProvider.php | 8 +- 11 files changed, 242 insertions(+), 214 deletions(-) delete mode 100644 src/Services/Misc/GitVersionInfo.php create mode 100644 src/Services/System/GitVersionInfoProvider.php create mode 100644 src/Services/System/InstallationType.php diff --git a/src/Command/UpdateCommand.php b/src/Command/UpdateCommand.php index 4f2cae86..64fa2bad 100644 --- a/src/Command/UpdateCommand.php +++ b/src/Command/UpdateCommand.php @@ -23,7 +23,6 @@ declare(strict_types=1); namespace App\Command; -use App\Services\System\InstallationType; use App\Services\System\UpdateChecker; use App\Services\System\UpdateExecutor; use Symfony\Component\Console\Attribute\AsCommand; @@ -134,7 +133,7 @@ HELP // Handle --refresh option if ($input->getOption('refresh')) { $io->text('Refreshing version information...'); - $this->updateChecker->refreshGitInfo(); + $this->updateChecker->refreshVersionInfo(); $io->success('Version cache cleared.'); } diff --git a/src/Command/VersionCommand.php b/src/Command/VersionCommand.php index d2ce75e1..d09def8f 100644 --- a/src/Command/VersionCommand.php +++ b/src/Command/VersionCommand.php @@ -22,9 +22,9 @@ declare(strict_types=1); */ namespace App\Command; -use Symfony\Component\Console\Attribute\AsCommand; -use App\Services\Misc\GitVersionInfo; +use App\Services\System\GitVersionInfoProvider; use Shivas\VersioningBundle\Service\VersionManagerInterface; +use Symfony\Component\Console\Attribute\AsCommand; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; @@ -33,7 +33,7 @@ use Symfony\Component\Console\Style\SymfonyStyle; #[AsCommand('partdb:version|app:version', 'Shows the currently installed version of Part-DB.')] class VersionCommand extends Command { - public function __construct(protected VersionManagerInterface $versionManager, protected GitVersionInfo $gitVersionInfo) + public function __construct(protected VersionManagerInterface $versionManager, protected GitVersionInfoProvider $gitVersionInfo) { parent::__construct(); } @@ -48,9 +48,9 @@ class VersionCommand extends Command $message = 'Part-DB version: '. $this->versionManager->getVersion()->toString(); - if ($this->gitVersionInfo->getGitBranchName() !== null) { - $message .= ' Git branch: '. $this->gitVersionInfo->getGitBranchName(); - $message .= ', Git commit: '. $this->gitVersionInfo->getGitCommitHash(); + if ($this->gitVersionInfo->getBranchName() !== null) { + $message .= ' Git branch: '. $this->gitVersionInfo->getBranchName(); + $message .= ', Git commit: '. $this->gitVersionInfo->getCommitHash(); } $io->success($message); diff --git a/src/Controller/HomepageController.php b/src/Controller/HomepageController.php index 076e790b..6192c249 100644 --- a/src/Controller/HomepageController.php +++ b/src/Controller/HomepageController.php @@ -24,8 +24,8 @@ namespace App\Controller; use App\DataTables\LogDataTable; use App\Entity\Parts\Part; -use App\Services\Misc\GitVersionInfo; use App\Services\System\BannerHelper; +use App\Services\System\GitVersionInfoProvider; use App\Services\System\UpdateAvailableManager; use Doctrine\ORM\EntityManagerInterface; use Omines\DataTablesBundle\DataTableFactory; @@ -43,7 +43,7 @@ class HomepageController extends AbstractController #[Route(path: '/', name: 'homepage')] - public function homepage(Request $request, GitVersionInfo $versionInfo, EntityManagerInterface $entityManager, + public function homepage(Request $request, GitVersionInfoProvider $versionInfo, EntityManagerInterface $entityManager, UpdateAvailableManager $updateAvailableManager): Response { $this->denyAccessUnlessGranted('HAS_ACCESS_PERMISSIONS'); @@ -77,8 +77,8 @@ class HomepageController extends AbstractController return $this->render('homepage.html.twig', [ 'banner' => $this->bannerHelper->getBanner(), - 'git_branch' => $versionInfo->getGitBranchName(), - 'git_commit' => $versionInfo->getGitCommitHash(), + 'git_branch' => $versionInfo->getBranchName(), + 'git_commit' => $versionInfo->getCommitHash(), 'show_first_steps' => $show_first_steps, 'datatable' => $table, 'new_version_available' => $updateAvailableManager->isUpdateAvailable(), diff --git a/src/Controller/ToolsController.php b/src/Controller/ToolsController.php index d78aff62..f1ed888c 100644 --- a/src/Controller/ToolsController.php +++ b/src/Controller/ToolsController.php @@ -27,7 +27,7 @@ use App\Services\Attachments\AttachmentURLGenerator; use App\Services\Attachments\BuiltinAttachmentsFinder; use App\Services\Doctrine\DBInfoHelper; use App\Services\Doctrine\NatsortDebugHelper; -use App\Services\Misc\GitVersionInfo; +use App\Services\System\GitVersionInfoProvider; use App\Services\System\UpdateAvailableManager; use App\Settings\AppSettings; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; @@ -47,7 +47,7 @@ class ToolsController extends AbstractController } #[Route(path: '/server_infos', name: 'tools_server_infos')] - public function systemInfos(GitVersionInfo $versionInfo, DBInfoHelper $DBInfoHelper, NatsortDebugHelper $natsortDebugHelper, + public function systemInfos(GitVersionInfoProvider $versionInfo, DBInfoHelper $DBInfoHelper, NatsortDebugHelper $natsortDebugHelper, AttachmentSubmitHandler $attachmentSubmitHandler, UpdateAvailableManager $updateAvailableManager, AppSettings $settings): Response { @@ -55,8 +55,8 @@ class ToolsController extends AbstractController return $this->render('tools/server_infos/server_infos.html.twig', [ //Part-DB section - 'git_branch' => $versionInfo->getGitBranchName(), - 'git_commit' => $versionInfo->getGitCommitHash(), + 'git_branch' => $versionInfo->getBranchName(), + 'git_commit' => $versionInfo->getCommitHash(), 'default_locale' => $settings->system->localization->locale, 'default_timezone' => $settings->system->localization->timezone, 'default_currency' => $settings->system->localization->baseCurrency, diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php index b247cb38..08f7c77f 100644 --- a/src/Controller/UpdateManagerController.php +++ b/src/Controller/UpdateManagerController.php @@ -23,6 +23,7 @@ declare(strict_types=1); namespace App\Controller; +use App\Services\System\BackupManager; use App\Services\System\UpdateChecker; use App\Services\System\UpdateExecutor; use Shivas\VersioningBundle\Service\VersionManagerInterface; @@ -47,6 +48,7 @@ class UpdateManagerController extends AbstractController private readonly UpdateChecker $updateChecker, private readonly UpdateExecutor $updateExecutor, private readonly VersionManagerInterface $versionManager, + private readonly BackupManager $backupManager, #[Autowire(env: 'bool:DISABLE_WEB_UPDATES')] private readonly bool $webUpdatesDisabled = false, #[Autowire(env: 'bool:DISABLE_BACKUP_RESTORE')] @@ -96,7 +98,7 @@ class UpdateManagerController extends AbstractController 'is_maintenance' => $this->updateExecutor->isMaintenanceMode(), 'maintenance_info' => $this->updateExecutor->getMaintenanceInfo(), 'update_logs' => $this->updateExecutor->getUpdateLogs(), - 'backups' => $this->updateExecutor->getBackups(), + 'backups' => $this->backupManager->getBackups(), 'web_updates_disabled' => $this->webUpdatesDisabled, 'backup_restore_disabled' => $this->backupRestoreDisabled, ]); @@ -131,7 +133,7 @@ class UpdateManagerController extends AbstractController return $this->json(['error' => 'Invalid CSRF token'], Response::HTTP_FORBIDDEN); } - $this->updateChecker->refreshGitInfo(); + $this->updateChecker->refreshVersionInfo(); return $this->json([ 'success' => true, @@ -173,7 +175,7 @@ class UpdateManagerController extends AbstractController #[Route('/log/{filename}', name: 'admin_update_manager_log', methods: ['GET'])] public function viewLog(string $filename): Response { - $this->denyAccessUnlessGranted('@system.show_updates'); + $this->denyAccessUnlessGranted('@system.manage_updates'); // Security: Only allow viewing files from the update logs directory $logs = $this->updateExecutor->getUpdateLogs(); @@ -303,7 +305,7 @@ class UpdateManagerController extends AbstractController { $this->denyAccessUnlessGranted('@system.manage_updates'); - $details = $this->updateExecutor->getBackupDetails($filename); + $details = $this->backupManager->getBackupDetails($filename); if (!$details) { return $this->json(['error' => 'Backup not found'], 404); @@ -344,7 +346,7 @@ class UpdateManagerController extends AbstractController } // Verify the backup exists - $backupDetails = $this->updateExecutor->getBackupDetails($filename); + $backupDetails = $this->backupManager->getBackupDetails($filename); if (!$backupDetails) { $this->addFlash('error', 'Backup file not found.'); return $this->redirectToRoute('admin_update_manager'); diff --git a/src/Services/Misc/GitVersionInfo.php b/src/Services/Misc/GitVersionInfo.php deleted file mode 100644 index 3c079f4f..00000000 --- a/src/Services/Misc/GitVersionInfo.php +++ /dev/null @@ -1,83 +0,0 @@ -. - */ - -declare(strict_types=1); - -namespace App\Services\Misc; - -use Symfony\Component\HttpKernel\KernelInterface; - -class GitVersionInfo -{ - protected string $project_dir; - - public function __construct(KernelInterface $kernel) - { - $this->project_dir = $kernel->getProjectDir(); - } - - /** - * Get the Git branch name of the installed system. - * - * @return string|null The current git branch name. Null, if this is no Git installation - */ - public function getGitBranchName(): ?string - { - if (is_file($this->project_dir.'/.git/HEAD')) { - $git = file($this->project_dir.'/.git/HEAD'); - $head = explode('/', $git[0], 3); - - if (!isset($head[2])) { - return null; - } - - return trim($head[2]); - } - - return null; // this is not a Git installation - } - - /** - * Get hash of the last git commit (on remote "origin"!). - * - * If this method does not work, try to make a "git pull" first! - * - * @param int $length if this is smaller than 40, only the first $length characters will be returned - * - * @return string|null The hash of the last commit, null If this is no Git installation - */ - public function getGitCommitHash(int $length = 7): ?string - { - $filename = $this->project_dir.'/.git/refs/remotes/origin/'.$this->getGitBranchName(); - if (is_file($filename)) { - $head = file($filename); - - if (!isset($head[0])) { - return null; - } - - $hash = $head[0]; - - return substr($hash, 0, $length); - } - - return null; // this is not a Git installation - } -} diff --git a/src/Services/System/GitVersionInfoProvider.php b/src/Services/System/GitVersionInfoProvider.php new file mode 100644 index 00000000..6d067333 --- /dev/null +++ b/src/Services/System/GitVersionInfoProvider.php @@ -0,0 +1,135 @@ +. + */ + +declare(strict_types=1); + +namespace App\Services\System; + +use Symfony\Component\DependencyInjection\Attribute\Autowire; +use Symfony\Component\Process\Process; + +/** + * This service provides information about the current Git installation (if any). + */ +final readonly class GitVersionInfoProvider +{ + public function __construct(#[Autowire(param: 'kernel.project_dir')] private string $project_dir) + { + } + + /** + * Check if the project directory is a Git repository. + * @return bool + */ + public function isGitRepo(): bool + { + return is_dir($this->getGitDirectory()); + } + + /** + * Get the path to the Git directory of the installed system without a trailing slash. + * Even if this is no Git installation, the path is returned. + * @return string The path to the Git directory of the installed system + */ + public function getGitDirectory(): string + { + return $this->project_dir . '/.git'; + } + + /** + * Get the Git branch name of the installed system. + * + * @return string|null The current git branch name. Null, if this is no Git installation + */ + public function getBranchName(): ?string + { + if (is_file($this->getGitDirectory() . '/HEAD')) { + $git = file($this->getGitDirectory() . '/HEAD'); + $head = explode('/', $git[0], 3); + + if (!isset($head[2])) { + return null; + } + + return trim($head[2]); + } + + return null; // this is not a Git installation + } + + /** + * Get hash of the last git commit (on remote "origin"!). + * + * If this method does not work, try to make a "git pull" first! + * + * @param int $length if this is smaller than 40, only the first $length characters will be returned + * + * @return string|null The hash of the last commit, null If this is no Git installation + */ + public function getCommitHash(int $length = 8): ?string + { + $filename = $this->getGitDirectory() . '/refs/remotes/origin/'.$this->getBranchName(); + if (is_file($filename)) { + $head = file($filename); + + if (!isset($head[0])) { + return null; + } + + $hash = $head[0]; + + return substr($hash, 0, $length); + } + + return null; // this is not a Git installation + } + + /** + * Get the Git remote URL of the installed system. + */ + public function getRemoteURL(): ?string + { + // Get remote URL + $configFile = $this->getGitDirectory() . '/config'; + if (file_exists($configFile)) { + $config = file_get_contents($configFile); + if (preg_match('#url = (.+)#', $config, $matches)) { + return trim($matches[1]); + } + } + + return null; // this is not a Git installation + } + + /** + * Check if there are local changes in the Git repository. + * Attention: This runs a git command, which might be slow! + * @return bool|null True if there are local changes, false if not, null if this is not a Git installation + */ + public function hasLocalChanges(): ?bool + { + $process = new Process(['git', 'status', '--porcelain'], $this->project_dir); + $process->run(); + if (!$process->isSuccessful()) { + return null; // this is not a Git installation + } + return !empty(trim($process->getOutput())); + } +} diff --git a/src/Services/System/InstallationType.php b/src/Services/System/InstallationType.php new file mode 100644 index 00000000..74479bb9 --- /dev/null +++ b/src/Services/System/InstallationType.php @@ -0,0 +1,65 @@ +. + */ + +declare(strict_types=1); + +namespace App\Services\System; + +/** + * Detects the installation type of Part-DB to determine the appropriate update strategy. + */ +enum InstallationType: string +{ + case GIT = 'git'; + case DOCKER = 'docker'; + case ZIP_RELEASE = 'zip_release'; + case UNKNOWN = 'unknown'; + + public function getLabel(): string + { + return match ($this) { + self::GIT => 'Git Clone', + self::DOCKER => 'Docker', + self::ZIP_RELEASE => 'Release Archive (ZIP File)', + self::UNKNOWN => 'Unknown', + }; + } + + public function supportsAutoUpdate(): bool + { + return match ($this) { + self::GIT => true, + self::DOCKER => false, + // ZIP_RELEASE auto-update not yet implemented + self::ZIP_RELEASE => false, + self::UNKNOWN => false, + }; + } + + public function getUpdateInstructions(): string + { + return match ($this) { + self::GIT => 'Run: php bin/console partdb:update', + self::DOCKER => 'Pull the new Docker image and recreate the container: docker-compose pull && docker-compose up -d', + self::ZIP_RELEASE => 'Download the new release ZIP from GitHub, extract it over your installation, and run: php bin/console doctrine:migrations:migrate && php bin/console cache:clear', + self::UNKNOWN => 'Unable to determine installation type. Please update manually.', + }; + } +} diff --git a/src/Services/System/InstallationTypeDetector.php b/src/Services/System/InstallationTypeDetector.php index 4d04c55b..9f9fbdb8 100644 --- a/src/Services/System/InstallationTypeDetector.php +++ b/src/Services/System/InstallationTypeDetector.php @@ -26,51 +26,9 @@ namespace App\Services\System; use Symfony\Component\DependencyInjection\Attribute\Autowire; use Symfony\Component\Process\Process; -/** - * Detects the installation type of Part-DB to determine the appropriate update strategy. - */ -enum InstallationType: string +readonly class InstallationTypeDetector { - case GIT = 'git'; - case DOCKER = 'docker'; - case ZIP_RELEASE = 'zip_release'; - case UNKNOWN = 'unknown'; - - public function getLabel(): string - { - return match($this) { - self::GIT => 'Git Clone', - self::DOCKER => 'Docker', - self::ZIP_RELEASE => 'Release Archive', - self::UNKNOWN => 'Unknown', - }; - } - - public function supportsAutoUpdate(): bool - { - return match($this) { - self::GIT => true, - self::DOCKER => false, - // ZIP_RELEASE auto-update not yet implemented - self::ZIP_RELEASE => false, - self::UNKNOWN => false, - }; - } - - public function getUpdateInstructions(): string - { - return match($this) { - self::GIT => 'Run: php bin/console partdb:update', - self::DOCKER => 'Pull the new Docker image and recreate the container: docker-compose pull && docker-compose up -d', - self::ZIP_RELEASE => 'Download the new release ZIP from GitHub, extract it over your installation, and run: php bin/console doctrine:migrations:migrate && php bin/console cache:clear', - self::UNKNOWN => 'Unable to determine installation type. Please update manually.', - }; - } -} - -class InstallationTypeDetector -{ - public function __construct(#[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir) + public function __construct(#[Autowire(param: 'kernel.project_dir')] private string $project_dir, private GitVersionInfoProvider $gitVersionInfoProvider) { } @@ -129,7 +87,7 @@ class InstallationTypeDetector */ public function isGitInstall(): bool { - return is_dir($this->project_dir . '/.git'); + return $this->gitVersionInfoProvider->isGitRepo(); } /** @@ -169,51 +127,21 @@ class InstallationTypeDetector /** * Get Git-specific information. + * @return array{branch: string|null, commit: string|null, remote_url: string|null, has_local_changes: bool} */ private function getGitInfo(): array { - $info = [ - 'branch' => null, - 'commit' => null, - 'remote_url' => null, - 'has_local_changes' => false, + return [ + 'branch' => $this->gitVersionInfoProvider->getBranchName(), + 'commit' => $this->gitVersionInfoProvider->getCommitHash(8), + 'remote_url' => $this->gitVersionInfoProvider->getRemoteURL(), + 'has_local_changes' => $this->gitVersionInfoProvider->hasLocalChanges() ?? false, ]; - - // Get branch - $headFile = $this->project_dir . '/.git/HEAD'; - if (file_exists($headFile)) { - $head = file_get_contents($headFile); - if (preg_match('#ref: refs/heads/(.+)#', $head, $matches)) { - $info['branch'] = trim($matches[1]); - } - } - - // Get remote URL - $configFile = $this->project_dir . '/.git/config'; - if (file_exists($configFile)) { - $config = file_get_contents($configFile); - if (preg_match('#url = (.+)#', $config, $matches)) { - $info['remote_url'] = trim($matches[1]); - } - } - - // Get commit hash - $process = new Process(['git', 'rev-parse', '--short', 'HEAD'], $this->project_dir); - $process->run(); - if ($process->isSuccessful()) { - $info['commit'] = trim($process->getOutput()); - } - - // Check for local changes - $process = new Process(['git', 'status', '--porcelain'], $this->project_dir); - $process->run(); - $info['has_local_changes'] = !empty(trim($process->getOutput())); - - return $info; } /** * Get Docker-specific information. + * @return array{container_id: string|null, image: string|null} */ private function getDockerInfo(): array { diff --git a/src/Services/System/UpdateChecker.php b/src/Services/System/UpdateChecker.php index 49a132ee..b7a90296 100644 --- a/src/Services/System/UpdateChecker.php +++ b/src/Services/System/UpdateChecker.php @@ -48,6 +48,7 @@ class UpdateChecker private readonly CacheInterface $updateCache, private readonly VersionManagerInterface $versionManager, private readonly PrivacySettings $privacySettings, private readonly LoggerInterface $logger, private readonly InstallationTypeDetector $installationTypeDetector, + private readonly GitVersionInfoProvider $gitVersionInfoProvider, #[Autowire(param: 'kernel.debug')] private readonly bool $is_dev_mode, #[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir) { @@ -84,34 +85,15 @@ class UpdateChecker 'is_git_install' => false, ]; - $gitDir = $this->project_dir . '/.git'; - - if (!is_dir($gitDir)) { + if (!$this->gitVersionInfoProvider->isGitRepo()) { return $info; } $info['is_git_install'] = true; - // Get branch from HEAD file - $headFile = $gitDir . '/HEAD'; - if (file_exists($headFile)) { - $head = file_get_contents($headFile); - if (preg_match('#ref: refs/heads/(.+)#', $head, $matches)) { - $info['branch'] = trim($matches[1]); - } - } - - // Get current commit - $process = new Process(['git', 'rev-parse', '--short', 'HEAD'], $this->project_dir); - $process->run(); - if ($process->isSuccessful()) { - $info['commit'] = trim($process->getOutput()); - } - - // Check for local changes - $process = new Process(['git', 'status', '--porcelain'], $this->project_dir); - $process->run(); - $info['has_local_changes'] = !empty(trim($process->getOutput())); + $info['branch'] = $this->gitVersionInfoProvider->getBranchName(); + $info['commit'] = $this->gitVersionInfoProvider->getCommitHash(8); + $info['has_local_changes'] = $this->gitVersionInfoProvider->hasLocalChanges(); // Get commits behind (fetch first) if ($info['branch']) { @@ -151,7 +133,7 @@ class UpdateChecker /** * Force refresh git information by invalidating cache. */ - public function refreshGitInfo(): void + public function refreshVersionInfo(): void { $gitInfo = $this->getGitInfo(); if ($gitInfo['branch']) { diff --git a/src/State/PartDBInfoProvider.php b/src/State/PartDBInfoProvider.php index b3496cad..b29ef227 100644 --- a/src/State/PartDBInfoProvider.php +++ b/src/State/PartDBInfoProvider.php @@ -7,8 +7,8 @@ namespace App\State; use ApiPlatform\Metadata\Operation; use ApiPlatform\State\ProviderInterface; use App\ApiResource\PartDBInfo; -use App\Services\Misc\GitVersionInfo; use App\Services\System\BannerHelper; +use App\Services\System\GitVersionInfoProvider; use App\Settings\SystemSettings\CustomizationSettings; use App\Settings\SystemSettings\LocalizationSettings; use Shivas\VersioningBundle\Service\VersionManagerInterface; @@ -17,7 +17,7 @@ class PartDBInfoProvider implements ProviderInterface { public function __construct(private readonly VersionManagerInterface $versionManager, - private readonly GitVersionInfo $gitVersionInfo, + private readonly GitVersionInfoProvider $gitVersionInfo, private readonly BannerHelper $bannerHelper, private readonly string $default_uri, private readonly LocalizationSettings $localizationSettings, @@ -31,8 +31,8 @@ class PartDBInfoProvider implements ProviderInterface { return new PartDBInfo( version: $this->versionManager->getVersion()->toString(), - git_branch: $this->gitVersionInfo->getGitBranchName(), - git_commit: $this->gitVersionInfo->getGitCommitHash(), + git_branch: $this->gitVersionInfo->getBranchName(), + git_commit: $this->gitVersionInfo->getCommitHash(), title: $this->customizationSettings->instanceName, banner: $this->bannerHelper->getBanner(), default_uri: $this->default_uri, From 68ff0721ce486502fe717d7aaf2cef6be76b892f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 18:44:44 +0100 Subject: [PATCH 17/43] Merged functionality from UpdateAvailableManager and UpdateChecker --- src/Command/UpdateCommand.php | 4 +- src/Controller/HomepageController.php | 4 +- src/Controller/ToolsController.php | 4 +- src/Controller/UpdateManagerController.php | 2 +- ...eManager.php => UpdateAvailableFacade.php} | 46 ++++--------------- src/Services/System/UpdateChecker.php | 27 ++++++----- src/Twig/UpdateExtension.php | 4 +- 7 files changed, 34 insertions(+), 57 deletions(-) rename src/Services/System/{UpdateAvailableManager.php => UpdateAvailableFacade.php} (67%) diff --git a/src/Command/UpdateCommand.php b/src/Command/UpdateCommand.php index 64fa2bad..ca6c8399 100644 --- a/src/Command/UpdateCommand.php +++ b/src/Command/UpdateCommand.php @@ -166,7 +166,7 @@ HELP $includePrerelease = $input->getOption('include-prerelease'); if (!$targetVersion) { - $latest = $this->updateChecker->getLatestRelease($includePrerelease); + $latest = $this->updateChecker->getLatestVersion($includePrerelease); if (!$latest) { $io->error('Could not determine the latest version. Please specify a version manually.'); return Command::FAILURE; @@ -175,7 +175,7 @@ HELP } // Validate target version - if (!$this->updateChecker->isNewerVersion($targetVersion)) { + if (!$this->updateChecker->isNewerVersionThanCurrent($targetVersion)) { $io->warning(sprintf( 'Version %s is not newer than the current version %s.', $targetVersion, diff --git a/src/Controller/HomepageController.php b/src/Controller/HomepageController.php index 6192c249..6f863a3c 100644 --- a/src/Controller/HomepageController.php +++ b/src/Controller/HomepageController.php @@ -26,7 +26,7 @@ use App\DataTables\LogDataTable; use App\Entity\Parts\Part; use App\Services\System\BannerHelper; use App\Services\System\GitVersionInfoProvider; -use App\Services\System\UpdateAvailableManager; +use App\Services\System\UpdateAvailableFacade; use Doctrine\ORM\EntityManagerInterface; use Omines\DataTablesBundle\DataTableFactory; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; @@ -44,7 +44,7 @@ class HomepageController extends AbstractController #[Route(path: '/', name: 'homepage')] public function homepage(Request $request, GitVersionInfoProvider $versionInfo, EntityManagerInterface $entityManager, - UpdateAvailableManager $updateAvailableManager): Response + UpdateAvailableFacade $updateAvailableManager): Response { $this->denyAccessUnlessGranted('HAS_ACCESS_PERMISSIONS'); diff --git a/src/Controller/ToolsController.php b/src/Controller/ToolsController.php index f1ed888c..76dffb4d 100644 --- a/src/Controller/ToolsController.php +++ b/src/Controller/ToolsController.php @@ -28,7 +28,7 @@ use App\Services\Attachments\BuiltinAttachmentsFinder; use App\Services\Doctrine\DBInfoHelper; use App\Services\Doctrine\NatsortDebugHelper; use App\Services\System\GitVersionInfoProvider; -use App\Services\System\UpdateAvailableManager; +use App\Services\System\UpdateAvailableFacade; use App\Settings\AppSettings; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Response; @@ -48,7 +48,7 @@ class ToolsController extends AbstractController #[Route(path: '/server_infos', name: 'tools_server_infos')] public function systemInfos(GitVersionInfoProvider $versionInfo, DBInfoHelper $DBInfoHelper, NatsortDebugHelper $natsortDebugHelper, - AttachmentSubmitHandler $attachmentSubmitHandler, UpdateAvailableManager $updateAvailableManager, + AttachmentSubmitHandler $attachmentSubmitHandler, UpdateAvailableFacade $updateAvailableManager, AppSettings $settings): Response { $this->denyAccessUnlessGranted('@system.server_infos'); diff --git a/src/Controller/UpdateManagerController.php b/src/Controller/UpdateManagerController.php index 08f7c77f..d88cab5d 100644 --- a/src/Controller/UpdateManagerController.php +++ b/src/Controller/UpdateManagerController.php @@ -226,7 +226,7 @@ class UpdateManagerController extends AbstractController if (!$targetVersion) { // Get latest version if not specified - $latest = $this->updateChecker->getLatestRelease(); + $latest = $this->updateChecker->getLatestVersion(); if (!$latest) { $this->addFlash('error', 'Could not determine target version.'); return $this->redirectToRoute('admin_update_manager'); diff --git a/src/Services/System/UpdateAvailableManager.php b/src/Services/System/UpdateAvailableFacade.php similarity index 67% rename from src/Services/System/UpdateAvailableManager.php rename to src/Services/System/UpdateAvailableFacade.php index 82cfb84e..2a00321c 100644 --- a/src/Services/System/UpdateAvailableManager.php +++ b/src/Services/System/UpdateAvailableFacade.php @@ -35,17 +35,18 @@ use Version\Version; /** * This class checks if a new version of Part-DB is available. */ -class UpdateAvailableManager +class UpdateAvailableFacade { private const API_URL = 'https://api.github.com/repos/Part-DB/Part-DB-server/releases/latest'; private const CACHE_KEY = 'uam_latest_version'; private const CACHE_TTL = 60 * 60 * 24 * 2; // 2 day - public function __construct(private readonly HttpClientInterface $httpClient, - private readonly CacheInterface $updateCache, private readonly VersionManagerInterface $versionManager, - private readonly PrivacySettings $privacySettings, private readonly LoggerInterface $logger, - #[Autowire(param: 'kernel.debug')] private readonly bool $is_dev_mode) + public function __construct( + private readonly CacheInterface $updateCache, + private readonly PrivacySettings $privacySettings, + private readonly UpdateChecker $updateChecker, + ) { } @@ -89,9 +90,7 @@ class UpdateAvailableManager } $latestVersion = $this->getLatestVersion(); - $currentVersion = $this->versionManager->getVersion(); - - return $latestVersion->isGreaterThan($currentVersion); + return $this->updateChecker->isNewerVersionThanCurrent($latestVersion); } /** @@ -111,34 +110,7 @@ class UpdateAvailableManager return $this->updateCache->get(self::CACHE_KEY, function (ItemInterface $item) { $item->expiresAfter(self::CACHE_TTL); - try { - $response = $this->httpClient->request('GET', self::API_URL); - $result = $response->toArray(); - $tag_name = $result['tag_name']; - - // Remove the leading 'v' from the tag name - $version = substr($tag_name, 1); - - return [ - 'version' => $version, - 'url' => $result['html_url'], - ]; - } catch (\Exception $e) { - //When we are in dev mode, throw the exception, otherwise just silently log it - if ($this->is_dev_mode) { - throw $e; - } - - //In the case of an error, try it again after half of the cache time - $item->expiresAfter(self::CACHE_TTL / 2); - - $this->logger->error('Checking for updates failed: ' . $e->getMessage()); - - return [ - 'version' => '0.0.1', - 'url' => 'update-checking-error' - ]; - } + return $this->updateChecker->getLatestVersion(); }); } -} \ No newline at end of file +} diff --git a/src/Services/System/UpdateChecker.php b/src/Services/System/UpdateChecker.php index b7a90296..e388d51f 100644 --- a/src/Services/System/UpdateChecker.php +++ b/src/Services/System/UpdateChecker.php @@ -75,7 +75,7 @@ class UpdateChecker * Get Git repository information. * @return array{branch: ?string, commit: ?string, has_local_changes: bool, commits_behind: int, is_git_install: bool} */ - public function getGitInfo(): array + private function getGitInfo(): array { $info = [ 'branch' => null, @@ -113,7 +113,7 @@ class UpdateChecker return 0; } - $cacheKey = self::CACHE_KEY_COMMITS . '_' . md5($branch); + $cacheKey = self::CACHE_KEY_COMMITS . '_' . hash('xxh3', $branch); return $this->updateCache->get($cacheKey, function (ItemInterface $item) use ($branch) { $item->expiresAfter(self::CACHE_TTL); @@ -135,9 +135,9 @@ class UpdateChecker */ public function refreshVersionInfo(): void { - $gitInfo = $this->getGitInfo(); - if ($gitInfo['branch']) { - $this->updateCache->delete(self::CACHE_KEY_COMMITS . '_' . md5($gitInfo['branch'])); + $gitBranch = $this->gitVersionInfoProvider->getBranchName(); + if ($gitBranch) { + $this->updateCache->delete(self::CACHE_KEY_COMMITS . '_' . hash('xxh3', $gitBranch)); } $this->updateCache->delete(self::CACHE_KEY_RELEASES); } @@ -150,7 +150,10 @@ class UpdateChecker public function getAvailableReleases(int $limit = 10): array { if (!$this->privacySettings->checkForUpdates) { - return []; + return [ //If we don't want to check for updates, we can return dummy data + 'version' => '0.0.1', + 'url' => 'update-checking-disabled' + ]; } return $this->updateCache->get(self::CACHE_KEY_RELEASES, function (ItemInterface $item) use ($limit) { @@ -212,7 +215,7 @@ class UpdateChecker * Get the latest stable release. * @return array{version: string, tag: string, name: string, url: string, published_at: string, body: string, prerelease: bool, assets: array}|null */ - public function getLatestRelease(bool $includePrerelease = false): ?array + public function getLatestVersion(bool $includePrerelease = false): ?array { $releases = $this->getAvailableReleases(); @@ -236,11 +239,13 @@ class UpdateChecker /** * Check if a specific version is newer than current. */ - public function isNewerVersion(string $version): bool + public function isNewerVersionThanCurrent(Version|string $version): bool { + if ($version instanceof Version) { + return $version->isGreaterThan($this->getCurrentVersion()); + } try { - $targetVersion = Version::fromString(ltrim($version, 'v')); - return $targetVersion->isGreaterThan($this->getCurrentVersion()); + return Version::fromString(ltrim($version, 'v'))->isGreaterThan($this->getCurrentVersion()); } catch (\Exception) { return false; } @@ -254,7 +259,7 @@ class UpdateChecker public function getUpdateStatus(): array { $current = $this->getCurrentVersion(); - $latest = $this->getLatestRelease(); + $latest = $this->getLatestVersion(); $gitInfo = $this->getGitInfo(); $installInfo = $this->installationTypeDetector->getInstallationInfo(); diff --git a/src/Twig/UpdateExtension.php b/src/Twig/UpdateExtension.php index 10264d12..ee3bb16c 100644 --- a/src/Twig/UpdateExtension.php +++ b/src/Twig/UpdateExtension.php @@ -23,7 +23,7 @@ declare(strict_types=1); namespace App\Twig; -use App\Services\System\UpdateAvailableManager; +use App\Services\System\UpdateAvailableFacade; use Symfony\Bundle\SecurityBundle\Security; use Twig\Extension\AbstractExtension; use Twig\TwigFunction; @@ -33,7 +33,7 @@ use Twig\TwigFunction; */ final class UpdateExtension extends AbstractExtension { - public function __construct(private readonly UpdateAvailableManager $updateAvailableManager, + public function __construct(private readonly UpdateAvailableFacade $updateAvailableManager, private readonly Security $security) { From 1ccc3ad44018d3b5ab4012b7639ae21fdcf348f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 19:48:27 +0100 Subject: [PATCH 18/43] Extracted logic used by both BackupManager and UpdateExecutor to new service --- src/Services/System/BackupManager.php | 56 ++++-------------- src/Services/System/CommandRunHelper.php | 75 ++++++++++++++++++++++++ src/Services/System/UpdateExecutor.php | 33 +---------- 3 files changed, 89 insertions(+), 75 deletions(-) create mode 100644 src/Services/System/CommandRunHelper.php diff --git a/src/Services/System/BackupManager.php b/src/Services/System/BackupManager.php index b646e433..9bdc7f71 100644 --- a/src/Services/System/BackupManager.php +++ b/src/Services/System/BackupManager.php @@ -35,17 +35,18 @@ use Symfony\Component\Process\Process; * This service handles all backup-related operations and can be used * by the Update Manager, CLI commands, or other services. */ -class BackupManager +readonly class BackupManager { private const BACKUP_DIR = 'var/backups'; public function __construct( #[Autowire(param: 'kernel.project_dir')] - private readonly string $projectDir, - private readonly LoggerInterface $logger, - private readonly Filesystem $filesystem, - private readonly VersionManagerInterface $versionManager, - private readonly EntityManagerInterface $entityManager, + private string $projectDir, + private LoggerInterface $logger, + private Filesystem $filesystem, + private VersionManagerInterface $versionManager, + private EntityManagerInterface $entityManager, + private CommandRunHelper $commandRunHelper, ) { } @@ -90,7 +91,7 @@ class BackupManager $backupFile = $backupDir . '/' . $prefix . '-v' . $currentVersion . '-' . date('Y-m-d-His') . '.zip'; } - $this->runCommand([ + $this->commandRunHelper->runCommand([ 'php', 'bin/console', 'partdb:backup', '--full', '--overwrite', @@ -103,7 +104,7 @@ class BackupManager } /** - * Get list of backups. + * Get list of backups, that are available, sorted by date descending. * * @return array */ @@ -126,7 +127,7 @@ class BackupManager } // Sort by date descending - usort($backups, fn($a, $b) => $b['date'] <=> $a['date']); + usort($backups, static fn($a, $b) => $b['date'] <=> $a['date']); return $backups; } @@ -135,7 +136,7 @@ class BackupManager * Get details about a specific backup file. * * @param string $filename The backup filename - * @return array|null Backup details or null if not found + * @return null|array{file: string, path: string, date: int, size: int, from_version: ?string, to_version: ?string, contains_database?: bool, contains_config?: bool, contains_attachments?: bool} Backup details or null if not found */ public function getBackupDetails(string $filename): ?array { @@ -449,39 +450,4 @@ class BackupManager $this->filesystem->mirror($uploads, $this->projectDir . '/uploads', null, ['override' => true]); } } - - /** - * Run a shell command with proper error handling. - */ - private function runCommand(array $command, string $description, int $timeout = 120): string - { - $process = new Process($command, $this->projectDir); - $process->setTimeout($timeout); - - // Set environment variables - $currentEnv = getenv(); - if (!is_array($currentEnv)) { - $currentEnv = []; - } - $env = array_merge($currentEnv, [ - 'HOME' => $this->projectDir, - 'COMPOSER_HOME' => $this->projectDir . '/var/composer', - 'PATH' => getenv('PATH') ?: '/usr/local/bin:/usr/bin:/bin', - ]); - $process->setEnv($env); - - $output = ''; - $process->run(function ($type, $buffer) use (&$output) { - $output .= $buffer; - }); - - if (!$process->isSuccessful()) { - $errorOutput = $process->getErrorOutput() ?: $process->getOutput(); - throw new \RuntimeException( - sprintf('%s failed: %s', $description, trim($errorOutput)) - ); - } - - return $output; - } } diff --git a/src/Services/System/CommandRunHelper.php b/src/Services/System/CommandRunHelper.php new file mode 100644 index 00000000..7a144d5f --- /dev/null +++ b/src/Services/System/CommandRunHelper.php @@ -0,0 +1,75 @@ +. + */ + +declare(strict_types=1); + + +namespace App\Services\System; + +use Symfony\Component\DependencyInjection\Attribute\Autowire; +use Symfony\Component\Process\Process; + +class CommandRunHelper +{ + private UpdateExecutor $updateExecutor; + + public function __construct( + #[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir + ) + { + } + + /** + * Run a shell command with proper error handling. + */ + public function runCommand(array $command, string $description, int $timeout = 120): string + { + $process = new Process($command, $this->project_dir); + $process->setTimeout($timeout); + + // Set environment variables needed for Composer and other tools + // This is especially important when running as www-data which may not have HOME set + // We inherit from current environment and override/add specific variables + $currentEnv = getenv(); + if (!is_array($currentEnv)) { + $currentEnv = []; + } + $env = array_merge($currentEnv, [ + 'HOME' => $this->project_dir.'/var/www-data-home', + 'COMPOSER_HOME' => $this->project_dir.'/var/composer', + 'PATH' => getenv('PATH') ?: '/usr/local/bin:/usr/bin:/bin', + ]); + $process->setEnv($env); + + $output = ''; + $process->run(function ($type, $buffer) use (&$output) { + $output .= $buffer; + }); + + if (!$process->isSuccessful()) { + $errorOutput = $process->getErrorOutput() ?: $process->getOutput(); + throw new \RuntimeException( + sprintf('%s failed: %s', $description, trim($errorOutput)) + ); + } + + return $output; + } +} diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index d6bc4127..90cabf82 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -46,6 +46,7 @@ class UpdateExecutor private array $steps = []; private ?string $currentLogFile = null; + private CommandRunHelper $commandRunHelper; public function __construct( #[Autowire(param: 'kernel.project_dir')] @@ -58,6 +59,7 @@ class UpdateExecutor #[Autowire(param: 'app.debug_mode')] private readonly bool $debugMode = false, ) { + $this->commandRunHelper = new CommandRunHelper($this); } /** @@ -516,36 +518,7 @@ class UpdateExecutor */ private function runCommand(array $command, string $description, int $timeout = 120): string { - $process = new Process($command, $this->project_dir); - $process->setTimeout($timeout); - - // Set environment variables needed for Composer and other tools - // This is especially important when running as www-data which may not have HOME set - // We inherit from current environment and override/add specific variables - $currentEnv = getenv(); - if (!is_array($currentEnv)) { - $currentEnv = []; - } - $env = array_merge($currentEnv, [ - 'HOME' => $this->project_dir, - 'COMPOSER_HOME' => $this->project_dir . '/var/composer', - 'PATH' => getenv('PATH') ?: '/usr/local/bin:/usr/bin:/bin', - ]); - $process->setEnv($env); - - $output = ''; - $process->run(function ($type, $buffer) use (&$output) { - $output .= $buffer; - }); - - if (!$process->isSuccessful()) { - $errorOutput = $process->getErrorOutput() ?: $process->getOutput(); - throw new \RuntimeException( - sprintf('%s failed: %s', $description, trim($errorOutput)) - ); - } - - return $output; + return $this->commandRunHelper->runCommand($command, $description, $timeout); } /** From 720c1e51e84b4bfbf5395eb7c731043c249811f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 20:28:17 +0100 Subject: [PATCH 19/43] Improved UpdateExecutor --- src/Services/System/UpdateExecutor.php | 53 ++++++++------------ tests/Services/System/UpdateExecutorTest.php | 6 --- 2 files changed, 20 insertions(+), 39 deletions(-) diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 90cabf82..9f73c63a 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -34,6 +34,8 @@ use Symfony\Component\Process\Process; * * This service should primarily be used from CLI commands, not web requests, * due to the long-running nature of updates and permission requirements. + * + * For web requests, use startBackgroundUpdate() method. */ class UpdateExecutor { @@ -46,7 +48,6 @@ class UpdateExecutor private array $steps = []; private ?string $currentLogFile = null; - private CommandRunHelper $commandRunHelper; public function __construct( #[Autowire(param: 'kernel.project_dir')] @@ -56,10 +57,10 @@ class UpdateExecutor private readonly InstallationTypeDetector $installationTypeDetector, private readonly VersionManagerInterface $versionManager, private readonly BackupManager $backupManager, + private readonly CommandRunHelper $commandRunHelper, #[Autowire(param: 'app.debug_mode')] private readonly bool $debugMode = false, ) { - $this->commandRunHelper = new CommandRunHelper($this); } /** @@ -75,14 +76,12 @@ class UpdateExecutor */ public function isLocked(): bool { - $lockFile = $this->project_dir . '/' . self::LOCK_FILE; - - if (!file_exists($lockFile)) { + // Check if lock is stale (older than 1 hour) + $lockData = $this->getLockInfo(); + if ($lockData === null) { return false; } - // Check if lock is stale (older than 1 hour) - $lockData = json_decode(file_get_contents($lockFile), true); if ($lockData && isset($lockData['started_at'])) { $startedAt = new \DateTime($lockData['started_at']); $now = new \DateTime(); @@ -100,7 +99,8 @@ class UpdateExecutor } /** - * Get lock information. + * Get lock information, or null if not locked. + * @return null|array{started_at: string, pid: int, user: string} */ public function getLockInfo(): ?array { @@ -110,7 +110,7 @@ class UpdateExecutor return null; } - return json_decode(file_get_contents($lockFile), true); + return json_decode(file_get_contents($lockFile), true, 512, JSON_THROW_ON_ERROR); } /** @@ -123,6 +123,7 @@ class UpdateExecutor /** * Get maintenance mode information. + * @return null|array{enabled_at: string, reason: string} */ public function getMaintenanceInfo(): ?array { @@ -132,7 +133,7 @@ class UpdateExecutor return null; } - return json_decode(file_get_contents($maintenanceFile), true); + return json_decode(file_get_contents($maintenanceFile), true, 512, JSON_THROW_ON_ERROR); } /** @@ -157,7 +158,7 @@ class UpdateExecutor 'user' => get_current_user(), ]; - $this->filesystem->dumpFile($lockFile, json_encode($lockData, JSON_PRETTY_PRINT)); + $this->filesystem->dumpFile($lockFile, json_encode($lockData, JSON_THROW_ON_ERROR | JSON_PRETTY_PRINT)); return true; } @@ -191,7 +192,7 @@ class UpdateExecutor 'reason' => $reason, ]; - $this->filesystem->dumpFile($maintenanceFile, json_encode($data, JSON_PRETTY_PRINT)); + $this->filesystem->dumpFile($maintenanceFile, json_encode($data, JSON_THROW_ON_ERROR | JSON_PRETTY_PRINT)); } /** @@ -574,6 +575,7 @@ class UpdateExecutor /** * Get list of update log files. + * @return array{file: string, path: string, date: int, size: int}[] */ public function getUpdateLogs(): array { @@ -594,28 +596,11 @@ class UpdateExecutor } // Sort by date descending - usort($logs, fn($a, $b) => $b['date'] <=> $a['date']); + usort($logs, static fn($a, $b) => $b['date'] <=> $a['date']); return $logs; } - /** - * Get list of backups. - * @deprecated Use BackupManager::getBackups() directly - */ - public function getBackups(): array - { - return $this->backupManager->getBackups(); - } - - /** - * Get details about a specific backup file. - * @deprecated Use BackupManager::getBackupDetails() directly - */ - public function getBackupDetails(string $filename): ?array - { - return $this->backupManager->getBackupDetails($filename); - } /** * Restore from a backup file with maintenance mode and cache clearing. @@ -746,8 +731,9 @@ class UpdateExecutor /** * Save progress to file for web UI polling. + * @param array{status: string, target_version: string, create_backup: bool, started_at: string, current_step: int, total_steps: int, step_name: string, step_message: string, steps: array, error: ?string} $progress */ - public function saveProgress(array $progress): void + private function saveProgress(array $progress): void { $progressFile = $this->getProgressFilePath(); $progressDir = dirname($progressFile); @@ -756,11 +742,12 @@ class UpdateExecutor $this->filesystem->mkdir($progressDir); } - $this->filesystem->dumpFile($progressFile, json_encode($progress, JSON_PRETTY_PRINT)); + $this->filesystem->dumpFile($progressFile, json_encode($progress, JSON_THROW_ON_ERROR | JSON_PRETTY_PRINT)); } /** * Get current update progress from file. + * @return null|array{status: string, target_version: string, create_backup: bool, started_at: string, current_step: int, total_steps: int, step_name: string, step_message: string, steps: array, error: ?string} */ public function getProgress(): ?array { @@ -770,7 +757,7 @@ class UpdateExecutor return null; } - $data = json_decode(file_get_contents($progressFile), true); + $data = json_decode(file_get_contents($progressFile), true, 512, JSON_THROW_ON_ERROR); // If the progress file is stale (older than 30 minutes), consider it invalid if ($data && isset($data['started_at'])) { diff --git a/tests/Services/System/UpdateExecutorTest.php b/tests/Services/System/UpdateExecutorTest.php index 9b832f6c..851d060c 100644 --- a/tests/Services/System/UpdateExecutorTest.php +++ b/tests/Services/System/UpdateExecutorTest.php @@ -74,12 +74,6 @@ class UpdateExecutorTest extends KernelTestCase $this->assertIsArray($logs); } - public function testGetBackupsReturnsArray(): void - { - $backups = $this->updateExecutor->getBackups(); - - $this->assertIsArray($backups); - } public function testValidateUpdatePreconditionsReturnsProperStructure(): void { From 7a856bf6f1015c862395f822d558eacc623eddb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 20:37:02 +0100 Subject: [PATCH 20/43] Try to emulate nohup behavior on windows --- src/Services/System/UpdateExecutor.php | 29 ++++++++++++++++++-------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 9f73c63a..6a40af6e 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -835,15 +835,26 @@ class UpdateExecutor $this->filesystem->mkdir($logDir, 0755); } - // Use nohup to properly detach the process from the web request - // The process will continue running even after the PHP request ends - $command = sprintf( - 'nohup php %s partdb:update %s %s --force --no-interaction >> %s 2>&1 &', - escapeshellarg($consolePath), - escapeshellarg($targetVersion), - $createBackup ? '' : '--no-backup', - escapeshellarg($logFile) - ); + //If we are on Windows, we cannot use nohup + if (PHP_OS_FAMILY === 'Windows') { + $command = sprintf( + 'start /B php %s partdb:update %s %s --force --no-interaction >> %s 2>&1', + escapeshellarg($consolePath), + escapeshellarg($targetVersion), + $createBackup ? '' : '--no-backup', + escapeshellarg($logFile) + ); + } else { //Unix like platforms should be able to use nohup + // Use nohup to properly detach the process from the web request + // The process will continue running even after the PHP request ends + $command = sprintf( + 'nohup php %s partdb:update %s %s --force --no-interaction >> %s 2>&1 &', + escapeshellarg($consolePath), + escapeshellarg($targetVersion), + $createBackup ? '' : '--no-backup', + escapeshellarg($logFile) + ); + } $this->logger->info('Starting background update', [ 'command' => $command, From 2b94ff952c67a46d372450256f20958bf65b086c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 20:49:21 +0100 Subject: [PATCH 21/43] Use different symbol for update manager --- src/Services/Trees/ToolsTreeBuilder.php | 2 +- templates/admin/update_manager/index.html.twig | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Services/Trees/ToolsTreeBuilder.php b/src/Services/Trees/ToolsTreeBuilder.php index 5356781b..6397e3af 100644 --- a/src/Services/Trees/ToolsTreeBuilder.php +++ b/src/Services/Trees/ToolsTreeBuilder.php @@ -329,7 +329,7 @@ class ToolsTreeBuilder $nodes[] = (new TreeViewNode( $this->translator->trans('tree.tools.system.update_manager'), $this->urlGenerator->generate('admin_update_manager') - ))->setIcon('fa-fw fa-treeview fa-solid fa-cloud-download-alt'); + ))->setIcon('fa-fw fa-treeview fa-solid fa-arrow-circle-up'); } return $nodes; diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig index 24dfcc96..3968de93 100644 --- a/templates/admin/update_manager/index.html.twig +++ b/templates/admin/update_manager/index.html.twig @@ -3,7 +3,7 @@ {% block title %}Part-DB {% trans %}update_manager.title{% endtrans %}{% endblock %} {% block card_title %} - Part-DB {% trans %}update_manager.title{% endtrans %} + Part-DB {% trans %}update_manager.title{% endtrans %} {% endblock %} {% block card_content %} From 29a08d152a03467b98a277128c88964809d2af6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 20:52:42 +0100 Subject: [PATCH 22/43] Use version info from updateChecker to be consistent --- src/Services/System/UpdateAvailableFacade.php | 4 ---- src/Services/System/UpdateExecutor.php | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/Services/System/UpdateAvailableFacade.php b/src/Services/System/UpdateAvailableFacade.php index 2a00321c..d9f18997 100644 --- a/src/Services/System/UpdateAvailableFacade.php +++ b/src/Services/System/UpdateAvailableFacade.php @@ -24,12 +24,8 @@ declare(strict_types=1); namespace App\Services\System; use App\Settings\SystemSettings\PrivacySettings; -use Psr\Log\LoggerInterface; -use Shivas\VersioningBundle\Service\VersionManagerInterface; -use Symfony\Component\DependencyInjection\Attribute\Autowire; use Symfony\Contracts\Cache\CacheInterface; use Symfony\Contracts\Cache\ItemInterface; -use Symfony\Contracts\HttpClient\HttpClientInterface; use Version\Version; /** diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 6a40af6e..1dfc3dc1 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -55,7 +55,7 @@ class UpdateExecutor private readonly LoggerInterface $logger, private readonly Filesystem $filesystem, private readonly InstallationTypeDetector $installationTypeDetector, - private readonly VersionManagerInterface $versionManager, + private readonly UpdateChecker $updateChecker, private readonly BackupManager $backupManager, private readonly CommandRunHelper $commandRunHelper, #[Autowire(param: 'app.debug_mode')] @@ -68,7 +68,7 @@ class UpdateExecutor */ private function getCurrentVersionString(): string { - return $this->versionManager->getVersion()->toString(); + return $this->updateChecker->getCurrentVersionString(); } /** From 883e3b271dc58f04d63d759f0cd6ecf42677f623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 21:02:08 +0100 Subject: [PATCH 23/43] Fixed git commit hash logic --- .../System/GitVersionInfoProvider.php | 30 +++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/src/Services/System/GitVersionInfoProvider.php b/src/Services/System/GitVersionInfoProvider.php index 6d067333..01925ff8 100644 --- a/src/Services/System/GitVersionInfoProvider.php +++ b/src/Services/System/GitVersionInfoProvider.php @@ -85,20 +85,26 @@ final readonly class GitVersionInfoProvider */ public function getCommitHash(int $length = 8): ?string { - $filename = $this->getGitDirectory() . '/refs/remotes/origin/'.$this->getBranchName(); - if (is_file($filename)) { - $head = file($filename); - - if (!isset($head[0])) { - return null; - } - - $hash = $head[0]; - - return substr($hash, 0, $length); + $path = $this->getGitDirectory() . '/HEAD'; + if (!file_exists($path)) { + return null; } - return null; // this is not a Git installation + $head = trim(file_get_contents($path)); + + // If it's a symbolic ref (e.g., "ref: refs/heads/main") + if (str_starts_with($head, 'ref:')) { + $refPath = $this->getGitDirectory() . '/' . trim(substr($head, 5)); + if (file_exists($refPath)) { + $hash = trim(file_get_contents($refPath)); + } + } else { + // Otherwise, it's a detached HEAD (the hash is right there) + $hash = $head; + } + + return isset($hash) ? substr($hash, 0, $length) : null; + } /** From d06df4410d8ed60d600c7b1cb5afb6f3ab122107 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 21:18:03 +0100 Subject: [PATCH 24/43] Disable the web updater and web backup restore for now This can become default, when there is more experience with the web updated --- .env | 4 ++-- VERSION | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.env b/.env index 3196241b..1956f2fe 100644 --- a/.env +++ b/.env @@ -65,11 +65,11 @@ ERROR_PAGE_SHOW_HELP=1 # Set this to 1 to completely disable web-based updates, regardless of user permissions. # Use this if you prefer to manage updates through your own deployment process. -DISABLE_WEB_UPDATES=0 +DISABLE_WEB_UPDATES=1 # Set this to 1 to disable the backup restore feature from the web UI. # Restoring backups is a destructive operation that could cause data loss. -DISABLE_BACKUP_RESTORE=0 +DISABLE_BACKUP_RESTORE=1 ################################################################################### # SAML Single sign on-settings diff --git a/VERSION b/VERSION index 73462a5a..437459cd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5.1 +2.5.0 From 0e5a73b6f435de2050259ddbb070567ad6c68744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 21:22:06 +0100 Subject: [PATCH 25/43] Add nonce to inline script in progress bar --- templates/admin/update_manager/progress.html.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/admin/update_manager/progress.html.twig b/templates/admin/update_manager/progress.html.twig index c45a4e78..597b8a9a 100644 --- a/templates/admin/update_manager/progress.html.twig +++ b/templates/admin/update_manager/progress.html.twig @@ -186,7 +186,7 @@
    {# JavaScript refresh - more reliable than meta refresh #} - - - diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index b6537a5f..c9167bd4 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -14718,60 +14718,6 @@ Buerklin-API Authentication server: bytes - - - update_manager.maintenance.title - Maintenance - - - - - update_manager.maintenance.heading - Part-DB is Updating - - - - - update_manager.maintenance.description - We're installing updates to make Part-DB even better. This should only take a moment. - - - - - update_manager.maintenance.step_backup - Creating backup - - - - - update_manager.maintenance.step_download - Downloading updates - - - - - update_manager.maintenance.step_install - Installing files - - - - - update_manager.maintenance.step_migrate - Running migrations - - - - - update_manager.maintenance.step_cache - Clearing cache - - - - - update_manager.maintenance.auto_refresh - This page will refresh automatically when the update is complete. - - perm.system.manage_updates From 1a06432cec3dda5da3f052c2bf4ecd78e793afbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 22:16:26 +0100 Subject: [PATCH 32/43] Removed custom yes and no translations --- templates/admin/update_manager/index.html.twig | 8 ++++---- translations/messages.en.xlf | 12 ------------ 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/templates/admin/update_manager/index.html.twig b/templates/admin/update_manager/index.html.twig index 9b95637d..44b9f8c0 100644 --- a/templates/admin/update_manager/index.html.twig +++ b/templates/admin/update_manager/index.html.twig @@ -87,11 +87,11 @@ {% if status.git.has_local_changes %} - {% trans %}update_manager.yes{% endtrans %} + {% trans %}Yes{% endtrans %} {% else %} - {% trans %}update_manager.no{% endtrans %} + {% trans %}No{% endtrans %} {% endif %} @@ -102,11 +102,11 @@ {% if status.can_auto_update %} - {% trans %}update_manager.yes{% endtrans %} + {% trans %}Yes{% endtrans %} {% else %} - {% trans %}update_manager.no{% endtrans %} + {% trans %}No{% endtrans %} {% endif %} diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index c9167bd4..7a7408c1 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -14442,18 +14442,6 @@ Buerklin-API Authentication server: For safety and reliability, updates should be performed via the command line interface. The update process will automatically create a backup, enable maintenance mode, and handle migrations. - - - update_manager.yes - Yes - - - - - update_manager.no - No - - update_manager.up_to_date From 9ca1834d9bde039c49ac57f6e75667bd79e9de28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 23:07:24 +0100 Subject: [PATCH 33/43] Removed unused translations --- translations/messages.en.xlf | 126 ----------------------------------- 1 file changed, 126 deletions(-) diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index 7a7408c1..6f8250ad 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -14544,84 +14544,6 @@ Buerklin-API Authentication server: No backups found - - - update_manager.pre_update_checklist - Pre-Update Checklist - - - - - update_manager.before_updating - Before Updating - - - - - update_manager.checklist.requirements - All requirements met - - - - - update_manager.checklist.no_local_changes - No local modifications - - - - - update_manager.checklist.backup_created - Backup will be created automatically - - - - - update_manager.checklist.read_release_notes - Read release notes for breaking changes - - - - - update_manager.update_will - The Update Will - - - - - update_manager.will.backup - Create a full backup - - - - - update_manager.will.maintenance - Enable maintenance mode - - - - - update_manager.will.git - Pull latest code from Git - - - - - update_manager.will.composer - Update dependencies via Composer - - - - - update_manager.will.migrations - Run database migrations - - - - - update_manager.will.cache - Clear and rebuild cache - - update_manager.validation_issues @@ -14712,66 +14634,24 @@ Buerklin-API Authentication server: Manage Part-DB updates - - - update_manager.update_now - Update Now - - - - - update_manager.update_from_to - Update from %from% to %to% - - - - - update_manager.update_description - Click the button to start the update process. A backup will be created automatically and you can monitor the progress. - - - - - update_manager.start_update - Start Update - - update_manager.create_backup Create backup before updating (recommended) - - - update_manager.estimated_time - Update typically takes 2-5 minutes - - update_manager.confirm_update Are you sure you want to update Part-DB? A backup will be created before the update. - - - update_manager.starting - Starting... - - update_manager.already_up_to_date You are running the latest version of Part-DB. - - - update_manager.cli_alternative - Alternatively, you can update via the command line: - - update_manager.progress.title @@ -14868,12 +14748,6 @@ Buerklin-API Authentication server: Downgrade Progress - - - update_manager.progress.downgrading - Downgrading Part-DB... - - update_manager.progress.downgrading_to From a755287c3b867910a3f211deabb99e6e172a46e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 23:09:52 +0100 Subject: [PATCH 34/43] Make maintenance command available under partdb:maintenance-mode to make it more consistent with other hyphen command tools --- src/Command/MaintenanceModeCommand.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Command/MaintenanceModeCommand.php b/src/Command/MaintenanceModeCommand.php index 37f59af1..7fdea97e 100644 --- a/src/Command/MaintenanceModeCommand.php +++ b/src/Command/MaintenanceModeCommand.php @@ -32,7 +32,7 @@ use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Style\SymfonyStyle; -#[AsCommand('partdb:maintenance_mode', 'Enable/disable maintenance mode and set a message')] +#[AsCommand('partdb:maintenance-mode', 'Enable/disable maintenance mode and set a message')] class MaintenanceModeCommand extends Command { public function __construct( From cad5261aba8b123158ed7039e955f0a842254141 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 2 Feb 2026 23:26:18 +0100 Subject: [PATCH 35/43] Fixed phpstan issues --- phpstan.dist.neon | 6 ++++++ src/Command/MaintenanceModeCommand.php | 2 +- src/Services/System/CommandRunHelper.php | 2 -- src/Services/System/UpdateAvailableFacade.php | 2 -- src/Services/System/UpdateChecker.php | 7 ++----- src/Services/System/UpdateExecutor.php | 2 ++ 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/phpstan.dist.neon b/phpstan.dist.neon index fc7b3524..eb629314 100644 --- a/phpstan.dist.neon +++ b/phpstan.dist.neon @@ -6,6 +6,9 @@ parameters: - src # - tests + banned_code: + non_ignorable: false # Allow to ignore some banned code + excludePaths: - src/DataTables/Adapter/* - src/Configuration/* @@ -61,3 +64,6 @@ parameters: # Ignore error of unused WithPermPresetsTrait, as it is used in the migrations which are not analyzed by Phpstan - '#Trait App\\Migration\\WithPermPresetsTrait is used zero times and is not analysed#' + - + message: '#Should not use function "shell_exec"#' + path: src/Services/System/UpdateExecutor.php diff --git a/src/Command/MaintenanceModeCommand.php b/src/Command/MaintenanceModeCommand.php index 7fdea97e..47b1eaef 100644 --- a/src/Command/MaintenanceModeCommand.php +++ b/src/Command/MaintenanceModeCommand.php @@ -106,7 +106,7 @@ class MaintenanceModeCommand extends Command if ($enable) { // Use provided message or fallback to a default English message - $reason = is_string($message) && $message !== '' + $reason = is_string($message) ? $message : 'The system is temporarily unavailable due to maintenance.'; diff --git a/src/Services/System/CommandRunHelper.php b/src/Services/System/CommandRunHelper.php index 7a144d5f..19bc8548 100644 --- a/src/Services/System/CommandRunHelper.php +++ b/src/Services/System/CommandRunHelper.php @@ -28,8 +28,6 @@ use Symfony\Component\Process\Process; class CommandRunHelper { - private UpdateExecutor $updateExecutor; - public function __construct( #[Autowire(param: 'kernel.project_dir')] private readonly string $project_dir ) diff --git a/src/Services/System/UpdateAvailableFacade.php b/src/Services/System/UpdateAvailableFacade.php index d9f18997..ac3a46c0 100644 --- a/src/Services/System/UpdateAvailableFacade.php +++ b/src/Services/System/UpdateAvailableFacade.php @@ -33,8 +33,6 @@ use Version\Version; */ class UpdateAvailableFacade { - - private const API_URL = 'https://api.github.com/repos/Part-DB/Part-DB-server/releases/latest'; private const CACHE_KEY = 'uam_latest_version'; private const CACHE_TTL = 60 * 60 * 24 * 2; // 2 day diff --git a/src/Services/System/UpdateChecker.php b/src/Services/System/UpdateChecker.php index e388d51f..fdb8d9dd 100644 --- a/src/Services/System/UpdateChecker.php +++ b/src/Services/System/UpdateChecker.php @@ -145,15 +145,12 @@ class UpdateChecker /** * Get all available releases from GitHub (cached). * - * @return array + * @return array */ public function getAvailableReleases(int $limit = 10): array { if (!$this->privacySettings->checkForUpdates) { - return [ //If we don't want to check for updates, we can return dummy data - 'version' => '0.0.1', - 'url' => 'update-checking-disabled' - ]; + return []; } return $this->updateCache->get(self::CACHE_KEY_RELEASES, function (ItemInterface $item) use ($limit) { diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php index 1dfc3dc1..2fe54173 100644 --- a/src/Services/System/UpdateExecutor.php +++ b/src/Services/System/UpdateExecutor.php @@ -863,6 +863,8 @@ class UpdateExecutor // Execute in background using shell_exec for proper detachment // shell_exec with & runs the command in background + + //@php-ignore-next-line We really need to use shell_exec here $output = shell_exec($command); // Give it a moment to start From 984529bc7940ef30f62469c6b944c396469c75f0 Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Tue, 3 Feb 2026 11:55:53 +0100 Subject: [PATCH 36/43] Add Update Manager documentation - Add comprehensive update_manager.md with feature overview - Document CLI commands (partdb:update, partdb:maintenance-mode) - Document web interface and permissions - Add security considerations and troubleshooting - Update console_commands.md with new commands --- docs/usage/console_commands.md | 8 ++ docs/usage/update_manager.md | 170 +++++++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 docs/usage/update_manager.md diff --git a/docs/usage/console_commands.md b/docs/usage/console_commands.md index b42bb757..576b3314 100644 --- a/docs/usage/console_commands.md +++ b/docs/usage/console_commands.md @@ -50,6 +50,14 @@ docker exec --user=www-data partdb php bin/console cache:clear * `php bin/console partdb:currencies:update-exchange-rates`: Update the exchange rates of all currencies from the internet +## Update Manager commands + +{: .note } +> The Update Manager is an experimental feature. See the [Update Manager documentation](update_manager.md) for details. + +* `php bin/console partdb:update`: Check for and perform updates to Part-DB. Use `--check` to only check for updates without installing. +* `php bin/console partdb:maintenance-mode`: Enable, disable, or check the status of maintenance mode. Use `--enable`, `--disable`, or `--status`. + ## Installation/Maintenance commands * `php bin/console partdb:backup`: Backup the database and the attachments diff --git a/docs/usage/update_manager.md b/docs/usage/update_manager.md new file mode 100644 index 00000000..43fe2c94 --- /dev/null +++ b/docs/usage/update_manager.md @@ -0,0 +1,170 @@ +--- +title: Update Manager +layout: default +parent: Usage +--- + +# Update Manager (Experimental) + +{: .warning } +> The Update Manager is currently an **experimental feature**. It is disabled by default while user experience data is being gathered. Use with caution and always ensure you have proper backups before updating. + +Part-DB includes an Update Manager that can automatically update Git-based installations to newer versions. The Update Manager provides both a web interface and CLI commands for managing updates, backups, and maintenance mode. + +## Supported Installation Types + +The Update Manager currently supports automatic updates only for **Git clone** installations. Other installation types show manual update instructions: + +| Installation Type | Auto-Update | Instructions | +|-------------------|-------------|--------------| +| Git Clone | Yes | Automatic via CLI or Web UI | +| Docker | No | Pull new image: `docker-compose pull && docker-compose up -d` | +| ZIP Release | No | Download and extract new release manually | + +## Enabling the Update Manager + +By default, web-based updates and backup restore are **disabled** for security reasons. To enable them, add these settings to your `.env.local` file: + +```bash +# Enable web-based updates (default: disabled) +DISABLE_WEB_UPDATES=0 + +# Enable backup restore via web interface (default: disabled) +DISABLE_BACKUP_RESTORE=0 +``` + +{: .note } +> Even with web updates disabled, you can still use the CLI commands to perform updates. + +## CLI Commands + +### Update Command + +Check for updates or perform an update: + +```bash +# Check for available updates +php bin/console partdb:update --check + +# Update to the latest version +php bin/console partdb:update + +# Update to a specific version +php bin/console partdb:update v2.6.0 + +# Update without creating a backup first +php bin/console partdb:update --no-backup + +# Force update without confirmation prompt +php bin/console partdb:update --force +``` + +### Maintenance Mode Command + +Manually enable or disable maintenance mode: + +```bash +# Enable maintenance mode with default message +php bin/console partdb:maintenance-mode --enable + +# Enable with custom message +php bin/console partdb:maintenance-mode --enable "System maintenance until 6 PM" +php bin/console partdb:maintenance-mode --enable --message="Updating to v2.6.0" + +# Disable maintenance mode +php bin/console partdb:maintenance-mode --disable + +# Check current status +php bin/console partdb:maintenance-mode --status +``` + +## Web Interface + +When web updates are enabled, the Update Manager is accessible at **System > Update Manager** (URL: `/system/update-manager`). + +The web interface shows: +- Current version and installation type +- Available updates with release notes +- Precondition validation (Git, Composer, Yarn, permissions) +- Update history and logs +- Backup management + +### Required Permissions + +Users need the following permissions to access the Update Manager: + +| Permission | Description | +|------------|-------------| +| `@system.show_updates` | View update status and available versions | +| `@system.manage_updates` | Perform updates and restore backups | + +## Update Process + +When an update is performed, the following steps are executed: + +1. **Lock** - Acquire exclusive lock to prevent concurrent updates +2. **Maintenance Mode** - Enable maintenance mode to block user access +3. **Rollback Tag** - Create a Git tag for potential rollback +4. **Backup** - Create a full backup (optional but recommended) +5. **Git Fetch** - Fetch latest changes from origin +6. **Git Checkout** - Checkout the target version +7. **Composer Install** - Install/update PHP dependencies +8. **Yarn Install** - Install frontend dependencies +9. **Yarn Build** - Compile frontend assets +10. **Database Migrations** - Run any new migrations +11. **Cache Clear** - Clear the application cache +12. **Cache Warmup** - Rebuild the cache +13. **Maintenance Off** - Disable maintenance mode +14. **Unlock** - Release the update lock + +If any step fails, the system automatically attempts to rollback to the previous version. + +## Backup Management + +The Update Manager automatically creates backups before updates. These backups are stored in `var/backups/` and include: + +- Database dump (SQL file or SQLite database) +- Configuration files (`.env.local`, `parameters.yaml`, `banner.md`) +- Attachment files (`uploads/`, `public/media/`) + +### Restoring from Backup + +{: .warning } +> Backup restore is a destructive operation that will overwrite your current database. Only use this if you need to recover from a failed update. + +If web restore is enabled (`DISABLE_BACKUP_RESTORE=0`), you can restore backups from the web interface. The restore process: + +1. Enables maintenance mode +2. Extracts the backup +3. Restores the database +4. Optionally restores config and attachments +5. Clears and warms up the cache +6. Disables maintenance mode + +## Troubleshooting + +### Precondition Errors + +Before updating, the system validates: + +- **Git available**: Git must be installed and in PATH +- **No local changes**: Uncommitted changes must be committed or stashed +- **Composer available**: Composer must be installed and in PATH +- **Yarn available**: Yarn must be installed and in PATH +- **Write permissions**: `var/`, `vendor/`, and `public/` must be writable +- **Not already locked**: No other update can be in progress + +### Stale Lock + +If an update was interrupted and the lock file remains, it will automatically be removed after 1 hour. You can also manually delete `var/update.lock`. + +### Viewing Update Logs + +Update logs are stored in `var/log/updates/` and can be viewed from the web interface or directly on the server. + +## Security Considerations + +- **Disable web updates in production** unless you specifically need them +- The Update Manager requires shell access to run Git, Composer, and Yarn +- Backup files may contain sensitive data (database, config) - secure the `var/backups/` directory +- Consider running updates during maintenance windows with low user activity From e83e7398a27ad68bc40b9d8c753783af49bec61d Mon Sep 17 00:00:00 2001 From: Sebastian Almberg <83243306+Sebbeben@users.noreply.github.com> Date: Tue, 3 Feb 2026 20:16:24 +0100 Subject: [PATCH 37/43] Improve .env comments for Update Manager settings Clarify that 0=enabled and 1=disabled for DISABLE_WEB_UPDATES and DISABLE_BACKUP_RESTORE environment variables. --- .env | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.env b/.env index 1956f2fe..3ba3d65d 100644 --- a/.env +++ b/.env @@ -63,12 +63,12 @@ ERROR_PAGE_SHOW_HELP=1 # Update Manager settings ################################################################################### -# Set this to 1 to completely disable web-based updates, regardless of user permissions. -# Use this if you prefer to manage updates through your own deployment process. +# Disable web-based updates from the Update Manager UI (0=enabled, 1=disabled). +# When disabled, use the CLI command "php bin/console partdb:update" instead. DISABLE_WEB_UPDATES=1 -# Set this to 1 to disable the backup restore feature from the web UI. -# Restoring backups is a destructive operation that could cause data loss. +# Disable backup restore from the Update Manager UI (0=enabled, 1=disabled). +# Restoring backups is a destructive operation that could overwrite your database. DISABLE_BACKUP_RESTORE=1 ################################################################################### From c34acfe5239befc90e82fe21a63f6437b3bae768 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Tue, 3 Feb 2026 20:34:03 +0100 Subject: [PATCH 38/43] Allow to view progress view while update is running --- src/EventSubscriber/MaintenanceModeSubscriber.php | 5 +++++ templates/admin/update_manager/progress.html.twig | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/EventSubscriber/MaintenanceModeSubscriber.php b/src/EventSubscriber/MaintenanceModeSubscriber.php index 6efa975e..654ba9f2 100644 --- a/src/EventSubscriber/MaintenanceModeSubscriber.php +++ b/src/EventSubscriber/MaintenanceModeSubscriber.php @@ -62,6 +62,11 @@ readonly class MaintenanceModeSubscriber implements EventSubscriberInterface return; } + //Allow to view the progress page + if (preg_match('#^/\w{2}/system/update-manager/progress#', $event->getRequest()->getPathInfo())) { + return; + } + // Allow CLI requests if (PHP_SAPI === 'cli') { return; diff --git a/templates/admin/update_manager/progress.html.twig b/templates/admin/update_manager/progress.html.twig index 597b8a9a..54ac6595 100644 --- a/templates/admin/update_manager/progress.html.twig +++ b/templates/admin/update_manager/progress.html.twig @@ -29,7 +29,7 @@ {{ parent() }} {# Auto-refresh while update is running - also refresh when 'starting' status #} {% if not progress or progress.status == 'running' or progress.status == 'starting' %} - + {% endif %} {% endblock %} @@ -189,7 +189,7 @@ {% endif %} From 5ceadc8353648aed1b588c2d7c0cd1b3ab42412d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Tue, 3 Feb 2026 20:49:25 +0100 Subject: [PATCH 39/43] Use a special settings cache that lives in cache.system to ensure that it is properly cleared on cache clear --- config/packages/cache.yaml | 4 ++++ config/packages/settings.yaml | 1 + 2 files changed, 5 insertions(+) diff --git a/config/packages/cache.yaml b/config/packages/cache.yaml index 6adea442..c1816aa2 100644 --- a/config/packages/cache.yaml +++ b/config/packages/cache.yaml @@ -23,3 +23,7 @@ framework: info_provider.cache: adapter: cache.app + + cache.settings: + adapter: cache.system + tags: true diff --git a/config/packages/settings.yaml b/config/packages/settings.yaml index c16d1804..b3d209f6 100644 --- a/config/packages/settings.yaml +++ b/config/packages/settings.yaml @@ -3,6 +3,7 @@ jbtronics_settings: cache: default_cacheable: true + service: 'cache.settings' orm_storage: default_entity_class: App\Entity\SettingsEntry From 1601382b41275c715c71b508505042c7ecbe893f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Tue, 3 Feb 2026 20:55:31 +0100 Subject: [PATCH 40/43] Added translation for downgrading in progress title --- translations/messages.en.xlf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf index 6f8250ad..89b03824 100644 --- a/translations/messages.en.xlf +++ b/translations/messages.en.xlf @@ -14688,6 +14688,12 @@ Buerklin-API Authentication server: Updating to version %version% + + + update_manager.progress.downgrading_to + Downgrading to version %version% + + update_manager.progress.error @@ -14748,12 +14754,6 @@ Buerklin-API Authentication server: Downgrade Progress - - - update_manager.progress.downgrading_to - Downgrading to version %version% - - update_manager.progress.downgrade_completed From bc28eb947319b8eddcc2a91bb91cd2e232f6b0bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Tue, 3 Feb 2026 21:42:50 +0100 Subject: [PATCH 41/43] Remove lowercase version of Makefile that causes warnings on Windows --- makefile | 91 -------------------------------------------------------- 1 file changed, 91 deletions(-) delete mode 100644 makefile diff --git a/makefile b/makefile deleted file mode 100644 index bc4d0bf3..00000000 --- a/makefile +++ /dev/null @@ -1,91 +0,0 @@ -# PartDB Makefile for Test Environment Management - -.PHONY: help deps-install lint format format-check test coverage pre-commit all test-typecheck \ -test-setup test-clean test-db-create test-db-migrate test-cache-clear test-fixtures test-run test-reset \ -section-dev dev-setup dev-clean dev-db-create dev-db-migrate dev-cache-clear dev-warmup dev-reset - -# Default target -help: ## Show this help - @awk 'BEGIN {FS = ":.*##"}; /^[a-zA-Z0-9][a-zA-Z0-9_-]+:.*##/ {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) - -# Dependencies -deps-install: ## Install PHP dependencies with unlimited memory - @echo "📦 Installing PHP dependencies..." - COMPOSER_MEMORY_LIMIT=-1 composer install - yarn install - @echo "✅ Dependencies installed" - -# Complete test environment setup -test-setup: test-clean test-db-create test-db-migrate test-fixtures ## Complete test setup (clean, create DB, migrate, fixtures) - @echo "✅ Test environment setup complete!" - -# Clean test environment -test-clean: ## Clean test cache and database files - @echo "🧹 Cleaning test environment..." - rm -rf var/cache/test - rm -f var/app_test.db - @echo "✅ Test environment cleaned" - -# Create test database -test-db-create: ## Create test database (if not exists) - @echo "🗄️ Creating test database..." - -php bin/console doctrine:database:create --if-not-exists --env test || echo "⚠️ Database creation failed (expected for SQLite) - continuing..." - -# Run database migrations for test environment -test-db-migrate: ## Run database migrations for test environment - @echo "🔄 Running database migrations..." - COMPOSER_MEMORY_LIMIT=-1 php bin/console doctrine:migrations:migrate -n --env test - -# Clear test cache -test-cache-clear: ## Clear test cache - @echo "🗑️ Clearing test cache..." - rm -rf var/cache/test - @echo "✅ Test cache cleared" - -# Load test fixtures -test-fixtures: ## Load test fixtures - @echo "📦 Loading test fixtures..." - php bin/console partdb:fixtures:load -n --env test - -# Run PHPUnit tests -test-run: ## Run PHPUnit tests - @echo "🧪 Running tests..." - php bin/phpunit - -# Quick test reset (clean + migrate + fixtures, skip DB creation) -test-reset: test-cache-clear test-db-migrate test-fixtures - @echo "✅ Test environment reset complete!" - -test-typecheck: ## Run static analysis (PHPStan) - @echo "🧪 Running type checks..." - COMPOSER_MEMORY_LIMIT=-1 composer phpstan - -# Development helpers -dev-setup: dev-clean dev-db-create dev-db-migrate dev-warmup ## Complete development setup (clean, create DB, migrate, warmup) - @echo "✅ Development environment setup complete!" - -dev-clean: ## Clean development cache and database files - @echo "🧹 Cleaning development environment..." - rm -rf var/cache/dev - rm -f var/app_dev.db - @echo "✅ Development environment cleaned" - -dev-db-create: ## Create development database (if not exists) - @echo "🗄️ Creating development database..." - -php bin/console doctrine:database:create --if-not-exists --env dev || echo "⚠️ Database creation failed (expected for SQLite) - continuing..." - -dev-db-migrate: ## Run database migrations for development environment - @echo "🔄 Running database migrations..." - COMPOSER_MEMORY_LIMIT=-1 php bin/console doctrine:migrations:migrate -n --env dev - -dev-cache-clear: ## Clear development cache - @echo "🗑️ Clearing development cache..." - rm -rf var/cache/dev - @echo "✅ Development cache cleared" - -dev-warmup: ## Warm up development cache - @echo "🔥 Warming up development cache..." - COMPOSER_MEMORY_LIMIT=-1 php -d memory_limit=1G bin/console cache:warmup --env dev -n - -dev-reset: dev-cache-clear dev-db-migrate ## Quick development reset (cache clear + migrate) - @echo "✅ Development environment reset complete!" \ No newline at end of file From c027f9ab03cf760843744faea7c7d379396b3bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Tue, 3 Feb 2026 21:48:17 +0100 Subject: [PATCH 42/43] Updated dependencies --- composer.lock | 80 +++++++++++++++---------- config/reference.php | 1 + yarn.lock | 138 +++++++++++++++++++++---------------------- 3 files changed, 118 insertions(+), 101 deletions(-) diff --git a/composer.lock b/composer.lock index 2ee826f6..56ab8701 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ec69ea04bcf5c1ebd8bb0280a5bb9565", + "content-hash": "8e387d6d016f33eb7302c47ecb7a12b9", "packages": [ { "name": "amphp/amp", @@ -4997,16 +4997,16 @@ }, { "name": "jbtronics/settings-bundle", - "version": "v3.1.3", + "version": "v3.2.0", "source": { "type": "git", "url": "https://github.com/jbtronics/settings-bundle.git", - "reference": "a99c6e4cde40b829c1643b89da506b9588b11eaf" + "reference": "6a66c099460fd623d0d1ddbf9864b3173d416c3b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/jbtronics/settings-bundle/zipball/a99c6e4cde40b829c1643b89da506b9588b11eaf", - "reference": "a99c6e4cde40b829c1643b89da506b9588b11eaf", + "url": "https://api.github.com/repos/jbtronics/settings-bundle/zipball/6a66c099460fd623d0d1ddbf9864b3173d416c3b", + "reference": "6a66c099460fd623d0d1ddbf9864b3173d416c3b", "shasum": "" }, "require": { @@ -5067,7 +5067,7 @@ ], "support": { "issues": "https://github.com/jbtronics/settings-bundle/issues", - "source": "https://github.com/jbtronics/settings-bundle/tree/v3.1.3" + "source": "https://github.com/jbtronics/settings-bundle/tree/v3.2.0" }, "funding": [ { @@ -5079,7 +5079,7 @@ "type": "github" } ], - "time": "2026-01-02T23:58:02+00:00" + "time": "2026-02-03T20:13:02+00:00" }, { "name": "jfcherng/php-color-output", @@ -7191,16 +7191,16 @@ }, { "name": "nette/utils", - "version": "v4.1.1", + "version": "v4.1.2", "source": { "type": "git", "url": "https://github.com/nette/utils.git", - "reference": "c99059c0315591f1a0db7ad6002000288ab8dc72" + "reference": "f76b5dc3d6c6d3043c8d937df2698515b99cbaf5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nette/utils/zipball/c99059c0315591f1a0db7ad6002000288ab8dc72", - "reference": "c99059c0315591f1a0db7ad6002000288ab8dc72", + "url": "https://api.github.com/repos/nette/utils/zipball/f76b5dc3d6c6d3043c8d937df2698515b99cbaf5", + "reference": "f76b5dc3d6c6d3043c8d937df2698515b99cbaf5", "shasum": "" }, "require": { @@ -7213,7 +7213,7 @@ "require-dev": { "jetbrains/phpstorm-attributes": "^1.2", "nette/tester": "^2.5", - "phpstan/phpstan-nette": "^2.0@stable", + "phpstan/phpstan": "^2.0@stable", "tracy/tracy": "^2.9" }, "suggest": { @@ -7274,9 +7274,9 @@ ], "support": { "issues": "https://github.com/nette/utils/issues", - "source": "https://github.com/nette/utils/tree/v4.1.1" + "source": "https://github.com/nette/utils/tree/v4.1.2" }, - "time": "2025-12-22T12:14:32+00:00" + "time": "2026-02-03T17:21:09+00:00" }, { "name": "nikolaposa/version", @@ -18611,28 +18611,28 @@ }, { "name": "phpunit/php-file-iterator", - "version": "5.1.0", + "version": "5.1.1", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-file-iterator.git", - "reference": "118cfaaa8bc5aef3287bf315b6060b1174754af6" + "reference": "2f3a64888c814fc235386b7387dd5b5ed92ad903" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/118cfaaa8bc5aef3287bf315b6060b1174754af6", - "reference": "118cfaaa8bc5aef3287bf315b6060b1174754af6", + "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/2f3a64888c814fc235386b7387dd5b5ed92ad903", + "reference": "2f3a64888c814fc235386b7387dd5b5ed92ad903", "shasum": "" }, "require": { "php": ">=8.2" }, "require-dev": { - "phpunit/phpunit": "^11.0" + "phpunit/phpunit": "^11.3" }, "type": "library", "extra": { "branch-alias": { - "dev-main": "5.0-dev" + "dev-main": "5.1-dev" } }, "autoload": { @@ -18660,15 +18660,27 @@ "support": { "issues": "https://github.com/sebastianbergmann/php-file-iterator/issues", "security": "https://github.com/sebastianbergmann/php-file-iterator/security/policy", - "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/5.1.0" + "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/5.1.1" }, "funding": [ { "url": "https://github.com/sebastianbergmann", "type": "github" + }, + { + "url": "https://liberapay.com/sebastianbergmann", + "type": "liberapay" + }, + { + "url": "https://thanks.dev/u/gh/sebastianbergmann", + "type": "thanks_dev" + }, + { + "url": "https://tidelift.com/funding/github/packagist/phpunit/php-file-iterator", + "type": "tidelift" } ], - "time": "2024-08-27T05:02:59+00:00" + "time": "2026-02-02T13:52:54+00:00" }, { "name": "phpunit/php-invoker", @@ -19029,12 +19041,12 @@ "source": { "type": "git", "url": "https://github.com/Roave/SecurityAdvisories.git", - "reference": "8457f2008fc6396be788162c4e04228028306534" + "reference": "57534122edd70a2b3dbb02b65f2091efc57e4ab7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/8457f2008fc6396be788162c4e04228028306534", - "reference": "8457f2008fc6396be788162c4e04228028306534", + "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/57534122edd70a2b3dbb02b65f2091efc57e4ab7", + "reference": "57534122edd70a2b3dbb02b65f2091efc57e4ab7", "shasum": "" }, "conflict": { @@ -19144,6 +19156,7 @@ "cesnet/simplesamlphp-module-proxystatistics": "<3.1", "chriskacerguis/codeigniter-restserver": "<=2.7.1", "chrome-php/chrome": "<1.14", + "ci4-cms-erp/ci4ms": "<0.28.5", "civicrm/civicrm-core": ">=4.2,<4.2.9|>=4.3,<4.3.3", "ckeditor/ckeditor": "<4.25", "clickstorm/cs-seo": ">=6,<6.8|>=7,<7.5|>=8,<8.4|>=9,<9.3", @@ -19175,6 +19188,8 @@ "couleurcitron/tarteaucitron-wp": "<0.3", "cpsit/typo3-mailqueue": "<0.4.3|>=0.5,<0.5.1", "craftcms/cms": "<=4.16.16|>=5,<=5.8.20", + "craftcms/commerce": ">=4.0.0.0-RC1-dev,<=4.10|>=5,<=5.5.1", + "craftcms/composer": ">=4.0.0.0-RC1-dev,<=4.10|>=5.0.0.0-RC1-dev,<=5.5.1", "croogo/croogo": "<=4.0.7", "cuyz/valinor": "<0.12", "czim/file-handling": "<1.5|>=2,<2.3", @@ -19192,7 +19207,7 @@ "derhansen/sf_event_mgt": "<4.3.1|>=5,<5.1.1|>=7,<7.4", "desperado/xml-bundle": "<=0.1.7", "dev-lancer/minecraft-motd-parser": "<=1.0.5", - "devcode-it/openstamanager": "<=2.9.4", + "devcode-it/openstamanager": "<=2.9.8", "devgroup/dotplant": "<2020.09.14-dev", "digimix/wp-svg-upload": "<=1", "directmailteam/direct-mail": "<6.0.3|>=7,<7.0.3|>=8,<9.5.2", @@ -19275,18 +19290,18 @@ "ezsystems/ezplatform-admin-ui-assets": ">=4,<4.2.1|>=5,<5.0.1|>=5.1,<5.1.1|>=5.3.0.0-beta1,<5.3.5", "ezsystems/ezplatform-graphql": ">=1.0.0.0-RC1-dev,<1.0.13|>=2.0.0.0-beta1,<2.3.12", "ezsystems/ezplatform-http-cache": "<2.3.16", - "ezsystems/ezplatform-kernel": "<1.2.5.1-dev|>=1.3,<1.3.35", + "ezsystems/ezplatform-kernel": "<=1.2.5|>=1.3,<1.3.35", "ezsystems/ezplatform-rest": ">=1.2,<=1.2.2|>=1.3,<1.3.8", "ezsystems/ezplatform-richtext": ">=2.3,<2.3.26|>=3.3,<3.3.40", "ezsystems/ezplatform-solr-search-engine": ">=1.7,<1.7.12|>=2,<2.0.2|>=3.3,<3.3.15", "ezsystems/ezplatform-user": ">=1,<1.0.1", - "ezsystems/ezpublish-kernel": "<6.13.8.2-dev|>=7,<7.5.31", + "ezsystems/ezpublish-kernel": "<=6.13.8.1|>=7,<7.5.31", "ezsystems/ezpublish-legacy": "<=2017.12.7.3|>=2018.6,<=2019.03.5.1", "ezsystems/platform-ui-assets-bundle": ">=4.2,<4.2.3", "ezsystems/repository-forms": ">=2.3,<2.3.2.1-dev|>=2.5,<2.5.15", "ezyang/htmlpurifier": "<=4.2", "facade/ignition": "<1.16.15|>=2,<2.4.2|>=2.5,<2.5.2", - "facturascripts/facturascripts": "<=2025.4|==2025.11|==2025.41|==2025.43", + "facturascripts/facturascripts": "<2025.81", "fastly/magento2": "<1.2.26", "feehi/cms": "<=2.1.1", "feehi/feehicms": "<=2.1.1", @@ -19575,7 +19590,7 @@ "open-web-analytics/open-web-analytics": "<1.8.1", "opencart/opencart": ">=0", "openid/php-openid": "<2.3", - "openmage/magento-lts": "<20.16", + "openmage/magento-lts": "<20.16.1", "opensolutions/vimbadmin": "<=3.0.15", "opensource-workshop/connect-cms": "<1.8.7|>=2,<2.4.7", "orchid/platform": ">=8,<14.43", @@ -20037,7 +20052,7 @@ "type": "tidelift" } ], - "time": "2026-01-30T22:06:58+00:00" + "time": "2026-02-03T19:20:38+00:00" }, { "name": "sebastian/cli-parser", @@ -21564,7 +21579,8 @@ "ext-iconv": "*", "ext-intl": "*", "ext-json": "*", - "ext-mbstring": "*" + "ext-mbstring": "*", + "ext-zip": "*" }, "platform-dev": {}, "platform-overrides": { diff --git a/config/reference.php b/config/reference.php index 82bdc45e..a1a077aa 100644 --- a/config/reference.php +++ b/config/reference.php @@ -2387,6 +2387,7 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param; * prefetch_all?: bool|Param, // Default: true * }, * cache?: array{ + * metadata_service?: scalar|Param|null, // Default: "cache.system" * service?: scalar|Param|null, // Default: "cache.app.taggable" * default_cacheable?: bool|Param, // Default: false * ttl?: int|Param, // Default: 0 diff --git a/yarn.lock b/yarn.lock index abbc7d9c..f3355f71 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,58 +2,58 @@ # yarn lockfile v1 -"@algolia/autocomplete-core@1.19.4": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-core/-/autocomplete-core-1.19.4.tgz#db9e4ef88cd8f2ce5b25e376373a8898dcbe2945" - integrity sha512-yVwXLrfwQ3dAndY12j1pfa0oyC5hTDv+/dgwvVHj57dY3zN6PbAmcHdV5DOOdGJrCMXff+fsPr8G2Ik8zWOPTw== +"@algolia/autocomplete-core@1.19.5": + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-core/-/autocomplete-core-1.19.5.tgz#52d99aafce19493161220e417071f0222eeea7d6" + integrity sha512-/kAE3mMBage/9m0OGnKQteSa7/eIfvhiKx28OWj857+dJ6qYepEBuw5L8its2oTX8ZNM/6TA3fo49kMwgcwjlg== dependencies: - "@algolia/autocomplete-plugin-algolia-insights" "1.19.4" - "@algolia/autocomplete-shared" "1.19.4" + "@algolia/autocomplete-plugin-algolia-insights" "1.19.5" + "@algolia/autocomplete-shared" "1.19.5" -"@algolia/autocomplete-js@1.19.4", "@algolia/autocomplete-js@^1.17.0": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-js/-/autocomplete-js-1.19.4.tgz#235e554d4e46567d7305d8c216b75dd2a0091655" - integrity sha512-ZkwsuTTIEuw+hbsIooMrNLvTVulUSSKqJT3ZeYYd//kA5fHaFf2/T0BDmd9qSGxZRhT5WS8AJYjFARLmj5x08g== +"@algolia/autocomplete-js@1.19.5", "@algolia/autocomplete-js@^1.17.0": + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-js/-/autocomplete-js-1.19.5.tgz#2ec3efd9d5efd505ea677775d0199e1207e4624e" + integrity sha512-C2/bEQeqq4nZ4PH2rySRvU9B224KbiCXAPZIn3pmMII/7BiXkppPQyDd+Fdly3ubOmnGFDH6BTzGHamySeOYeg== dependencies: - "@algolia/autocomplete-core" "1.19.4" - "@algolia/autocomplete-preset-algolia" "1.19.4" - "@algolia/autocomplete-shared" "1.19.4" + "@algolia/autocomplete-core" "1.19.5" + "@algolia/autocomplete-preset-algolia" "1.19.5" + "@algolia/autocomplete-shared" "1.19.5" htm "^3.1.1" preact "^10.13.2" -"@algolia/autocomplete-plugin-algolia-insights@1.19.4": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.19.4.tgz#be14ba50677ea308d43e4f9e96f4542c3da51432" - integrity sha512-K6TQhTKxx0Es1ZbjlAQjgm/QLDOtKvw23MX0xmpvO7AwkmlmaEXo2PwHdVSs3Bquv28CkO2BYKks7jVSIdcXUg== +"@algolia/autocomplete-plugin-algolia-insights@1.19.5": + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.19.5.tgz#05246356fe9837475b08664ff4d6f55960127edc" + integrity sha512-5zbetV9h2VxH+Mxx27I7BH2EIACVRUBE1FNykBK+2c2M+mhXYMY4npHbbGYj6QDEw3VVvH2UxAnghFpCtC6B/w== dependencies: - "@algolia/autocomplete-shared" "1.19.4" + "@algolia/autocomplete-shared" "1.19.5" "@algolia/autocomplete-plugin-recent-searches@^1.17.0": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-recent-searches/-/autocomplete-plugin-recent-searches-1.19.4.tgz#f3a013438f915aac8258481a6504a18bad432c8f" - integrity sha512-8LLAedqcvztFweNWFQuqz9lWIiVlPi+wLF+3qWLPWQZQY3E4bVsbnxVfL9z4AMX9G0lljd2dQitn+Vwkl96d7Q== + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-recent-searches/-/autocomplete-plugin-recent-searches-1.19.5.tgz#afd80f8abb281c4c01817a1edfde9a8aa95ed5db" + integrity sha512-lOEliMbohq0BsZJ7JXFHlfmGBNtuCsQW0PLq8m6X1SdMD4XAn8fFxiOO2Nk1A/IiymZcOoHQV71u6f14wiohDw== dependencies: - "@algolia/autocomplete-core" "1.19.4" - "@algolia/autocomplete-js" "1.19.4" - "@algolia/autocomplete-preset-algolia" "1.19.4" - "@algolia/autocomplete-shared" "1.19.4" + "@algolia/autocomplete-core" "1.19.5" + "@algolia/autocomplete-js" "1.19.5" + "@algolia/autocomplete-preset-algolia" "1.19.5" + "@algolia/autocomplete-shared" "1.19.5" -"@algolia/autocomplete-preset-algolia@1.19.4": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-preset-algolia/-/autocomplete-preset-algolia-1.19.4.tgz#258c65112d73376c5c395d1ce67cd668deb06572" - integrity sha512-WhX4mYosy7yBDjkB6c/ag+WKICjvV2fqQv/+NWJlpvnk2JtMaZByi73F6svpQX945J+/PxpQe8YIRBZHuYsLAQ== +"@algolia/autocomplete-preset-algolia@1.19.5": + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-preset-algolia/-/autocomplete-preset-algolia-1.19.5.tgz#a9d5756090314c16b8895fa0c74ffccca7f8a1e2" + integrity sha512-afdgxUyBxgX1I34THLScCyC+ld2h8wnCTv7JndRxsRNIJjJpFtRNpnYDq0+HVcp+LYeNd1zksDu7CpltTSEsvA== dependencies: - "@algolia/autocomplete-shared" "1.19.4" + "@algolia/autocomplete-shared" "1.19.5" -"@algolia/autocomplete-shared@1.19.4": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-shared/-/autocomplete-shared-1.19.4.tgz#fd0b92e2723e70c97df4fa7ba0a170c500289918" - integrity sha512-V7tYDgRXP0AqL4alwZBWNm1HPWjJvEU94Nr7Qa2cuPcIAbsTAj7M/F/+Pv/iwOWXl3N7tzVzNkOWm7sX6JT1SQ== +"@algolia/autocomplete-shared@1.19.5": + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-shared/-/autocomplete-shared-1.19.5.tgz#1a20f60fd400fd5641718358a2d5c3eb1893cf9c" + integrity sha512-yblBczNXtm2cCVzX4UAY3KkjdefmZPn1gWbIi8Q7qfBw7FjcKq2EjEl/65x4kU9nUc/ZkB5SeUf/bkqLEnA5gA== "@algolia/autocomplete-theme-classic@^1.17.0": - version "1.19.4" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-theme-classic/-/autocomplete-theme-classic-1.19.4.tgz#7a0802e7c64dcc3584d5085e23a290a64ade4319" - integrity sha512-/qE8BETNFbul4WrrUyBYgaaKcgFPk0Px9FDKADnr3HlIkXquRpcFHTxXK16jdwXb33yrcXaAVSQZRfUUSSnxVA== + version "1.19.5" + resolved "https://registry.yarnpkg.com/@algolia/autocomplete-theme-classic/-/autocomplete-theme-classic-1.19.5.tgz#7b0d3ac11f2dca33600fce9ac383056ab4202cdc" + integrity sha512-LjjhOmDbEXmV2IqaA7Xe8jh6lSpG087yC79ffLpXMKJOib4xSHFvPavsXC8NW25pWVHJFoAfplAAmxmeM2/jhw== "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.28.6", "@babel/code-frame@^7.29.0": version "7.29.0" @@ -1859,10 +1859,10 @@ resolved "https://registry.yarnpkg.com/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz#3081dadbc3460661b751e7591d7faea5df39dd29" integrity sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ== -"@isaacs/brace-expansion@^5.0.0": - version "5.0.0" - resolved "https://registry.yarnpkg.com/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz#4b3dabab7d8e75a429414a96bd67bf4c1d13e0f3" - integrity sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA== +"@isaacs/brace-expansion@^5.0.1": + version "5.0.1" + resolved "https://registry.yarnpkg.com/@isaacs/brace-expansion/-/brace-expansion-5.0.1.tgz#0ef5a92d91f2fff2a37646ce54da9e5f599f6eff" + integrity sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ== dependencies: "@isaacs/balanced-match" "^4.0.1" @@ -2169,9 +2169,9 @@ integrity sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA== "@types/node@*": - version "25.1.0" - resolved "https://registry.yarnpkg.com/@types/node/-/node-25.1.0.tgz#95cc584f1f478301efc86de4f1867e5875e83571" - integrity sha512-t7frlewr6+cbx+9Ohpl0NOTKXZNV9xHRmNOvql47BFJKcEG1CxtxlPEEe+gR9uhVWM4DwhnvTF110mIL4yP9RA== + version "25.2.0" + resolved "https://registry.yarnpkg.com/@types/node/-/node-25.2.0.tgz#015b7d228470c1dcbfc17fe9c63039d216b4d782" + integrity sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w== dependencies: undici-types "~7.16.0" @@ -2790,9 +2790,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001759: - version "1.0.30001766" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz#b6f6b55cb25a2d888d9393104d14751c6a7d6f7a" - integrity sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA== + version "1.0.30001767" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001767.tgz#0279c498e862efb067938bba0a0aabafe8d0b730" + integrity sha512-34+zUAMhSH+r+9eKmYG+k2Rpt8XttfE4yXAjoZvkAPs15xcYQhyBYdalJ65BzivAvGRMViEjy6oKr/S91loekQ== ccount@^2.0.0: version "2.0.1" @@ -3671,9 +3671,9 @@ dunder-proto@^1.0.0, dunder-proto@^1.0.1: gopd "^1.2.0" electron-to-chromium@^1.5.263: - version "1.5.283" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.283.tgz#51d492c37c2d845a0dccb113fe594880c8616de8" - integrity sha512-3vifjt1HgrGW/h76UEeny+adYApveS9dH2h3p57JYzBSXJIKUJAvtmIytDKjcSCt9xHfrNCFJ7gts6vkhuq++w== + version "1.5.286" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.286.tgz#142be1ab5e1cd5044954db0e5898f60a4960384e" + integrity sha512-9tfDXhJ4RKFNerfjdCcZfufu49vg620741MNs26a9+bhLThdB+plgMeou98CAaHu/WATj2iHOOHTp1hWtABj2A== emoji-regex@^7.0.1: version "7.0.3" @@ -3690,13 +3690,13 @@ emojis-list@^3.0.0: resolved "https://registry.yarnpkg.com/emojis-list/-/emojis-list-3.0.0.tgz#5570662046ad29e2e916e71aae260abdff4f6a78" integrity sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q== -enhanced-resolve@^5.0.0, enhanced-resolve@^5.17.4: - version "5.18.4" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.4.tgz#c22d33055f3952035ce6a144ce092447c525f828" - integrity sha512-LgQMM4WXU3QI+SYgEc2liRgznaD5ojbmY3sb8LxyguVkIg5FxdpTkvk72te2R38/TGKxH634oLxXRGY6d7AP+Q== +enhanced-resolve@^5.0.0, enhanced-resolve@^5.19.0: + version "5.19.0" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz#6687446a15e969eaa63c2fa2694510e17ae6d97c" + integrity sha512-phv3E1Xl4tQOShqSte26C7Fl84EwUdZsyOuSSk9qtAGyyQs2s3jJzComh+Abf4g187lUUAvH+H26omrqia2aGg== dependencies: graceful-fs "^4.2.4" - tapable "^2.2.0" + tapable "^2.3.0" entities@^2.0.0: version "2.2.0" @@ -5589,11 +5589,11 @@ mini-css-extract-plugin@^2.4.2, mini-css-extract-plugin@^2.6.0: tapable "^2.2.1" minimatch@*: - version "10.1.1" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.1.1.tgz#e6e61b9b0c1dcab116b5a7d1458e8b6ae9e73a55" - integrity sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ== + version "10.1.2" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.1.2.tgz#6c3f289f9de66d628fa3feb1842804396a43d81c" + integrity sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw== dependencies: - "@isaacs/brace-expansion" "^5.0.0" + "@isaacs/brace-expansion" "^5.0.1" minimatch@3.0.4: version "3.0.4" @@ -7371,7 +7371,7 @@ tagged-tag@^1.0.0: resolved "https://registry.yarnpkg.com/tagged-tag/-/tagged-tag-1.0.0.tgz#a0b5917c2864cba54841495abfa3f6b13edcf4d6" integrity sha512-yEFYrVhod+hdNyx7g5Bnkkb0G6si8HJurOoOEgC8B/O0uXLHlaey/65KRv6cuWBNhBgHKAROVpc7QyYqE5gFng== -tapable@^2.0.0, tapable@^2.2.0, tapable@^2.2.1, tapable@^2.3.0: +tapable@^2.0.0, tapable@^2.2.1, tapable@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.3.0.tgz#7e3ea6d5ca31ba8e078b560f0d83ce9a14aa8be6" integrity sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg== @@ -7455,9 +7455,9 @@ to-regex-range@^5.0.1: is-number "^7.0.0" tom-select@^2.1.0: - version "2.4.3" - resolved "https://registry.yarnpkg.com/tom-select/-/tom-select-2.4.3.tgz#1daa4131cd317de691f39eb5bf41148265986c1f" - integrity sha512-MFFrMxP1bpnAMPbdvPCZk0KwYxLqhYZso39torcdoefeV/NThNyDu8dV96/INJ5XQVTL3O55+GqQ78Pkj5oCfw== + version "2.4.5" + resolved "https://registry.yarnpkg.com/tom-select/-/tom-select-2.4.5.tgz#5c91355c9bf024ff5bc9389f8a2a370e4a28126a" + integrity sha512-ujZ5P10kRohKDFElklhkO4dRM+WkUEaytHhOuzbQkZ6MyiR8e2IwGKXab4v+ZNipE2queN8ztlb0MmRLqoM6QA== dependencies: "@orchidjs/sifter" "^1.1.0" "@orchidjs/unicode-variants" "^1.1.2" @@ -7747,7 +7747,7 @@ vfile@^6.0.0: "@types/unist" "^3.0.0" vfile-message "^4.0.0" -watchpack@^2.4.4: +watchpack@^2.5.1: version "2.5.1" resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.5.1.tgz#dd38b601f669e0cbf567cb802e75cead82cde102" integrity sha512-Zn5uXdcFNIA1+1Ei5McRd+iRzfhENPCe7LeABkJtNulSxjma+l7ltNx55BWZkRlwRnpOgHqxnjyaDgJnNXnqzg== @@ -7843,9 +7843,9 @@ webpack-sources@^3.3.3: integrity sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg== webpack@^5.74.0: - version "5.104.1" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.104.1.tgz#94bd41eb5dbf06e93be165ba8be41b8260d4fb1a" - integrity sha512-Qphch25abbMNtekmEGJmeRUhLDbe+QfiWTiqpKYkpCOWY64v9eyl+KRRLmqOFA2AvKPpc9DC6+u2n76tQLBoaA== + version "5.105.0" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.105.0.tgz#38b5e6c5db8cbe81debbd16e089335ada05ea23a" + integrity sha512-gX/dMkRQc7QOMzgTe6KsYFM7DxeIONQSui1s0n/0xht36HvrgbxtM1xBlgx596NbpHuQU8P7QpKwrZYwUX48nw== dependencies: "@types/eslint-scope" "^3.7.7" "@types/estree" "^1.0.8" @@ -7857,7 +7857,7 @@ webpack@^5.74.0: acorn-import-phases "^1.0.3" browserslist "^4.28.1" chrome-trace-event "^1.0.2" - enhanced-resolve "^5.17.4" + enhanced-resolve "^5.19.0" es-module-lexer "^2.0.0" eslint-scope "5.1.1" events "^3.2.0" @@ -7870,7 +7870,7 @@ webpack@^5.74.0: schema-utils "^4.3.3" tapable "^2.3.0" terser-webpack-plugin "^5.3.16" - watchpack "^2.4.4" + watchpack "^2.5.1" webpack-sources "^3.3.3" which-boxed-primitive@^1.1.0, which-boxed-primitive@^1.1.1: From ea748dc469e0c90cb95444de3c7e306b19c7fb0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Tue, 3 Feb 2026 21:49:31 +0100 Subject: [PATCH 43/43] Use cache.app adapter for settings content cache --- config/packages/cache.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/packages/cache.yaml b/config/packages/cache.yaml index c1816aa2..846033d6 100644 --- a/config/packages/cache.yaml +++ b/config/packages/cache.yaml @@ -25,5 +25,5 @@ framework: adapter: cache.app cache.settings: - adapter: cache.system + adapter: cache.app tags: true