bootmail-1.10/0000775000175000017500000000000012204305313013414 5ustar kirklandkirklandbootmail-1.10/ChangeLog0000664000175000017500000001312412204305313015167 0ustar kirklandkirklandbootmail (1.10) released; urgency=low * New release, for upload to Debian * debian/control: - bump standards * debian/po/templates.pot: - update po -- Dustin Kirkland Sun, 18 Aug 2013 22:02:06 -0500 bootmail (1.9-0ubuntu1) precise; urgency=low * debian/postinst, debian/upstart, === removed directory etc/cron.d: - LP: #956264, don't send extra bootmail entry from installation - cron dir no longer necessary -- Dustin Kirkland Thu, 15 Mar 2012 13:16:13 -0500 bootmail (1.8-0ubuntu1) precise; urgency=low * debian/config, debian/postinst, debian/templates, etc/bootmail/gpg.conf, usr/sbin/rootsign, usr/share/man/man8/bootmail.8: - drastically improve encryption support -- Dustin Kirkland Sun, 12 Feb 2012 11:32:06 -0600 bootmail (1.7-0ubuntu1) precise; urgency=low * debian/rules, debian/upstart, etc/cron.d/bootmail, usr/sbin/bootmail: - use an upstart job to send bootmail, so that we can send on both boot and shutdown - deprecate the cronjob - add a --shutdown option that sends a different subject * debian/control: LP: #812879 - depend on bsd-mailx|mailx - bump standards - build depend on versioned debhelper for dh overrides -- Dustin Kirkland Wed, 01 Feb 2012 17:58:22 -0600 bootmail (1.6-0ubuntu1) precise; urgency=low * usr/sbin/bootmail, usr/sbin/rootsign: - add some checks, necessary if running bootmail or rootsign under sudo * etc/bootmail/gpg.conf, usr/sbin/rootsign, usr/share/man/man8/bootmail.8, usr/share/man/man8/rootsign.8: - support an optional RECIPIENT_KEYID variable in /etc/bootmail/gpg.conf, to enable users to encrypt as well as sign messages with the rootsign utility -- Dustin Kirkland Tue, 03 Jan 2012 16:20:53 -0600 bootmail (1.5-0ubuntu1) precise; urgency=low * usr/sbin/bootmail: - make bootmail play nicer with cr-gpg and gmail -- Dustin Kirkland Tue, 03 Jan 2012 16:20:50 -0600 bootmail (1.4-0ubuntu1) precise; urgency=low * usr/sbin/bootmail, usr/sbin/rootsign, usr/share/man/man8/rootsign.8: - push keys to keyserver - add instructions for importing keys in email * etc/bootmail/gpg.conf, usr/sbin/bootmail, usr/sbin/rootsign: - use a conf file for gpg user and gpg opts -- Dustin Kirkland Wed, 28 Dec 2011 10:28:32 -0600 bootmail (1.3-0ubuntu1) oneiric; urgency=low * debian/control, usr/sbin/bootmail, usr/sbin/rootsign, usr/share/man/man8/bootmail.8, usr/share/man/man8/rootsign.8: - move the root signature logic to its own standalone, useful utility called 'rootsign' - add a rootsign manpage - upgrade the crypto stuff from Recommends to Depends * etc/cron.d/bootmail: - clean up the cronjob * usr/sbin/bootmail: - functionize the printing, ditch the temp file * usr/sbin/bootmail: - logger that a message was sent * debian/postrm, etc/cron.d/bootmail: - remove the cronjob on package removal * etc/cron.d/bootmail: - need the /usr/sbin in the path -- Dustin Kirkland Tue, 19 Jul 2011 19:32:35 -0500 bootmail (1.2-0ubuntu1) oneiric; urgency=low * usr/sbin/bootmail: - add a note about gpg key importing * usr/sbin/bootmail: - use the ssh host key for signing, if possible * debian/control: - simplify depends * debian/postinst: - don't remove configuration on upgrades -- Dustin Kirkland Sun, 17 Jul 2011 15:15:16 -0500 bootmail (1.1-0ubuntu1) oneiric; urgency=low * === added directory var, === added directory var/lib, === added directory var/lib/bootmail, debian/control, debian/postinst, usr/sbin/bootmail, usr/share/man/man8/bootmail.8, var/lib/bootmail/key.config: - add an optional gpg/crypto signature * debian/control: - need /usr/bin/mail * debian/install, debian/postinst: - install var * debian/control: - fix gpg package name * usr/sbin/bootmail: - drop the rngd hack; Kees Cook strongly recommended against it * debian/postinst, usr/sbin/bootmail: - move key creation over to postinst * debian/control, debian/postinst, usr/sbin/bootmail: - greatly simplify the key importing * usr/sbin/bootmail: - remove unprintable chars * debian/control, debian/postinst, usr/sbin/bootmail, usr/share/man/man8/bootmail.8: - use openssl to generate keys, as it does not block * debian/control, debian/postinst, usr/sbin/bootmail: - move the key generation logic into the utility, so that the crypto bits can be optional packages * usr/sbin/bootmail: - fix typo * usr/sbin/bootmail: - minor format change -- Dustin Kirkland Thu, 14 Jul 2011 23:36:19 -0500 bootmail (1.0-0ubuntu1) oneiric; urgency=low * === added directory usr/share, === added directory usr/share/man, === added directory usr/share/man/man1, usr/share/man/man1/bootmail.8: - added manpage * debian/templates, === renamed directory usr/share/man/man1 => usr/share/man/man8: - fix lintian * === added directory debian/po, debian/control, debian/po/POTFILES.in, debian/po/templates.pot, debian/templates: - updated for po * === added directory debian/source, debian/source/format: - add source * etc/cron.d/bootmail: - fix syntax * etc/cron.d/bootmail, usr/sbin/bootmail: - strip control characters * usr/sbin/bootmail: - update the motd, simplify the pipes * etc/cron.d/bootmail: - must add user -- Dustin Kirkland Tue, 12 Jul 2011 19:08:45 -0500 bootmail-1.10/var/0000775000175000017500000000000012175502071014213 5ustar kirklandkirklandbootmail-1.10/var/lib/0000775000175000017500000000000012175502071014761 5ustar kirklandkirklandbootmail-1.10/var/lib/bootmail/0000775000175000017500000000000012175502071016567 5ustar kirklandkirklandbootmail-1.10/var/lib/bootmail/key.config0000664000175000017500000000041512175502071020546 0ustar kirklandkirkland%echo Generating a standard key for bootmail Key-Type: RSA Key-Length: 4096 Subkey-Type: ELG-E Subkey-Length: 4096 Name-Real: Bootmail Name-Email: noreply@localhost Expire-Date: 0 %pubring /var/lib/bootmail/key.pub %secring /var/lib/bootmail/key.sec %commit %echo done bootmail-1.10/etc/0000775000175000017500000000000012175502071014176 5ustar kirklandkirklandbootmail-1.10/etc/bootmail/0000775000175000017500000000000012204304675016007 5ustar kirklandkirklandbootmail-1.10/etc/bootmail/gpg.conf0000664000175000017500000000023112175502071017424 0ustar kirklandkirklandFROM_MAIL="root@$(hostname -f)" GPG_OPTS="--batch --yes --local-user $FROM_MAIL --no-default-keyring --keyring rootsign --always-trust" RECIPIENT_KEYID= bootmail-1.10/etc/bootmail/logs0000664000175000017500000000003412175502071016670 0ustar kirklandkirkland/var/log/boot.log /etc/motd bootmail-1.10/usr/0000775000175000017500000000000012175502071014234 5ustar kirklandkirklandbootmail-1.10/usr/sbin/0000775000175000017500000000000012204304420015156 5ustar kirklandkirklandbootmail-1.10/usr/sbin/bootmail0000775000175000017500000000530212175502071016723 0ustar kirklandkirkland#!/bin/sh -e # # bootmail - email some people when this system (re)boots # # Copyright (C) 2011 Dustin Kirkland # # Authors: # Dustin Kirkland # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Get GPG_OPTS . /etc/bootmail/gpg.conf PKG=bootmail # All sorts of things go wrong if you don't own your $HOME dir. # This happens under sudo, if you don't use the -H option. if [ ! -O "$HOME" ]; then echo "Cannot run $PKG because [$USER] does not own [$HOME]" 1>&2 if [ -n "$SUDO_USER" ]; then echo "To run $PKG under sudo, you MUST use 'sudo -H'" 1>&2 fi exit 1 fi print_mail_text() { # Print the header echo "$subject" echo # Update the motd now, so that it's ready when we append it [ -d /etc/update-motd.d ] && run-parts --lsbsysinit /etc/update-motd.d > /etc/motd # Concatenate all specified boot logs if [ -f "/etc/bootmail/logs" ]; then for i in $(cat /etc/bootmail/logs); do echo echo "==================" echo "[$i]:" echo "==================" cat "$i" echo "==================" echo done fi echo "To verify this message, import [$FROM_MAIL]'s GPG key with:" KEYID=$(gpg $GPG_OPTS --list-keys $FROM_MAIL | grep -m1 "^pub" | sed -e "s:.*/::" -e "s: .*::") echo "gpg --keyserver pgp.mit.edu --recv-keys 0x$KEYID" echo gpg $GPG_OPTS --fingerprint "$FROM_MAIL" | sed -e "s/\s\+/ /g" echo } # This should be comma-separated, and can be configured via debconf: # sudo dpkg-reconfigure bootmail recipients= [ -f /etc/bootmail/recipients ] && recipients="$(cat /etc/bootmail/recipients)" if [ -z "$recipients" ]; then echo "No recipients defined in [/etc/bootmail/recipients]" 1>&2 exit 0 fi hostname=$(hostname -f) date=$(date) if [ "$1" = "--shutdown" ]; then subject="bootmail: [$hostname] shutting down on [$date]" else subject="bootmail: [$hostname] booted on [$date]" fi # Must use the sed to ensure the mail renders properly in most readers logger -t "bootmail" "Sending bootmail to [$recipients]" print_mail_text | sed -e "s/[^[:print:]]//g" | rootsign | mail -s "$subject" "$recipients" -- -F "Bootmail" -f "$FROM_MAIL" bootmail-1.10/usr/sbin/rootsign0000775000175000017500000000547412175502071016773 0ustar kirklandkirkland#!/bin/sh -e # # rootsign - sign stdin with the local root user's private/public keypair # and display on stdout; suitable for piping to mail # # Copyright (C) 2011 Dustin Kirkland # # Authors: # Dustin Kirkland # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Ensure root if [ "$(id -u)" != "0" ]; then echo "Only root can run this program" 1>&2 exit 13 fi PKG=rootsign # All sorts of things go wrong if you don't own your $HOME dir. # This happens under sudo, if you don't use the -H option. if [ ! -O "$HOME" ]; then echo "Cannot run $PKG because [$USER] does not own [$HOME]" 1>&2 if [ -n "$SUDO_USER" ]; then echo "To run $PKG under sudo, you MUST use 'sudo -H'" 1>&2 fi exit 1 fi # Get GPG_OPTS and FROM_MAIL . /etc/bootmail/gpg.conf [ -n "$KEYSERVER" ] || KEYSERVER="pgp.mit.edu" # Create a GPG key for message signing, if necessary if ! gpg $GPG_OPTS --list-keys "$FROM_MAIL" >/dev/null 2>&1; then # Otherwise, generate a new one from scratch # Use openssl rather than gpg to generate a key, as openssl doesn't block on lack of entropy. # Perhaps slightly less secure than gpg, but all we're doing is signing some simple emails. openssl genrsa 4096 2>/dev/null | PEM2OPENPGP_USAGE_FLAGS=certify,sign pem2openpgp "$FROM_MAIL" | gpg $GPG_OPTS --import >/dev/null 2>&1 # Save a copy of the public key, for recipients to gpg --import mkdir -m 755 -p /var/lib/rootsign gpg $GPG_OPTS --export -a "$FROM_MAIL" >/var/lib/rootsign/rsa.pub 2>/dev/null # Background a push of the key to a keyserver gpg $GPG_OPTS --keyserver "$KEYSERVER" --send-keys "$FROM_MAIL" & chmod 644 /var/lib/rootsign/rsa.pub fi CLEARSIGN="--clearsign" opts="$GPG_OPTS" if [ -s /etc/bootmail/gpgkeys ]; then opts="$opts -e" for i in $(cat /etc/bootmail/gpgkeys | sed "s/,/ /g"); do if gpg $GPG_OPTS --list-keys "$i" >/dev/null 2>&1; then opts="$opts -r $i" CLEARSIGN= else if gpg $GPG_OPTS --recv-keys $i; then opts="$opts -r $i" CLEARSIGN= else echo "ERROR: You need to manually import the key [$i] with:" 1>&2 echo " cat public_key | gpg $GPG_OPTS --import" 1>&2 exit 1 fi fi done fi # Sign stdin cat /dev/stdin | gpg $opts -a -s $CLEARSIGN bootmail-1.10/usr/share/0000775000175000017500000000000012175502071015336 5ustar kirklandkirklandbootmail-1.10/usr/share/man/0000775000175000017500000000000012175502071016111 5ustar kirklandkirklandbootmail-1.10/usr/share/man/man8/0000775000175000017500000000000012175502071016754 5ustar kirklandkirklandbootmail-1.10/usr/share/man/man8/rootsign.80000664000175000017500000000306012175502071020710 0ustar kirklandkirkland.TH rootsign 8 "19 July 2011" bootmail "bootmail" .SH NAME rootsign - cryptographically sign standard input with a private/public keypair unique to the local root user .SH DESCRIPTION \fBrootsign\fP is a program that operates on standard input, cryptographically signing it with a private/public keypair only accessible by the local root user, and outputting the result on standard out, suitable for piping to \fBmail\fP(1). A new key will be generated on first use, and is written to \fI/var/lib/rootsign/$KEYID.rsa.pub\fP for import by other users into their keyring, in order to verify signatures. This tool is used by \fBbootmail\fP(8) to sign messages, but could easily be used by others. \fBrootsign\fP can optionally encrypt the message as well, by setting the recipient's \fBgpg\fP(1) key id in the RECIPIENT_KEYID variable in \f/I/etc/bootmail/gpg.conf\fP. .SH FILES \fI/etc/bootmail/gpg.conf\fP, \fI/var/lib/rootsign/*.rsa.pub\fP .SH SEE ALSO .TP \fBgpg\fP(1), \fBbootmail\fP(8), \fBmail\fP(1) .PD .TP \fIhttp://launchpad.net/bootmail\fP .PD .SH AUTHOR This manpage and the utility were written by Dustin Kirkland for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document and the utility under the terms of the GNU General Public License, Version 3 published by the Free Software Foundation. The complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fP on Debian/Ubuntu systems, or on the web at \fIhttp://www.gnu.org/licenses/gpl.txt\fP. bootmail-1.10/usr/share/man/man8/bootmail.80000664000175000017500000000350712175502071020660 0ustar kirklandkirkland.TH bootmail 8 "12 July 2011" bootmail "bootmail" .SH NAME bootmail - email a list of address a signed message of logs when this system (re)boots .SH DESCRIPTION \fBbootmail\fP is a program called at reboot by \fBcron\fP(8), perhaps useful for unattended, remote servers. It will read a list of one or more comma-separated email addresses from \fI/etc/bootmail/recipients\fP, and then loop over a list of white-space separated files in \fI/etc/bootmail/logs\fP, and construct an email. By default, the email will at least consist of the hostname of the system, the time and date of the boot, as well as the contents of \fI/var/log/boot.log\fP and \fI/etc/motd\fP. \fBbootmail\fP will also cryptographically sign the email message using \fBrootsign\fP(1) and \fBgpg\fP(1). To verify the signature, you will need to \fBgpg --import\fP the public key stored in \fI/etc/rootsign.pub\fP. \fBbootmail\fP can optionally encrypt the email messages as well, by listing a comma-separated list of recipient \fBgpg\fP(1) key id's in the configuration file \f/I/etc/bootmail/gpgkeys\fP. .SH FILES \f/I/etc/bootmail/gpg.conf\fP, \fI/etc/bootmail/logs\fP, \fI/etc/bootmail/recipients\fP, \f/I/etc/bootmail/gpgkeys\fP .SH SEE ALSO .TP \fBcron\fP(8), \fBgpg\fP(1), \fBmail\fP(1), \fBrootsign\fP(8) .PD .TP \fIhttp://launchpad.net/bootmail\fP .PD .SH AUTHOR This manpage and the utility were written by Dustin Kirkland for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document and the utility under the terms of the GNU General Public License, Version 3 published by the Free Software Foundation. The complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fP on Debian/Ubuntu systems, or on the web at \fIhttp://www.gnu.org/licenses/gpl.txt\fP. bootmail-1.10/img/0000775000175000017500000000000012175502071014177 5ustar kirklandkirklandbootmail-1.10/img/boot_14.jpg0000664000175000017500000000277712175502071016165 0ustar kirklandkirklandJFIF4ExifII*  H H( 1n2|igthumb 2.13.12011:07:12 17:27:3602210100   H H( ,JFIFC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?'Y4-k[6qg ʞ@1 dUq:zhd-T.Զ$qטi;4[{3cF Vݻh(ۤgkL{?xVd6r؂!`2zC  !"$"$C""!"1A ?bǯNwp^hZLN@5lz+O Tx$cY$$o}nz^#LԶ VN|u(ynBQbootmail-1.10/img/boot_192.jpg0000664000175000017500000002142312175502071016241 0ustar kirklandkirklandJFIF RExifII*  H H( 1n2| igthumb 2.13.12011:07:12 17:21:1202210100    H H( , JFIFC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?c\?boukl[>+%}5<5s~>a}Eu?t=w“4#-Fa=Wpk#Kk$$O&c,Lʱ~&k_|go!}6\M5x^ɑ !xHG4zƻ Am4mB;?"}T(NjbPvOzsx`֛?zMx} #$sډ^5CWK,pD" pz^s|WR4{=|1LE>#k5变 &S' ֻ(k+nIqr4Ň-yEΉ|#L\`?V@d~$xEE \hz,?6aYT}I\|vrٲ@{Iu"7 ? anM\1)( ( ( kzׇm&[j9 埜 sҽ>_jc6yGPI"mpu?қ ;^q^Eyc#sY>&b᮴ʱmzMJo=n5X}+zNGMzMΣ_Fu$PnĐ$u "}ÐAzU K\^H3G^cxCG;N"s ( ( ( ;ucl-^Zޮ{I;^"q%t4QEQEQEr~X<[O8=u6 e9dᏩy ( ( (  Ŗo |Ƨ~.v`x~e7(+KIt{=>#b QEQEQEr> e$%Մ<kwr>{;V,[u& 9I"oUaGf5S ɼ0&H{IECkuo{kͬ4.CcSPEPEP/n&GHdU*+F{o+`wZ񽄚u(^#Cꢵ6/w,a@e iV-4t}?J!^&)#<׵vTW45O1SP~ \7S6: XqXF?*|VV|<3(+$+¶:_ŮX#Om.~;KuFU>Zʀ8ǰDZ%yb)Xda0<5,sIJE" !#VmBsw gir=+זEJIϝK9(S^z,ȂOF~.iaZ?M7^{jWYS_ I "ɠF CXms]PSI~"o \|jHUؠ kV\E.a;e~ks$=1Y^{zpI pb5 mu[&-'{5SEs~U}뤠C  !"$"$C" Q   !1AQaq"#2BRbCr$3SV%6DWcdsu ?>L2q 4-kP Hd+\`;feh⡶ x$xm85*83Iu0mHQ BG΃59^\MFi@x!S|,eGd˘>=m>Dz:oFV@ДWCc>j@#sog7 HNu+onSyPr5.>0_r䓏dO NѮԠk|Moˁy'kC5Xk[0]YJNV?է4_4o58wš;v$D$ݯ1rmNM 6ao+Mu(9ALAIw>m̰ kнQpITd]\,d'w۷taR9#~r}WESl$\ 8Gsf({h>Gd\:@HHS1.SDd֊kmBPz-g9ܵ{SMu\XS)J6>/[Fl {xy?LZJ P}-5骮&26TQK+>+m؟<*bCIuRA)Pr<#\n1,Rcہr&*67KvW*HM7ȫGn}aP)JP)JP)JP*e'щtCwHga'oRvv=e~d6T8ds'Ӽ|--$|) )85y'F|NJɴ33PxmBmVkAJ/tkּ}XR8Wi]c!GWKV9vo0Gp+(u xqLs0h9 {z|A5ٙܿAyA]׶Z9Gu?q&i\ݡ}&YSjmc9J qĖ}ή%\Yp{+h{>ͱ|ƻWxm7 .9^W.^uW'L}M$%Гڧu kNQNAwC &~rKۤr@= W==vᘪJ7ƟQhy1R>W8*TT,'est5qf; 4i B=,YhEy}55;GJHks沯!W1;q2 6BR:ZߔܚUOq72O?EWw'uVض1qȮ(PSΞIEO>xYK9HZWXOve+1Ax F}HsnS=QܓYRJRJRJRS~l8t}8ShUM<n+ZM7.m1yi񭢁JR5cC,ڭ2#L4~4M;ZOaI9n?`}(r>`y>72H$l%9=ZE{@ h9DJ,_a38p0"q}U%Duymk~N;ǽ?§9QiK .zKCmJ)F [Wb+2ՠΧ\Cq2?Ö&=6+Xsƈ-eCu?+UCߠܑN Gv#~wFAWF#5;p\[_Za裢$2~~ODRw/)^w9AF!] Z\wk7fG7ɔ{2daiJpY)+= D gN z ǦVI4-2CiJ@L+ባwBf(=ǝVt_/Z5 q8dp,•,$oEu,BNmN:R' oܐSaqm@h2 BBRrҔ R R R R RHcɱ%9Qq`W4Q(((($*nzZȻeC CqEiOuڒ:ҡA؎T9/VD_^l);1v@JHP]G}Vr6mF.G{taM8D՞RRR݁tFwe5hdMh믥DU?ny|3 ZDQw8qEǡ#,7SDrH|brxƺZ2ì>ҸkZR) HRT6RHRǰ̏OntŖ&Yd,;l(.DY4ڃ +IuCܾ&%rUdoBW n R R-\xY5Kx&]B͂'Wjw;}o"WHO2IZ|&]l9"0{Kt|) 7h#s#P^)Sz{.fkwEPc)!Lj,zڬ*ܩXl1Xڛ$~y9:Y +Szuo3;X]ѐ}U?OrгcمpRǏ )JHۿo '(q`dvXX})i>#cZ_]pD,HO&Iy7d!TRAEL g(WhS̄,~:ӟA+@<&\$݇GmX4:1Gև}>AӔ]svk[=IN-+ѣ ׇ|zInNµPp\t+oRzҿ¹;rrestNW|p0?K.̠&ǥ:WRO#^\X8^ǂ}DQ|]P)N`x[$?k:.UVKiFs`66h[}e5V+nr  ==j>'sA3)7;m^/kmG4caRoՎbootmail-1.10/img/boot_64.jpg0000664000175000017500000000632212175502071016160 0ustar kirklandkirklandJFIFLExifII*  H H( 1n2| igthumb 2.13.12011:07:12 17:21:1202210100  @ @ H H( ,JFIFC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222@@" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?K)hBiI)u[Bc^G5SK'\}}eule=B9ϸ‘~W Fٵ+H#WpT dhjPhuk+3X<#mj8$c*DϢ^C&hu{';SZ8njuӴi5Q̞O=(_MֺZUj3\0 0&'V-6\]F o 1+pT4-eW!D+3@xZ̘r;/ak e;g;}7M?kPEP[(וJ.}q# T~@Q@֍&ll|p'"0eaN{ٴNdL Op:qɠ j*8g!,?(QԬ᳎9n<75{J{I'*C M!VFCRr׼:OP)WM{HDߴGǟ>\V&dc g&E+g](Kƿq 0 : }?4\KSS@/SOlSeBb's@vRf0"cse m`bQ[:3.f#T &l4[ݾ`.~"}{3"V'"?C  !"$"$C@@": !A1Q"#2BaqRb4Sr ?#r%FV6 "QPPiO4)Ϙ5^,w.2= v 5!Ѕ'֩FK=@x?$AbÕ[|19w#xm+б!CA i64r6KpOPf FY]둥ն41\~Jl^8k%iDe^E.+!ئ ZzgGzۈׇ`eg YYB% [ϩ' *tէGK[nޑL<cLyTñr5-JzhtQDdEޠ"v(Tv!+^v֬mP#[-[ NIORIEP,q ۃVxěDq%iBuӘU=+]֘'TÑyJּq?wY¹+TL ~Qv{'f;nĎ?IΞ'@IA8"fWk_n@J`G79Z5Er )sW˃f{|SEP/. "nܗ-B\$t Ox t=4:(}m'_B~ @P{9EobPenY7kCwhzy=hoL̸%֖X Ju WT].DFr >I*19+H>pՠ1^0E2!jC*\iaI?1^ viwmjjbt&%DKo|"'i;婸!x>M?Q*ϗ~,;o-7P wȩ*ؗla<<~Edz"dW]Lߜ^.05 1G\wR [(jkֺ36ⓢ7MK@Z\)!+R;RKNzFJQZ\Vf?ʾʕ]4 6U)Pԕzϰ2+A ?3TyU4['N`BSAij (-die] %!LJ5BJR>oW RٻgN0L+|[SCж WN|@QM