From 395b041d1e85c9268956eb425de676edd1aa991b Mon Sep 17 00:00:00 2001
From: Hank Donnay <hdonnay@redhat.com>
Date: Wed, 27 Mar 2024 17:26:25 -0500
Subject: [PATCH] debian: remove sourcemapper

This shouldn't be needed anymore, now that source packages are being
extracted from dpkg correctly and the debian Updater is tagging the
created Vulnerabilities as "source".

Signed-off-by: Hank Donnay <hdonnay@redhat.com>
---
 debian/parser.go                    |  11 --
 debian/sourcemapper.go              | 168 ----------------------------
 debian/sourcemapper_test.go         |  72 ------------
 debian/testdata/Bullseye-Sources.gz | Bin 14418 -> 0 bytes
 debian/updater.go                   |  63 +++--------
 5 files changed, 14 insertions(+), 300 deletions(-)
 delete mode 100644 debian/sourcemapper.go
 delete mode 100644 debian/sourcemapper_test.go
 delete mode 100644 debian/testdata/Bullseye-Sources.gz

diff --git a/debian/parser.go b/debian/parser.go
index 66f32bfeb..e9f6f0952 100644
--- a/debian/parser.go
+++ b/debian/parser.go
@@ -70,17 +70,6 @@ func (u *updater) Parse(ctx context.Context, r io.ReadCloser) ([]*claircore.Vuln
 					},
 				}
 				vs = append(vs, &v)
-
-				for _, bin := range u.sm.Get(d.VersionCodeName, src) {
-					// Shallow copy.
-					vuln := v
-					vuln.Package = &claircore.Package{
-						Name: bin,
-						Kind: claircore.BINARY,
-					}
-
-					vs = append(vs, &vuln)
-				}
 			}
 		}
 	}
diff --git a/debian/sourcemapper.go b/debian/sourcemapper.go
deleted file mode 100644
index 539443192..000000000
--- a/debian/sourcemapper.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package debian
-
-import (
-	"bufio"
-	"compress/gzip"
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/textproto"
-	"net/url"
-	"path"
-	"strings"
-	"sync"
-
-	"github.com/quay/zlog"
-	"golang.org/x/sync/errgroup"
-)
-
-var sourceRepos = [3]string{"main", "contrib", "non-free"}
-
-// NewSourcesMap returns a SourcesMap but does not perform any
-// inserts into the map. That needs to be done explicitly by calling
-// the Update method.
-func newSourcesMap(client *http.Client, srcs []sourceURL) *sourcesMap {
-	return &sourcesMap{
-		urls:      srcs,
-		sourceMap: make(map[string]map[string]map[string]struct{}),
-		etagMap:   make(map[string]string),
-		client:    client,
-	}
-}
-
-type sourceURL struct {
-	distro string
-	url    *url.URL
-}
-
-// sourcesMap wraps a map that defines the relationship between a source
-// package and its associated binaries. It offers an Update method
-// to populate and update the map. It is Release-centric.
-//
-// It should have the same lifespan as the Updater to save allocations
-// and take advantage of the entity tag that Debian sends back.
-type sourcesMap struct {
-	urls       []sourceURL
-	mu, etagMu sync.RWMutex
-	// sourceMap maps distribution -> source package -> binary packages
-	sourceMap map[string]map[string]map[string]struct{}
-	etagMap   map[string]string
-	client    *http.Client
-}
-
-// Get returns all the binaries associated with a source package
-// identified by a string. Empty slice is returned if the source
-// doesn't exist in the map.
-func (m *sourcesMap) Get(distro, source string) []string {
-	m.mu.RLock()
-	defer m.mu.RUnlock()
-	bins := []string{}
-	for bin := range m.sourceMap[distro][source] {
-		bins = append(bins, bin)
-	}
-	return bins
-}
-
-// Update pulls the Sources.gz files for the different repos and saves
-// the resulting source to binary relationships.
-func (m *sourcesMap) Update(ctx context.Context) error {
-	g, ctx := errgroup.WithContext(ctx)
-	for _, source := range m.urls {
-		// Required as source is overwritten upon each iteration,
-		// which may cause a race condition when used below in g.Go.
-		src := source
-		for _, r := range sourceRepos {
-			u, err := source.url.Parse(path.Join(r, `source`, `Sources.gz`))
-			g.Go(func() error {
-				if err != nil {
-					return fmt.Errorf("unable to construct URL: %w", err)
-				}
-				if err := m.fetchSources(ctx, src.distro, u.String()); err != nil {
-					return fmt.Errorf("unable to fetch sources: %w", err)
-				}
-				return nil
-			})
-		}
-	}
-	return g.Wait()
-}
-
-func (m *sourcesMap) fetchSources(ctx context.Context, distro, url string) error {
-	ctx = zlog.ContextWithValues(ctx,
-		"component", "debian/sourcemapper.fetchSources",
-		"url", url)
-	zlog.Debug(ctx).Msg("attempting fetch of Sources file")
-
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
-	if err != nil {
-		return err
-	}
-	m.etagMu.RLock()
-	etag := m.etagMap[url]
-	m.etagMu.RUnlock()
-	req.Header.Set("If-None-Match", etag)
-
-	resp, err := m.client.Do(req)
-	if err != nil {
-		return err
-	}
-
-	defer resp.Body.Close()
-	switch resp.StatusCode {
-	case http.StatusOK:
-		if etag == "" || etag != resp.Header.Get("etag") {
-			break
-		}
-		fallthrough
-	case http.StatusNotModified:
-		zlog.Debug(ctx).Msg("already processed the latest version of the file")
-		return nil
-	default:
-		return fmt.Errorf("received status code %d querying mapping url %s", resp.StatusCode, url)
-	}
-	m.etagMu.Lock()
-	m.etagMap[url] = resp.Header.Get("etag")
-	m.etagMu.Unlock()
-
-	var reader io.ReadCloser
-	switch resp.Header.Get("Content-Type") {
-	case "application/gzip", "application/x-gzip":
-		reader, err = gzip.NewReader(resp.Body)
-		if err != nil {
-			return err
-		}
-		defer reader.Close()
-	default:
-		return fmt.Errorf("received bad content-type %s querying mapping url %s", resp.Header.Get("Content-Type"), url)
-	}
-
-	tp := textproto.NewReader(bufio.NewReader(reader))
-	hdr, err := tp.ReadMIMEHeader()
-	for ; err == nil && len(hdr) > 0; hdr, err = tp.ReadMIMEHeader() {
-		source := hdr.Get("Package")
-		if source == "linux" {
-			continue
-		}
-		binaries := hdr.Get("Binary")
-		m.mu.Lock()
-		if m.sourceMap[distro] == nil {
-			m.sourceMap[distro] = make(map[string]map[string]struct{})
-		}
-		if m.sourceMap[distro][source] == nil {
-			m.sourceMap[distro][source] = make(map[string]struct{})
-		}
-		for _, bin := range strings.Split(binaries, ", ") {
-			m.sourceMap[distro][source][bin] = struct{}{}
-		}
-		m.mu.Unlock()
-	}
-	switch {
-	case errors.Is(err, io.EOF):
-	default:
-		return fmt.Errorf("could not read Sources file %s: %w", url, err)
-	}
-
-	return nil
-}
diff --git a/debian/sourcemapper_test.go b/debian/sourcemapper_test.go
deleted file mode 100644
index 20efea79f..000000000
--- a/debian/sourcemapper_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package debian
-
-import (
-	"bytes"
-	"context"
-	"io"
-	"net/http"
-	"net/url"
-	"os"
-	"testing"
-
-	"github.com/quay/zlog"
-)
-
-type TestClientFunc func(req *http.Request) *http.Response
-
-func (f TestClientFunc) RoundTrip(req *http.Request) (*http.Response, error) {
-	return f(req), nil
-}
-
-func newTestClient() (*http.Client, error) {
-	f, err := os.Open("testdata/Bullseye-Sources.gz")
-	if err != nil {
-		return nil, err
-	}
-	b, err := io.ReadAll(f)
-	if err != nil {
-		return nil, err
-	}
-	f.Close()
-
-	return &http.Client{
-		Transport: TestClientFunc(
-			func(req *http.Request) *http.Response {
-				w := &http.Response{
-					StatusCode: http.StatusOK,
-					Header:     make(http.Header),
-					Body:       io.NopCloser(bytes.NewReader(b)),
-				}
-				w.Header.Set("Content-Type", "application/gzip")
-				return w
-			},
-		),
-	}, nil
-}
-
-func TestCreateSourcesMap(t *testing.T) {
-	ctx := zlog.Test(context.Background(), t)
-	client, err := newTestClient()
-	if err != nil {
-		t.Fatalf("got the error %v", err)
-	}
-	u, err := url.Parse("http://[::1]/")
-	if err != nil {
-		t.Fatal(err)
-	}
-	mapper := newSourcesMap(client, []sourceURL{{distro: "bullseye", url: u}})
-
-	err = mapper.Update(ctx)
-	if err != nil {
-		t.Fatalf("unexpected error %v", err)
-	}
-	opensshBinaries := mapper.Get("bullseye", "aalib")
-	if len(opensshBinaries) != 3 {
-		t.Fatalf("expected 3 binaries related to aalib found %d - %v", len(opensshBinaries), opensshBinaries)
-	}
-
-	tarBinaries := mapper.Get("bullseye", "389-ds-base")
-	if len(tarBinaries) != 6 {
-		t.Fatalf("expected 6 binaries related to 389-ds-base found %d - %v", len(tarBinaries), tarBinaries)
-	}
-}
diff --git a/debian/testdata/Bullseye-Sources.gz b/debian/testdata/Bullseye-Sources.gz
deleted file mode 100644
index c054c7ce255a44197bf1b642eebbb330531d5d9e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 14418
zcmV-YIIYJYiwFpkH1A;m144CdY;$FKWi3r%X>Ki3Z*_8GWpe=3TU&G6Mw)%sufSub
zR;2oVacQRPY$}<p%2Z`yZ(dz}r4W$>4S=$gn%dvKrvXwVB~qfCorkr{63{?*1K;I*
z=QP^CxNz%c>0L!!y!gIey7pl_{w=j#-7Il3B~!+ybRsYQ;p%0Nf2n;}{g8a^meo&g
zk-F+ra*OJEbvv8P%K0RwyEK14ue-jRx_RC7H`6%WKW*CC-!A@pHE&$R1n;Wf>SajF
zzWUFbw47DfccJ`#zjyOx_47J5cXg<KZPs0v+`77MH%I&TU3|Z;=W+5wTBT*gz;4|)
zp;_k33OC)P`6{)O&@5K2ufF?hMcH3)p*%1iwfgRFXqi$um1v#U-ZxFxmn(Z`xt^!)
zq3hG)@j_U)b1|7M*Zq8W<?3I%*6lrMnfkps_&C9A-Zb}n&16c+c%=^O$G(etS+7^i
zRoJ^zjkhhkRlA#HdDrhIVHnL!=zqlA%_ic1#`~Mu?D6gf7IO2))75f!sf%-VFc2HN
zcTKF<i^B&N<E6W%^>z0+!q@v*f6J$2Qhq(Q-oq$e)9%g}<2;vDaY1oYJ;U)sf72}4
z_JChjf8bs^Jl@5JHr&*G3jMl8w7Nx9qH^tG{CShBnj2N!<~Aj~#bmtxcv>!AeC*va
zx;A!`$JiEAIVBfAHtoXo?<zcY_1zbQQU8~VAB(%+T~yhm=yDJ?YvGbfA!L`MQIvbD
z36&KS+?0g*yvvhm?7~GQvZIs=N|KW@ChZ92f+!a#4wNz#r<O58*+Fl_ay^^&uASch
zfibv~K5LCTox!U_pS0p3MjAECj#rv1MxISSX2oWZ-$FO}zHPpCC2Mc`e$~CZy6W7#
zb9*^?HRf%PJiZ#TADw=x`?EVtXLWyp91geLdeKcj-Z&;zF&|!?5b6SP-iM&LN|a^c
zO|&sHWrNHiSx&WKM&qyNhQZ9%2SL5{?zDLc^*L)LXiCHc7mQUwiYTdxItfpxmP}Gk
ziImc0Mp=TrZPY?b${g3{nBV1WtPR8~M*_oiLM0-pB*O8;UC`buqH&2PFP%(TW{($^
zl3VIYBImg0@695u1_UmqhNV|?_fRYfu)4bVWrXL+&w$c*)kPVq;8`_TziL)J!r0A`
z0^#PbL(E?eIdM7U#AONl%fp<wJj{t7>J};06wqHa&HQQsbiX1)2>jC4Fh-9nU9)aO
zy7-7YhpZVUzt}$8P%b9X^=`j@3=Nl$M+JHp&GJZ90q*|4sw<DxWI#fDqKrI+tNHvm
z{Lra*5q=U&SqCIVkX}p9Vqhj1r>tTsW@#!$gm|>_=Y6YgP$;FOJR{mzCM64zC*lM#
zp2|Qijg_*L8Da=|KFVP-c%6tKLFyE;Pcm{IV^&n<ps9<|Rg@EQ@>%{gB#jaFR$Ll-
zodPHBTyUItm{bNyEZ!=^*2WWVBa7A(04}pU3zbEX6gh5n#6OrmNt<6aexlS11f)(e
zSt)||G0>b8yed4CE+_z@bV>-yxmSYZ95Ac3oExVpKi@gRX=y3d$tNUv@*Hnst%<=Z
znxc=H<Kdk$nrml(oXH2Hq<6$yDuQEgaNe5%YZ&n~Y9TeA!o-U=pN6b4MBac~_Zfe7
zs5PGML6n^wV$;XuUDp?Q`Zd)+lzDaCwdpLh*yo-b61eXCF=n%TIK@=xi%`L23}7o%
z`e3ycPG)YsLik25;p$w`q1X*C`FVJ^F-SG18QDw_t1J^Kyx`g-{E&_%t$`522)WmB
z7kM*89!gzgU`3X4OTbD*Fowqv9mjxNg-X(rBnQ)e0~m~lS6d&w3IhlCp8^1{fub^t
zXab0dHA-2>vm=a151?e=D*!iRtP_qX<gjC278^SuP0aL^Ntv+1nBoBIDO1v7Fe*$?
zhQ<J@0|1sP2F|oCAOnWSsI!D9E`>IRy<&2T(M;ya1s@^?Gohe6Q#mTavnPx@t0Ksz
z2aF*QSXKZAa1^dGB|^RGlEV})_Jsj&)_zFw6$&rx`Xl~4&-P)=A$=Eh7oKJ>Li<$q
zj($CzyJfh&)CKaI$HW~@_R^LS298aTFkp|9e+#|%wGPP7rus*-#5mWB^6MLL;QuQ3
zqxRs`qR0}Yvaup_L}~=xjwCW0D{x&p*y-~#^Nb-2jiVHgP75g&3j!ho`X&k+P%Tu@
z71%jDI>KQgB2-Djh1Xd{#xnwtdjkQKk_ER%Y;b18$tU@9EMbg;w=jg#<0Lys#3q{{
z5po2=QAa({P-Y!X@~EPc21A&$Oo(g~@ft`-nGHG{4QH^|ZO%ZX&|gtTGJ&Ir%04E-
z3>XL0A^-_>I!P5+%)k;yqRC1I6J4SKyy0A*M8QC40BMu}i9iD)wJyXU7zs%PD~fv{
zRYZWqRVhNbu<XnHkV=T4H~8#D<XEITy!TB?qus+Z_$bY%YyT<qV58%A*pcr0*1ZTF
zlP~=NdX)1$0HISgVF$4BVV-_RUbYR8qiyRU^FeB^-M0OF$v|0IlljtvN+dZhf_&*?
z3Uk-GzP=mV&IJbk%JN0Zg-Nm~i5CJvn~C6Hq|gu2TVe_+P;_g8&zm<Nqca4DK+giY
zS`$|iKq5Yo5yo<&m@i$qmHe>xVWq-UAeovl4eg(DqM)CsqfT0<pvzq)3=_|%{{|R%
zbi~!8KVJocXMIktVo;V?MuB$DQw5g56cWcPQ!qB5n8V6}fM*$$T0?>b?tvNzlyz=M
z_Agl3S`aQc2$T)h4#+<*lXRN%Ots9goN?Y}j2j}j9i@&Kj)^S%kWux|@j{lM89{3a
z6-Z3VQ9vSSVTlALFsZ%c+NR{0lg=~cAVmVp;4hFRkO=Y|FTI%f_qA&tn&oV?^FRBe
ziI1_rHTR3Vcj>?FdKv*%^>Vh$|KV)E*gl~QzdnF4{8%rSb*ipgoV?G&$;-KZV%?b^
zSujvjS|DMw>N&yh)b+dbF7@kGk5}$?Z4g2j=VmgVUseE<n_-%HDzAL*^22MZp9%Gh
zCLO#9o>3)GgbY}w&&))jX{s2rdbHr@!Ej?xBgzaajfV6{Svg4<qW}OF9I@F!QfU04
zyMBk^%Cxh_+a!{56ccj^YO8^eG6A>H4+(I*@6-)~2H{%D8E}hxU64jOk2e93Q5isG
z06pyRp}zre+A#>OhH)mNN6W=CaOYIlQ}E-wgAc$GbaqHx?h5x$P%IiX*pwAY>Wgs*
zE6bY>%EaPU6B5-<z;LI$q%<McG6VggbmR(h1U+*uz(S3bhKN82@=KsyO5uPZIYgaF
zj$Zqhy=Y0$z%l}Oa|sBS%Bq!vZ~{BDhR8^A2tjIKndSr)2A(n+@(6Vz<M=f%d+<s`
z21KhU%7<$~jEolV1Ht1xMcfs<)E*TtOP&Cl;5?{$i3qCbt5NVA(7t~CI^AXdRoCSH
zt7|uIe7^EAG!KZjO#P8{j891NZjB@zzf~a&O4{$5C!g@jvq5cavp!<zw%MUTTy|Rk
z*fwFVI=hg%eLM;60{|rAjrLGw_?8t<!s>vEr}Y@-*+<m7B8PU6I-c$^Dm4+uWY|AH
zR6n)NdIb?S4%NN?;--IIM|~^ai5#7wj<bZo6v`_?S>VB2sa2G$R9k8`ulIR)tIfv<
z4`xj*_)(GbfXl=~*1@5GC$1^2AiGPdJa&ANE6E~=QJ_s`F<P!XNIIB<Oi=osWE9{+
z^be-}_BE8Pcg|fy8Sg(SlMEivW?sItWL4HsARx0-P5?p_fIljxgw;|gNrkZlDg-=9
zyOc6$<w=tQ-eQKt02vYq{T+j_1bN{cbD$QHqFo?RX(0eCIvX6dRCva<5yFI5Odg=L
zY#=Hn9F-4j)CmIJ6_o&2%`7ElxRN61B&65GhvbSH^OAxC4xH#^mmJ3rq|G8Bi&Hx?
z(ABEj*!Kv44DADgtowR?Y%TNzhMdaj(ebB~dYEP}tvS;qH_M$?Dkt5fH1Cp|O<7qd
zK9=4;mfNdOuDit{W~#178%>6BHVZ8$R#-knx2V2vN>Ja{)%9&XZ#;<6d$*i<WcGA5
zKYy{cOqVf1nk<|9>R-F_^Ks+l^%tiFkC6uy79@fP4sd2YBZQ&63a=|_%NNIuIX`bq
zwow3tCxyx_xwFwEiD)J=WH1#TWDKN|)L6rw^nS7;NHvW#IV+0B;xZcJBJ#4V;FNf+
zkQC;~{I7$^9*f_);A%V0Ro_C(pQ1f4^(<ggO?<WKdjwWe`TDC3CpJKtcx6+Fg!o7R
zE=W-f#96SqEP$2|@q`tXT9_gzib0is$>K&Z00m^IHoAOi=EejYjO1{i3`P-45<HQm
z&ceWjR)BS)raH(kl>|S>BcRA$aVHqhiUMc6E%I3~mqo%zfk8tjneh<8a!P?%V8}dc
zT(lkn`z(*WD7sptNzM<CHh+dMyJQ|PW;i|fdkfzi_I%;Rjh!H|%F4$hq>OEs``0FA
z$H`&KuuQVou;Vef7wwl-Xu|EP?kD3-J9wf~fxnbKS<u-c6e9S)e)+Js5?nry*DJSK
z3m#X2CkIFc3_n1sPxYdyKDc?`EYq^O?tgc~@xjODr%+Y)2`%u%ZhW)TTa<PZFE;lN
zv$PzyB>lm5yO3I#cXt~7Ztu}uTJE+n?e8qQZM}RvnMb$U-}NJ=%#2^C=6&4l6MC}c
zsOxsydsc2icAJP+q24=g)82il-Hq3|ZoYf$Zn;?PPP)C@MxJ_Vx6mMkHy5`J?QElj
z(?R3PwTPsJTb7jBBhju;rSR>A6b!OQpNHrL8{Svs^Ln|y-)~qo^Ex~n7wv8LunaG4
zW?DXcJ7x7yWMHRBpypUlVp%w%z)9$K6eQ#})7tE(&gWf5jBuE_gszTIfXHZpAAvA1
zu3$|pi{HFbQ~+T4(Lr{ohnR%+4mpF^2?L6UQM_VMdlD#4V<bApN(iB$yG}jNH?Z1m
z!VU}i`v~(o!9CUW6xT&9XG}4`c_|+%T9b&OfN!Tum5os;??o&t^&(jye<?JHfgG3b
zDL%jM3jrAnb<L9&lr!jZC=XC)kPDj2f-DodR0_-%eaIBN0o<2k4zN?InSG0|@L&cb
zq^OL`UQll=Dxy#bAP0G08o_#1(m5Jm76!AisEa;<=@9MYn|%4aRK;ywndTIm)~(v+
zcQh2oJS$b>6fcPB{f9Vp+w$S!X-ye!EudMz{<ZrH7;QToTcCVWf?j&s!{YV!MS@c`
zc`y3UmF_%-o78o?db~N`6YmDpgOPv7XVmXq+dkm+OBsgauHlG09KPXm%4Xy2J%a9W
zd#U@XcPFdej@|oBImFEfx4uC!X*c8oeRw>9&c~6Nyn@U`0z{)qTtrQ^CRF)?jDbKC
zI7@xSkg;2Pf8LsT!~w}I2_T}93jv-eXe?jpq75Q(1EpIbO`&cNIv)~H>B_bbN6Ll}
zAyZ_OfKpQ>DB(J12g8-m2hXQ}9fIAmS$1KukEC~X`g#|x9%JBYyPgA$uwLF?ZKk;z
z2K;yj`*rwnbg0+IID*U|?oj3sUw~lawMm|pwP%?F#FPQ2hcGhQ1y49Z?8)E_58N4!
zs+97}zJQuz)T6q(6g(t>Ok4^jjHMcQ89imO?5ap9Nme$P8USfzOpuf)p~AfGt6;q#
zCNQHsbI>CZGh{*~<C?1=$_jkS*>DTUmc(=6C`yCRmf?8}bi!G_e713`TQ57r`E<Pu
z(-hZNtF^!Sxe%N26Zuuwx8O#zhv!QZo0;DJy@qeS_=as-FvqG6{T@P%=ZAYq*>QsZ
zG1O@pQnkC(J+4A@<F(0RckL|H`l0%}o2Q5BdhrlkdOus-7r}Mjas=D{2LL+3Te{tU
z8<-v6k^kjpJ>Ok9zPo<5N0)QIH_&dIefi%6dl&BNS?lV>D&3DwrM4{GZ8~JwZCb(=
z=kHN@84j6sf#^YBgLaffc<>fkQkE-bBFGUXcI({FTc2)H5SXV2RuyF`pE!_FJcAR(
z%&hSd2>^`zU*4{4Ij-Z#zRy?O$5Ds?YhM&}n3g>;V~rFsVf!7CwE-=5qcOdZ6d&f>
z=j83%=zXJTD?%W8sk--8Rh~L0D>LD&-D|&VW<Y>O&S^{Dg50zyvt?ofM9?)hrpj8n
zBe(DstaQD$R@8F6VlOh%W6e&n(HxXk#ek7DMJZH^G4LYdxtLU#3S_f<u&Wb+6qam3
z?*Ni~A}2%C_1u6ra6;=%RwMvT($<ia&q1_c!7`1s(FrMKF+ONxK@~$NUMZ_X0yt5)
zZbD>}R?DU!SBf=Fc|2I6rXBDaNJ_auf{3Q9gt$rA4IyfR#f7MOuR*1+ny>@hTReed
z3}d?jpWYeB!v5{(xzx}1Pm9U;2<Y`qde9r@=@!^qErHXpH*~oLeCBZz<Ho;l`833x
zzSlc=_cQ%6eO`1wtpd`<G{LLe;@DZ$*M;0ZnP#ukcY~0pmkn0*!uEQur0?T>cm)T^
zKrw&<C$rerL?DA@lwG7yOv~6{WoDm#C%rNJ@DIZ?4~GNVb68_C97QRkhXQ8po4^37
z0;+VJd1J%6;a*UR)!Nw*pxSyTqA@THm)WNms0h<(D}>&?=!k<zkJ$do<+g3Xe|-7F
z5+BdsuBPBEy6Fx0)%Nk?u+{(Vefx;H7iwf|ZrNL~f@rOE1qP_9Rw@OK=1>X)7!v@&
z!mL8#a4(4PqMXo>gvW<6c%KtwYz?3oAe&LeXj^U7STdpX{@30!9bkc3f>ve;JNFoQ
zmnnv`L+uJtki`nB){7RiwbiSVymv})Zi65Vc)>IhE*d!C#i*uQBqtJwC!L;(ee1+`
z&IrGwR%v*+uNF$?g`PKV%hjvb74C6&dq*Jjaa2GQW()8Q{{6lAA2b0|xL<y_q-pvn
zkyED`pFR&^^5-bQ;=|qM)%eSVHtCFO-{E6jEb8aQ?w)@%Hf6ZmKjS-NfY{1^`ROz3
zOm!a)*~vGIYWLNYQfpH|Sq_R+J@3V?WH|#yaBPE6tJ!$yCt(P!lm$x*99$4t-~^1J
zVu59wA*ixZ_=4nouuaQ7MlLvjq(ZaB7PVH+I#GhP0`$Iw61(8k@wThz1OsW2Ldq~H
zY|7Xsn~TY2-+XBTPtnQXjo7{Kn+{{j;}e$F+rEP#eB`c-W~(Ea3GoTz+p}jfCptKW
zJWv=B6b;PX$3_ITB7F>;Z&I+~H)k8RYCiGiuu)Y7MORDEP54$~!1NrSBN4si=s6)k
zP@-lbg^~3@;ObHiIhIyald>vrZEBbjnX4>GYoJjI;?f-2V8D-bj3A8IUcelqOU~ft
zq18AI(6yQ~NQbTxz~&W*5u~HR%rzTqzBI=gn$RY2EYV~Yph_&%3k74ql5A;YS>{Wx
z$!1d8xaK%Zk?$x#+S!Y1;P?^p7K|K%Aotb7;AbgsfWaQjZaBy>i;>zuAzr-cf8Ld8
z-exK8K7J2#|Cb4~pXv-l*8NzYrz5~_rg2`5m-F|t`epj1&Q>Qk*Q&I20{I<}-sofP
zA&!a93ShU6D;~!$A9~E&>H6-kppq{?bimj#n%|9~r9TgcSG(_FPJriVQ_KEGeJJzh
zO{S2*)A=n22<B4mK=XogZC#UDMeAk6>i3)@SP8t$b}CriPw&HKMpqVGWW-u0Sd=h1
z11}YJd4R2=Vx19SZ!tva!fxyRgn<h7Wh>~6;ds;*l;J345)M68*+~=jd-xWbtY5-6
z3NmhUG7hFBb_%7WjHxLa<x7c8V;izS6`+pEPN$4d9B%+5pnii40nf|sD0OC-g)&k}
z5Bd}ZN6u*tvgT_^3MAG6PB^;FK&_RcFqa0{Q(9(^U&P#in_V#tvEbgpFe8h|1f5(}
zld7oHnrn@dI3xhRaTFq!2Cfbe1~QY2l62xQo-3y55YW~m%Dd8Ndgy54&sXV0w0Jt^
zb6>+w|0VwS_xaGxYF*p_h0ZK!%Y8n)+yX&sAxgzQJ^Y#GU&hn!$LahFY_mT9HtPQU
zKmYvq@49!7`SwgAbwei6C8u@Cl3FY}1cALQSxBlPWrXsMhU3klnTDr)*m}5i;BPS%
ztsIBMYp8ocAorf*SyG_jI)g5-bMLp`TZ=#dUgN|mYe7Wp@sT~Q#npzJNu3t{_&w~b
zwqq`n3N3<%iyBNNrD!1<J?;<Y3L7nz<LYG-&Na@VqZ+W_YXVhB9M9qF`KPxe!4j<x
znrk(P;G7@_y92m6C$rZz$5v`KBy|kT9q>&B1_jdstM%87POgC+EefU$-JA@tqX4c!
zj$_UYKOQJrgO|*8*)N`ivjABrMH^d+SB~DH*96~p=D=ZcV6v;8dwaxIjU9R3u67T*
zw}bs$o6O@D%jf4h-k9I;dSib-h<mAzQ;>gF^y$~y9%+#3s)b-zfAkh>gsLHIA<*$b
zIS@u=){pqGdal9ls!9T@H)H+OSlONCw6!5Mhm|W!rvz5^PSd@ZdkfYJv%o%OVF)Q$
zkkck=%vh$`CoE0r4le!mF{rQebZrpo(BRbW>m-|}6FR1*qf$A+%xa55JJ^LUFk!2+
z&sDgHeJptlZxT6zw@X*~1m)DwMxYorLn9^BfvTQUcsW0(0VFvt4a6y$+=8(=N~J16
ztS}=A0@rLpUL1OCr?^$96q2eb8zboqbt|+N*jTwI3&qMVR;45*N0ngIU=9#tRm*n8
z)Ew@+i&ZdDZ^7%iI56bZ`)9l=x9qHLbDb+4F8%{;N{aA{H~r6{5X2_@RN8y<GSoZz
zrzHFSSZBbX=K`%V%iX&)!9TmDM1C2~M(F)-%h8wa-FUQEjO)W>H2dxSZ}c>s-q$(4
z^ZU-akJJy?FF$pxxYN4))bZ+09OkuLj>@-=NfJIg_Q)13z$-Zm2NFM<W_9oi=mh0%
zd_S2Fd($^;q*im9Dj$IZ3bAGCl3kTBa&Tm@=gxpqM0RH$_OZKJHtdUr{i9sUz^GUN
zZP<ZfzeUJQ34^JXIB_e#FB`dEzBgqfbBmLqM}1s6P>VdE$~!2gngK11BYr_tjID;#
zx0QheBZ4BcpzP8bgQ3JkTpIGqX+uyLA?fBhz{zXU=ml_t>Ely2FgxkFtHgvqIn0Et
zQntz*DPKP&B(h~6Ob&$URYVpVQWh7Q27H6*Wr&X2WYeMNPfCJ-DPc-9&>+@dKV=6L
zhTSLrL!;;U@nR+1=h-vu4FKI<qQtLO#P#RiaVJi8^=gaPxI1|i?f&(w=DdF)m{vrs
zebzXy8)t1X5}S3Crh3b)Mw`{+J@7NFxwLV?WT~;dV-ir&BCFgY7wpK?`t%OVigReV
z=lW~TVDHbWd8{J<5Jy+^S+GgzY-Ps|%-xHAJ(r1BMjLK_{gj#e{wNeg4qQE20SZ$J
zEQD(<ffT3+^fF+0B3bAnJd^-gsJdkZ84#<@#|Kk^O`0HTvXBcfv#2sii8DdxqDplN
z><C=Z%4`L|gcK-FZXUDb3YR@OKiKFFR59|6*kCz(&}0uC1uKoodV-eHXwO2jNd;X8
z>B32dhTj7eT$+qy>}5Kh-_Mu%1D4plAKbq6p+(2nfWV_EG^aVtu{6BT_`=hh?(@f%
zj+=NK*247}HWAW)xv}y7)t2u-9-b;ak3h-(BR_$?%x0tRU45C4#=Ftxw*;cRhRq!d
ziR<t7w$q&R!~p9}7!E@KD<H1WR}%zpt;VV%`aC(1-qkQXte$@GfMxJq1p@4~WDzYh
z*Rn`tTZCMp+(oR=t#*5gnF3fkHhk!2YlIU`dM=^{G!hLmtFut)dsn^WNpPuF5O7&R
z*I}hxI)frCOpDBA#W)2OAJqgo=PY!2RJ{!lBsdg^rc+Pae1pxnW?V#HCh21Mkps+z
zODqMY*(=vPXJ1567-d4nWq_>NdeEcuBcY^Aq6COaNTQ}yC=S~_G?L~tMIbJ&gfW73
zngFH|AxB%mMhyE@RyTcdqz>$lzk2I|1k9*6gwtk(&UTDwy4*@q8(waik^cVaQ3>`^
zOSNZEe|j#n`fG=IEz21f^x)T@=1(^SpvwKNvQG}UJ82~HUY#|PXxO0|LrR!_toUkE
z)Rv321Xm&aI_b0@p7LS;;f7TtD{*KbtSbr!8i>8OsOnOH<>f}5bI~2|VlPM>`;Ah(
z6-Xev<fwBnH!PBnoG7}MPFs1Rr|T$m>fg98djS!v9(kKQevEmd!BJCnR)C{wBe5-U
z1q01qYZq;m1r`$nl!e6yEyY-4%O+!g%@O+^0LQs>#dyo2bBtOVojG9@1epu*3Dp2K
zKqzn*k3CvDDO66__oxV=4DKdLuCwN@pAX-R1W|7~V;aC_TGkTxN|D`+?C^IIVy6!r
zF4anpD;Ajr)DJ<F34hCc9R`g4@26Tn^iG33Ep-_4xBvDRj%n#aZoqb`(So7{k&~!c
zHnA$^YeI5?s?4xBWc_u+x!Rf+?cdBbvwa9R{C1BwR3@Y6J;d1<=1JUHb$h-0KYp5Q
zfCs<t<elxO#r{Njn)=MvdG`(^=EG$9T;4z8;^XrXqyy00AB%ObCxhCr-L)?jA!VM<
zywQaqfkZ`-a{wdj!Lo~vnp3znKmEh-(CZj>3JJtr7iWF8umvCqJHVqL0|V^C0_3LM
zUX+%z!Ejlv<a4Zv3yLL&T~Ji6m6fQ|5n^-aqF+Jb*OPGfxCG&Qi|#lU;tDc<qTw-0
z9|cIS=Ex^eg|xEp6ZoK-MGI`#MM~_d7SE}5h86~lxER@?-$E|&#ORvDniyL&WU}GX
zW7Mou*vLU0&<hxOR)qixTn$cf`5#?8M3@oyCHQiF^wA#}3uYLi!UEJ}<q{!4n`RSe
zSCzGSz+97p-87#1fISce;4DWz_)D{MHggrt`2R!e{xtatD#0CHNhC=9IvJJGrjW(!
z8?V+9j~^xcvK%i)lUhb}G@xPf`thZt_Zj#0-_O&<6Sznjy)QH7?Duunmb1k@hG>Si
zhxw$}B#;6u2+#jqwv$Dd^Scd}{EC5ibr5n*dJn`|g{Su)@sD-u*Bb4UIzKEpbP8%N
z1tTa8jS8j7>DJY8y%}ds)L=8Q7ME?OgmACZ@(^E(l{Mld4^P2BXJSo4?<XxqE=g5v
zIvqA!Ww#pc#VJ~?vM*JD=CUZ@<Imgz^f$~lDBl^5Gv2-ISD?*i8LS+Bo8@&8Z%#Em
zS+Xo+y9KccS`m0a<dR|JDtIMSNUII9gsF}u4oJ`qpKCsbz$Oje50-gqpdrFIEmT*L
zxw29dxB|8X=zqs9y{v8KlMqY<S(lsl32YVu2^a|8f-cWbgjUifmM5OmcdCs=`3lNZ
zNXG(x;V6L<Yr>XPxlW2xQ9w|YWT|pxxr-BZ7I=DoK+7_kzK-vqOJV)VDh{0O=~^(N
z&4ix`1Lq!hFzIE!g-0*ju?0WCoXnm7CSJfan)ijozKmYfx!PsZoUrxXfo4ny->(zG
z+Fg~^=zr%7b^co!_&Khh-*k^pQvhC`jb0XbfgT(FnbFJBD9<PKI0CGU@NXS{UtNyB
zGHq>$mU;x-@ZG5XiX5AdVHgt6`4(63^)dq}&3l(cA22m~ZqrTVRG-0_MppyXC9h^C
zEO!U`-V&os2D#z5M;k%AgDJ9;&;$K^J**~aD7MVVrb|o;EwNckKC9)jTfr4rkMFoh
zy9G^uZMh%QsDOkrXHNo_n2R(*690{f>Xb+Z_6dvJz3x|QFz)3B1-AbBQ4*wVGRjrR
z7G3$I6ST(@h7EcQj7N~xQgPvE_SjOkIoVKrF?dLuRX8=AO;Zg;7h|0vBNG6Qlx#{f
zS5cT5(@c<pV^wQNL314<A!GngqNK@O8g3ofv4fu_l@Pd2bkxSETm(>0L*U`Eobt}W
zYr+7mumuI^F;}@(8`pfiFdfH3JRhHzyCufBgJVeavWm0dFz#DG=;d7c9e1{kKUS5R
zUlE8&gjILq-rt)yJFj}hv6Yj@ZynDX{zhc!Z*}zi#1)eML9@jeBI(^64~&6bykF3g
z$E~MI-QQ`_{ns?tj|3ex+`<|Zze6LMe2*)<|1$k;IL-abWVD!#ew}we*YaWdk?(Bv
z&i%N5<NY#0B`$AC`ukS=$Y^M25O+Wbx#Wd)0y2W6SJ`<!eN)2wVa^`bb1+aOq6qe$
zv3~jQNCc{t6JT1!Mx82$QybZv!dBxwM}Om_FUb26bZ#+b&vhQSGC;~f6~V^@Ask-)
zTQH^7D*Otb)Hgf{OOz}S2xvjd1;97dtz=J8vjjnvV~8G@1>}M#Yl;6ZgC*^JNRe|H
z)tTW24skVnz)XTf#(zRa1D55Wy;@M2!?Ylk5(oN7%{4Q!f*^GKcNuEt+J~2>!}Ade
zp%>x7xpcO!l~TB3G*_=922!6xjATIcWERp9#Gi#+1A}wkTs2(>KA@G!Uk(G?hK93M
z6ZSFWQcZ?asJ2=mr*W<CZwJ`ihF9VD9e;6uo*Z|;>mN_k*?du-yFZN=^=Uf(vIea8
zG`zuZbJ17)X2rCw_s!_@fIu<I#7i__H}ygrkJZFQvQ)*A;}C3X`S~6;k2U1fa%r#v
zqFt>Dm0dbA)};FycfPMcC8P8^P507i`Gk_F8a`X)0PY5^ZXqwwZ^r8FoN(gc(qC2E
zc{RS6W4D`2cYTv1#&2r@g)&lc;Z&eu<;;7fyi-{@<qd>LRw5^D6y+Qv8$8!#2qF}0
z^8WPD0w9$o4n%9NKb;jtaFJ&UBD?5y3Kd_08lwNN?aFfFO0w%#aseV0^8l;ia=C1{
zt6hx-+J-+2gNTtziJ4?`kV^H@d+`Fi3ZwVc=e+kwW+ro_q#rV;H$}v~aZbd&=hh@x
z#mZ;g3vAY*0R@20!KP1?2asMUMxO-%1d2xYIMfQ;;GTd*&^JLyA#4UdwCK=eQpp~D
zobnM}vo(0)w|Y%;8^{t{c59w2z8IsiPc>k7iuL+mZ=N-rhj(wre;e^(g2Fd^LU|^?
zi-yTDv0r~`_wWEewb_5A@}4i>-PHD(uUA%o-#itq`d2*s;u^&AU7uc^v>gS;RLk(j
zPzmA)#evJKhnL?z%Z1&%zs}cpt8rv!i}|nZR-UWX52v?VvjwM9m<cDI5Nvj6bvlch
zOs)~UtBIbtDXbl)Xb+6eWUHA{EE33}aj`ZSMqACUutZ&O8n~)b5`^)gh4X&*O_`a7
zdkFF688!lFWdbem4n|lx<%SND#~m|~Ko16DhuhhH8{b87Ww_E;>8(s>*cObY4TF>$
zNUMPhiyHn5R5oXBr`2LI{1O0Zs?3gK3@gzp^`1?M=$v$*OA_<IRTjl(#~K_|*41EP
zz-lt-=zG^*MqIYG-jk;SmWGR_egK-CIxa_bS*=Mmsmav@T(NJpR~fkOBvZ~Y=fLtl
z!WNNJSF-5N$T-XpO)1-}Il4=?y3%x)-p?u5jGH?DaP#)B<t}_YD_<Voex5HY`hRTy
zi?+kb^2`0PYR}&A^kB6#Uj2k<wUqSAx;fvh$rXe(*ZZHJ+w9*OY<jtzy?gk)Hw3m+
zib1YBxt9g@b_oxJm57v8;Q<{(bw>J_FdKKk@Kmg6AV|%qE<&3{D~HDz63@dFB#A*`
zC}R?Jz?g=2k=2;0vv2ShftpG(hNr{Uhg+y1N=*nOOjlg3ZlOfs942XFz!7HP272w1
zQ>ObC0~EO{>LX-4f=<9(DK}Gnw=Piy0R|{UbwjZlk*lWoa!%CLFb%ib{MM(7#yBN&
z^|?#$r4NZquaU|hpp3#(C!wj-TuLI2DZaEjg~oHuwYK-^Yl9Kfq=f9Abg0TkuK<cv
zJqYX|R#IfsUPu_G6S`_jX*(5J;mYi6ofpQH(%GYw+$Krk;cs^ic#hdU<9%AQTpRM3
z*w$7?((_&lUQhprWyjTh;TwBq*6rbEnB@I?fRTSrw*x%*P|C>>U3%Q^VH6uPN{7<N
z8`=Ekd=mP&97WM)|NXQj{y(Dt2n+SLyJvCGyQ{Rke4gdkcAlqwXI#I$e_C?=X2~#8
zm(;oM2v`gstU!0EZ&SJid<KMtXO3eRTs*evG>!>-qXi|(fWE4su`q*RN-AA|EeV#a
z!~C#%?B;F|ygze8DiDBcIXK6{y_Tzfsuc#{uprXrwO=1WIu4|xBS?pz?<^K!DuvNY
zQ<~Lwd}FA!m0$&q%9Tb*&($6u;W)Z9!4_%5ke?nKtTOCw*PbgZlYwjnv<9BQbnBU=
zo0+4J76uixaG<c}4lhR_&|}QnHUU%w|8S_?y^%GuU~<W(fIL;)Gw4f6=mAc}853`o
z7zCy_xJ?J=t8LO<!1*~Q>mSiCr@0H9X#2{>VAT88UMClDaOGq47_VLP7{<+RpT!HW
z`75CC`|FiidVIgamCR=Go1fZpemDD(+tT%E!K3oSvpjrw-fxeok-P4f)-;61t>>Gz
zq9D9HL5Oi(TxdH(=#F`#5_4n2%$t1;gypJW!ptr(tJ6QW#>LnO6OlJH<H!o50UfYP
z7lRqxbyZc1R<LX;b6wYt-Kf1p9W5A%Y9Z%rjrNfu;DvSHFm0<Djt?)ceJJ`=R-uYc
z#>LQ+)iyF97PrS*JKUnc)afisMit3&E1kh0g4UT?nW3xQPpol>%1KMXppw9d!PsEm
z2JV41Dp}mxl+*+sB4NsI6f}u&l=vN4z~L5AteO?6Se8@83A>?qZHpnX1VhFnRc`>5
z1{Dqm0D?}k!r26dmWA#|wAjl<%j-)Q$5o5zxVGGZtH<w0#5_&;rx@gDQK!L(oJv~R
z;~n0<nf{-(UlX;g*HX$^m^W_SS!s3lr$@c&X-(sCSEbcwDeI#aHippHbT|8t`PEgM
zy}ReX^|ZG?(!k#1iuVkiUEc72^yZj|w(nEFB{s}^QI{GztlUS;Z6MzmMj7)DCJ7cA
z(^Jb{Ozk*Da5{!ZcpNHqHjI)mvTN0o=GY|JQ(Bp|LpKEfS<F6{!g`sQLRG~pk&*#7
zkX4o;4^(OL#f_`KW_JXAIqq(ZL+6NXk@X{XMvaItB(4_VbRoSgCW5?6CW2rtR)(e>
z61Q5Tk1ojGg5&lR9E1eMsJq*jw8uF55eZ|48)W855^yQ-$VD3Og%xmP0?fW9=DH~s
z#FM&dr|`|e_E$Q9!VO!oK!+LVgrTodTW0^^L+5%0Zq&KL^=oTOG$0~M0RvgrLpiR0
zUc!g5Jr8b&jKABb9Y|g14Vypk^Hb7q)8kk<MSw8nQrn7S;=7f^+jzcNUH8xT05G#(
z%I}x=UvA+uqP|OuleC<V^#lhCUrONLtg;oD3t7FX=ITISmC#mT#u}22#z(rCp5(E1
zGyFh^T{OY<a>udlasyn(sLfRF!t~?a>Y*Dk1K=!~W-pl0;sHAxV0B8hV`kQ#BJfU_
z%}XC8{&n8w%TH<WtZ&QZoEVfJe{T64Z~yV;cf(0(-2ae%2g_cd-?qnYtel7e9#6+@
z-6sjO50g}kbcP9Z2v(Hg>5D1c(~veAie&(wTM-QKQeqMqcmi|&+|H&J1_%WtpDN1L
z<Xj6VT2P${Y49t>0UQ9}3&EN=wK1;GMR-{**=PxGaIh;xF%`}urtUEuObT4s0PJ!p
zTW4}BpoA6Pxp4nSO9wP);lV)usI(uB=&F|i9AjIqH1HN*fM4tmAKSAgH(1~av17R`
z*22f8_fK{dxFi5dFU~i!V(!}2V)pNV3d{7sZH?i@YctiE=YId?rn!}hA<N5aIZ6d?
zFY8gS%a|<pjRLmp5U>?GMwe!k5CA5ILjj;w6vZ`T=H%2u7b^`j1#aQcNYxdSjRTVB
zdT}R?t+7%CVy0jOR&SnQLsigr3~B%r$^)uYFw7anSbBGgS!pw)RM>tGhZuqNMrc59
zpnXt_-i!uiDOGz+eqaTqXV3$|3?4Yb?y63<fj?LWuNZqQ2OhuaY;~wkv9_RNCQBsg
z1~~Uac6O1Bgv&DH287pO3{IhCxdqU5*ZHXC5tzQEY8_CZvfQX+Mjc#@GFmZE%z$e!
z-c7>;6+VG&wtCru#wVEJk8QpellbBq!~R1*=QzcmtrojD5NvhoWIS5p@nKjvU|#2I
zrp))x(=qFEE48B%+cyfi`l&6)<$(0C#K9MtFMjx#GQ0&L|Gof-?~`2)uqcc7RR)t-
zqEy=g>ueejFky@k@k{gAS{Kia^t9v+{z-9A%mFP`8KYvJL~Yy$zzoCkg6`$<>sghY
z0fkh7l+|Nm8t22nnWP%VV0cj1t@rRPBBLG$!s($=<B>ZB?W9(vfY%Eke^BpQ1Mquh
z<Us|lNdy8WT8egdR{g22FzAtWhpe?y?r(X|?7GmafkQM*7K<#AfzGHymQN%NsRj0L
zT8E?VMTXQww6%FArIh1(rnA(2E=qUVnem%~k`x%k0|go2onmI0>j3Yhn7HPFKop+P
zR%+>Ke`L?S1OfA2ug^<*``5enWdX~6d;74&Y2Lyy>{xdgudz3%{Df5X%ircV`+N^a
z%qcixl?61eO|*?L3wb_?aBQvf`qeQO>GtEp-Ruw7cjY~U1>U8b>(_!2MlTEz=Nr)r
z`$8JV{f_6dX1^{Tb_;&4gtLE3QJvHnYgtX;o@EQdQXx~g#InZ%bettjB75fIxi2Q1
z&1FxkWz`1895}vJ>?&e9)h)XYoE(Uc*ACuL>bHseaLrknWRN0un0o~f2L%AG=rd1I
zxy_4zoq!HU-AVd6IAAA-iLn;vdl0~VRa8*`98?g!WJ|eW(-T#ERT3$&9)u~umf9PA
zn9aKEZd_keY;YC1N@p;YxC%@ZWn{oY1nmP#WKG|y9E(tk<bcQ|lNn8=FmyPg@tx<6
zZlH!h;KGc>e5V9u1#!C0xO9(^kcVqIz$5evgA`g;4!qYK(>Yt#HQF(Y8tp&`!sI7j
z6@ZZUQJojz2f1BdpHcn#Dt)<rxL@6teg5?9L;AGlw8Z%iZNQ)L!*!@czs18(Rwe!y
z@bKkByPExoXSkfbYnlIlNH?jxZzpc=ww^GHpM9tw-^@NdEa&%Q5dI>4YRj_>uYJ|d
zZmu3K=gZ+<-^|8uCYZOn)N=kZhT^r=Zx!PWRMoH*CE*T??Miaub_P5o1r{1{FM8-=
zYW*n;t8%lo%AQ#ELxT$B=sVFxDd0*lKx@Rn#kZYheb%ofNhw-nY(!%coGwX$@n>e2
zB^hUW2tV3+Kd*3G!@ziSLhA$ZunXIL@XmEwDz6tEywPyy7F@{+U`{6rH&b-#3cR$z
z8RQ5$2;>t&hYzUe9jmR0NA(Dpmq{szR2-#!oDJS3O*ZD5P&xVDGB7TQFhx$Zjlp%}
zC1`S#;Cd(Yn0Fw4Ng1n@_bPjq<LF9TnYDLDMhQsIida4ZBpN_JTau_w+A3QQNu1Q9
zFO^N7+k3<1ZQJ|Z@Fs(68(y5^+17{133>x5U#9z2G&a0lg<<DRdi<Uw@aJ@Uz4-tC
zyPf?q|JeTazq5CX`E5F1;LY6+ckQ=jTAY{Pju#<XUHtjWJ@fRY=##(P4_m~;yR)g3
z>R8%hvA`of)}sBSPSH9zlwjj+Q=v%=J(dQjf;HchW8J=5gi2{9BQrjRX1{o9?J2{i
z=@MZKWgtgYv>Y*v;Q(QiL8d$l(s&)$j^2opN+AJSdE5oeO6vwYkeOK?+G(RL_ddmz
ztA7(7IgX@P&`2J*%Tu-9ie|W4gx82d1*xK-{IM+-j>~hK4xG#uU6@*Aq6q;UFAWiE
zCFXtY4SWR$1maE>-x*S`S`m$!WfYJfF_-BXt`9#2NTw7^OQuLdC?yZ~hmP5$90X2X
z0ip`9RZ$Y$F;>^$WhrTqq;9D?6S{F7GoP&#Vo-2UQ6AM_Td>#AqKACZ__J4~A&-51
z3IUuCW_yL(F72$apWE$<7uxpq81+%g>Xwl{6X)xA>z8!@e%>DNpA`>oxofoG%hPIC
zZ7o~#oHcwb(vb%^ScsVU(8(bctyu-l%9^b6EbdD+OpI3Nb~MMu^z;*LV8E4<Of0F1
z(bJflG1e^0KNgc&*Cx0q_nd1(utT#dTMfYrYm6%_kQ2yCLW7Y+hNg;PDDJ<tL(9xw
zie9Bw!KMW720S{bkGG_94!tnvg)3fwTcY_WYUJ*4r+}F<k=3Y=ZlEli9wI-L#NonL
z-(k)Pv`H0NxW8VrlfsKoC|PQ_#nv(~36+pwj;A(YlZ^iL;KQX-c?Mp;2$2})(@L??
zx0VZ@I-rRem&gtAoU*TY!i=VWO#{EM{Q2F@ZMr)jgEBjfFwr0fzdKf@yLo@}_Md+I
z{l)V&E*`D%rGMCVE4x#3xB)#{?B3s;y3oDVbDWUqgA>$;#m$DhnLb(pKAXyJ-^Q_=
z>Ol^1B~g@%5%6LNsTP>G@JCT2NtyzanaN=N$`f7;4>oPW*a{HR05hT&eW;z5VlXVp
z6gYTi#;dS-@J2YAp`22#MJwioGQOhfY%m?`EHKrA%MCz!^YUL2+q%+OM+dk*9ka6-
z9!Q;HL>MeknJRNK)qx*WE^e8qsj9>h4nc-is=;gwGN~PAaX2u~5Z>L*3<wq|r4QiM
zqQXp0^+@lkjYcV9HH+Jb&TZ*Ll_PLfkfR_Bn$=LQ<cMxyc(SLeiL)ldO{uOcrQKbx
zV5vfP#=XUovSJx_{LkG`J=Zy@6z7>^x@o`E$)~c~HQRj0_|;xtu*c{hPkaisnV&7L
zmvfwN&D0-1TO~Q_1;-gv?EZW+Z+CZRe^{n|MPl>mhr8jEkNn^~?J58CoIH1`$*V(B
zAtDB*+9z9F%)R*l+~_K2MNr<<F(+!X`lJ_+5BNA9gG%^GEZR{J#{qJv#<JBaVMt4m
zU#6mOo?yf9laWnepfOR{0nlRnMiv#4BGsrcUB+qldU+FHXZ%mycZ&5-2kkO{NsZyu
z;rhC2Ho%!>DS{DP=rl~*>cOE^b5dS3rUAm&>0D$Axj2*Dp(YnXDN0W{2~Psk^T74o
zI2Xk_5E%fGoLwu?MF&RFeKIyu5LPG;U;>_YOqW#KxmW12>XbA`&%m)zvb~^>3l*ty
zplAwpT`80e#!{mX06R%14;Xc9mmTE@9=mCqCz!r_4J_EUIaShGX}9<DJ};P=!RpIc
YdzziS$D=&m;X#-3cQuO#2Gy(p01#2K7XSbN

diff --git a/debian/updater.go b/debian/updater.go
index 21b1de5ff..7522c3515 100644
--- a/debian/updater.go
+++ b/debian/updater.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -14,7 +15,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/quay/claircore"
 	"github.com/quay/zlog"
 
 	"github.com/quay/claircore/libvuln/driver"
@@ -125,8 +125,7 @@ var (
 func (f *Factory) UpdaterSet(ctx context.Context) (driver.UpdaterSet, error) {
 	s := driver.NewUpdaterSet()
 
-	ds, err := f.findReleases(ctx, f.mirror)
-	if err != nil {
+	if err := f.findReleases(ctx, f.mirror); err != nil {
 		return s, fmt.Errorf("debian: examining remote: %w", err)
 	}
 
@@ -134,17 +133,6 @@ func (f *Factory) UpdaterSet(ctx context.Context) (driver.UpdaterSet, error) {
 	u := &updater{
 		jsonURL: f.json.String(),
 	}
-	for _, d := range ds {
-		src, err := f.mirror.Parse(path.Join("dists", d.VersionCodeName) + "/")
-		if err != nil {
-			return s, fmt.Errorf("debian: unable to construct source URL: %w", err)
-		}
-
-		u.dists = append(u.dists, sourceURL{
-			distro: d.VersionCodeName,
-			url:    src,
-		})
-	}
 
 	if err := s.Add(u); err != nil {
 		return s, fmt.Errorf("debian: unable to add updater: %w", err)
@@ -154,32 +142,31 @@ func (f *Factory) UpdaterSet(ctx context.Context) (driver.UpdaterSet, error) {
 }
 
 // FindReleases is split out as a method to make it easier to examine the mirror and the archive.
-func (f *Factory) findReleases(ctx context.Context, u *url.URL) ([]*claircore.Distribution, error) {
+func (f *Factory) findReleases(ctx context.Context, u *url.URL) error {
 	dir, err := u.Parse("dists/")
 	if err != nil {
-		return nil, fmt.Errorf("debian: unable to construct URL: %w", err)
+		return fmt.Errorf("debian: unable to construct URL: %w", err)
 	}
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, dir.String(), nil)
 	if err != nil {
-		return nil, fmt.Errorf("debian: unable to construct request: %w", err)
+		return fmt.Errorf("debian: unable to construct request: %w", err)
 	}
 	res, err := f.c.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("debian: unable to do request: %w", err)
+		return fmt.Errorf("debian: unable to do request: %w", err)
 	}
 	defer res.Body.Close()
 	switch res.StatusCode {
 	case http.StatusOK:
 	default:
-		return nil, fmt.Errorf("debian: unexpected status fetching %q: %s", dir.String(), res.Status)
+		return fmt.Errorf("debian: unexpected status fetching %q: %s", dir.String(), res.Status)
 	}
 	var buf bytes.Buffer
 	if _, err := buf.ReadFrom(res.Body); err != nil {
-		return nil, fmt.Errorf("debian: unable to read dists listing: %w", err)
+		return fmt.Errorf("debian: unable to read dists listing: %w", err)
 	}
 	ms := linkRegexp.FindAllStringSubmatch(buf.String(), -1)
 
-	var todos []*claircore.Distribution
 Listing:
 	for _, m := range ms {
 		dist := m[1]
@@ -257,20 +244,18 @@ Listing:
 			continue
 		}
 
-		todos = append(todos, mkDist(dist, int(ver)))
+		mkDist(dist, int(ver))
 	}
 
-	return todos, nil
+	return nil
 }
 
 // Updater implements [driver.updater].
 type updater struct {
 	// jsonURL is the URL from which to fetch JSON vulnerability data
 	jsonURL string
-	dists   []sourceURL
 
-	c  *http.Client
-	sm *sourcesMap
+	c *http.Client
 }
 
 // UpdaterConfig is the configuration for the updater.
@@ -278,9 +263,9 @@ type UpdaterConfig struct {
 	// Deprecated: Use JSONURL instead.
 	OVALURL string `json:"url" yaml:"url"`
 	JSONURL string `json:"json_url" yaml:"json_url"`
-	// Deprecated: Use DistsURLs instead.
-	DistsURL  string      `json:"dists_url" yaml:"dists_url"`
-	DistsURLs []sourceURL `json:"dists_urls" yaml:"dists_urls"`
+	// Deprecated: DistURL and DistsURLs are unused.
+	DistsURL  string            `json:"dists_url" yaml:"dists_url"`
+	DistsURLs []json.RawMessage `json:"dists_urls" yaml:"dists_urls"`
 }
 
 // Name implements [driver.Updater].
@@ -307,21 +292,6 @@ func (u *updater) Configure(ctx context.Context, f driver.ConfigUnmarshaler, c *
 		zlog.Info(ctx).
 			Msg("configured JSON database URL")
 	}
-	if len(cfg.DistsURLs) != 0 {
-		u.dists = cfg.DistsURLs
-		zlog.Info(ctx).
-			Msg("configured dists URLs")
-	}
-
-	var srcs []sourceURL
-	for _, dist := range u.dists {
-		src, err := url.Parse(dist.url.String())
-		if err != nil {
-			return fmt.Errorf("debian: unable to parse dist URL: %w", err)
-		}
-		srcs = append(srcs, sourceURL{distro: dist.distro, url: src})
-	}
-	u.sm = newSourcesMap(u.c, srcs)
 
 	return nil
 }
@@ -385,11 +355,6 @@ func (u *updater) Fetch(ctx context.Context, fingerprint driver.Fingerprint) (io
 	}
 	zlog.Info(ctx).Msg("fetched latest json database successfully")
 
-	if err := u.sm.Update(ctx); err != nil {
-		return nil, "", fmt.Errorf("could not update source to binary map: %w", err)
-	}
-	zlog.Info(ctx).Msg("updated the debian source to binary map successfully")
 	success = true
-
 	return f, driver.Fingerprint(fp), err
 }