Prepare new release

component/apache/buildout.cfg

@@ -30,9 +30,9 @@ md5sum = 2202b18f269ad606d70e1864857ed93c
 [apache]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
 recipe = slapos.recipe.cmmi
-version = 2.4.17
+version = 2.4.18
 url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
-md5sum = cf4dfee11132cde836022f196611a8b7
+md5sum = 3690b3cc991b7dfd22aea9e1264a11b9
 pre-configure =
   cp -ar ${apr:location}/apr-${apr:version} srclib/apr/ &&
   cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util

component/babeld/buildout.cfg

 [buildout]
-extends =
-  ../../stack/slapos.cfg 
-
 parts = babeld
 
 [babeld]
 recipe = slapos.recipe.cmmi
-url = https://lab.nexedi.com/rafael/babeld/repository/archive.tar.gz?ref=v1.6.0-nxd1
-md5sum = 1f269d01321103873b8d245df19984f0 
+url = http://git.erp5.org/gitweb/babeld.git/snapshot/v1.6.2-nxd1.tar.xz
+md5sum = 336d25fd7630052ccb3a61d3603029b9
 configure-command =
   echo "No configure.."
 
-make-targets = 
-  install PREFIX=${buildout:parts-directory}/${:_buildout_section_name_} 
+make-targets =
+  install PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}

component/ca-certificates/buildout.cfg

@@ -11,10 +11,11 @@ parts =
 
 [ca-certificates]
 recipe = slapos.recipe.cmmi
-url = ftp://ftp.free.fr/mirrors/ftp.debian.org/pool/main/c/ca-certificates/ca-certificates_20150426.tar.xz
+url = http://http.debian.net/debian/pool/main/c/ca-certificates/ca-certificates_20160104.tar.xz
 patch-binary = ${patch:location}/bin/patch
-md5sum = 717455f13fb31fd014a11a468ea3895d
+md5sum = d9665a83d0d3ef8176a38e6aa20458e9
 patches =
+  ${:_profile_base_location_}/ca-certificates-any-python.patch#087b5e860c7a4b8ff6656c95c5835ee2
   ${:_profile_base_location_}/ca-certificates-sbin-dir.patch#0b4e7d82ce768823c01954ee41ef177b
 patch-options = -p0
 configure-command = true

component/ca-certificates/ca-certificates-any-python.patch

+--- mozilla/certdata2pem.py	2016-01-04 18:31:05.000000000 +0100
++++ mozilla/certdata2pem.py	2016-01-05 20:05:53.595360495 +0100
+@@ -63,7 +63,7 @@
+             else:
+                 value += line
+             continue
+-        obj[field] = value
++        obj[field] = bytes(value)
+         in_multiline = False
+         continue
+     if line.startswith('CKA_CLASS'):
+--- mozilla/Makefile	2015-12-20 10:49:23.000000000 +0100
++++ mozilla/Makefile	2016-01-05 20:19:11.006874271 +0100
+@@ -3,7 +3,8 @@
+ #
+ 
+ all:
+-	python certdata2pem.py
++	for x in '' 2 3; do type python$$x && break; done >/dev/null \
++	&& python$$x certdata2pem.py
+ 
+ clean:
+ 	-rm -f *.crt

component/chrpath/buildout.cfg

+[buildout]
+parts =
+  chrpath
+
+[chrpath]
+recipe = slapos.recipe.cmmi
+url = http://http.debian.net/debian/pool/main/c/chrpath/chrpath_0.16.orig.tar.gz
+md5sum = 2bf8d1d1ee345fc8a7915576f5649982

component/git/buildout.cfg

@@ -16,8 +16,8 @@ parts =
 
 [git]
 recipe = slapos.recipe.cmmi
-url = https://www.kernel.org/pub/software/scm/git/git-2.5.3.tar.xz
-md5sum = e69b41f2d0a93f3d3dc5eb19196e4e5c
+url = https://www.kernel.org/pub/software/scm/git/git-2.7.0.tar.xz
+md5sum = 0214e04f7041f835c5c38f2b78eccced
 configure-options =
   --with-curl=${curl:location}
   --with-openssl=${openssl:location}

component/groonga/buildout.cfg

@@ -13,8 +13,8 @@ extends =
 
 [groonga]
 recipe = slapos.recipe.cmmi
-url = http://packages.groonga.org/source/groonga/groonga-5.1.0.tar.gz
-md5sum = df2e716efee92bc80efd3ddaa84fafb7
+url = http://packages.groonga.org/source/groonga/groonga-5.1.1.tar.gz
+md5sum = 50a869f710c005c0bb46ba7b790621fc
 # temporary patch to respect more tokens in natural language mode.
 patches =
   ${:_profile_base_location_}/groonga.patch#9ed02fbe8400402d3eab47eee149978b

component/gtk-2/buildout.cfg

@@ -53,6 +53,7 @@ configure-options =
   --disable-gtk-doc-html
   --with-cairo
   --with-freetype
+  --without-icu
 environment =
   PATH=${glib:location}/bin:${freetype:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${:pkg_config_depends}

component/haproxy/buildout.cfg

@@ -22,6 +22,7 @@ make-options =
   TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|3)' && echo linux2628 || echo generic)"
   ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
   PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
+  USE_DL=1
   USE_LUA=1
   LUA_INC=${lua:location}/include
   LUA_LIB=${lua:location}/lib

component/ipython/buildout.cfg

@@ -15,7 +15,7 @@ egg = ipython
 environment = ipython-env
 setup-eggs = ${numpy:egg}
 
-[ipython_notebook]
+[ipython-notebook]
 recipe = zc.recipe.egg:scripts
 eggs = ipython[notebook]
   ${matplotlib:egg}

component/libpng/buildout.cfg

@@ -18,15 +18,15 @@ environment =
 
 [libpng12]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.2.54.tar.xz
-md5sum = bbb7a7264f1c7d9c444fd16bf6f89832
+url = http://download.sourceforge.net/libpng/libpng-1.2.56.tar.xz
+md5sum = 868562bd1c58b76ed8703f135a2e439a
 
 [libpng15]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.5.24.tar.xz
-md5sum = b7f828f2907214fe1e8951a3b9d4623a
+url = http://download.sourceforge.net/libpng/libpng-1.5.26.tar.xz
+md5sum = 3414d556788e14b4a154369e67eacaa3
 
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.6.19.tar.xz
-md5sum = 1e6a458429e850fc93c1f3b6dc00a48f
+url = http://download.sourceforge.net/libpng/libpng-1.6.20.tar.xz
+md5sum = 3968acb7c66ef81a9dab867f35d0eb4b

component/mariadb/buildout.cfg

@@ -13,6 +13,7 @@ extends =
   ../pcre/buildout.cfg
   ../pkgconfig/buildout.cfg
   ../readline/buildout.cfg
+  ../xz-utils/buildout.cfg
   ../zlib/buildout.cfg
 
 parts =
@@ -20,9 +21,9 @@ parts =
 
 [mariadb]
 recipe = slapos.recipe.cmmi
-version = 10.1.9
+version = 10.1.10
 url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb
-md5sum = 71d0e2408a671e1125c1310ce657f688
+md5sum = 9aa4d68b24c1ddd8cb56923a920684b3
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 patch-options = -p0
 patches =
@@ -42,17 +43,23 @@ configure-options =
   -DWITH_EXTRA_CHARSETS=complex
   -DWITH_EMBEDDED_SERVER=0
   -DWITH_JEMALLOC=yes
+  -DWITH_INNODB_BZIP2=OFF
+  -DWITH_INNODB_LZ4=OFF
+  -DWITH_INNODB_LZMA=ON
+  -DWITH_INNODB_LZO=OFF
+  -DWITH_INNODB_SNAPPY=OFF
+  -DWITH_SAFEMALLOC=OFF
   -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1
   -DWITHOUT_MROONGA_STORAGE_ENGINE=1
   -DWITHOUT_DAEMON_EXAMPLE=1
-  -DCMAKE_C_FLAGS="-I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${pcre:location}/include -I${readline5:location}/include -I${zlib:location}/include"
-  -DCMAKE_CXX_FLAGS="-I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${pcre:location}/include -I${readline5:location}/include -I${zlib:location}/include"
-  -DCMAKE_INSTALL_RPATH=${jemalloc:location}/lib:${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${pcre:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+  -DCMAKE_C_FLAGS="-I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${pcre:location}/include -I${readline5:location}/include -I${xz-utils:location}/include -I${zlib:location}/include"
+  -DCMAKE_CXX_FLAGS="-I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${pcre:location}/include -I${readline5:location}/include -I${xz-utils:location}/include -I${zlib:location}/include"
+  -DCMAKE_INSTALL_RPATH=${jemalloc:location}/lib:${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${pcre:location}/lib:${readline5:location}/lib:${xz-utils:location}/lib:${zlib:location}/lib
 environment =
   CMAKE_PROGRAM_PATH=${cmake:location}/bin
-  CMAKE_INCLUDE_PATH=${libaio:location}/include:${libaio:location}/include:${libxml2:location}/include:${ncurses:location}/include:${openssl:location}/include:${pcre:location}/include:${readline5:location}/include:${zlib:location}/include
-  CMAKE_LIBRARY_PATH=${libaio:location}/lib:{libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${pcre:location}/lib:${readline5:location}/lib:${zlib:location}/lib
-  LDFLAGS=-L${jemalloc:location}/lib -Wl,-rpath=${jemalloc:location}/lib -L${libaio:location}/lib -Wl,-rpath=${libaio:location}/lib -L${pcre:location}/lib -L${zlib:location}/lib
+  CMAKE_INCLUDE_PATH=${libaio:location}/include:${libaio:location}/include:${libxml2:location}/include:${ncurses:location}/include:${openssl:location}/include:${pcre:location}/include:${readline5:location}/include:${xz-utils:location}/include:${zlib:location}/include
+  CMAKE_LIBRARY_PATH=${libaio:location}/lib:{libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${pcre:location}/lib:${readline5:location}/lib:${xz-utils:location}/lib:${zlib:location}/lib
+  LDFLAGS=-L${jemalloc:location}/lib -Wl,-rpath=${jemalloc:location}/lib -L${libaio:location}/lib -Wl,-rpath=${libaio:location}/lib -L${pcre:location}/lib -L${xz-utils:location}/lib -L${zlib:location}/lib
 post-install =
   mkdir -p ${:location}/include/wsrep &&
   cp -p wsrep/wsrep_api.h ${:location}/include/wsrep
@@ -61,8 +68,8 @@ post-install =
 # mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
 # http://mroonga.github.com/
 recipe = slapos.recipe.cmmi
-url = http://packages.groonga.org/source/mroonga/mroonga-5.10.tar.gz
-md5sum = 2fc6a7ae9e58bfd3430cdc8cb38ccf7f
+url = http://packages.groonga.org/source/mroonga/mroonga-5.11.tar.gz
+md5sum = 0ca8525da3594685ec039d22a6ceec8d
 pre-configure =
   mkdir fake_mariadb_source &&
   ln -s ${mariadb:location}/include/mysql/private fake_mariadb_source/sql

component/ncurses/buildout.cfg

 [buildout]
+extends =
+  ../patch/buildout.cfg
 parts =
   ncurses
 
@@ -6,6 +8,9 @@ parts =
 recipe = slapos.recipe.cmmi
 url = ftp://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.0.tar.gz
 md5sum = ee13d052e1ead260d7c28071f46eefb1
+patch-options = -p1
+patches =
+  ${:_profile_base_location_}/ncurses-5.9-gcc-5.patch#57f4cd0cc0c0a42a5ddb2167f9546d72
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
   --with-shared
@@ -22,5 +27,6 @@ make-targets =
 # pass dummy LDCONFIG to skip needless calling of ldconfig by non-root user
 environment =
   LDCONFIG=/bin/echo
+  PATH=${patch:location}/bin:%(PATH)s
 make-options =
   -j1

component/ncurses/ncurses-5.9-gcc-5.patch

+https://bugs.gentoo.org/545114
+
+extracted from the upstream change (which had many unrelated commits in one)
+
+From 97bb4678dc03e753290b39bbff30ba2825df9517 Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Sun, 7 Dec 2014 03:10:09 +0000
+Subject: [PATCH] ncurses 5.9 - patch 20141206
+
++ modify MKlib_gen.sh to work around change in development version of
+  gcc introduced here:
+	  https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html
+	  https://gcc.gnu.org/ml/gcc-patches/2014-07/msg00236.html
+  (reports by Marcus Shawcroft, Maohui Lei).
+
+diff --git a/ncurses/base/MKlib_gen.sh b/ncurses/base/MKlib_gen.sh
+index d8cc3c9..b91398c 100755
+--- a/ncurses/base/MKlib_gen.sh
++++ b/ncurses/base/MKlib_gen.sh
+@@ -474,11 +474,22 @@ sed -n -f $ED1 \
+ 	-e 's/gen_$//' \
+ 	-e 's/  / /g' >>$TMP
+ 
++cat >$ED1 <<EOF
++s/  / /g
++s/^ //
++s/ $//
++s/P_NCURSES_BOOL/NCURSES_BOOL/g
++EOF
++
++# A patch discussed here:
++#	https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html
++# introduces spurious #line markers.  Work around that by ignoring the system's
++# attempt to define "bool" and using our own symbol here.
++sed -e 's/bool/P_NCURSES_BOOL/g' $TMP > $ED2
++cat $ED2 >$TMP
++
+ $preprocessor $TMP 2>/dev/null \
+-| sed \
+-	-e 's/  / /g' \
+-	-e 's/^ //' \
+-	-e 's/_Bool/NCURSES_BOOL/g' \
++| sed -f $ED1 \
+ | $AWK -f $AW2 \
+ | sed -f $ED3 \
+ | sed \

component/openvpn/buildout.cfg

 [buildout]
 extends =
   ../lzo/buildout.cfg
-  ../patch/buildout.cfg
   ../openssl/buildout.cfg
   ../flex/buildout.cfg
 
@@ -10,16 +9,11 @@ parts =
 
 [openvpn]
 recipe = slapos.recipe.cmmi
-url = http://swupdate.openvpn.org/community/releases/openvpn-2.3.6.tar.gz
-md5sum = 6ca03fe0fd093e0d01601abee808835c 
-patch-binary = ${patch:location}/bin/patch
-patches =
-  ${:_profile_base_location_}/openvpn-ciphernone.patch#462b53a45da2fa686822618c4faafd19
-patch-options = -p0
-configure-options = 
+url = http://swupdate.openvpn.org/community/releases/openvpn-2.3.8.tar.xz
+md5sum = acc5ea4b08ad53173784520acbd4e9c3
+configure-options =
   --disable-plugin-auth-pam
   --enable-static
-/bin/bash: q: command not found
 environment =
   LZO_LIBS=-L${lzo:location}/lib -llzo2
   LZO_CFLAGS=-I${lzo:location}/include
@@ -29,4 +23,3 @@ environment =
   OPENSSL_CRYPTO_CFLAGS="-I${openssl:location}/include"
   LDFLAGS =-Wl,-rpath=${lzo:location}/lib -Wl,-rpath=${flex:location}/lib -Wl,-rpath=${openssl:location}/lib
   CPPFLAGS=-I${lzo:location}/include -I${flex:location}/include
-

component/openvpn/openvpn-ciphernone.patch

---- src/openvpn/crypto_backend.h
-+++ src/openvpn/crypto_backend.h
-@@ -237,8 +237,7 @@
-  *
-  * @return		true iff the cipher is a CBC mode cipher.
-  */
--bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
--  __attribute__((nonnull));
-+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
- 
- /**
-  * Check if the supplied cipher is a supported OFB or CFB mode cipher.
-@@ -247,8 +246,7 @@
-  *
-  * @return		true iff the cipher is a OFB or CFB mode cipher.
-  */
--bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
--  __attribute__((nonnull));
-+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
- 
- 
- /**

component/python-2.7/buildout.cfg

@@ -27,9 +27,9 @@ python = python2.7
 
 [python2.7]
 recipe = slapos.recipe.cmmi
-package_version = 2.7.10
+package_version = 2.7.11
 package_version_suffix =
-md5sum = c685ef0b8e9f27b5e3db5db12b268ac6
+md5sum = 1dbcc848b4cd8399a8199d000f9f823c
 
 # This is actually the default setting for prefix, but we can't use it in
 # other settings in this part if we don't set it explicitly here.
@@ -41,6 +41,7 @@ patch-options = -p1
 patches =
   ${:_profile_base_location_}/fix_compiler_module_issue_20613.patch#94443a77f903e9de880a029967fa6aa7
   ${:_profile_base_location_}/pytracemalloc_pep445.patch#46662cf0ccc7cb7cfb8289bbfd68b21a
+  ${:_profile_base_location_}/disabled_module_list.patch#71ad30d32bcdbc50c19cf48675b1246e
 url =
   http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.xz
 configure-options =

component/python-2.7/disabled_module_list.patch

+--- Python-2.7.11/setup.py.orig	2015-12-05 20:47:20.000000000 +0100
++++ Python-2.7.11/setup.py	2015-12-23 20:57:13.471968160 +0100
+@@ -33,7 +33,7 @@
+ COMPILED_WITH_PYDEBUG = ('--with-pydebug' in sysconfig.get_config_var("CONFIG_ARGS"))
+ 
+ # This global variable is used to hold the list of modules to be disabled.
+-disabled_module_list = []
++disabled_module_list = ['_bsddb', '_tkinter', 'bsddb185']
+ 
+ def add_dir_to_list(dirlist, dir):
+     """Add the directory 'dir' to the list 'dirlist' (at the front) if

component/python-cryptography/buildout.cfg

@@ -2,6 +2,7 @@
 extends =
   ../openssl/buildout.cfg
   ../pkgconfig/buildout.cfg
+  ../python-cffi/buildout.cfg
 
 parts =
   python-cryptography

component/re6stnet/buildout.cfg

 [buildout]
 extends =
-  ./common.cfg
+  ../babeld/buildout.cfg
+  ../openvpn/buildout.cfg
+  ../python-cryptography/buildout.cfg
 
-parts = 
-  babeld
+parts =
   re6stnet
 
-[versions]
-re6stnet = 0.435
+[re6stnet]
+recipe = zc.recipe.egg
+eggs =
+  ${python-cffi:egg}
+  ${python-cryptography:egg}
+  pyOpenSSL
+  re6stnet
+
+# Note: For now original PATH is appended to the end, as not all tools are
+#       provided by SlapOS
+initialization =
+  import os
+  os.environ['PATH'] = "${openvpn:location}/sbin:${babeld:location}/bin:${openssl:location}/bin:${python2.7:location}/bin:" + os.environ['PATH']

component/re6stnet/common.cfg

-[buildout]
-extends =
-  ../../../stack/slapos.cfg
-  ../git/buildout.cfg
-  ../babeld/buildout.cfg
-  ../openvpn/buildout.cfg
-
-parts = 
-  babeld
-  re6stnet
-
-[environment]
-# Note: For now original PATH is appended to the end, as not all tools are
-#       provided by SlapOS
-PATH=${openvpn:location}/sbin:${babeld:location}/bin:${bzip2:location}/bin:${gettext:location}/bin:${glib:location}/bin:${libxml2:location}/bin:${libxslt:location}/bin:${ncurses:location}/bin:${openssl:location}/bin:${pkgconfig:location}/bin:${python2.7:location}/bin:${readline:location}/bin:${sqlite3:location}/bin::${buildout:bin-directory}:${xz-utils:location}/bin:$PATH
-
-[re6stnet]
-recipe = zc.recipe.egg
-eggs =
-  ${lxml-python:egg}
-  ${python-cffi:egg}
-  ${python-cryptography:egg}
-  pyOpenSSL
-  re6stnet
-
-script =
-  re6stnet
-  re6st-conf
-  re6st-registry
-
-initialization =
-  import os
-  os.environ['PATH'] = os.path.expandvars('${environment:PATH}')
-
-entry-points =
-  re6stnet=re6st.cli.node:main
-  re6st-conf=re6st.cli.conf:main
-  re6st-registry=re6st.cli.registry:main
-
-[versions]
-re6stnet = 0.435

component/re6stnet/development.cfg

-[buildout]
-extends =
-  ./common.cfg
-
-develop = 
-  re6stnet-repository
-
-parts = 
-  babeld
-  re6stnet-develop
-  re6stnet
-
-[re6stnet-repository]
-recipe = slapos.recipe.build:gitclone
-repository = http://git.erp5.org/repos/re6stnet.git
-branch = master
-git-executable = ${git:location}/bin/git
-
-[re6stnet-develop]
-recipe = zc.recipe.egg:develop
-setup = ${re6stnet-repository:location} 

slapos/recipe/dropbear.py

@@ -102,7 +102,8 @@ class Recipe(GenericBaseRecipe):
     # Disable password login
     dropbear_cmd.extend(['-s', '-g'])
     # Disable port forwarding
-    dropbear_cmd.extend(['-j', '-k'])
+    if not self.optionIsTrue('allow-port-forwarding', default=False):
+      dropbear_cmd.extend(['-j', '-k'])
 
     host = self.options['host']
     if ':' in host:

slapos/recipe/generic_mysql/template/my.cnf.in

@@ -8,10 +8,6 @@
 # Loud fail is really required in such case.
 sql-mode="NO_ENGINE_SUBSTITUTION"
 
-# Workaround for https://bugs.launchpad.net/maria/+bug/985828
-# that causes wrong result in Resource_zGetInventoryList etc.
-optimizer_switch = derived_merge=off
-
 skip-show-database
 %(networking)s
 socket = %(socket)s

slapos/recipe/pbs.py

@@ -159,9 +159,11 @@ class Recipe(GenericSlapRecipe, Notify, Callback):
                     %(remote_dir)s \\
                     $BACKUP_DIR
 
+            RDIFF_BACKUP_STATUS=$?
+
             [ "$CORRUPTED_ARGS" ] && rm -f "$CORRUPTED_FILE" "$CANTFIND_FILE"
 
-            if [ ! $? -eq 0 ]; then
+            if [ ! $RDIFF_BACKUP_STATUS -eq 0 ]; then
                 # Check the backup, go to the last consistent backup, so that next
                 # run will be okay.
                 echo "Checking backup directory..."

slapos/recipe/postgres/__init__.py

@@ -29,6 +29,7 @@ import md5
 import os
 import subprocess
 import textwrap
+import shutil
 from zc.buildout import UserError
 
 from slapos.recipe.librecipe import GenericBaseRecipe
@@ -79,11 +80,19 @@ class Recipe(GenericBaseRecipe):
         # if the pgdata already exists, skip all steps, we don't need to do anything.
 
         if not os.path.exists(pgdata):
-            self.createCluster()
-            self.createConfig()
-            self.createDatabase()
-            self.updateSuperuser()
-            self.createRunScript()
+            try:
+                self.createCluster()
+                self.createConfig()
+                self.createDatabase()
+                self.updateSuperuser()
+                self.createRunScript()
+            except:
+                # do not leave half-installed postgresql - else next time we
+                # run we won't update it.
+                shutil.rmtree(pgdata)
+                raise
+
+
 
         # install() methods usually return the pathnames of managed files.
         # If they are missing, they will be rebuilt.

software/apache-frontend/common.cfg

@@ -58,21 +58,21 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 5c22b1e0fe601255ebf19adf6093489f
+md5sum = 16b22ef9b0476352e2e5b68f5966ce62
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
 [template-apache-frontend]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-apache-frontend.cfg
-md5sum = f65456f704a32c43822b1efefc7ae4b7
+md5sum = 00361d1e4a2788863de58e0ca9b6dfcf
 output = ${buildout:directory}/template-apache-frontend.cfg
 mode = 0644
 
 [template-apache-replicate]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
-md5sum = bf3de2d814110d4af8efb5b7b165665b
+md5sum = c495395bf4cae93ff665c5e74e6d4583 
 mode = 0644
 
 [template-slave-list]
@@ -164,7 +164,7 @@ md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
 [template-trafficserver-records-config]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
-md5sum = a892d3e71988a8293e44382cbf10810f
+md5sum = c68fc90886c3314466b459520692e145 
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 filename = records.config.jinja2
 download-only = true

software/apache-frontend/instance-apache-frontend.cfg

@@ -122,6 +122,8 @@ configuration.apache-ca-certificate =
 configuration.open-port = 80 443
 configuration.extra_slave_instance_list =
 configuration.disk-cache-size = 8G
+configuration.trafficserver-autoconf-port = 8083
+configuration.trafficserver-mgmt-port = 8084
 
 [frontend-configuration]
 template-log-access = ${template-log-access:target}
@@ -473,6 +475,8 @@ remap = map / http://$${instance-parameter:ipv4-random}:$${apache-configuration:
 plugin-config = ${trafficserver:location}/libexec/trafficserver/rfc5861.so
 cache-path = $${trafficserver-directory:cache-path}
 disk-cache-size = $${instance-parameter:configuration.disk-cache-size}
+autoconf-port = $${instance-parameter:configuration.trafficserver-autoconf-port}
+mgmt-port = $${instance-parameter:configuration.trafficserver-mgmt-port}
 
 [trafficserver-configuration-directory]
 recipe = plone.recipe.command

software/apache-frontend/instance-apache-replicate.cfg.in

@@ -14,9 +14,9 @@ context =
 
 {% set part_list = [] -%}
 {% set single_type_key = 'single-' %}
-{% if slap_software_type in ("replicate", "RootSoftwareInstance") %}
-{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'custom-personal') -%}
-{% elif slap_software_type == 'default' -%}
+{% if slap_software_type == "replicate" %}
+{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') -%}
+{% elif slap_software_type in ['default', 'RootSoftwareInstance'] -%}
 {%   set frontend_type = "%s%s" % (single_type_key, 'custom-personal') -%}
 {% else -%}
 {%   set frontend_type = "%s%s" % (single_type_key, slap_software_type) -%}
@@ -131,6 +131,7 @@ rejected-slave-list = {{ json_module.dumps(rejected_slave_list) }}
 [publish-slave-information]
 recipe = slapos.cookbook:softwaretype
 default = ${dynamic-publish-slave-information:rendered}
+RootSoftwareInstance = ${dynamic-publish-slave-information:rendered}
 replicate = ${dynamic-publish-slave-information:rendered}
 custom-personal = ${dynamic-publish-slave-information:rendered}
 custom-group = ${dynamic-publish-slave-information:rendered}

software/apache-frontend/instance.cfg

@@ -31,6 +31,7 @@ context =
 [switch-softwaretype]
 recipe = slapos.cookbook:softwaretype
 default = $${dynamic-template-apache-replicate:rendered}
+RootSoftwareInstance = $${dynamic-template-apache-replicate:rendered}
 custom-personal = $${dynamic-template-apache-replicate:rendered}
 custom-group = $${dynamic-template-apache-replicate:rendered}
 single-default = ${template-apache-frontend:output}

software/apache-frontend/templates/trafficserver/records.config.jinja2

@@ -53,8 +53,8 @@ CONFIG proxy.config.admin.user_id STRING {{ '#%s' % os_module.geteuid() }}
 # Process Manager
 #
 ##############################################################################
-CONFIG proxy.config.admin.autoconf_port INT 8083
-CONFIG proxy.config.process_manager.mgmt_port INT 8084
+CONFIG proxy.config.admin.autoconf_port INT {{ ats_configuration.get('autoconf-port', '8083') }}
+CONFIG proxy.config.process_manager.mgmt_port INT {{ ats_configuration.get('mgmt-port', '8084') }}
 ##############################################################################
 #
 # In order to only bind a specific IP, use the following config, as in

software/ipython_notebook/instance.cfg

-[buildout]
-parts =
-  instance
-  publish-connection-parameter
-## Monitoring part XXX whe should not have to specify all parts like this
-## Parts to add for monitoring
-  certificate-authority
-  cron
-  cron-entry-monitor
-  cron-entry-rss
-  deploy-index
-  deploy-settings-cgi
-  deploy-status-cgi
-  deploy-status-history-cgi
-  setup-static-files
-  certificate-authority
-  zero-parameters
-  public-symlink
-  cgi-httpd-wrapper
-  cgi-httpd-graceful-wrapper
-  monitor-promise
-  monitor-instance-log-access
-## Monitor for ipython
-  monitor-current-log-access
-  monitor-deploy-set-password-cgi
-
-extends = ${monitor-template:output}
-
-eggs-directory = ${buildout:eggs-directory}
-develop-eggs-directory = ${buildout:develop-eggs-directory}
-offline = true
-
-[slapconfiguration]
-recipe = slapos.cookbook:slapconfiguration
-computer = $${slap_connection:computer_id}
-partition = $${slap_connection:partition_id}
-url = $${slap_connection:server_url}
-key = $${slap_connection:key_file}
-cert = $${slap_connection:cert_file}
-
-[instance-parameter]
-port = 8888
-host = $${slapconfiguration:ipv6-random}
-cert_file = $${generate-certificate:cert_file}
-key_file = $${generate-certificate:key_file}
-logfile = $${directory:log}/ipython_notebook.log
-notebook_dir = $${directory:notebook_dir}
-
-[generate-certificate]
-; TODO: there is a slapos recipe to generate certificates. Use it instead
-recipe = plone.recipe.command
-command =
-  if [ ! -e $${instance-parameter:key_file} ]
-  then
-    ${openssl-output:openssl} req -x509 -nodes -days 3650 \
-      -subj "/C=AA/ST=X/L=X/O=Dis/CN=$${instance-parameter:host}" \
-      -newkey rsa:1024 -keyout $${instance-parameter:key_file} \
-      -out $${instance-parameter:cert_file}
-  fi
-update-command = $${:command}
-cert_file = $${directory:etc}/ipython_notebook_cert.crt
-key_file = $${directory:etc}/ipython_notebook_cert.key
-
-[instance]
-recipe = slapos.cookbook:wrapper
-command-line =
-  ${buildout:bin-directory}/ipython notebook
-  --no-browser
-  --matplotlib=inline
-  --ip=$${instance-parameter:host}
-  --port=$${instance-parameter:port}
-  --port-retries=0
-  --certfile=$${instance-parameter:cert_file}
-  --keyfile=$${instance-parameter:key_file}
-  --notebook-dir=$${instance-parameter:notebook_dir}
-  --logfile=$${instance-parameter:logfile}
-  --config=$${ipython_notebook_config:rendered}
-wrapper-path = $${directory:service}/ipython_notebook
-parameters-extra = true
-
-[ipython_notebook_config]
-recipe = slapos.recipe.template:jinja2
-template = ${ipython_notebook_config:location}/${ipython_notebook_config:filename}
-rendered = $${directory:etc}/ipython_notebook_config.py
-mode = 0744
-context =
-  raw config_cfg $${buildout:directory}/knowledge0.cfg
-
-[monitor-current-log-access]
-< = monitor-directory-access
-source = $${instance-parameter:logfile}
-
-[monitor-deploy-set-password-cgi]
-recipe = slapos.recipe.template:jinja2
-template = ${ipython_notebook_set_password:location}/${ipython_notebook_set_password:filename}
-rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
-filename = ipython-notebook-password.cgi
-mode = 0744
-context =
-  raw config_cfg $${buildout:directory}/knowledge0.cfg
-  raw python_executable ${buildout:bin-directory}/ipython
-  key pwd monitor-directory:knowledge0-cgi
-  key this_file :filename
-  key httpd_graceful cgi-httpd-graceful-wrapper:rendered
-
-[directory]
-recipe = slapos.cookbook:mkdirectory
-home = $${buildout:directory}
-etc = $${:home}/etc
-var = $${:home}/var
-script = $${:etc}/run/
-service = $${:etc}/service
-promise = $${:etc}/promise/
-log = $${:var}/log
-notebook_dir = $${:var}/notebooks
-
-[publish-connection-parameter]
-recipe = slapos.cookbook:publish
-url = https://[$${instance-parameter:host}]:$${instance-parameter:port}
-monitor_url = $${monitor-parameters:url}

software/ipython_notebook/instance.cfg.in

+[buildout]
+parts =
+  instance
+  publish-connection-parameter
+## Monitoring part XXX whe should not have to specify all parts like this
+## Parts to add for monitoring
+  certificate-authority
+  cron
+  cron-entry-monitor
+  cron-entry-rss
+  deploy-index
+  deploy-settings-cgi
+  deploy-status-cgi
+  deploy-status-history-cgi
+  setup-static-files
+  certificate-authority
+  zero-parameters
+  public-symlink
+  cgi-httpd-wrapper
+  cgi-httpd-graceful-wrapper
+  monitor-promise
+  monitor-instance-log-access
+## Monitor for ipython
+  monitor-current-log-access
+  monitor-deploy-set-password-cgi
+  erp5-kernel
+  kernel-json
+  custom-js
+
+extends = {{ monitor_template }}
+
+eggs-directory = {{ eggs_directory }}
+develop-eggs-directory = {{ develop_eggs_directory }}
+offline = true
+
+[slapconfiguration]
+recipe = slapos.cookbook:slapconfiguration
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+[instance-parameter]
+port = 8888
+host = ${slapconfiguration:ipv6-random}
+cert_file = ${generate-certificate:cert_file}
+key_file = ${generate-certificate:key_file}
+logfile = ${directory:log}/ipython_notebook.log
+notebook_dir = ${directory:notebook_dir}
+
+[dynamic-jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+mode = 0644
+
+[generate-certificate]
+; TODO: there is a slapos recipe to generate certificates. Use it instead
+recipe = plone.recipe.command
+command =
+  if [ ! -e ${instance-parameter:key_file} ]
+  then
+    {{ openssl_output }} req -x509 -nodes -days 3650 \
+      -subj "/C=AA/ST=X/L=X/O=Dis/CN=${instance-parameter:host}" \
+      -newkey rsa:1024 -keyout ${instance-parameter:key_file} \
+      -out ${instance-parameter:cert_file}
+  fi
+update-command = ${:command}
+cert_file = ${directory:etc}/ipython_notebook_cert.crt
+key_file = ${directory:etc}/ipython_notebook_cert.key
+
+[instance]
+recipe = slapos.cookbook:wrapper
+command-line =
+  {{ bin_directory }}/ipython notebook
+  --no-browser
+  --ip=${instance-parameter:host}
+  --port=${instance-parameter:port}
+  --port-retries=0
+  --certfile=${instance-parameter:cert_file}
+  --keyfile=${instance-parameter:key_file}
+  --notebook-dir=${instance-parameter:notebook_dir}
+  --logfile=${instance-parameter:logfile}
+  --config=${ipython-notebook-config:rendered}
+# Add 'log-level' alias to 'DEBUG' so as to log requests being done while running
+# of service ipython_notebook.
+  --log-level="DEBUG"
+wrapper-path = ${directory:service}/ipython_notebook
+parameters-extra = true
+# Explicitly define IPython Directory to be used while starting ipython notebook
+environment = IPYTHONDIR=${directory:ipython_dir}
+
+[ipython-notebook-config]
+<= dynamic-jinja2-template-base
+template = {{ ipython_notebook_config_location }}/{{ ipython_notebook_config_filename }}
+rendered = ${directory:etc}/ipython_notebook_config.py
+mode = 0744
+context =
+  raw config_cfg ${buildout:directory}/knowledge0.cfg
+
+[monitor-current-log-access]
+< = monitor-directory-access
+source = ${instance-parameter:logfile}
+
+[monitor-deploy-set-password-cgi]
+<= dynamic-jinja2-template-base
+template = {{ ipython_notebook_set_password_location }}/{{ ipython_notebook_set_password_filename }}
+rendered = ${monitor-directory:knowledge0-cgi}/${:filename}
+filename = ipython-notebook-password.cgi
+mode = 0744
+context =
+  raw config_cfg ${buildout:directory}/knowledge0.cfg
+  raw python_executable {{ bin_directory }}/ipython
+  key pwd monitor-directory:knowledge0-cgi
+  key this_file :filename
+  key httpd_graceful cgi-httpd-graceful-wrapper:rendered
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = ${buildout:directory}
+etc = ${:home}/etc
+var = ${:home}/var
+script = ${:etc}/run/
+service = ${:etc}/service
+promise = ${:etc}/promise/
+log = ${:var}/log
+notebook_dir = ${:var}/notebooks
+# Add folders to explicitly define ipython directory
+ipython_dir = ${:home}/ipython
+ipython_kernel_dir = ${:ipython_dir}/kernels
+erp5_kernel_dir = ${:ipython_kernel_dir}/ERP5
+
+[publish-connection-parameter]
+recipe = slapos.cookbook:publish.serialised
+url = https://[${instance-parameter:host}]:${instance-parameter:port}
+monitor_url = ${monitor-parameters:url}
+
+[erp5-kernel]
+<= dynamic-jinja2-template-base
+template = {{ erp5_kernel_location }}/{{ erp5_kernel_filename }}
+rendered = ${directory:erp5_kernel_dir}/ERP5kernel.py
+# Use ipython as executable python as we'll be needing requests library in kernel
+context =
+  raw python_executable {{ bin_directory }}/ipython
+
+[kernel-json]
+<= dynamic-jinja2-template-base
+template = {{ kernel_json_location }}/{{ kernel_json_filename }}
+rendered = ${directory:erp5_kernel_dir}/kernel.json
+# Use python2.7 executable bin file for kernel config
+context =
+  raw python_executable {{ python_executable }}
+  key kernel_dir erp5-kernel:rendered
+  raw display_name ERP5
+  raw language_name python
+
+[custom-js]
+<= dynamic-jinja2-template-base
+template = {{ custom_js_location }}/{{ custom_js_filename }}
+rendered = ${directory:ipython_dir}/profile_default/static/custom/custom.js
+mode = 0744

software/ipython_notebook/software.cfg

@@ -11,51 +11,85 @@ extends =
 parts =
   monitor-eggs
   slapos-cookbook
-  ipython_notebook
-  ipython_notebook_set_password
-  instance
+  ipython-notebook
+  instance-jupyter
 
-[ipython_notebook]
+[ipython-notebook]
 ; In the ipython notebook software, we use more eggs than in the minimal
 ; ipython notebook component
 eggs +=
+  requests
   ${scipy:egg}
   ${pandas:egg}
   ${scikit-learn:egg}
 
-[ipython_notebook_config]
+[download-file-base]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/${:filename}
 download-only = true
-md5sum = a5bc4ee8539109d1de7ab33b4c2c97ea
 destination = ${buildout:parts-directory}/${:_buildout_section_name_}
-filename = ipython_notebook_config.jinja
 mode = 0644
 
-[ipython_notebook_set_password]
-recipe = hexagonit.recipe.download
-url = ${:_profile_base_location_}/template/${:filename}
-download-only = true
+[ipython-notebook-config]
+<= download-file-base
+filename = ipython_notebook_config.py.jinja
+md5sum = a5bc4ee8539109d1de7ab33b4c2c97ea
+
+[ipython-notebook-set-password]
+<= download-file-base
+filename = ipython_set_password.cgi.jinja
 md5sum = d7d4a7e19d55bf14007819258bf42100
-destination = ${buildout:parts-directory}/${:_buildout_section_name_}
-filename = ipython_set_password.jinja
-mode = 0644
 
-[instance]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/instance.cfg
-output = ${buildout:directory}/instance.cfg
+[erp5-kernel]
+<= download-file-base
+filename = ERP5kernel.py.jinja
+md5sum = da2f592075c414d4bb26cf7a7dfd147b
 
+[kernel-json]
+<= download-file-base
+filename = kernel.json.jinja
+md5sum = ab6e78ea20855e07d388b5b86d1770fe
 
+[custom-js]
+<= download-file-base
+filename = custom.js.jinja
+md5sum = 0e8262d04a6dafbc1b77d95aea2192bc
 
+[instance-jupyter]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/instance.cfg.in
+rendered = ${buildout:directory}/template.cfg
+mode = 0644
+md5sum = 1a993b1f8fa3f001c45075fe95a48332
+context =
+  key bin_directory buildout:bin-directory
+  key develop_eggs_directory buildout:develop-eggs-directory
+  key eggs_directory buildout:eggs-directory
+  key monitor_template monitor-template:output
+  key openssl_output openssl-output:openssl
+  key python_executable python2.7:executable
+  key ipython_notebook_config_location ipython-notebook-config:location
+  key ipython_notebook_config_filename ipython-notebook-config:filename
+  key ipython_notebook_set_password_location ipython-notebook-set-password:location
+  key ipython_notebook_set_password_filename ipython-notebook-set-password:filename
+  key erp5_kernel_location erp5-kernel:location
+  key erp5_kernel_filename erp5-kernel:filename
+  key kernel_json_location kernel-json:location
+  key kernel_json_filename kernel-json:filename
+  key custom_js_location custom-js:location
+  key custom_js_filename custom-js:filename
 
 [versions]
 PyRSS2Gen = 1.1
 Pygments = 2.0.2
 cns.recipe.symlink = 0.2.3
-ipython = 3.2.0
+ipython = 4.0.0
 matplotlib = 1.4.3
-mistune = 0.6
+
+# Required by:
+# ipython==4.0.0
+mistune = 0.7.1
+
 nose = 1.3.7
 numpy = 1.9.2
 pandas = 0.16.2
@@ -66,6 +100,10 @@ scipy = 0.15.1
 slapos.recipe.template = 2.8
 terminado = 0.5
 tornado = 4.2
+requests = 2.7.0
+
+# Required for erp5_kernel
+ipykernel = 4.2.1
 
 # Required by:
 # tornado==4.2
@@ -91,3 +129,52 @@ ptyprocess = 0.5
 # matplotlib==1.4.3
 # pandas==0.16.2
 python-dateutil = 2.4.2
+
+# Required by:
+# ipython==4.0.0
+notebook = 4.0.6
+simplegeneric = 0.8.1
+
+# Required by:
+# nbformat==4.0.1
+# notebook==4.0.6
+# traitlets==4.1.0b1
+ipython-genutils = 0.1.0
+
+# Required by:
+# ipykernel==4.2.1
+# notebook==4.0.6
+jupyter-client = 4.1.1
+
+# Required by:
+# nbformat==4.0.1
+# notebook==4.0.6
+# jupyter-client==4.1.1
+# nbconvert==4.1.0
+jupyter-core = 4.0.6
+
+# Required by:
+# notebook==4.0.6
+nbconvert = 4.1.0
+
+# Required by:
+# notebook==4.0.6
+# nbconvert==4.1.0
+nbformat = 4.0.1
+
+# Required by:
+# pickleshare==0.5
+path.py = 8.1.2
+
+# Required by:
+# ipython==4.0.0
+pexpect = 4.0.1
+
+# Required by:
+# ipython==4.0.0
+pickleshare = 0.5
+
+# Required by:
+# ipython==4.0.0
+# notebook==4.0.6
+traitlets = 4.1.0b1

software/ipython_notebook/template/ERP5kernel.py.jinja

+#!{{ python_executable }}
+
+from ipykernel.kernelbase import Kernel
+from ipykernel.kernelapp import IPKernelApp
+
+from IPython.core.display import HTML
+
+import requests
+import json
+
+# erp5_url from buildout
+# TODO: Uncomment after adding automated installation of erp5-data-notebook bt5
+# url = ""
+# url  = "%s/erp5/Base_executeJupyter"%url
+
+class MagicInfo:
+  """
+  Magics definition structure.
+  Initializes a new MagicInfo class with specific paramters to identify a magic.
+  """
+  def __init__(self, magic_name, variable_name, send_request, request_reference, display_message):
+    self.magic_name = magic_name
+    self.variable_name = variable_name
+    self.send_request = send_request
+    self.request_reference = request_reference
+    self.display_message = display_message
+
+# XXX: New magics to be added here in the dictionary.
+# In this dictionary,
+# key = magic_name,
+# value = MagicInfo Structure corresponding to the magics
+# Different parameters of the structures are :-
+# magics_name(str) = Name which would be used on jupyter frontend
+# variable_name(str) = Name of variable on which magic would be set in kernel
+# send_request(boolean) = Magics for which requests to erp5 backend need to be made
+# request_reference(boolean) = Request for notebook references(and titles) from erp5
+# display_message(boolean) = If the magics need to display message after
+#                             making request. Useful for magics which do get some
+#                             useful content from erp5 backend and need to display
+
+MAGICS = {
+  'erp5_user': MagicInfo('erp5_user', 'user', True, False, True),
+  'erp5_password': MagicInfo('erp5_password', 'password', True, False, True),
+  'erp5_url': MagicInfo('erp5_url', 'url', True, False, True),
+  'notebook_set_reference': MagicInfo('notebook_set_reference', 'reference', True, False, True),
+  'notebook_set_title': MagicInfo('notebook_set_title', 'title', False, False, True),
+  'my_notebooks': MagicInfo('my_notebooks', '', True, True, False)
+}
+
+class ERP5Kernel(Kernel):
+  """
+  Jupyter Kernel class to interact with erp5 backend for code from frontend.
+  To use this kernel with erp5, user need to install 'erp5_data_notebook' bt5 
+  Also, handlers(aka magics) starting with '%' are predefined.
+
+  Each request to erp5 for code execution requires erp5_user, erp5_password
+  and reference of the notebook.
+  """
+
+  implementation = 'ERP5'
+  implementation_version = '1.0'
+  language = 'ERP5'
+  language_version = '0.1'
+  language_info = {'mimetype': 'text/plain', 'name':'python'}
+  banner = "ERP5 integration with ipython notebook"
+
+  def __init__(self, user=None, password=None, url=None, status_code=None,
+              *args, **kwargs):
+    super(ERP5Kernel, self).__init__(*args, **kwargs)
+    self.user = user
+    self.password = password
+    # Use URL provided by buildout during initiation
+    # It can later be overridden
+    self.url = url
+    self.status_code = status_code
+    self.reference = None
+    self.title = None
+    # Allowed HTTP request code list for making request to erp5 from Kernel
+    # This list should be to used check status_code before making requests to erp5
+    self.allowed_HTTP_request_code_list = range(500, 511)
+    # Append request code 200 in the allowed HTTP status code list
+    self.allowed_HTTP_request_code_list.append(200)
+
+  def display_response(self, response=None):
+    """
+      Dispays the stream message response to jupyter frontend.
+    """
+    if response:
+      stream_content = {'name': 'stdout', 'text': response}
+      self.send_response(self.iopub_socket, 'stream', stream_content)
+
+  def set_magic_attribute(self, magic_info=None, code=None):
+    """
+      Set attribute for magic which are necessary for making requests to erp5.
+      Catch errors and display message. Since user is in contact with jupyter
+      frontend, so its better to catch exceptions and dispaly messages than to
+      let them fail in backend and stuck the kernel.
+      For a making a request to erp5, we need -
+      erp5_url, erp5_user, erp5_password, notebook_set_reference
+    """
+    # Set attributes only for magic who do have any varible to set value to
+    if magic_info.variable_name:
+
+      try:
+        # Get the magic value recived via code from frontend
+        magic_value = code.split()[1]
+        # Set magic_value to the required attribute
+        setattr(self, magic_info.variable_name , magic_value)
+        self.response = 'Your %s is %s. '%(magic_info.magic_name, magic_value)
+
+      # Catch exception while setting attribute and set message in response
+      except AttributeError:
+        self.response = 'Please enter %s magic value'%magic_info.variable_name
+
+      # Catch IndexError while getting magic_value and set message in response object
+      except IndexError:
+        self.response = 'Empty value for %s magic'%magic_info.variable_name
+
+      # Catch all other exceptions and set error_message in response object
+      # XXX: Might not be best way, but its better to display error to the user
+      # via notebook frontend than to fail in backend and stuck the Kernel without
+      # any failure message to user.
+      except Exception as e:
+        self.response = str(e)
+
+      # Display the message/response from this fucntion before moving forward so
+      # as to keep track of the status
+      self.display_response(response=self.response)
+
+  def check_required_attributes(self):
+    """
+      Check if the required attributes for making a request are already set or not.
+      Display message to frontend to provide with the values in case they aren't.
+      This function can be called anytime to check if the attributes are set. The
+      output result will be in Boolean form.
+      Also, in case any of attribute is not set, call to display_response would be
+      made to ask user to enter value.
+    """
+    result_list = []
+    required_attributes  = ['url', 'password', 'user', 'reference']
+
+    # Set response to empty so as to flush the response set by some earlier fucntion call
+    self.response = ''
+
+    # Loop to check if the attributes are set
+    for attribute in required_attributes:
+      if getattr(self, attribute):
+        result_list.append(True)
+      else:
+        # Set response/message for attributes which aren't set
+        self.response = '\nPlease enter %s in next cell. '%attribute
+        result_list.append(False)
+
+    # Compare result_list to get True for all True results and False for any False result 
+    check_attributes = all(result_list)
+
+    # Display response to frontend before moving forward
+    self.display_response(response=self.response)
+
+    return check_attributes
+
+  def make_erp5_request(self, request_reference=False, display_message=True,
+                        code=None, message=None, title=None, *args, **kwargs):
+    """
+      Function to make request to erp5 as per the magics.
+      Should return the response json object.
+    """
+
+    try:
+      erp5_request = requests.get(
+        self.url,
+        verify=False,
+        auth=(self.user, self.password),
+        params={
+          'python_expression': code,
+          'reference': self.reference,
+          'title': self.title,
+          'request_reference': request_reference,
+          },
+      )
+
+      # Set value for status_code for self object which would later be used to
+      # dispaly response after statement check
+      self.status_code = erp5_request.status_code
+
+      # Dispaly error response in case the request give any other status
+      # except 200 and 5xx(which is for errors on server side)
+      if self.status_code not in self.allowed_HTTP_request_code_list:
+        self.response = '''Error code %s on request to ERP5,\n
+        check credentials or ERP5 family URL'''%self.status_code
+      else:
+        # Set value of self.response to the given value in case response from function
+        # call. In all other case, response should be the content from request
+        if display_message and message:
+          self.response = message
+        else:
+          self.response = erp5_request.content
+
+    except requests.exceptions.RequestException as e:
+      self.response = str(e)
+
+  def do_execute(self, code, silent, store_history=True, user_expressions=None,
+                  allow_stdin=False):
+    """
+      Validate magic and call functions to make request to erp5 backend where
+      the code is being executed and response is sent back which is then sent
+      to jupyter frontend.
+    """
+    # By default, take the status of response as 'ok' so as show the responses
+    # for erp5_url and erp5_user on notebook frontend as successful response.
+    status = 'ok'
+
+    if not silent:
+      # Remove spaces and newlines from both ends of code
+      code = code.strip()
+
+      if code.startswith('%'):
+          # No need to try-catch here as its already been taken that the code
+          # starts-with '%', so we'll get magic_name, no matter what be after '%'
+          magic_name = code.split()[0][1:]
+          magics_name_list = [magic.magic_name for magic in MAGICS.values()]
+
+          # Check validation of magic
+          if magic_name and magic_name in magics_name_list:
+
+            # Get MagicInfo object related to the magic
+            magic_info = MAGICS.get(magic_name)
+
+            # Function call to set the required magics
+            self.set_magic_attribute(magic_info=magic_info, code=code)
+
+            # Call to check if the required_attributes are set
+            checked_attribute = self.check_required_attributes()
+            if checked_attribute and magic_info.send_request:
+              # Call the function to send request to erp5 with the arguments given
+              self.make_erp5_request(message='\nPlease proceed',
+              request_reference=magic_info.request_reference,
+              display_message=magic_info.display_message)
+
+              # Display response from erp5 request for magic
+              # Since this response would be either success message or failure
+              # error message, both of which are string type, so, we can simply
+              # display the stream response.
+              self.display_response(response=self.response)
+
+          else:
+            # Set response if there is no magic or the magic name is not in MAGICS
+            self.response = 'Invalid Magics'
+            self.display_response(response=self.response)
+
+      else:
+        # Check for status_code before making request to erp5 and make request in
+        # only if the status_code is in the allowed_HTTP_request_code_list
+        if self.status_code in self.allowed_HTTP_request_code_list:
+          self.make_erp5_request(code=code)
+
+          # For 200 status_code, Kernel will receive predefined format for data
+          # from erp5 which is either json of result or simple result string
+          if self.status_code == 200:
+            mime_type = 'text/plain'
+            try:
+              content = json.loads(self.response)
+              code_result = content['code_result']
+            # Display to frontend the error message for content status as 'error'
+              if content['status']=='error':
+                reply_content = {
+                  'status': 'error',
+                  'execution_count': self.execution_count,
+                  'ename': content['ename'],
+                  'evalue': content['evalue'],
+                  'traceback': content['traceback']}
+                self.send_response(self.iopub_socket, u'error', reply_content)
+                return reply_content
+            # Catch exception for content which isn't json
+            except ValueError:
+              content = self.response
+              code_result = content
+          # Display basic error message to frontend in case of error on server side
+          else:
+            self.make_erp5_request(code=code)
+            code_result = "Error at Server Side"
+            mime_type = 'text/plain'
+
+        # For all status_code except allowed_HTTP_response_code_list show unauthorized message
+        else:
+          code_result = 'Unauthorized access'
+          mime_type = 'text/plain'
+
+        data = {
+          'data': {mime_type: code_result},
+          'metadata': {}
+        }
+        self.send_response(self.iopub_socket, 'display_data', data)
+
+    reply_content = {
+      'status': status,
+      # The base class increments the execution count
+      'execution_count': self.execution_count,
+      'payload': [],
+      'user_expressions': {},
+    }
+    return reply_content
+
+if __name__ == '__main__':
+  IPKernelApp.launch_instance(kernel_class=ERP5Kernel)

software/ipython_notebook/template/custom.js.jinja

+// leave at least 2 line with only a star on it below, or doc generation fails
+/**
+ *
+ *
+ * Placeholder for custom user javascript
+ * mainly to be overridden in profile/static/custom/custom.js
+ * This will always be an empty file in IPython
+ *
+ * User could add any javascript in the `profile/static/custom/custom.js` file.
+ * It will be executed by the ipython notebook at load time.
+ *
+ * Same thing with `profile/static/custom/custom.css` to inject custom css into the notebook.
+ *
+ *
+ * The object available at load time depend on the version of IPython in use.
+ * there is no guaranties of API stability.
+ *
+ * The example below explain the principle, and might not be valid.
+ *
+ * Instances are created after the loading of this file and might need to be accessed using events:
+ *     define([
+ *        'base/js/namespace',
+ *        'base/js/events'
+ *     ], function(IPython, events) {
+ *         events.on("app_initialized.NotebookApp", function () {
+ *             IPython.keyboard_manager....
+ *         });
+ *     });
+ *
+ * __Example 1:__
+ *
+ * Create a custom button in toolbar that execute `%qtconsole` in kernel
+ * and hence open a qtconsole attached to the same kernel as the current notebook
+ *
+ *    define([
+ *        'base/js/namespace',
+ *        'base/js/events'
+ *    ], function(IPython, events) {
+ *        events.on('app_initialized.NotebookApp', function(){
+ *            IPython.toolbar.add_buttons_group([
+ *                {
+ *                    'label'   : 'run qtconsole',
+ *                    'icon'    : 'icon-terminal', // select your icon from http://fortawesome.github.io/Font-Awesome/icons
+ *                    'callback': function () {
+ *                        IPython.notebook.kernel.execute('%qtconsole')
+ *                    }
+ *                }
+ *                // add more button here if needed.
+ *                ]);
+ *        });
+ *    });
+ *
+ * __Example 2:__
+ *
+ * At the completion of the dashboard loading, load an unofficial javascript extension
+ * that is installed in profile/static/custom/
+ *
+ *    define([
+ *        'base/js/events'
+ *    ], function(events) {
+ *        events.on('app_initialized.DashboardApp', function(){
+ *            require(['custom/unofficial_extension.js'])
+ *        });
+ *    });
+ *
+ * __Example 3:__
+ *
+ *  Use `jQuery.getScript(url [, success(script, textStatus, jqXHR)] );`
+ *  to load custom script into the notebook.
+ *
+ *    // to load the metadata ui extension example.
+ *    $.getScript('/static/notebook/js/celltoolbarpresets/example.js');
+ *    // or
+ *    // to load the metadata ui extension to control slideshow mode / reveal js for nbconvert
+ *    $.getScript('/static/notebook/js/celltoolbarpresets/slideshow.js');
+ *
+ *
+ * @module IPython
+ * @namespace IPython
+ * @class customjs
+ * @static
+ */
+
+$([IPython.events]).on('notebook_loaded.Notebook', function(){
+  var kernelname = IPython.notebook.kernel_selector.current_selection;
+  var display_text="<div class='output_subarea output_text output_result'>\
+  <pre>Follow these steps to customize your notebook with ERP5 kernel :-</br>\
+  1. Add <b>%erp5_url &lt;your_erp5_url&gt;/erp5/Base_executeJupyter</b>.</br>\
+  Make sure you have 'erp5_data_notebook' business template installed in your erp5</br>\
+  2. <b>%notebook_set_reference &lt;your_notebook_refernce&gt;</b></br>\
+  It would be better to set the reference to match with erp5 reference pattern.</br>\
+  3. <b>%erp5_user &lt;your_erp5_username&gt;</b></br>\
+  4. <b>%erp5_password &lt;your_erp5_password&gt;</b></br>\
+  5. As soon as you see 'Please Proceed' message you can now access your erp5 using notebook.</br>\
+  <p><u>OTHER USEFUL MAGICS</u> -</br>\
+  <b>%my_notebooks</b> -This is used to display all the notebooks created by the specific user.</br>\
+  NOTE: Do not dynamically alter imported module objects as they are not being saved in DB, </br>\
+  so changes to them would be disregarded and would throw an error.</br>\
+  </pre></div>";
+  if (kernelname=="erp5"){
+  $('div#notebook-container').prepend(display_text);
+  }
+  });
\ No newline at end of file

software/ipython_notebook/template/kernel.json.jinja

+{
+  "argv": [
+    "{{python_executable}}",
+    "{{kernel_dir}}",
+    "-f",
+    "{connection_file}"
+  ],
+  "display_name": "{{display_name}}",
+  "language": "{{language_name}}",
+  "language_info": {"name": "python"}
+}

software/kvm/common.cfg

@@ -98,7 +98,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = ade64ba25dd4e98514479ac3363ea6ce
+md5sum = 4aeffb282779b43a55eb9067450cbefc
 download-only = true
 on-update = true
 
@@ -106,7 +106,7 @@ on-update = true
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = 1f5a7b9307059a46318fab4fe63f3ecd
+md5sum = 33f5f81dc2a19f74acda8316e5fde25e
 download-only = true
 on-update = true
 
@@ -184,7 +184,7 @@ recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/template/template-kvm-run.in
 mode = 644
 filename = template-kvm-run.in
-md5sum = 42e5c653780fdb86b50aa89d73814934
+md5sum = 24b09d68f7cd0e81630c685cc679676b
 download-only = true
 on-update = true
 

software/kvm/instance-kvm-cluster-input-schema.json

@@ -221,7 +221,8 @@
               "title": "Use keyboard layout language",
               "description": "Use keyboard layout language (for example fr for French). Can be usefull with VNC display",
               "type": "string",
-              "enum": ["ar", "da", "de", "de-ch", "en-gb", "en-us", "es", "et", "fi", "fo", "fr", "fr-be", "fr-ca", "fr-ch", "hr", "hu", "is", "it", "ja", "lt", "lv", "mk", "nl", "nl-be", "no", "pl", "pt", "pt-br", "ru", "sl", "sv", "th", "tr"]
+              "enum": ["ar", "da", "de", "de-ch", "en-gb", "en-us", "es", "et", "fi", "fo", "fr", "fr-be", "fr-ca", "fr-ch", "hr", "hu", "is", "it", "ja", "lt", "lv", "mk", "nl", "nl-be", "no", "pl", "pt", "pt-br", "ru", "sl", "sv", "th", "tr"],
+              "default": "fr"
             },
             "nbd-host": {
               "title": "NBD hostname or IP",
@@ -294,7 +295,7 @@
               "default": true
             },
             "use-nat": {
-              "title": "Use QEMU USER Mode networking",
+              "title": "Use QEMU USER Mode interface (NAT)",
               "description": "Use QEMU user-mode network stack (NAT).",
               "type": "boolean",
               "default": true
@@ -303,11 +304,13 @@
               "title": "List of rules for NAT of QEMU user mode network stack.",
               "description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\".",
               "type": "array",
-              "default": [
-                22,
-                80,
-                443
-              ]
+              "default": []
+            },
+            "nat-restrict-mode": {
+              "title": "Isolate the NAT Interface (No Internet access)",
+              "description": "If this option is enabled, the NAT interface will be isolated, i.e. it will not be able to contact the host and no guest IP packets will be routed over the host to the outside. This option does not affect any explicitly set nat rules.",
+              "type": "boolean",
+              "default": true
             },
             "enable-vhost": {
               "title": "Use vhost-net to improve network performance of tap interface",

software/kvm/instance-kvm-cluster.cfg.jinja2.in

@@ -56,6 +56,7 @@ config-nat-rules = {{ nat_rules_list | join(' ') }}
 config-publish-nat-url = True
 config-use-nat = {{ use_nat }}
 config-use-tap = {{ dumps(kvm_parameter_dict.get('use-tap', True)) }}
+config-nat-restrict-mode = {{ dumps(kvm_parameter_dict.get('nat-restrict-mode', True)) }}
 config-enable-vhost = {{ dumps(kvm_parameter_dict.get('enable-vhost', False)) }}
 config-virtual-hard-drive-url = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-url', '')) }}
 config-virtual-hard-drive-md5sum = {{ dumps(kvm_parameter_dict.get('virtual-hard-drive-md5sum', '')) }}

software/kvm/instance-kvm-input-schema.json

@@ -135,7 +135,7 @@
       "default": false
     },
     "use-nat": {
-      "title": "Use QEMU USER Mode networking",
+      "title": "Use QEMU USER Mode interface (NAT)",
       "description": "Use QEMU user-mode network stack (NAT).",
       "type": "boolean",
       "default": true
@@ -145,6 +145,12 @@
       "description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\". Ignored if \"use-tap\" parameter is enabled.",
       "type": "string"
     },
+    "nat-restrict-mode": {
+      "title": "Isolate the NAT Interface (No Internet access)",
+      "description": "If this option is enabled, the NAT interface will be isolated, i.e. it will not be able to contact the host and no guest IP packets will be routed over the host to the outside. This option does not affect any explicitly set nat rules.",
+      "type": "boolean",
+      "default": true
+    },
     "enable-vhost": {
       "title": "Use vhost-net to improve network performance of tap interface",
       "description": "The vhost-net provides much improved network performance for your VM. Only work if the vhost-net kernel module is loaded and available on host machine, please keep this option off if you're not shure.",

software/kvm/instance-kvm.cfg.jinja2

 {% set enable_http = slapparameter_dict.get('enable-http-server', 'False').lower() -%}
 {% set use_tap = slapparameter_dict.get('use-tap', 'False').lower() -%}
 {% set use_nat = slapparameter_dict.get('use-nat', 'True').lower() -%}
+{% set nat_restrict = slapparameter_dict.get('nat-restrict-mode', 'False').lower() -%}
 {% set name = slapparameter_dict.get('name', 'localhost') -%}
 {% set disable_ansible_promise = slapparameter_dict.get('disable-ansible-promise', 'False').lower() -%}
 {% set instance_type = slapparameter_dict.get('type', 'standalone') -%}
@@ -95,6 +96,7 @@ tap-mac-address = ${create-tap-mac:mac-address}
 use-tap = ${slap-parameter:use-tap}
 use-nat = ${slap-parameter:use-nat}
 nat-rules = {{ nat_rule_list }}
+nat-restrict= {{ nat_restrict }}
 enable-vhost = ${slap-parameter:enable-vhost}
 
 virtual-hard-drive-url = ${slap-parameter:virtual-hard-drive-url}
@@ -407,6 +409,8 @@ route-iface = route add ${slap-network-information:tap-gateway} dev {{ iface }}
 route-network = route add -net ${slap-network-information:tap-network} netmask ${slap-network-information:tap-netmask} gw ${slap-network-information:tap-gateway}
 {%   if iface == 'eth0' -%}
 route-default = route add default gw ${slap-network-information:tap-gateway}
+{%   elif nat_restrict == 'true' -%}
+route-default = route add default gw ${slap-network-information:tap-gateway} dev {{ iface }}
 {%   elif global_ipv4_prefix -%}
 route-default = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
 {% else -%}
@@ -438,6 +442,12 @@ mode = {{ mode }}
 # write public key for vms to public/authorized_keys
 {{ writefile('get-authorized-key', '${directory:public}/authorized_keys', slapparameter_dict.get('authorized-key', ''), '700') }}
 
+{% if use_tap == 'true' and nat_restrict == 'true' -%}
+# Ask to set default to tap interface in the vm
+{{ writefile('set-default-interface', '${directory:public}/delDefaultIface', iface, '600') }}
+{% do part_list.append('set-default-interface') -%}
+{% endif -%}
+
 [publish-host-config]
 recipe = plone.recipe.command
 name = {{ slapparameter_dict.get('name', 'localhost') }}
@@ -502,6 +512,13 @@ context =
   raw logs ${directory:public}/ansible
   raw name {{ name }}
 
+[cron-entry-logrotate]
+<= cron
+recipe = slapos.cookbook:cron.d
+name = logrotate
+# One time per week
+frequency = 0 0 * * * 0
+command = ${logrotate:wrapper}
 
 [logrotate-vm-bootstrap]
 < = logrotate-entry-base
@@ -537,6 +554,7 @@ numa =
 nat-rules = 22 80 443
 use-nat = True
 use-tap = False
+nat-restrict-mode = False
 enable-vhost = False
 
 virtual-hard-drive-url =
@@ -598,6 +616,7 @@ parts =
   novnc-promise
 #  kvm-monitor
   cron
+  cron-entry-logrotate
 #  cron-entry-monitor
   frontend-promise
 {% if monitor -%}

software/kvm/template/template-kvm-run.in

@@ -33,6 +33,7 @@ virtual_hard_drive_gzipped = '{{ parameter_dict.get("virtual-hard-drive-gzipped"
 nat_rules = '{{ parameter_dict.get("nat-rules") }}'.strip()
 use_tap = '{{ parameter_dict.get("use-tap") }}'.lower()
 use_nat = '{{ parameter_dict.get("use-nat") }}'.lower()
+set_nat_restrict = '{{ parameter_dict.get("nat-restrict") }}'.lower()
 enable_vhost = '{{ parameter_dict.get("enable-vhost") }}'.lower()
 tap_interface = '{{ parameter_dict.get("tap-interface") }}'
 listen_ip = '{{ parameter_dict.get("ipv4") }}'
@@ -228,6 +229,8 @@ if use_nat == 'true':
   if cluster_doc_host and cluster_doc_port > 0:
     rules += ',guestfwd=tcp:10.0.2.101:443-cmd:%s %s %s' % (netcat_bin,
                                            cluster_doc_host, cluster_doc_port)
+  if set_nat_restrict == 'true':
+    rules += ',restrict=on'
   nat_network_parameter = ['-netdev', rules,
           '-device', 'virtio-net-pci,netdev=lan%s,mac=%s' % (number, mac_address)]
 if use_tap == 'true':

software/neoppod/software-common.cfg

@@ -116,7 +116,7 @@ slapos.recipe.template = 2.8
 ZODB3 = 3.10.5+SlapOSPatched001
 # Required by slapos.toolbox==0.52
 slapos.toolbox = 0.52
-apache-libcloud = 0.19.0
+apache-libcloud = 0.20.0
 atomize = 0.2.0
 ecdsa = 0.13
 feedparser = 5.2.1

software/re6stnet/software.cfg

@@ -3,7 +3,6 @@
 extends =
   ../../component/re6stnet/buildout.cfg
   ../../component/dash/buildout.cfg
-  ../../component/git/buildout.cfg
   ../../component/dcron/buildout.cfg
   ../../component/gzip/buildout.cfg
   ../../component/openssl/buildout.cfg
@@ -11,19 +10,14 @@ extends =
   ../../component/apache/buildout.cfg
   ../../stack/slapos.cfg
 
-develop = 
-  ${:parts-directory}/re6stnet-repository
-
-parts = 
+parts =
+  slapos-cookbook-develop
   slapos-cookbook
   eggs
   dash
   babeld
-  re6stnet-develop
   re6stnet
   template
-  slapos.cookbook-repository
-  check-recipe
 
 [eggs]
 recipe = zc.recipe.egg
@@ -44,18 +38,6 @@ eggs =
   miniupnpc
   re6stnet
 
-[re6stnet-repository]
-repository = http://git.erp5.org/repos/re6stnet.git
-branch = re6st-slapos
-revision = 8130c7380cbf3f13bdc4e5ecb8e792fb7d2b7b2e
-
-
-[slapos.cookbook-repository]
-recipe = slapos.recipe.build:gitclone
-repository = http://git.erp5.org/repos/slapos.git
-branch = re6st-master
-git-executable = ${git:location}/bin/git
-
 [download-base]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/${:filename}
@@ -95,7 +77,7 @@ extra-context =
 [template-re6stnet]
 < = download-base
 filename = instance-re6stnet.cfg.in
-md5sum = a5000a513877bdab10f160ac0aaac95f
+md5sum = 1f074a64d330e62213810a023ebce01e
 
 [template-logrotate-base]
 < = template-jinja2-base
@@ -121,13 +103,6 @@ md5sum = 5dc218f887faeffc466e41c7d6191e49
 filename = wrapper.in
 md5sum = 69e63cb58267335e21da772bd867657e
 
-[check-recipe]
-recipe = plone.recipe.command
-stop-on-error = true
-update-command = ${:command}
-command =
-  grep parts ${buildout:develop-eggs-directory}/re6stnet.egg-link
-
 [versions]
 apache-libcloud = 0.17.0
 ecdsa = 0.13

software/slaprunner/common.cfg

@@ -54,7 +54,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner.cfg
 output = ${buildout:directory}/template-runner.cfg.in
-md5sum = c48384a3f380b4fffafe8fc372b95435
+md5sum = 3bac078d89d6a256f01a4f2104ec7e0f
 mode = 0644
 
 [template-runner-import-script]

software/slaprunner/instance-runner.cfg

@@ -237,6 +237,7 @@ home = $${buildout:directory}
 wrapper = $${directory:bin}/runner_sshd
 shell = ${bash:location}/bin/bash
 rsa-keyfile = $${directory:ssh}/server_key.rsa
+allow-port-forwarding = true
 dropbear-binary = ${dropbear:location}/sbin/dropbear
 
 [sshkeys-dropbear-runner]

software/slaprunner/software.cfg

@@ -15,7 +15,7 @@ collective.recipe.environment = 0.2.0
 ecdsa = 0.13
 erp5.util = 0.4.43
 gitdb = 0.6.4
-gunicorn = 19.4.1
+gunicorn = 19.4.5
 prettytable = 0.7.2
 pycrypto = 2.6.1
 slapos.recipe.template = 2.8

software/wendelin/software-dev.cfg

@@ -11,3 +11,10 @@ parts += wendelin.core-dev
 # tell erp5 to use -dev eggs instead of released ones
 eggs -= ${wendelin.core:egg}
 eggs += ${wendelin.core-dev:egg}
+
+
+# unpin wendelin.core from versions, so that if there is difference between
+# version of wendelin.core-dev and what was pinned, buildout does not fallback
+# to installing non-dev egg
+[versions]
+wendelin.core =

software/wendelin/software.cfg

@@ -21,7 +21,7 @@ parts +=
   wendelin.core
   matplotlib
   fluentd
-  ipython_notebook
+  ipython-notebook
 
 [eggs]
 initialization =

stack/erp5/buildout.cfg

@@ -178,7 +178,7 @@ md5sum = bc6048b85b410693e60e5a77399dd1b7
 [template-my-cnf]
 <= download-base
 filename = my.cnf.in
-md5sum = dd779e54d22105702aa72cadc994d957
+md5sum = 9ae79a450f9760072ccbc8c9b2d0c377
 
 [template-mariadb-initial-setup]
 <= download-base
@@ -319,7 +319,7 @@ md5sum = 977119d0b876df827c97bb64e6e98273
 [template-zeo]
 <= download-base
 filename = instance-zeo.cfg.in
-md5sum = 985c0010db6b553a89dbdb31353c56f5
+md5sum = b0cb0ee97cddc79112a718e065806037
 
 [template-zope]
 <= download-base
@@ -601,7 +601,7 @@ scripts +=
 Acquisition = 2.13.8+SlapOSPatched001
 Products.DCWorkflow = 2.2.4+SlapOSPatched001
 pysvn = 1.7.10+SlapOSPatched002
-python-ldap = 2.4.20+SlapOSPatched001
+python-ldap = 2.4.22+SlapOSPatched001
 
 # specify dev version to be sure that an old released version is not used
 cloudooo = 1.2.5-dev
@@ -641,11 +641,11 @@ zope.app.publication = 3.14.0
 zope.app.testing = 3.8.1
 
 # Pinned versions
-Pillow = 3.0.0
+Pillow = 3.1.0
 Products.CMFActionIcons = 2.1.3
 Products.DCWorkflowGraph = 0.4.1
 Products.ExternalEditor = 2.0.0
-Products.GenericSetup = 1.8.0
+Products.GenericSetup = 1.8.1
 Products.LongRequestLogger = 2.0.0
 Products.MimetypesRegistry = 2.0.8
 Products.PluginRegistry = 1.3
@@ -673,17 +673,17 @@ interval = 1.0.0
 ipdb = 0.8.1
 ipython = 4.0.0
 logilab-common = 1.1.0
-numpy = 1.10.1
+numpy = 1.10.4
 objgraph = 2.0.1
 ply = 3.8
 polib = 1.0.7
 pprofile = 1.7.3
 ptyprocess = 0.5
-pycountry = 1.18
+pycountry = 1.19
 pyflakes = 1.0.0
 # pylint 1.5.1 breaks testDynamicClassGeneration
 pylint = 1.4.4
-python-magic = 0.4.6
+python-magic = 0.4.10
 python-memcached = 1.57
 pytracemalloc = 1.2
 qrcode = 5.1

stack/erp5/instance-zeo.cfg.in

@@ -124,7 +124,7 @@ tidstorage-port =
 [{{ section("resiliency-exclude-file") }}]
 # Generate rdiff exclude file
 recipe = collective.recipe.template
-input = inline: {{ default_zodb_path }}/**
+input = inline: srv/zodb/**
 output = ${directory:srv}/exporter.exclude
 
 [{{ section("resiliency-after-import-script") }}]

stack/erp5/my.cnf.in

@@ -9,10 +9,6 @@
 # Loud fail is really required in such case.
 sql_mode="NO_ENGINE_SUBSTITUTION"
 
-# Workaround for https://bugs.launchpad.net/maria/+bug/985828
-# that causes wrong result in Resource_zGetInventoryList etc.
-optimizer_switch = derived_merge=off
-
 skip_show_database
 {% set ip = parameter_dict.get('ip') -%}
 {% if ip -%}

stack/slapos.cfg

@@ -109,44 +109,44 @@ hexagonit.recipe.download = 1.7.post4
 
 Jinja2 = 2.8
 PyYAML = 3.11
-Werkzeug = 0.10.4
+Werkzeug = 0.11.3
 buildout-versions = 1.7
-cffi = 1.2.1
+cffi = 1.4.2
 cliff = 1.15.0
 cmd2 = 0.6.8
-collective.recipe.template = 1.11
-cryptography = 1.0.2
-decorator = 4.0.4
+collective.recipe.template = 1.13
+cryptography = 1.2.1
+decorator = 4.0.6
 idna = 2.0
 inotifyx = 0.2.2
 itsdangerous = 0.24
-lxml = 3.4.4
+lxml = 3.5.0
 meld3 = 1.0.2
 netaddr = 0.7.18
 pbr = 1.8.1
 plone.recipe.command = 1.1
 prettytable = 0.7.2
-psutil = 3.2.2
+psutil = 3.3.0
 pyOpenSSL = 0.15.1
 pyasn1 = 0.1.9
-pyparsing = 2.0.5
+pyparsing = 2.0.7
 pytz = 2015.7
-requests = 2.8.1
+requests = 2.9.1
 setuptools = 18.1
 simplejson = 3.8.1
 six = 1.10.0
 slapos.cookbook = 1.0.17
-slapos.core = 1.3.14
+slapos.core = 1.3.15
 slapos.extension.strip = 0.1
 slapos.libnetworkcache = 0.14.5
 slapos.recipe.build = 0.23
 slapos.recipe.cmmi = 0.2
-stevedore = 1.9.0
+stevedore = 1.10.0
 unicodecsv = 0.14.1
 xml-marshaller = 0.9.7
 
 # Required by:
-# slapos.core==1.3.14
+# slapos.core==1.3.15
 Flask = 0.10.1
 
 # Required by:
@@ -155,20 +155,20 @@ MarkupSafe = 0.23
 
 # Required by:
 # cliff==1.15.0
-# stevedore==1.9.0
+# stevedore==1.10.0
 argparse = 1.4.0
 
 # Required by:
-# cryptography==1.0.2
-enum34 = 1.0.4
+# cryptography==1.2.1
+enum34 = 1.1.2
 
 # Required by:
 # jsonschema==2.5.1
 functools32 = 3.2.3.post2
 
 # Required by:
-# cryptography==1.0.2
-ipaddress = 1.0.14
+# cryptography==1.2.1
+ipaddress = 1.0.16
 
 # Required by:
 # slapos.cookbook==1.0.17
@@ -179,23 +179,23 @@ jsonschema = 2.5.1
 lock-file = 2.0
 
 # Required by:
-# slapos.core==1.3.14
+# slapos.core==1.3.15
 netifaces = 0.10.4
 
 # Required by:
-# cffi==1.2.1
+# cffi==1.4.2
 pycparser = 2.14
 
 # Required by:
-# slapos.core==1.3.14
+# slapos.core==1.3.15
 supervisor = 3.2.0
 
 # Required by:
-# slapos.core==1.3.14
+# slapos.core==1.3.15
 uritemplate = 0.6
 
 # Required by:
-# slapos.core==1.3.14
+# slapos.core==1.3.15
 zope.interface = 4.1.3
 
 [networkcache]