For now this still have to be enabled with a config like this in a .conf
file in srv/telegraf/extra-config/  :

    [[inputs.execd]]
      name_override = "slapos"
      # this needs sudo when using can not access supervisor socket, like when being installed in root slapos
      command = ["/usr/bin/sudo", "$SOFTWARE_DIR/go.work/bin/telegraf-input-slapos", "-config", "/path/to/slapos.conf"]

/path/to/slapos.conf would contain something like this:

    [[inputs.slapos]]
      ## Folder where partitions are located
      instance_root = "/srv/slapgrid/"

      ## filepath.Glob pattern to look for recursive instances
      recursive_instance_glob_pattern = "*/srv/runner/inst*/"

      ## Path of supervisor socket, relative to instance root
      socket_name = "sv.sock"

This version has a new sql input, that can be used to get metrics from sql
queries.

This reverts commit 31eaaec1.

This slows down business template by a factor of two and it seems we
don't need it. I'm experimenting with hacks in ppml.py but maybe just
creating the Unpickler with encoding='utf-8' in
product/ERP5Type/XMLExportImport/__init__.py:267 is enough ?

at this point they all fail after long timeouts, because neo does not
support py3 yet

Not sure why it was OK on python2 and not sure if this has to be done
or the promise code needs to cast the results of getConfig()

Otherwise it fails with the following exception because of non-ASCII characters
(`[A-Z&é@{]{3,7})`) (see unconvert()) below):

  => erp5_core/PathTemplateItem/portal_preferences/default_site_preference.xml
     File "zodbpickle-2.0.0-py3.7-linux-x86_64.egg/zodbpickle/pickle_3.py", line 844, in load
        dispatch[key[0]](self)
     File "zodbpickle-2.0.0-py3.7-linux-x86_64.egg/zodbpickle/pickle_3.py", line 1035, in load_short_binstring
        self.append(self.decode_string(data))
     File "zodbpickle-2.0.0-py3.7-linux-x86_64.egg/zodbpickle/pickle_3.py", line 989, in decode_string
        return value.decode(self.encoding, self.errors)
  UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 19: ordinal not in range(128)

This reverts commit 6c399134.

This change the format or the (mostly) unused frontend parameter to
support requesting more than one frontend and also enable the request of
a frontend by default, so that requesting a frontend separately is no
longer needed.

The `frontend` parameter now also supports requesting frontends for
specific paths on the ERP5 backend, the example below requests a
frontend serving directly a web site, with the necessary rewrite rules:

```js
{
  "frontend": {
    "default": {
      "internal-path": "/erp5/web_site_module/renderjs_runner/"
    }
  }
}
```

The example below requests a default frontend to the erp5 root, to
access the ZMI or erp5_xhtml_style interface and two web sites:

```js
{
  "frontend": {
    "default": {},
    "erp5js": {
      "internal-path": "/erp5/web_site_module/renderjs_runner/"
    },
    "crm": {
      "internal-path": "/erp5/web_site_module/erp5_officejs_support_request_ui/"
    }
  }
}
```

The example below has an explicit definition of the zope families using
`zope-partition-dict` parameter, because there is more than one zope
family, no frontend is requested by default:

```js
{
  "zope-partition-dict": {
    "backoffice": {
      "family": "backoffice"
    },
    "web": {
      "family": "web"
    },
    "activities": {
      "family": "activities"
    }
  }
}
```

Continuing this example, to have frontends for backoffice and web
families, the frontend request can specify the families, like it is
demonstrated in the example below. In this example, we don't specify an
entry for "activities" family, so no frontend will be requested for
this family.

```js
{
  "frontend": {
    "backoffice": {
      "zope-family": "backoffice"
    },
    "web": {
      "zope-family": "web",
      "internal-path": "/erp5/web_site_module/web_site/"
    }
  }
  "zope-partition-dict": {
    "backoffice": {
      "family": "backoffice"
    },
    "web": {
      "family": "web"
    },
    "activities": {
      "family": "activities"
    }
  }
}
```

Directly expose all passlib.hash supported hashes, using a `passwd-`
prefix. For example, to access `sha256_crypt`, use `passwd-sha256-crypt`
option name.

  [secret]
  recipe = slapos.cookbook:generate.password

  [config-file]
  hashed-password = ${secret:passwd-sha256-crypt}

These partition references should be kept short, they are a mechanism
to use a short path for unix sockets, because unix socket paths can not
exceed 108 characters.

When running the test in theia, this was causing errors:

   # [ALERT]    (100453) : config : parsing [/srv/slapgrid/slappart15/srv/runner/instance/slappart7/tmp/inst/with-max-rlimit-nofile6/etc/haproxy.cfg:37] : log : socket path '/srv/slapgrid/slappart15/srv/runner/instance/slappart7/tmp/inst/with-max-rlimit-nofile6/var/run/log.sock' too long (max 97

Currently, due to ensure_ascii=True default of json.dumps, we are
insisting on our JSON schemas to be ascii-only and all other characters
to be represented by \uxxxx escapes. So far this was not problematic as
all our schemas contains only ASCII characters, but upcoming
ors-amarisoft changes want to use e.g. "→" symbol:

    https://lab.nexedi.com/kirr/slapos/blob/b51f5523/software/ors-amarisoft/software.cfg.json#L15

which currently results in failure of json-schema test:

    FAIL: test_ors-amarisoft_software_cfg_json_format (slapos.test.test_json_schema.TestJSONSchemaValidation)
    ...

    First differing element 14:
    '      "title": "\\u2192  eNB/gNB | Radio Unit",'
    '      "title": "→  eNB/gNB | Radio Unit",'

And in general, in 2023 I think there is no reason to insist on our schemas to
be ASCII-only: say if one wants to describe something about "α" parameter. It
would be good to use that α character directly and seeing it in the editor,
instead of using escapes all the time.

As indicated by below stackoverflow answer "JSON spec requires UTF-8 support by
decoders": https://stackoverflow.com/a/594881/9456786 , and indeed checking
JSON specification also confirms that by default JSON decoders shall use UTF-8:

    https://datatracker.ietf.org/doc/html/rfc7159#section-8.1

This way, I think, we can switch to UTF-8 safely.

/reviewed-by @jerome, @lu.xu
/reviewed-on !1498

See merge request nexedi/slapos!1499

/reviewed-by @kirr and @jerome
/reviewed-on nexedi/slapos!1494

wendelin.core 2.0.alpha3.post9 supports golang 1.21: with this new
version we can set golang 1.21 as the new default.

/reviewed-by @kirr and @jerome
/reviewed-on nexedi/slapos!1494

Go1.21 already has the fifth minor revision (released 2023-12-05) and
should therefore already be sufficiently stable. Furthermore we need it
to fix a bug in a NEO/go dependency [1].

Please find all details in the official release note:

    https://go.dev/doc/go1.21

It was released on 2023-08-08 [2]. Due to the go promise of compatibility
most software should still compile without any problems.

In golang < 1.21 we needed to patch golang to fix
https://github.com/golang/go/issues/42525. In golang 1.21 we still need
to apply a fix, but can't apply the old patch because the code changed.
In golang > 1.21 this problem is already fixed with https://go-review.googlesource.com/c/go/+/520055.

Because of https://github.com/golang/go/commit/092671423cd95eaa6df93eb29442fef41504d097
'TestUnshareMountNameSpace' fails on golang 1.21 [3]. In golang 1.20 this test
was skipped [4]. To fix this failure the additional patch
'skip-unshare-mount-test.patch' has been added.

---

[1] nexedi/wendelin.core!22 (comment 195769)]
[2] https://go.dev/doc/devel/release
[3] --- FAIL: TestUnshareMountNameSpace (0.18s)
    exec_linux_test.go:243: unshare failed: exit status 2
        unshare: mount /tmp/TestUnshareMountNameSpace2210137852/001 failed: 0x1
[4] === RUN TestUnshareMountNameSpace exec_linux_test.go:333: kernel prohibits unshare in unprivileged process, unless using user namespace — SKIP: TestUnshareMountNameSpace (0.00s)

/reviewed-by @kirr and @jerome
/reviewed-on nexedi/slapos!1494

This version is compatible with gcc 12

using https://github.com/ilevkivskyi/com2ann

drop versions not running on debian 12 and add new versions

This was disabled to "keep compatibility with current font selection
problems", but I don't think we need to care about compatibility for
this. This was anyway causing a problem that system fontconfig will be
used if it's available, so it's better to define things explictly to
prevent falling back to system configuration.

This caused cloudooo to select different fonts, because LibreOffice-bin
comes with some Noto fonts and fontconfig now prefers Noto font

Testing conversion of HTML with font-family:"FontFamily FontVariant"
CSS rule does not really make sense. Remove a few cases for which the
behavior is not stable.

Using RegExp to validate hostnames is a bad practice, and has a lot of reasons to be wrong.
On top of that, the JSON Schema specification allows, since draft 7, to validate hostnames
against an IDN hostname, by using the `idn-hostname` format.

With these changes, IDN are now supported (.рф and .中國 for instance), and long TLD
should not be a problem anymore.

With backported fixes so that old software supports debian 12

In 9636d79c (Nextcloud Upgrade fixes, 2023-12-13) parameter changed:
 - instance.trusted-domain-* parameters are replaced by instance.trusted-domain-list
 - the frontend is part of trusted domain, so with "bypassed" frontends
from slapos proxy the backend appears twice (because the backend URL is
returned as frontend URL)

This actually updates firefox from version 68 to version 115