Since the switch to Python 3, we had the following regressions:
- The handshake between nodes always failed.
- Crash when the signature of the network version is invalid.

The switch to Python 3 should have kept using TEXT.
I wish sqlite3 had a strict mode.

RegistryClient already catches it.

When network parameters are updated, their version is broadcasted
throughout the whole graph of nodes starting from the node running
the registry. This is of course not enough, at least because some
nodes may be stopped at that time.

A second mechanism already exists for late nodes: when 2 nodes starts
communicating between each other, they check their versions of the
network parameters. But it supposes that routing works well enough
between them.

Then comes HMAC, which can prevent 2 nodes from even handshaking and
group of nodes may remain stuck out of the network: this is the issue
that is addressed by this commit. 2 scenarios:
- no route to the registry node;
- there's a route to the registry node but not from it, which can only
  happen during the first phase of a HMAC change, i.e. when signing
  with the old key and accepting the new one:  because a node can't
  detect this case by itself, a new 'valid_until' network parameter
  to tell nodes that something is likely wrong after this date.
On either condition, a node checks for new HMAC keys from time to time.

This commit also drops a check for an old kernel bug.

See merge request !53

In particular, give up when an RPC to the registry has already failed.
The root issue was already logged by RegistryClient and continuing with
an invalid result (None) led to useless (scary? misleading?) extra logs.

Or with a client whose certificate expired long time ago.

This is another regression with the migration to Python 3, causing here
the registry to return invalid addresses to bootstrapping nodes and
then socket.gaierror exceptions.

This fixes a regression in commit 6ac47ffb.

Because of https://github.com/pypa/pip/issues/10978,
`make install` is currently unable to install the Python code
to a custom prefix (PREFIX).

See OBS packaging at
https://lab.nexedi.com/nexedi/slapos.package/-/tree/master/obs/re6st

See merge request !46

Nemu previously had an issue with PIDs above 4 hex digits (> 65535)
where created network interfaces would have names of length
exceeding IFNAMSIZ. These fixes have been upstreamed in nemu3.

Problems around the @ notation used by iproute have also been fixed
and/or upstreamed in nemu3.

This reverts the following commits:
  cfb2c159
  06f33ff2
  27a27263

Python 3 added automatic detection of leaked resources, which causes
many warnings in re6st, mostly because of unclosed subprocess streams.

In the end, we should migrate completely to cryptography.
A lot of bits of the legacy OpenSSL module are being deprecated, some
that we use (notably signature and verification tools) already are.

The demo expects its storage directory to be clean at start, otherwise undefined behavior will occur.

See
https://manpages.debian.org/testing/systemd/systemd.service.5.en.html
and
https://manpages.debian.org/testing/systemd/systemd.unit.5.en.html

No need for more logging since the culprit is visible everywhere
in routing tables.

See https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9