Update Release Candidate

component/caddy/gowork.cfg

@@ -10,4 +10,4 @@ depends_gitfetch  =
 <= go-git-package
 go.importpath = github.com/mholt/caddy
 repository    = https://lab.nexedi.com/nexedi/caddy.git
-revision      = nxd-v0.11.0-3-g12438f6cff8c15f307631151eb064cec579b7605
+revision      = nxd-v0.11.1-5-gdd393ce3a67e6a773be87185528a00f2e0a9eb26

component/nginx/buildout.cfg

@@ -31,8 +31,8 @@ configure-options=
   --with-http_realip_module
   --with-mail
   --with-mail_ssl_module
-  --with-ld-opt="-L ${openssl:location}/lib -L ${pcre:location}/lib -L ${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
-  --with-cc-opt="-I ${openssl:location}/include -I ${pcre:location}/include -I ${zlib:location}/include"
+  --with-ld-opt="-L ${openssl-1.0:location}/lib -L ${pcre:location}/lib -L ${zlib:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
+  --with-cc-opt="-I ${openssl-1.0:location}/include -I ${pcre:location}/include -I ${zlib:location}/include"
 
 [nginx-dav-ext-module]
 recipe = hexagonit.recipe.download
@@ -52,8 +52,8 @@ configure-options =
   --with-mail
   --with-mail_ssl_module
   --error-log-path=var/log/nginx.error.log
-  --with-ld-opt=" -L ${libexpat:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib -L ${zlib:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
-  --with-cc-opt="-I ${libexpat:location}/include -I ${openssl:location}/include -I ${pcre:location}/include -I ${zlib:location}/include"
+  --with-ld-opt=" -L ${libexpat:location}/lib -L ${openssl-1.0:location}/lib -L ${pcre:location}/lib -L ${zlib:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
+  --with-cc-opt="-I ${libexpat:location}/include -I ${openssl-1.0:location}/include -I ${pcre:location}/include -I ${zlib:location}/include"
   --with-http_dav_module 
   --add-module='${nginx-dav-ext-module:location}'
 
@@ -79,8 +79,8 @@ strip-top-level-dir = true
 configure-options=
   --with-ipv6
   --with-http_ssl_module
-  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
-  --with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
+  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl-1.0:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib"
+  --with-cc-opt="-I ${pcre:location}/include -I ${openssl-1.0:location}/include -I ${zlib:location}/include"
   --add-module=${hexaglobe-nginx-module:location}/sub_module
 # --add-module=${hexaglobe-nginx-module:location}/nginx-upstream-fair
 
@@ -97,8 +97,8 @@ configure-options=
   --with-http_ssl_module
   --with-http_v2_module
   --with-http_gzip_static_module
-  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib"
-  --with-cc-opt="-I ${pcre:location}/include -I ${openssl:location}/include -I ${zlib:location}/include"
+  --with-ld-opt="-L ${zlib:location}/lib -L ${openssl-1.0:location}/lib -L ${pcre:location}/lib  -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib"
+  --with-cc-opt="-I ${pcre:location}/include -I ${openssl-1.0:location}/include -I ${zlib:location}/include"
   --add-module=${nginx-push-stream-module:location}
 
 [nginx-push-stream-output]

component/nodejs/buildout.cfg

@@ -35,15 +35,15 @@ recipe = slapos.recipe.cmmi
 url = https://nodejs.org/dist/${:version}/node-${:version}.tar.gz
 configure-options =
   --shared-openssl
-  --shared-openssl-includes=${openssl:location}/include
-  --shared-openssl-libpath=${openssl:location}/lib
+  --shared-openssl-includes=${openssl-1.0:location}/include
+  --shared-openssl-libpath=${openssl-1.0:location}/lib
 environment =
   HOME=${buildout:parts-directory}/${:_buildout_section_name_}
   PATH=${gcc:location}/bin:${pkgconfig:location}/bin:${python2.7:location}/bin/:%(PATH)s
-  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/
+  PKG_CONFIG_PATH=${openssl-1.0:location}/lib/pkgconfig/
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath=${gcc:location}/lib -Wl,-rpath=${gcc:location}/lib64 -Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
-  LD_LIBRARY_PATH=${openssl:location}/lib
+  LDFLAGS=-Wl,-rpath=${gcc:location}/lib -Wl,-rpath=${gcc:location}/lib64 -Wl,-rpath=${openssl-1.0:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  LD_LIBRARY_PATH=${openssl-1.0:location}/lib
 
 [nodejs-8.6.0-output]
 # Shared binary location to ease migration

component/openldap/buildout.cfg

@@ -24,6 +24,6 @@ configure-options =
   --with-tls=openssl
 
 environment =
-  CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
-  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
+  CPPFLAGS=-I${openssl-1.0:location}/include -I${cyrus-sasl:location}/include
+  LDFLAGS=-L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
   PATH=${groff:location}/bin:%(PATH)s

component/openssh/buildout.cfg

@@ -22,8 +22,8 @@ patch-binary = ${patch:location}/bin/patch
 patches =
   ${:_profile_base_location_}/no_create_privsep_path.patch#d5b61a2442fffa457cebe4ad1dc68f4e
 environment = 
-  CPPFLAGS=-I${zlib:location}/include -I${openssl:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${openssl-1.0:location}/include
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib
 configure-options = 
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
   --exec-prefix=${buildout:parts-directory}/${:_buildout_section_name_}

component/openssl/buildout.cfg

@@ -17,6 +17,45 @@ parts =
 [openssl]
 recipe = slapos.recipe.cmmi
 shared = true
+url = https://www.openssl.org/source/openssl-1.1.0j.tar.gz
+md5sum = b4ca5b78ae6ae79da80790b30dbedbdc
+location = @@LOCATION@@
+# 'prefix' option to override --openssldir/--prefix (which is useful
+# when combined with INSTALL_PREFIX). Used by slapos.package.git/obs
+prefix = ${:location}
+certs = ${:location}/etc/ssl/certs
+configure-command = ./config
+configure-options =
+  --with-zlib-include=${zlib:location}/include
+  --with-zlib-lib=${zlib:location}/lib
+  --openssldir=${:prefix}/etc/ssl
+  --prefix=${:prefix}
+  --libdir=lib
+  shared no-idea no-mdc2 no-rc5 zlib
+  -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${:location}/lib
+  && make depend
+make-options =
+  SHARED_LDFLAGS='-Wl,-rpath=${:location}/lib -Wl,-rpath=${zlib:location}/lib'
+make-targets =
+  -j1 install_sw install_ssldirs &&
+  rm -f ${:certs}/* &&
+  for i in ${ca-certificates:location}/certs/*/*.crt; do
+    ln -sv $i ${:certs}/`${:location}/bin/openssl x509 -hash -noout -in $i`.0
+  ; done
+environment =
+  PERL=${perl:location}/bin/perl
+
+[openssl-output]
+# Shared binary location to ease migration
+recipe = plone.recipe.command
+stop-on-error = true
+update-command = ${:command}
+command = ${coreutils-output:test} -x ${:openssl}
+openssl = ${openssl:location}/bin/openssl
+
+[openssl-1.0]
+recipe = slapos.recipe.cmmi
+shared = true
 url = https://www.openssl.org/source/openssl-1.0.2p.tar.gz
 md5sum = ac5eb30bf5798aa14b1ae6d0e7da58df
 location = @@LOCATION@@
@@ -47,11 +86,3 @@ make-targets =
   ; done
 environment =
   PERL=${perl:location}/bin/perl
-
-[openssl-output]
-# Shared binary location to ease migration
-recipe = plone.recipe.command
-stop-on-error = true
-update-command = ${:command}
-command = ${coreutils-output:test} -x ${:openssl}
-openssl = ${openssl:location}/bin/openssl

component/postfix/buildout.cfg

@@ -20,7 +20,7 @@ patches =
   ${:_profile_base_location_}/noroot.patch#738bcc97b8044c45b58708bdf3a84b8e
   ${:_profile_base_location_}/skip-libdb-check.patch#f7fdbd8787874b535fee548b0139c0d8
 configure-command = make
-configure-options = makefiles CCARGS='-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include -I${cyrus-sasl:location}/include/sasl' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -L${cyrus-sasl:location}/lib -lssl -lpcre -ldb -lcrypto -lsasl2 -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib'
+configure-options = makefiles CCARGS='-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl-1.0:location}/include -I${cyrus-sasl:location}/include/sasl' AUXLIBS='-L${openssl-1.0:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -L${cyrus-sasl:location}/lib -lssl -lpcre -ldb -lcrypto -lsasl2 -Wl,-rpath=${openssl-1.0:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib'
 make-targets = non-interactive-package install_root=${:location}
 environment =
   PATH=${patch:location}/bin:%(PATH)s

component/proftpd/buildout.cfg

@@ -24,6 +24,9 @@ recipe = collective.recipe.grp
 recipe = slapos.recipe.cmmi
 md5sum = 13270911c42aac842435f18205546a1b
 url = ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz
+# 1.3.6 is not compatible with openssl 1.1.x
+# https://github.com/proftpd/proftpd/issues/674
+# (fix is in master, we are waiting for next release)
 configure-options =
   --enable-openssl
   --enable-nls
@@ -36,8 +39,8 @@ environment =
   LDFLAGS=${:ldflags}
   install_user=${proftpd-environment:USER}
   install_group=${proftpd-grp:GROUP}
-cppflags=-I${zlib:location}/include -I${openssl:location}/include
-ldflags=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib
+cppflags=-I${zlib:location}/include -I${openssl-1.0:location}/include
+ldflags=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib
 patch-binary = ${patch:location}/bin/patch
 patch-options = -p1
 patches =

component/quic_client-bin/buildout.cfg

+# Command line tool to test QUIC protocol
+# This is compiled version provided by Lucas Clemente (thanks!), which
+# drastically simplifies https://www.chromium.org/quic/playing-with-quic
+# approach, which requires big chunks of Chromium compilation environment
+[buildout]
+extends =
+# running
+  ../nss/buildout.cfg
+  ../nspr/buildout.cfg
+  ../glib/buildout.cfg
+  ../pcre/buildout.cfg
+  ../libffi/buildout.cfg
+  ../zlib/buildout.cfg
+  ../libuuid/buildout.cfg
+# compilation
+  ../git/buildout.cfg
+
+parts =
+  quic_client-bin
+
+[quic_client-bin]
+recipe = slapos.recipe.build
+url = https://github.com/lucas-clemente/quic-clients/archive/557cb1f99f591614d474e182b50cfee9334e0ffd.zip
+md5sum = e2c78f4f7fb6ed03f6eec25b5e54fed3
+slapos_promise =
+    file:quic_client
+    file:client-linux-debug
+library =
+  ${nss:location}/lib
+  ${nspr:location}/lib
+  ${glib:location}/lib
+  ${pcre:location}/lib
+  ${libffi:location}/lib
+  ${zlib:location}/lib
+  ${libuuid:location}/lib
+script =
+  import glob
+  location = %(location)r
+  self.failIfPathExists(location)
+  url = self.options['url']
+  md5sum = self.options['md5sum']
+  extract_dir = self.extract(self.download(url, md5sum))
+  os.mkdir(location)
+  source_file = glob.glob(os.path.join(extract_dir, '*', 'client-linux-debug'))[0]
+  shutil.copy(source_file, location)
+  wrapper_path = os.path.join(location, 'quic_client')
+  with open(wrapper_path, 'w') as f:
+    f.write("""#!/bin/sh -e
+  export LD_LIBRARY_PATH={}
+  exec {}/client-linux-debug "$@"
+  """.format(
+    ':'.join(self.options['library'].split()),
+    location
+  ))
+    os.fchmod(f.fileno(), 0o755)

component/serf/buildout.cfg

@@ -15,7 +15,7 @@ md5sum = 4f8e76c9c6567aee1d66aba49f76a58b
 configure-options =
   --with-apr=${apache:location}/bin/apr-1-config
   --with-apr-util=${apache:location}/bin/apu-1-config
-  --with-openssl=${openssl:location}
+  --with-openssl=${openssl-1.0:location}
 environment =
   CFLAGS=-I${zlib:location}/include -I${libuuid:location}/include
   LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib

component/shellinabox/buildout.cfg

@@ -5,7 +5,6 @@ extends =
   ../git/buildout.cfg
   ../libtool/buildout.cfg
   ../m4/buildout.cfg
-  ../openssl/buildout.cfg
   ../patch/buildout.cfg
   ../zlib/buildout.cfg
 
@@ -24,9 +23,8 @@ path = ${shellinabox-git-repository:location}
 configure-command =
   ${libtool:location}/bin/libtoolize
   ${autoconf:location}/bin/autoreconf -vif
-  ./configure
+  ./configure --disable-ssl
 environment =
   PATH=${autoconf:location}/bin:${automake:location}/bin:${git:location}/bin:${libtool:location}/bin:${m4:location}/bin:%(PATH)s
-  CFLAGS = -I${zlib:location}/include -I${openssl:location}/include
-  LDFLAGS = -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib
-  PKG_CONFIG_PATH = ${openssl:location}/lib/pkgconfig/
+  CFLAGS = -I${zlib:location}/include
+  LDFLAGS = -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
\ No newline at end of file

component/stunnel/buildout.cfg

@@ -13,7 +13,7 @@ configure-options =
   --enable-ipv6
   --disable-libwrap
   --disable-fips
-  --with-ssl=${openssl:location}
+  --with-ssl=${openssl-1.0:location}
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  LDFLAGS=-Wl,-rpath=${openssl-1.0:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/subversion/buildout.cfg

@@ -53,9 +53,9 @@ configure-options =
 make-targets = install -j1
 environment =
   PATH=${patch:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${serf:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl-1.0:location}/lib/pkgconfig:${serf:location}/lib/pkgconfig
   CPPFLAGS=-I${libexpat:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${openssl:location}/lib
+  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib
 
 [subversion-1.9]
 recipe = hexagonit.recipe.cmmi
@@ -95,6 +95,6 @@ make-targets =
 
 environment =
   PATH=${pkgconfig:location}/bin:${neon:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${neon:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl-1.0:location}/lib/pkgconfig:${neon:location}/lib/pkgconfig
   CPPFLAGS=-I${libexpat:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${neon:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib
+  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${neon:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib

component/trafficserver/buildout.cfg

@@ -19,7 +19,7 @@ recipe = slapos.recipe.cmmi
 url = http://apache.claz.org/trafficserver/trafficserver-4.2.3.tar.bz2
 md5sum = 1d06a6e9063ceea3f19dbb84752ec710
 configure-options =
-  --with-openssl=${openssl:location}
+  --with-openssl=${openssl-1.0:location}
   --with-xml=libxml2
   --with-libxml2=${libxml2:location}
   --with-pcre=${pcre:location}
@@ -32,7 +32,7 @@ configure-options =
   --enable-experimental-plugins
 environment =
   PATH=${libtool:location}/bin:${make:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:%(PATH)s
-  LDFLAGS =-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  LDFLAGS =-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib -L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
 make-target =
   check
   install

software/caddy-frontend/TODO.rst

@@ -2,8 +2,6 @@ Generally things to be done with ``caddy-frontend``:
 
  * return warning on not implemented keys (from ``apache-frontend`` perspective) in master and slave request
  * tests: add assertion with results of promises in etc/promise for each partition
- * tests: compare python objects where possible instead of instead of strings (eg. load ``rejected-slave-dict``)
- * tests: swich to `cryptography <https://pypi.org/project/cryptography/>`_ for certificate management
  * README: cleanup the documentation, explain various specifics
  * check the whole frontend slave snippet with ``caddy -validate`` during buildout run, and reject if does not pass validation
  * ``apache-ca-certificate`` shall be merged with ``apache-certificate``
@@ -15,7 +13,6 @@ Generally things to be done with ``caddy-frontend``:
  * ``type:eventsource``:
 
    * **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?*
- * ``ssl_proxy_ca_crt`` for ``ssl_proxy_verify``, this is related to bug `#1550 <https://github.com/mholt/caddy/issues/1550>`_, proposed solution `just adding your CA to the system's trust store`
  * ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
  * cover test suite like resilient tests for KVM and prove it works the same way as Caddy
  * have ``caddy-frontend`` specific parameters, with backward compatibility to ``apache-frontend`` ones:

software/caddy-frontend/buildout.hash.cfg

@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = ab1795f92e32655d05c662c965d2b1f5
+md5sum = db61a7c0aadba180b7aec6056d2c0019
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -30,7 +30,7 @@ md5sum = 6a86edb96b171fbd0a59d0adc9cc906b
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = b30bcd11c545d86c30d05db9cecb4f80
+md5sum = 434e00cbfee2f9c002b2a83084a48b4a
 
 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -42,11 +42,7 @@ md5sum = 01efde8febafcff6dde2ebb43e75a9e4
 
 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = 7c987ad75fcce6f5b925c7696ff41971
-
-[template-custom-slave-list]
-filename = templates/apache-custom-slave-list.cfg.in
-md5sum = b30bcd11c545d86c30d05db9cecb4f80
+md5sum = 0134a1586f15cd5665069d6d81a505be
 
 [caddy-backend-url-validator]
 filename = templates/caddy-backend-url-validator.in
@@ -62,15 +58,15 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 73bc8abae6aadc3ce55662c3d821b363
+md5sum = b7879a40ed7f8a49b764c82e7283811f
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = 7cbcadc295860821ac9d3aaa3cca72c5
+md5sum = c64f8ac7ec439460877ce5a5c5ccf1f7
 
 [template-log-access]
 filename = templates/template-log-access.conf.in
-md5sum = f2a74f88c7248f199011fa9ec6182f73
+md5sum = 122b05829ecc4c0ad4e47e7d1c21166b
 
 [template-empty]
 filename = templates/empty.in
@@ -104,9 +100,13 @@ md5sum = 2b765db72191197122554df17ad471d1
 filename = templates/apache-lazy-script-call.sh.in
 md5sum = ebe5d3d19923eb812a40019cb11276d8
 
-[template-caddy-graceful-script]
-filename = templates/caddy-graceful-script.sh.in
-md5sum = 455f8765a3afd39fb78562fb9e326c42
+[template-graceful-script]
+filename = templates/graceful-script.sh.in
+md5sum = 31dd34de4c40a1d814bcbef482c757cc
+
+[template-validate-script]
+filename = templates/validate-script.sh.in
+md5sum = 4c80ba3727c397f8d5b12cf1888cf959
 
 [caddyprofiledeps-setup]
 filename = setup.py

software/caddy-frontend/common.cfg

@@ -88,11 +88,13 @@ gzip = ${gzip:location}
 logrotate = ${logrotate:location}
 openssl = ${openssl:location}
 trafficserver = ${trafficserver:location}
+sha256sum = ${coreutils:location}/bin/sha256sum
 
 monitor_template = ${monitor-template:output}
 template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target}
 template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
-template_caddy_graceful_script = ${template-caddy-graceful-script:target}
+template_graceful_script = ${template-graceful-script:target}
+template_validate_script = ${template-validate-script:target}
 template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
 template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
 template_empty = ${template-empty:target}
@@ -172,10 +174,6 @@ filename = replicate-publish-slave-information.cfg.in
 <=download-template
 filename = Caddyfile.in
 
-[template-custom-slave-list]
-<=download-template
-filename = caddy-default-slave-list.cfg.in
-
 [template-not-found-html]
 <=download-template
 filename = notfound.html
@@ -223,9 +221,13 @@ mode = 0644
 <=download-template
 filename = apache-lazy-script-call.sh.in
 
-[template-caddy-graceful-script]
+[template-graceful-script]
+<=download-template
+filename = graceful-script.sh.in
+
+[template-validate-script]
 <=download-template
-filename = caddy-graceful-script.sh.in
+filename = validate-script.sh.in
 
 [template-nginx-eventsource-slave-virtualhost]
 <=download-template

software/caddy-frontend/instance-apache-frontend.cfg.in

@@ -86,6 +86,9 @@ ca-dir = ${:srv}/ssl
 
 varnginx = ${:var}/nginx
 
+frontend_cluster = ${:var}/frontend_cluster
+nginx_cluster = ${:var}/nginx_cluster
+
 [switch-caddy-softwaretype]
 recipe = slapos.cookbook:softwaretype
 single-default = ${dynamic-custom-personal-template-slave-list:rendered}
@@ -94,10 +97,36 @@ single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered}
 [frontend-configuration]
 template-log-access = {{ parameter_dict['template_log_access'] }}
 log-access-configuration = ${directory:etc}/log-access.conf
+ip-access-certificate = ${self-signed-ip-access:certificate}
+ip-access-key = ${self-signed-ip-access:key}
 caddy-directory = {{ parameter_dict['caddy_location'] }}
 caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
 caddy-https-port = ${configuration:port}
 
+[self-signed-ip-access]
+# Self Signed certificate for HTTPS IP accesses to the frontend
+recipe = plone.recipe.command
+update-command = ${:command}
+ipv6 = ${slap-network-information:global-ipv6}
+ipv4 = {{instance_parameter['ipv4-random']}}
+key = ${caddy-directory:vh-ssl}/ip-access-${:ipv6}-${:ipv4}.key
+certificate = ${caddy-directory:vh-ssl}/ip-access-${:ipv6}-${:ipv4}.crt
+stop-on-error = True
+command =
+  [ -f ${:key} ] && [ -f ${:certificate} ] && exit 0
+  rm -f ${:key} ${:certificate}
+  /bin/bash -c ' \
+  {{ parameter_dict['openssl'] }}/bin/openssl req \
+     -new -newkey rsa:2048 -sha256 \
+     -nodes -x509 -days 36500 \
+     -keyout ${:key} \
+     -subj "/CN=Self Signed IP Access" \
+     -reqexts SAN \
+     -extensions SAN \
+     -config <(cat {{ parameter_dict['openssl'] }}/etc/ssl/openssl.cnf \
+         <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \
+     -out ${:certificate}'
+
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 rendered = ${buildout:directory}/${:filename}
@@ -224,9 +253,11 @@ extra-context =
 
 [caddy-wrapper]
 recipe = slapos.cookbook:wrapper
+environment =
+  CADDYPATH=${directory:frontend_cluster}
 command-line = {{ parameter_dict['caddy'] }}
   -conf ${dynamic-caddy-frontend-template:rendered}
-  -log ${caddy-configuration:error-log}
+  -log stdout
   -http2=true
 {% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
   -quic
@@ -267,7 +298,7 @@ frontend-configuration = ${directory:etc}/Caddyfile
 access-log = ${directory:log}/frontend-access.log
 error-log = ${directory:log}/frontend-error.log
 pid-file = ${directory:run}/httpd.pid
-frontend-configuration-verification = ${caddy-wrapper:wrapper-path} -validate > /dev/null
+frontend-configuration-verification = ${frontend-caddy-validate:rendered}
 frontend-graceful-command = ${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${:pid-file}); fi
 not-found-file = ${caddy-directory:document-root}/notfound.html
 # Communication with ATS
@@ -277,7 +308,7 @@ ssl-cache-through-port = 26012
 
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = ${caddy-wrapper:wrapper-path} -validate
+command-line = ${frontend-caddy-validate:rendered}
 wrapper-path = ${directory:bin}/caddy-configtest
 
 [certificate-authority]
@@ -501,24 +532,59 @@ mode = 700
 ### End of ATS sections
 
 ### Caddy Graceful and promises
-[frontend-caddy-graceful-bin]
+[frontend-caddy-graceful]
 < = jinja2-template-base
-template = {{ parameter_dict['template_wrapper'] }}
-rendered = ${directory:bin}/frontend-caddy-safe-graceful
+template = {{ parameter_dict['template_graceful_script'] }}
+rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
 mode = 0700
+path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:vh-ssl}/*.key ${caddy-directory:vh-ssl}/*.crt ${caddy-directory:vh-ssl}/*.proxy_ca_crt
+sha256sum = {{ parameter_dict['sha256sum'] }}
+signature_file = ${directory:run}/caddy_graceful_signature
 extra-context =
-    key content caddy-configuration:frontend-graceful-command
+    key graceful_reload_command caddy-configuration:frontend-graceful-command
+    key path_list :path_list
+    key sha256sum :sha256sum
+    key signature_file :signature_file
 
-[frontend-caddy-graceful]
+[frontend-nginx-graceful]
 < = jinja2-template-base
-template = {{ parameter_dict['template_caddy_graceful_script'] }}
-rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
+template = {{ parameter_dict['template_graceful_script'] }}
+rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
+mode = 0700
+path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf
+sha256sum = {{ parameter_dict['sha256sum'] }}
+signature_file = ${directory:run}/nginx_graceful_signature
+extra-context =
+    key graceful_reload_command nginx-configuration:nginx-graceful-command
+    key path_list :path_list
+    key sha256sum :sha256sum
+    key signature_file :signature_file
+
+[frontend-caddy-validate]
+< = jinja2-template-base
+template = {{ parameter_dict['template_validate_script'] }}
+rendered = ${directory:bin}/frontend-caddy-validate
+mode = 0700
+sha256sum = {{ parameter_dict['sha256sum'] }}
+signature_file = ${directory:run}/caddy_validate_signature
+extra-context =
+    key wrapper caddy-wrapper:wrapper-path
+    key path_list frontend-caddy-graceful:path_list
+    key sha256sum :sha256sum
+    key signature_file :signature_file
+
+[frontend-nginx-validate]
+< = jinja2-template-base
+template = {{ parameter_dict['template_validate_script'] }}
+rendered = ${directory:bin}/frontend-nginx-validate
 mode = 0700
+sha256sum = {{ parameter_dict['sha256sum'] }}
+signature_file = ${directory:run}/nginx_validate_signature
 extra-context =
-    key directory_run directory:run
-    key directory_etc directory:etc
-    key directory_bin directory:bin
-    key caddy_graceful_reload_command caddy-configuration:frontend-graceful-command
+    key wrapper nginx-wrapper:wrapper-path
+    key path_list frontend-nginx-graceful:path_list
+    key sha256sum :sha256sum
+    key signature_file :signature_file
 
 [frontend-caddy-lazy-graceful]
 < = jinja2-template-base
@@ -534,12 +600,9 @@ extra-context =
 
 # Promises checking configuration:
 [promise-frontend-caddy-configuration]
-< = jinja2-template-base
-template = {{ parameter_dict['template_wrapper'] }}
-rendered = ${directory:promise}/frontend-caddy-configuration-promise
-mode = 0700
-extra-context =
-    key content caddy-configuration:frontend-configuration-verification
+recipe = slapos.cookbook:wrapper
+command-line = ${caddy-configuration:frontend-configuration-verification}
+wrapper-path = ${directory:promise}/frontend-caddy-configuration-promise
 
 [promise-caddy-frontend-v4-https]
 recipe = slapos.cookbook:check_port_listening
@@ -648,9 +711,11 @@ curl_path = {{ parameter_dict['curl'] }}/bin/curl
 #
 [nginx-wrapper]
 recipe = slapos.cookbook:wrapper
+environment =
+  CADDYPATH=${directory:nginx_cluster}
 command-line = {{ parameter_dict['caddy'] }}
   -conf ${dynamic-nginx-frontend-template:rendered}
-  -log ${nginx-configuration:error_log}
+  -log stdout
   -http2=true
   -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
   -disable-http-challenge
@@ -690,26 +755,15 @@ worker_processes = 4
 worker_connections = 1024
 slave-configuration-directory = ${caddy-directory:nginx-slave-configuration}
 pid-file = ${directory:run}/nginx.pid 
-nginx-graceful-command = ${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat ${:pid-file}); fi
-nginx-configuration-verification = ${nginx-wrapper:wrapper-path} -validate
+nginx-graceful-command = ${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat ${:pid-file}); fi
+nginx-configuration-verification = ${frontend-nginx-validate:rendered}
 ssl_certificate = ${ca-frontend:cert-file}
 ssl_key = ${ca-frontend:key-file}
 
-[frontend-nginx-graceful]
-< = jinja2-template-base
-template = {{ parameter_dict['template_wrapper'] }}
-rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
-mode = 0700
-extra-context =
-    key content nginx-configuration:nginx-graceful-command
-
 [promise-nginx-configuration]
-< = jinja2-template-base
-template = {{ parameter_dict['template_wrapper'] }}
-rendered = ${directory:promise}/nginx-configuration-promise
-mode = 0700
-extra-context =
-    key content nginx-configuration:nginx-configuration-verification
+recipe = slapos.cookbook:wrapper
+command-line = ${nginx-configuration:nginx-configuration-verification}
+wrapper-path = ${directory:promise}/nginx-configuration-promise
 
 [promise-nginx-frontend-v4-https]
 recipe = slapos.cookbook:check_port_listening

software/caddy-frontend/instance-slave-caddy-input-schema.json

@@ -131,12 +131,12 @@
     },
     "ssl-proxy-verify": {
       "default": "false",
-      "description": "[NOT Implemented] If set to true, Backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
+      "description": "If set to true, Backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
       "enum": [
         "false",
         "true"
       ],
-      "title": "[NOT Implemented] Verify Backend Certificates",
+      "title": "Verify Backend Certificates",
       "type": "string"
     },
     "ssl_ca_crt": {
@@ -162,8 +162,8 @@
     },
     "ssl_proxy_ca_crt": {
       "default": "",
-      "description": "[NOT Implemented] Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
-      "title": "[NOT Implemented] SSL Backend Authority's Certificate",
+      "description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
+      "title": "SSL Backend Authority's Certificate",
       "type": "string"
     },
     "type": {

software/caddy-frontend/instance-slave-output-schema.json

@@ -32,7 +32,7 @@
     },
     "request-error-list": {
       "description": "In case if slave has been rejected by master or has error in the request, the list contains information about each problem",
-      "type": "string"
+      "type": "array"
     }
   },
   "type": "object"

software/caddy-frontend/templates/Caddyfile.in

@@ -30,7 +30,7 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
 
 # Access to server-status Caddy-style
 https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
-  tls {{ login_certificate }} {{ login_key }}
+  tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-key'] }}
   # Compress the output
   gzip
   bind {{ local_ipv4 }}

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -379,8 +379,8 @@ local_ipv4 = {{ dumps(local_ipv4) }}
 global_ipv6 = {{ dumps(global_ipv6) }}
 https_port = {{ dumps(https_port) }}
 http_port = {{ dumps(http_port) }}
-login_certificate = {{ dumps(login_certificate) }}
-login_key = {{ dumps(login_key) }}
+ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
+ip_access_key = {{ frontend_configuration.get('ip-access-key') }}
 access_log = {{ dumps(access_log) }}
 error_log = {{ dumps(error_log) }}
 not_found_file = {{ dumps(not_found_file) }}
@@ -394,6 +394,7 @@ extra-context =
     section slave_password slave-password
     section parameter_dict caddy-log-access-parameters
 
+
 {# Publish information for the instance #}
 [publish-caddy-information]
 recipe = slapos.cookbook:publish.serialised

software/caddy-frontend/templates/cached-virtualhost.conf.in

@@ -19,9 +19,6 @@
   bind {{ slave_parameter['local_ipv4'] }}
   # Compress the output
   gzip
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
-    status 501 /
-{%- endif %}
 # Rewrite part
   proxy / {{ slave_parameter.get('backend_url', '') }} {
     # As backend is trusting REMOTE_USER header unset it always
@@ -30,7 +27,8 @@
     transparent
     timeout 600s
 {%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{%-   if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
 {%-   endif %}
 {%- else %}
     insecure_skip_verify
@@ -43,16 +41,14 @@
   bind {{ slave_parameter['local_ipv4'] }}
   # Compress the output
   gzip
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
-    status 501 /
-{%- endif %}
   proxy / {{ slave_parameter.get('https_backend_url', '') }} {
     # As backend is trusting REMOTE_USER header unset it always
     header_upstream -REMOTE_USER
     transparent
     timeout 600s
 {%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{%-   if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
 {%-   endif %}
 {%- else %}
     insecure_skip_verify

software/caddy-frontend/templates/caddy-graceful-script.sh.in

-#!/bin/sh
-
-RUN_DIR={{ directory_run }}
-ETC_DIR={{ directory_etc }}
-BIN_DIR={{ directory_bin }}
-
-CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
-NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
-
-touch $CADDY_SIGNATURE_FILE
-sha256sum $ETC_DIR/Caddyfile $ETC_DIR/log-access.conf $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE
-
-# If no diff, no restart for now
-if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
-  echo "Nothing Changed, so nothing to reload"
-  exit 0
-fi
-echo "Reloading caddy.."
-
-{{ caddy_graceful_reload_command }}
-
-mv "$NCADDY_SIGNATURE_FILE" "$CADDY_SIGNATURE_FILE"

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -30,9 +30,6 @@
   bind {{ slave_parameter['local_ipv4'] }}
   # Compress the output
   gzip
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
-    status 501 /
-{%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
   tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
 {%- if enable_h2 %}
     # Allow HTTP2
@@ -79,8 +76,9 @@
     transparent
     timeout 600s
 {%-   if ssl_proxy_verify %}
-{%-     if 'ssl_proxy_ca_crt' in slave_parameter %}
-{%-     endif %} {#-     if 'ssl_proxy_ca_crt' in slave_parameter #}
+{%-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
+{%-     endif %} {#-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
 {%-   else %} {#-   if ssl_proxy_verify #}
     insecure_skip_verify
 {%-   endif %} {#-   if ssl_proxy_verify #}
@@ -136,8 +134,9 @@
     transparent
     timeout 600s
 {%-     if ssl_proxy_verify %}
-{%-       if 'ssl_proxy_ca_crt' in slave_parameter %}
-{%-       endif %} {#-       if 'ssl_proxy_ca_crt' in slave_parameter #}
+{%-       if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
+{%-       endif %} {#-       if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
 {%-     else %} {#-     if ssl_proxy_verify #}
     insecure_skip_verify
 {%-     endif %} {#-     if ssl_proxy_verify #}
@@ -152,9 +151,6 @@
   bind {{ slave_parameter['local_ipv4'] }}
   # Compress the output
   gzip
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
-    status 501 /
-{%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
 
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
@@ -201,8 +197,9 @@
     transparent
     timeout 600s
 {%-   if ssl_proxy_verify %}
-{%-     if 'ssl_proxy_ca_crt' in slave_parameter %}
-{%-     endif %} {#-     if 'ssl_proxy_ca_crt' in slave_parameter #}
+{%-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
+{%-     endif %} {#-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
 {%-   else %} {#-   if ssl_proxy_verify #}
     insecure_skip_verify
 {%-   endif %} {#-   if ssl_proxy_verify #}
@@ -252,8 +249,9 @@
     transparent
     timeout 600s
 {%-     if ssl_proxy_verify %}
-{%-       if 'ssl_proxy_ca_crt' in slave_parameter %}
-{%-       endif %} {#-       if 'ssl_proxy_ca_crt' in slave_parameter #}
+{%-       if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
+{%-       endif %} {#-       if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
 {%-     else %} {#-     if ssl_proxy_verify #}
     insecure_skip_verify
 {%-     endif %} {#-     if ssl_proxy_verify #}

software/caddy-frontend/templates/graceful-script.sh.in

+#!/bin/sh
+
+SIGNATURE_FILE={{ signature_file }}
+NSIGNATURE_FILE={{ signature_file }}.tmp
+
+touch $SIGNATURE_FILE
+{{ sha256sum }} {{ path_list }} | sort -k 66 > $NSIGNATURE_FILE
+
+# If no diff, no restart for now
+if diff "$SIGNATURE_FILE" "$NSIGNATURE_FILE" > /dev/null ; then
+  echo "Nothing changed, so nothing to reload"
+  exit 0
+fi
+echo "Reloading.."
+
+{{ graceful_reload_command }}
+
+mv "$NSIGNATURE_FILE" "$SIGNATURE_FILE"

software/caddy-frontend/templates/template-log-access.conf.in

@@ -3,7 +3,7 @@ https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }}
   bind {{ parameter_dict['local_ipv4'] }}
   root {{ directory }}/
   browse
-  tls {{ parameter_dict['login_certificate'] }} {{ parameter_dict['login_key'] }}
+  tls {{ parameter_dict['ip_access_certificate'] }} {{ parameter_dict['ip_access_key'] }}
   basicauth "{{ slave }}" {{ slave_password[slave] | trim }} {
     "Log Access {{ slave }}"
     /

software/caddy-frontend/templates/validate-script.sh.in

+#!/bin/sh
+
+set -e
+
+SIGNATURE_FILE={{ signature_file }}
+NSIGNATURE_FILE={{ signature_file }}.tmp
+SIGNATURE_STATUS={{ signature_file }}.status
+
+touch $SIGNATURE_FILE
+{{ sha256sum }} {{ path_list }} | sort -k 66 > $NSIGNATURE_FILE
+
+if diff "$SIGNATURE_FILE" "$NSIGNATURE_FILE" > /dev/null; then
+  rm -f "$NSIGNATURE_FILE"
+else
+  mv "$NSIGNATURE_FILE" "$SIGNATURE_FILE"
+  # do not catch errors during validation
+  set +e
+  {{ wrapper }} -validate
+  echo $? > $SIGNATURE_STATUS
+  set -e
+fi
+exit `cat $SIGNATURE_STATUS`

software/caddy-frontend/test/CA.wildcard.example.com.crt

------BEGIN CERTIFICATE-----
-MIIDETCCAfkCCQDaYBkI56KXrjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJY
-WDEOMAwGA1UECAwFU3RhdGUxGTAXBgNVBAoMEFdpbGRjYXJkIFJvb3QgQ0EwHhcN
-MTgxMTIxMTAwMzM4WhcNMjgxMTE4MTAwMzM4WjBdMQswCQYDVQQGEwJBVTETMBEG
-A1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
-THRkMRYwFAYDVQQDDA0qLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA1A+TzPOPC3qPLq3KfmFpoa6Iubh1OhNFfH7fvCJQ1czTcFLe
-npG4uTjXwcoHbPb6CWq5hfUSY/ucI6mW93gsoW5vsbPFmUFe96fA6uJV17j2IppM
-vNHhcNxNbKxpGnStNO5HTW7q1Qk2yvcx4cL/bPCEaNFwBK1O+NeNz0ZDW8dGifYU
-aVj+qpVlvTi//j8P4FOwSVYvXdMqGH5WaaTquJPVEGg+704tzUxDbCUXrbCVzFgM
-d69sQg0sJQ9MddrsWkQSgcE7cffdC1JdGHCJ/B87iO3pjH2VjFth8EFMcQCn8V8e
-Nz0OpkcsZXuFg3L/3EtMV3ZXSlT6GDxaEcNuvQIDAQABMA0GCSqGSIb3DQEBCwUA
-A4IBAQB4mIEwylSudRONRRMgHDkhMlb8/O2MERYrBmsqatg3eU6/LYZAk/okUI6p
-aBkQ3GnUmA+gQnkhk4hffRk7NqtMq3r5MEcWunu61i45sXnsQh9myHEAeGfDw3wz
-2rkdXAY2jNeQhTBEsErgwKuN86BTFML9cNg2gTKLBbNC1rSJjoMqcKHxrAcsUBip
-bXDQMmNIQkzsc3ml6+17/qfu8+mTZ7J5kEkSbbwRD690LiR6Ltua22GAvuddt53S
-ieyOVVxCDlItquuGfuQ3ay8zlyQjYmoPI5AXE5Wv9W4mF7agc+SYe3myL3xlRbC+
-RD/fQtvjbf/bt9lkgs9DQoITaYvc
------END CERTIFICATE-----

software/caddy-frontend/test/CA.wildcard.example.com.key

------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1A+TzPOPC3qPLq3KfmFpoa6Iubh1OhNFfH7fvCJQ1czTcFLe
-npG4uTjXwcoHbPb6CWq5hfUSY/ucI6mW93gsoW5vsbPFmUFe96fA6uJV17j2IppM
-vNHhcNxNbKxpGnStNO5HTW7q1Qk2yvcx4cL/bPCEaNFwBK1O+NeNz0ZDW8dGifYU
-aVj+qpVlvTi//j8P4FOwSVYvXdMqGH5WaaTquJPVEGg+704tzUxDbCUXrbCVzFgM
-d69sQg0sJQ9MddrsWkQSgcE7cffdC1JdGHCJ/B87iO3pjH2VjFth8EFMcQCn8V8e
-Nz0OpkcsZXuFg3L/3EtMV3ZXSlT6GDxaEcNuvQIDAQABAoIBAQCWdkcEUHvaRSd6
-k0ztxuhQE6pnO/3RKwNOhibxMdfxGtebBvF1yScsJKzRjysdoU9fhx4DchOOZWQv
-2ZCIHfhswhL2HvvA9aUQSzKSde06lr3tZ1WzU6eFkIpO5TXd05Nhzv9AbcapSVRb
-RnFaIiVhgnYweQnmB6HU5fx0aQI6BytP34t3rEZqdy+eYqtq1ZgYC7iXQJct08Sy
-0syR5boW2fKZZin78I+uOWfhD3uUDz7SnetwIEWuaJ/oYXv2YFqm+68XRSo4yi2G
-FlF3CgwecJCaHyEhxMQojlgM61EvEZ0v1FvoMyyQiNmWVSAtbd6BAD5YrdUzk1QO
-mzr3LuTxAoGBAPbnNp/0g25IYj857Q++hSjWsyjLLMfX6+hPsOv2ICL46+xU9P4s
-EeIe8PGgRvUkXiNZ7LRtipsFOB+qNYHknIRtLICyYXfumJH4+05XawHIPWdZNw1X
-762VsiLEHj1nx3tbEpiCApxYJTXat5/3skjibsNjkuV5JAfsiDHPHeOrAoGBANvf
-u1GI2mtUDZ1EJbxJUm3pCUg1aw8jL83OC9miTT36m3V/TiZvc6NEbWM5S8xprwJ1
-FG+MHchTgG3rZR6UhfK7OPb7jD0r1aVnA30NX3NS1zKfMEp2Ry83w9LJX70JbZsg
-ipo09UXSyE1EaeGGIEQ0xqCN/nRiy2KDh4h1gY83AoGAUH50ypU2vB+RGDfUV4uv
-ce79HdGPWd/FI0nHzkXBmGU61SOlc6/+bI/V0ZCFUap3nmLUzsXfqEZ9U6V0KFLV
-zD6jgZmmOSlqSDy6AYJyenRDwIvPbOQ8WYUyPC9gBHjvCgJY/6tzGnGKQBJ8RwTD
-9QsNPVobLADghEzS4ho6Dl0CgYBjCBxIlwk5ujv/j4gnjCbSVlnV6il0QfbwDVQN
-DCsaNVv7ygEbEqvU56cVP+NCCH/I7Y7sxwFLD0ETQSjkYyUJtQXtSFNb4fhybTmH
-A5TwTmma5VRM1YUuYUGUGRtD+5Egg8GpvxyR/GQ3WQ8PgufZkKO+APaQ2Uad8nwD
-HFnkdQKBgG0OlIKuVeLTVhPcQvOmiDEBeAVo1zc4zmA/JLk/euxesEVL9A8xuxsF
-ao0pLvpk/EWQGElxNLNJxbn7AB4uXlpsAvV3xBM88pQIuj2paix1CqSlgfR2F2jE
-t3470UVZV22ECV8vQK/of2byELrMscLExLgKW1lAIqqZ77BntFO9
------END RSA PRIVATE KEY-----

software/caddy-frontend/test/CA.wildcard.example.com.root.crt

------BEGIN CERTIFICATE-----
-MIIDQzCCAiugAwIBAgIJAOShMXfabB7nMA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNV
-BAYTAlhYMQ4wDAYDVQQIDAVTdGF0ZTEZMBcGA1UECgwQV2lsZGNhcmQgUm9vdCBD
-QTAeFw0xODExMjExMDAxMjVaFw00NjEyMDQxMDAxMjVaMDgxCzAJBgNVBAYTAlhY
-MQ4wDAYDVQQIDAVTdGF0ZTEZMBcGA1UECgwQV2lsZGNhcmQgUm9vdCBDQTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKq/9H+MvMt5B0vIC2/uEz25jqxT
-Wv36v9/HldZLvEwzOiEd0n53ZZFqVlfOoYyCIoWw1+SPwaAc8Oad8ELfoPUasV65
-xWki9F/tesgPZpyTO7vgpQfX5JVWNw28s13BgRkOO95h4t2S2t1K6sckC0M/B0o3
-wDs/M+74i6wUTHNNXVRejeNPlj9ZSKyfe8rwvY4aNkvW/TKKbaY1yXpQhbeZfU8j
-bk4tv4VOpIIoK7wWnSOcFHMANPqrIhygazI1zdsyySEssQ2TAepUb/zgZgk2IQ61
-GT+h7NVIoYZJKcAYlLapsZJV1d3Ec9y57zTpyfbWsQhmKHCasZeZK5gYqXECAwEA
-AaNQME4wHQYDVR0OBBYEFLZTKR+QsKR9ivZi4uFssy6sB80XMB8GA1UdIwQYMBaA
-FLZTKR+QsKR9ivZi4uFssy6sB80XMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
-BQADggEBAI8O1u6LnmBkWw3rPOTp+9DD2l0+tU3e51KZfp98Fm3Lo8qF5spAB+Ue
-OiBax9uENzjcHm7T7KdJrQNK6Mmat0VsD1WTR0TK1eBr9+hOh9EE1H5mEmSL0LOs
-ABcCW8DlDv9axWMkFEaJjLfYRUQdvUkb3BwlXo2oq8ectk5ZqS1IF873htYStkvc
-SvrzFpaMhYUIr2e7bvFEJ8XTz9l4eymdOBg3j89gf9OkmPa3FE6Qf7etTkVyOr1t
-7DIuucv2JkWqHnABIWsLgj4bdLWWULASA7FkI0lHxp5/9/OBb7kVlcgQg6c9Wed7
-VA9NaSB3jnBubpEbijnekHqPYO0Bf38=
------END CERTIFICATE-----

software/caddy-frontend/test/CA.wildcard.example.com.root.key

------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqr/0f4y8y3kHS8gLb+4TPbmOrFNa/fq/38eV1ku8TDM6IR3S
-fndlkWpWV86hjIIihbDX5I/BoBzw5p3wQt+g9RqxXrnFaSL0X+16yA9mnJM7u+Cl
-B9fklVY3DbyzXcGBGQ473mHi3ZLa3UrqxyQLQz8HSjfAOz8z7viLrBRMc01dVF6N
-40+WP1lIrJ97yvC9jho2S9b9MoptpjXJelCFt5l9TyNuTi2/hU6kgigrvBadI5wU
-cwA0+qsiHKBrMjXN2zLJISyxDZMB6lRv/OBmCTYhDrUZP6Hs1UihhkkpwBiUtqmx
-klXV3cRz3LnvNOnJ9taxCGYocJqxl5krmBipcQIDAQABAoIBAHOAnbeaUCujlxfg
-Hjx8428hki1nxWmAsUKDFAx99sXk8TFtpvH9eis/r2B+WjFd5lRhJ+lohSX17c9S
-jy/tbkfe4pSdPbi8+Gnbju693D+WKRYSBBCmLe4G//6+4uZM+zMjucPYm0ofCQYg
-o2hKLYQzoo7F37c0LcE9R94DbSOg2tY6HkKNhXoo0KBY424nIlZ82ZvsS7Q+dduB
-txbFvzj0cnrYAJv8QIzcedaFGPN7tkLMZ+PS2rXPG/CkPevKgGwjOx+YyKgQk8GU
-O+YvMQ9/zhOz4ak76UOZF+a21DrVqsKj0BK90SEq10MUnd1riQJ2z2jD8SSChgb6
-rRc4+AECgYEA1NTSkhfxwfgWIjucnWPrtzNLyVqg5Ss+X/XZfN0LNvMje+AZ4wfz
-pLAf8cxnewgNqpR1PeUrjoUwcKrHX7M/MhfEhPKo2LyYDsNtNDcRk3JP047FrDnL
-beVc7lIfsCzuuQHgnUFhBE+8qP69VsHWBq1iQF2NUdW8HLjxTSuAQFECgYEAzWIR
-U/r5QijUE6fcev4FvPBCCF3+c64UEuXV/W4ZURWzOEAcKh9TAHiTKSQ3MDQK7IQY
-YtRbgePnA8Tc0Xj0jSxMtWTX1FanxftosRNgsZD1VKnBViwImuOeZHZYq83qPGT9
-FNUvGMAEAHevNdSdI2k9RSzrB2Lhei6wEYHJryECgYEAoAOWgYKBID2enoRFHsw2
-N5nYe/2ohEQ79DfKGaezO9AXuJXnwJqE4ygMDGaK0qReagaOE0gOtGuM3Nh5Z4lD
-lSzrcq1ipvk8NbVWkHBqxXmnbL6l/fPB79EHSqLx8ioGHZC8yF6US4KLrF9CCU1Y
-1dJb0VrE2mcgtFOUEFoJZdECgYAsGxVRjaIdvRreJbxJhWfCDW6A0X6lZQrWjBkK
-VayGJzzXpZzmxtdSUJJ50VcwuNxnsm5yOtxz5ndj7dDmAy2xa4QFqGRZK0rYT4dK
-D7lCKLkmt1XXpZkreho3xNqB+rSEx8M5yBZXIFU7rHgp/UDJq/4GbwECExAM5x3U
-hKTFQQKBgQCPGglKFvkRkvYonwDmLRiCjBPnpK5YeL/AYJxeD3V9b8V5Arc9ce9y
-PgFgk93RjGlEfLSN0Xbqc6GPIGwg6f5qyHvQ1BpCwupr3lhdsTxwIKbGpAH4Zvmz
-4COcrvkF9gAHaIiH97nLy/9h2EawKqKgJv3R0wfdKvRw4iW/4j4aPw==
------END RSA PRIVATE KEY-----

software/caddy-frontend/test/customdomainsslcrtsslkey.example.com.crt

------BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIJAOzw6rzXAd+jMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxLTArBgNVBAMMJGN1c3RvbWRvbWFpbnNzbGNydHNzbGtl
-eS5leGFtcGxlLmNvbTAeFw0xODA1MTgxMzA2NThaFw0yODA1MTUxMzA2NThaMHQx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQxLTArBgNVBAMMJGN1c3RvbWRvbWFpbnNzbGNy
-dHNzbGtleS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAOQe3WLRuVBPPufClmlOk6Euc3nmycvCkzcwMUD6+zdyAGH0qhHoIHJmiXi6
-GcKYgqqa3eaIxvvke2EEphDwYkj6neOVyuX3KukL8ggEUakJ17TEQkS7hIk4dmDT
-wjFAMgLz8uN11jqLooo9w/ptD+LUWmm6K9zk49iqqdKuG9Z5v3dm0KMUvsmYGWqN
-g31tQWU1Cm2kNu+2iP2FPnx2PWkDq4KTn64U7iJP9DdDEvzNfYcvz8upjR15B+dI
-K0ihwDXV5BtfZXDvck+ctCdfS1QxM+x+PboEJKUNoefz/+Q/9T3mlc+KchFG9asL
-Q/kbHtdgZzsDGTDEtdDtIrLLQ3MCAwEAAaNQME4wHQYDVR0OBBYEFG6I5Y0feayi
-UPznSzRJIMS1blcNMB8GA1UdIwQYMBaAFG6I5Y0feayiUPznSzRJIMS1blcNMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKmK75LcaROfjdxQLBFqiP/I
-6WB8pBNbAN6nL+dgxeQJNEx7VQXSU/3KF0nIMC35pzf93ZySMq6ujCjxksNA0Pa0
-XEH0pmTqOO7Af5wsjIniLqGTRvFCqGbWKEcYDBwKq0svTGfYyPOaBj8z7lt9LURs
-WRC1tCrn8T8NkAY/jdGRQZRtLlgk+x2SaeDfQ8F1MtMT8jYSLo4R+c4f+iuDgMWi
-JPM5SvYeDEXndWctKGxmP4p2HIp8gJuqYHmP4oxO7Rn/QPti1p68WfNQsRquHYJ4
-dR9krkpVeteQ7w8cQA9OkG/m3neiIfFKkosJSGEHctRvRQ0GtbQO6A6nZqk0n6I=
------END CERTIFICATE-----

software/caddy-frontend/test/customdomainsslcrtsslkey.example.com.key

------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkHt1i0blQTz7n
-wpZpTpOhLnN55snLwpM3MDFA+vs3cgBh9KoR6CByZol4uhnCmIKqmt3miMb75Hth
-BKYQ8GJI+p3jlcrl9yrpC/IIBFGpCde0xEJEu4SJOHZg08IxQDIC8/LjddY6i6KK
-PcP6bQ/i1Fppuivc5OPYqqnSrhvWeb93ZtCjFL7JmBlqjYN9bUFlNQptpDbvtoj9
-hT58dj1pA6uCk5+uFO4iT/Q3QxL8zX2HL8/LqY0deQfnSCtIocA11eQbX2Vw73JP
-nLQnX0tUMTPsfj26BCSlDaHn8//kP/U95pXPinIRRvWrC0P5Gx7XYGc7AxkwxLXQ
-7SKyy0NzAgMBAAECggEBAOLv5ZPCSdWgEFdlWFbIycrmOBDETGo9VlDny4f2ZuZg
-rgrE6E/KGkVUxlvo32mcaRkp2ajW1wWN5kO86Swex9gMIfhfcyrVecW/kXbyPP6q
-AQIe4EIaPh54oiNvZleyok4Xu8EW4Bj8AqX+DjHaP5yLXqqhf7NPrW9FUI57kMwK
-DqeHBilgWUxzcjc4LLiEu6UTuB8c2Slj3Ps0K/mVzvPbQ7Xx+RYXzfX+SqjyvDEe
-GpaRLoiRJ0KZSoGUgBQSIqgfzR7g6ipKNDvlzsawMpG641vsQ8tSI+l4U5f6MbYZ
-pFT+mxL4+N+PQbWN5w3qYWK6Ilh77+0rKfGVrLH7s7kCgYEA/2SXFnUgJUnKpuE0
-4buUtPCMw8j+qZsJZ8nmf2BbwIGgp+CFGlO6aG4sfzYulpQuZOsnKRIu5qoE3xQp
-MzuqWPZ8eygAubBdddaym3kPRiMAxTXPr+vBFyvti+oFflxaTsTXAfCXD2wM8yKm
-Od16xg9co3NED2zt62mtSM6NOiUCgYEA5Kmt1JqL4ymMe9gBZ07Ar7GCfmmqepSb
-w9XqgkHDk0ZYizNeQupPQrypfdeLFlKVnlp4DycEA4XzGdFgp1+PkAMSIVDUZZp5
-KxWJdQkdScENe1eYAz0vALCWSnUahyMGuNW9Xe/z2mtNLKRYcNDQ2LROJTQjShvw
-XSfVQXS597cCgYEAgXG5hn9tAJlLJpQk2njZ4W++2QkJ0msrNDjIJC1xs7u/8vbA
-X9yqMX4N/Zg3ush2T15EpfN6ZB0uhObSDw6hw5+C7mUTIQq8BBsCwfx0+maJYGtq
-zc6fOqBgMTc2+5nRh/UKyQfpeL6aPa2FNPUF4lcs7AdjKrJaUKRqWOmf+SUCgYAd
-ksRkpshIzOraaYlk7w6EqpSR/OCLkgTDQztdNVwyA/sXpcEfLmap3vScze+zJ2Mq
-Y9D7RLSEMCLMyAOUIgvTOFJz9JxDt8LMC7EHbfJXw5wWw7FpWdRmZnBJmPOhXqpT
-5XDkYVBMg2wrxeWaUadxH4Cr1x5pS0u/AJPYL1yN6QKBgApwfVmCWXS0S1++6KiM
-WN+jyvqmF4FS6Ib5TII1/diChY0PCO/UnmVPYg1AIqsdT5ghVreZs7wuHi1LsXQ4
-41nBmUnhdaiKCz9qVybXJwvicn/2MlsIi5C4Ox97OHJyCR1iKxf5A2ypfYEuh25V
-NZZ4n9p5PhcLev6x3QhuWosT
------END PRIVATE KEY-----

software/caddy-frontend/test/setup.py

@@ -44,6 +44,7 @@ setup(name=name,
         'forcediphttpsadapter',
         'requests-toolbelt',
         'supervisor',
+        'cryptography',
       ],
       zip_safe=True,
       test_suite='test',

software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_file_list_run-CADDY.txt

 TestDuplicateSiteKeyProtection-0/var/run/monitor-httpd.pid
 TestDuplicateSiteKeyProtection-0/var/run/monitor/monitor-bootstrap.pid
-TestDuplicateSiteKeyProtection-1/var/run/caddy_configuration.signature
+TestDuplicateSiteKeyProtection-1/var/run/caddy_graceful_signature
+TestDuplicateSiteKeyProtection-1/var/run/caddy_graceful_signature.tmp
+TestDuplicateSiteKeyProtection-1/var/run/caddy_validate_signature
+TestDuplicateSiteKeyProtection-1/var/run/caddy_validate_signature.status
 TestDuplicateSiteKeyProtection-1/var/run/httpd.pid
 TestDuplicateSiteKeyProtection-1/var/run/monitor-httpd.pid
 TestDuplicateSiteKeyProtection-1/var/run/monitor/monitor-bootstrap.pid
-TestDuplicateSiteKeyProtection-1/var/run/ncaddy_configuration.signature
-TestDuplicateSiteKeyProtection-1/var/run/nginx.pid
\ No newline at end of file
+TestDuplicateSiteKeyProtection-1/var/run/nginx.pid
+TestDuplicateSiteKeyProtection-1/var/run/nginx_graceful_signature
+TestDuplicateSiteKeyProtection-1/var/run/nginx_graceful_signature.tmp
+TestDuplicateSiteKeyProtection-1/var/run/nginx_validate_signature
+TestDuplicateSiteKeyProtection-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_run-CADDY.txt

 TestEnableHttp2ByDefaultDefaultSlave-0/var/run/monitor-httpd.pid
 TestEnableHttp2ByDefaultDefaultSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestEnableHttp2ByDefaultDefaultSlave-1/var/run/caddy_configuration.signature
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/caddy_graceful_signature
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/caddy_graceful_signature.tmp
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/caddy_validate_signature
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/caddy_validate_signature.status
 TestEnableHttp2ByDefaultDefaultSlave-1/var/run/httpd.pid
 TestEnableHttp2ByDefaultDefaultSlave-1/var/run/monitor-httpd.pid
 TestEnableHttp2ByDefaultDefaultSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestEnableHttp2ByDefaultDefaultSlave-1/var/run/ncaddy_configuration.signature
-TestEnableHttp2ByDefaultDefaultSlave-1/var/run/nginx.pid
\ No newline at end of file
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/nginx.pid
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/nginx_graceful_signature
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/nginx_graceful_signature.tmp
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/nginx_validate_signature
+TestEnableHttp2ByDefaultDefaultSlave-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_run-CADDY.txt

 TestEnableHttp2ByDefaultFalseSlave-0/var/run/monitor-httpd.pid
 TestEnableHttp2ByDefaultFalseSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestEnableHttp2ByDefaultFalseSlave-1/var/run/caddy_configuration.signature
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/caddy_graceful_signature
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/caddy_graceful_signature.tmp
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/caddy_validate_signature
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/caddy_validate_signature.status
 TestEnableHttp2ByDefaultFalseSlave-1/var/run/httpd.pid
 TestEnableHttp2ByDefaultFalseSlave-1/var/run/monitor-httpd.pid
 TestEnableHttp2ByDefaultFalseSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestEnableHttp2ByDefaultFalseSlave-1/var/run/ncaddy_configuration.signature
-TestEnableHttp2ByDefaultFalseSlave-1/var/run/nginx.pid
\ No newline at end of file
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/nginx.pid
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/nginx_graceful_signature
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/nginx_graceful_signature.tmp
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/nginx_validate_signature
+TestEnableHttp2ByDefaultFalseSlave-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_file_list_run-CADDY.txt

 TestMalformedBackenUrlSlave-0/var/run/monitor-httpd.pid
 TestMalformedBackenUrlSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestMalformedBackenUrlSlave-1/var/run/caddy_configuration.signature
+TestMalformedBackenUrlSlave-1/var/run/caddy_graceful_signature
+TestMalformedBackenUrlSlave-1/var/run/caddy_graceful_signature.tmp
+TestMalformedBackenUrlSlave-1/var/run/caddy_validate_signature
+TestMalformedBackenUrlSlave-1/var/run/caddy_validate_signature.status
 TestMalformedBackenUrlSlave-1/var/run/httpd.pid
 TestMalformedBackenUrlSlave-1/var/run/monitor-httpd.pid
 TestMalformedBackenUrlSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestMalformedBackenUrlSlave-1/var/run/ncaddy_configuration.signature
 TestMalformedBackenUrlSlave-1/var/run/nginx.pid
+TestMalformedBackenUrlSlave-1/var/run/nginx_graceful_signature
+TestMalformedBackenUrlSlave-1/var/run/nginx_graceful_signature.tmp
+TestMalformedBackenUrlSlave-1/var/run/nginx_validate_signature
+TestMalformedBackenUrlSlave-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_file_list_run-CADDY.txt

 TestQuicEnabled-0/var/run/monitor-httpd.pid
 TestQuicEnabled-0/var/run/monitor/monitor-bootstrap.pid
-TestQuicEnabled-1/var/run/caddy_configuration.signature
+TestQuicEnabled-1/var/run/caddy_graceful_signature
+TestQuicEnabled-1/var/run/caddy_graceful_signature.tmp
+TestQuicEnabled-1/var/run/caddy_validate_signature
+TestQuicEnabled-1/var/run/caddy_validate_signature.status
 TestQuicEnabled-1/var/run/httpd.pid
 TestQuicEnabled-1/var/run/monitor-httpd.pid
 TestQuicEnabled-1/var/run/monitor/monitor-bootstrap.pid
-TestQuicEnabled-1/var/run/ncaddy_configuration.signature
-TestQuicEnabled-1/var/run/nginx.pid
\ No newline at end of file
+TestQuicEnabled-1/var/run/nginx.pid
+TestQuicEnabled-1/var/run/nginx_graceful_signature
+TestQuicEnabled-1/var/run/nginx_graceful_signature.tmp
+TestQuicEnabled-1/var/run/nginx_validate_signature
+TestQuicEnabled-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_run-CADDY.txt

 TestRe6stVerificationUrlDefaultSlave-0/var/run/monitor-httpd.pid
 TestRe6stVerificationUrlDefaultSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestRe6stVerificationUrlDefaultSlave-1/var/run/caddy_configuration.signature
+TestRe6stVerificationUrlDefaultSlave-1/var/run/caddy_graceful_signature
+TestRe6stVerificationUrlDefaultSlave-1/var/run/caddy_graceful_signature.tmp
+TestRe6stVerificationUrlDefaultSlave-1/var/run/caddy_validate_signature
 TestRe6stVerificationUrlDefaultSlave-1/var/run/httpd.pid
 TestRe6stVerificationUrlDefaultSlave-1/var/run/monitor-httpd.pid
 TestRe6stVerificationUrlDefaultSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestRe6stVerificationUrlDefaultSlave-1/var/run/ncaddy_configuration.signature
-TestRe6stVerificationUrlDefaultSlave-1/var/run/nginx.pid
\ No newline at end of file
+TestRe6stVerificationUrlDefaultSlave-1/var/run/nginx.pid
+TestRe6stVerificationUrlDefaultSlave-1/var/run/nginx_graceful_signature
+TestRe6stVerificationUrlDefaultSlave-1/var/run/nginx_graceful_signature.tmp
+TestRe6stVerificationUrlDefaultSlave-1/var/run/nginx_validate_signature
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_run-CADDY.txt

 TestRe6stVerificationUrlSlave-0/var/run/monitor-httpd.pid
 TestRe6stVerificationUrlSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestRe6stVerificationUrlSlave-1/var/run/caddy_configuration.signature
+TestRe6stVerificationUrlSlave-1/var/run/caddy_graceful_signature
+TestRe6stVerificationUrlSlave-1/var/run/caddy_graceful_signature.tmp
+TestRe6stVerificationUrlSlave-1/var/run/caddy_validate_signature
 TestRe6stVerificationUrlSlave-1/var/run/httpd.pid
 TestRe6stVerificationUrlSlave-1/var/run/monitor-httpd.pid
 TestRe6stVerificationUrlSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestRe6stVerificationUrlSlave-1/var/run/ncaddy_configuration.signature
-TestRe6stVerificationUrlSlave-1/var/run/nginx.pid
\ No newline at end of file
+TestRe6stVerificationUrlSlave-1/var/run/nginx.pid
+TestRe6stVerificationUrlSlave-1/var/run/nginx_graceful_signature
+TestRe6stVerificationUrlSlave-1/var/run/nginx_graceful_signature.tmp
+TestRe6stVerificationUrlSlave-1/var/run/nginx_validate_signature
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_run-CADDY.txt

 TestReplicateSlave-0/var/run/monitor-httpd.pid
 TestReplicateSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestReplicateSlave-1/var/run/caddy_configuration.signature
+TestReplicateSlave-1/var/run/caddy_graceful_signature
+TestReplicateSlave-1/var/run/caddy_graceful_signature.tmp
+TestReplicateSlave-1/var/run/caddy_validate_signature
+TestReplicateSlave-1/var/run/caddy_validate_signature.status
 TestReplicateSlave-1/var/run/httpd.pid
 TestReplicateSlave-1/var/run/monitor-httpd.pid
 TestReplicateSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestReplicateSlave-1/var/run/ncaddy_configuration.signature
-TestReplicateSlave-1/var/run/nginx.pid
\ No newline at end of file
+TestReplicateSlave-1/var/run/nginx.pid
+TestReplicateSlave-1/var/run/nginx_graceful_signature
+TestReplicateSlave-1/var/run/nginx_graceful_signature.tmp
+TestReplicateSlave-1/var/run/nginx_validate_signature
+TestReplicateSlave-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -27,6 +27,8 @@ TestSlave-1/var/log/httpd/_enable_cache-disable-via-header_access_log
 TestSlave-1/var/log/httpd/_enable_cache-disable-via-header_error_log
 TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
 TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
+TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
 TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
 TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
 TestSlave-1/var/log/httpd/_enable_cache_access_log
@@ -51,6 +53,8 @@ TestSlave-1/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
 TestSlave-1/var/log/httpd/_server-alias_error_log
 TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_access_log
 TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_error_log
+TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
 TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
 TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
 TestSlave-1/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
@@ -67,6 +71,8 @@ TestSlave-1/var/log/httpd/_type-zope-path_access_log
 TestSlave-1/var/log/httpd/_type-zope-path_error_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
+TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
 TestSlave-1/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_run-CADDY.txt

 TestSlave-0/var/run/monitor-httpd.pid
 TestSlave-0/var/run/monitor/monitor-bootstrap.pid
-TestSlave-1/var/run/caddy_configuration.signature
+TestSlave-1/var/run/caddy_graceful_signature
+TestSlave-1/var/run/caddy_graceful_signature.tmp
+TestSlave-1/var/run/caddy_validate_signature
+TestSlave-1/var/run/caddy_validate_signature.status
 TestSlave-1/var/run/httpd.pid
 TestSlave-1/var/run/monitor-httpd.pid
 TestSlave-1/var/run/monitor/monitor-bootstrap.pid
-TestSlave-1/var/run/ncaddy_configuration.signature
-TestSlave-1/var/run/nginx.pid
\ No newline at end of file
+TestSlave-1/var/run/nginx.pid
+TestSlave-1/var/run/nginx_graceful_signature
+TestSlave-1/var/run/nginx_graceful_signature.tmp
+TestSlave-1/var/run/nginx_validate_signature
+TestSlave-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_monitor_promise_list-CADDY.txt

@@ -28,6 +28,8 @@ TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify-unverified-
 TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_https-only-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_https-only-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_monitor-ipv4-test-error-log-last-day
@@ -53,6 +55,8 @@ TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-las
 TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_ssl_ca_crt_does_not_match-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_ssl_ca_crt_does_not_match-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_ssl_ca_crt_garbage-error-log-last-day
@@ -73,6 +77,8 @@ TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-err
 TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_type-zope-virtualhostroot-http-port-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_type-zope-virtualhostroot-http-port-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_type-zope-virtualhostroot-https-port-error-log-last-day

software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_run-CADDY.txt

 TestSlaveBadParameters-0/var/run/monitor-httpd.pid
 TestSlaveBadParameters-0/var/run/monitor/monitor-bootstrap.pid
-TestSlaveBadParameters-1/var/run/caddy_configuration.signature
+TestSlaveBadParameters-1/var/run/caddy_graceful_signature
+TestSlaveBadParameters-1/var/run/caddy_graceful_signature.tmp
+TestSlaveBadParameters-1/var/run/caddy_validate_signature
+TestSlaveBadParameters-1/var/run/caddy_validate_signature.status
 TestSlaveBadParameters-1/var/run/httpd.pid
 TestSlaveBadParameters-1/var/run/monitor-httpd.pid
 TestSlaveBadParameters-1/var/run/monitor/monitor-bootstrap.pid
-TestSlaveBadParameters-1/var/run/ncaddy_configuration.signature
-TestSlaveBadParameters-1/var/run/nginx.pid
\ No newline at end of file
+TestSlaveBadParameters-1/var/run/nginx.pid
+TestSlaveBadParameters-1/var/run/nginx_graceful_signature
+TestSlaveBadParameters-1/var/run/nginx_graceful_signature.tmp
+TestSlaveBadParameters-1/var/run/nginx_validate_signature
+TestSlaveBadParameters-1/var/run/nginx_validate_signature.status
\ No newline at end of file

software/caddy-frontend/test/testserver.example.com.pem

------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAp0BSMfhzYo62X7FtSivZRpFn3HH5ij/fhQGla3C7gCIjsQCe
-FZwYvK6i+qyGz4vC6fxj04ZHrAn6Xh3AQN/HA9OGEew0opL1tPtLoblbWTQv9gqh
-nBupfPPZnvf7DOzfMKUvcl2RJAUZ9jWLGiUvYhtdCVGR9evq1z6O5ZMfoy29L1fB
-Qc7k8Y6+bgunu85uVXxIxZQkb9wWY6A6B1qKLYkF3qi/6hto/XY+DEL23aBzWLuz
-Zv1LmrzFarAsnc/UzsubrPaTho3EknNcfIxfNioFf0MBykEhTwZh6owh2c70ri2y
-J0mg3bGMDcQyxlZrGPQVAlV9/1zrIKogrufDtQIDAQABAoIBACqXLZc+DpwNfZG2
-y/70VZsr0ggIGiTDiTcEqUxH4+eIShB7+MXF/2KlEinFn3rgu1z8gatO6Zd83v3y
-k4+xrKtjxSNxRCIWTG2vBJ6FZia8LG56XJc1UB7athNOUOcEtv1bQ07bVueWSPsy
-vV6GE5/nGfUSiZnXXvE7JAaARbE2vix85CEZbSqps4plw+IRla5izgk2lfGeXZO4
-tv0ci+5C+U5CbOA+i9I/m0qZBAqzBqCxiN/VRZSG6kxc0XF58NaJNCFqGUCzd+On
-nLhSWxE+0+roj4BSsV8H2AHQzFy/d9eMiSoSGPLb0Sa0zvbcvf6SeknymEiTTAUK
-nj94do0CgYEA0ontvQtCir443/2rkaUeXscJQO07QeGqztgSjEZj5GiT9cgBqlWQ
-DsY6BoOHHMjJcWy4gEiz+whZOw87exy1ECevx5fazQzBwJvMD3qTOilOk49VzKs1
-xrOdm3Me3E3X8AT3kKxrGdT/kHWlCij/Y+SIq2+YVh6t15p9P51eY2MCgYEAy12Q
-K+llzNyL/6ml7CczfjNHkUlIMXlHs+bRk1eG+clUmoIQR7bxuhM6G23auGpq58mu
-KhfThEytxU1vDSsXJKueLD59pWRDvwLDlLxoXXWgkdzWRMzKkJc/vd3GTJBW2ZpX
-e66TEowBJkaftVAkGnded9EoKQKbGF2+/4/chAcCgYA1/8xrJT0u6rUZti1QEMKm
-WnRkI7SEJEY0ATVYpyEtzyjL7D2JG6L0NyFg1FFOL62DGviDZqJK64w/WpvN6sIB
-37v0/FzRJMl5BjyjZ7PlQfz2WdgOw4bqbN0qpq8uoASXeh6pC5/4oyndOl9XKMbA
-LzhiiB/RTtMVrnkbXNh9swKBgDhBZI1RHhECfVO2ySg/W9YwNz7wZ6EP7I7ObfD1
-SGg2kkm/auN7rviLMwq9Y8CZ54LA3oXUW3WAhJ1Mo0igP+Gr+7A/hSBIURk4mYO+
-bpxT2pwe28LiZ7KBtGdAPweU8gF12XdkPljmE7dT2AAe8C3GEYLRf+uARgkCfcBS
-OmznAoGAFXa3/sx8uBrA4rxpE9b/nEQNr8n0NatH7tW3fry88wYBLyFYdHrAmM/p
-7a1/iLFvCl3fzZdiAxPplFw6neCpxD2ghHXZjN5njevs9AECNhf5M3EraNJW3tn5
-b6+wwlbNqFm8NymFoq3Zeq8HUXPQbdUKOwSiwxQ5+5XdSsYOZoQ=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDRTCCAi0CCQDQ1EVpyJg5UzANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMRwwGgYDVQQDDBNUZXN0IFNlcnZlciBSb290IENBMB4XDTE4MDYy
-NzExMjIxMloXDTI4MDYyNDExMjIxMlowZjELMAkGA1UEBhMCQVUxEzARBgNVBAgM
-ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEf
-MB0GA1UEAwwWdGVzdHNlcnZlci5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKdAUjH4c2KOtl+xbUor2UaRZ9xx+Yo/34UBpWtwu4Ai
-I7EAnhWcGLyuovqshs+Lwun8Y9OGR6wJ+l4dwEDfxwPThhHsNKKS9bT7S6G5W1k0
-L/YKoZwbqXzz2Z73+wzs3zClL3JdkSQFGfY1ixolL2IbXQlRkfXr6tc+juWTH6Mt
-vS9XwUHO5PGOvm4Lp7vOblV8SMWUJG/cFmOgOgdaii2JBd6ov+obaP12PgxC9t2g
-c1i7s2b9S5q8xWqwLJ3P1M7Lm6z2k4aNxJJzXHyMXzYqBX9DAcpBIU8GYeqMIdnO
-9K4tsidJoN2xjA3EMsZWaxj0FQJVff9c6yCqIK7nw7UCAwEAATANBgkqhkiG9w0B
-AQsFAAOCAQEAtEfuCYN5xQ+xwFF4UwJtQvv+DGlxzSPZUxY4h5BH7BbyC+XVvo7l
-iY0pCHI7PsZRSMK3KaUuLYll/7mNB6GCE2zocWfIZwTgoJEhw35iVj07SYIcnd5h
-R1XBGEn2EQfZEkjH5kuTBUKR1EE5yJimhG89chQkP5eAWsPNUM55XmojNt5uZawb
-C8bJXGtlNGSgmfXCcGBp9VW3ImEKDoyLJuBqIcBfMv/3ENnKbuTt+cLaaLWkqX48
-JSqEL41S6tU8Jmv3HrhSWmZJjCJ+gRXKANhlAOxuddTkaEnToe9G51Ekj0uRHF37
-LHdySTpMHXg1Cm4njhLqVcRoikrSkYcHPA==
------END CERTIFICATE-----

software/caddy-frontend/test/testserver.root.ca.crt

------BEGIN CERTIFICATE-----
-MIIDmTCCAoGgAwIBAgIJAOZ30I7+VqTNMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxHDAaBgNVBAMME1Rlc3QgU2VydmVyIFJvb3QgQ0EwHhcN
-MTgwNjI3MTExOTEzWhcNMjgwNjI0MTExOTEzWjBjMQswCQYDVQQGEwJBVTETMBEG
-A1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
-THRkMRwwGgYDVQQDDBNUZXN0IFNlcnZlciBSb290IENBMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEA6arXFNc2fl39wAgvFvB7XQILJ8xT/89n6KwvZHIs
-eqptNgT7k2LCrsWDqvQS+fsAY62OSpt6gWckM2Q9toY6niXzvElj/+C3FxdEounN
-dgHfG1M3imTbAPR/E2bPGUoWtod0DrHkIF3HlqvjTsKvk0t2XglbobZc3JFHzw2R
-Vnh0NjGHxH5tvE0hiM2rdyMUOXJeLqz/iILqOEjBscHKUcb9rTvI08N0/FFpRtbB
-JAgQeZB85ZxGqyg1pRwveG+mDALv9IImqtIpe9D/OwjOyF8MErS/Yfjqyw2eejj/
-dX9GNFnuGxlyZ7GKRncHPR2QmKrIz+1NNqsXITPs5zVo/QIDAQABo1AwTjAdBgNV
-HQ4EFgQUerhRsTxEadhORRVlRtqZryF456kwHwYDVR0jBBgwFoAUerhRsTxEadhO
-RRVlRtqZryF456kwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAs6Oi
-CMhQ6a8bW7u8jcC7Y2/50TlviQo+IQ44wgCJrnZCHDXdMLwwm7VjiUl33Z6YjnT+
-UVzkA7O2aTHop1peR3kpJ/JP6yrGudj7gZJNLlQXEKopT0MFaZWxI80LP8gIHlsx
-nzhe6Kzw8xtGiC0O4j3aJwsJp/ggaNYp37AyEA0KkGbLtA5QrpfZfvPV/zoiXQbn
-HkzaYgf1VcfwjoSi4cBO0IE2iHWjGKCoo3WGCKzoyY/ldpyqFhOvAhL5FoS7hQcl
-5meowzyz7OVGqvbhZgETNqFyl0la9JeMhbDG3+tHX6K5dbcOYRJUv/INO2CNnW/K
-o1vE6iTVxjew2tnoMQ==
------END CERTIFICATE-----

software/caddy-frontend/test/testserver.root.ca.key

------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6arXFNc2fl39wAgvFvB7XQILJ8xT/89n6KwvZHIseqptNgT7
-k2LCrsWDqvQS+fsAY62OSpt6gWckM2Q9toY6niXzvElj/+C3FxdEounNdgHfG1M3
-imTbAPR/E2bPGUoWtod0DrHkIF3HlqvjTsKvk0t2XglbobZc3JFHzw2RVnh0NjGH
-xH5tvE0hiM2rdyMUOXJeLqz/iILqOEjBscHKUcb9rTvI08N0/FFpRtbBJAgQeZB8
-5ZxGqyg1pRwveG+mDALv9IImqtIpe9D/OwjOyF8MErS/Yfjqyw2eejj/dX9GNFnu
-GxlyZ7GKRncHPR2QmKrIz+1NNqsXITPs5zVo/QIDAQABAoIBAQDRYTFrTlFZOJXZ
-TjwL3R9dvygJ2HDoh4w/lJK++gPbQv2raxmW/ucePoR2WlDqyTyXFPys49cJP0fT
-+R3HgU3jSnS2IjlGHrFRMpthNAnUlWa7EH1zOF5545w+4V/v9FCX7JZVWJfnXMEs
-xQdhGtjDLtp49v+xzzw0tMXYxfqWtJBuFT2Dft60lH/kcCyD7TWQD30OyP28QuYK
-Zn4uCDBCOYuHTb/eu6MLKGRkuyRbgXoCCjjziQ/u8lcUx7nPa1qTdGHAglNei5CV
-nrDsaEQGd3U7jUgOpbd+a5E5UaFtR8HoBtIDQf72JTWBrKSjkmIHZsJSU8tMKZi4
-nGr7mA4hAoGBAPcGQWdAa6qZIKTwp6EDJMBbSDH70ykBFgE4nmKAlxcfPlR0CU3R
-iahVvvuNyE//rPEhZBGqh8VEfZfkz1H5zLJQS5EV6ePbKYQE2q9JHugMrw8zh5MH
-89NpK+O9p/3MrCPAZgWGVQ3nfLkV0WTGGiSdLFDAvBtRZeMmsi2JedTJAoGBAPIo
-V1bwRzihtvZT/rc86jYvJbMR49lbal8pHsIg5FS0EAgQp4tgMnEfqI3UHvjYIUJa
-CursrHOFX0hypP2DW2BxJ6yMYv/jQivyxziCSd+xrSfR0B3vjJ33ayqs3EnS4MzY
-jbaWm1O2Z585ZlulqGWfhJ3m7dzeGqXmNrMWABCVAoGAYU59hQbDYrhfO5nw7mQm
-nf9XORlR3N0opeJ/wZ2V5u3Px8TNxXG9ICpmyQDY32p/3ZyhprPeN777GlJvuIMG
-N1eZ7NUNBUzX1cFzw4iyPAaDDyHlTe3cBnNvbo7PFhMB3DN1/Mclygxd/SqzCVdg
-BPxE8Kp7budpk0ky9u0oqMECgYEAq6hPKXDQe+Oe6AToxgnnWRuY1NR0uOqlf+mN
-RT29vhGaX602p4U8nJY9jLR2dB35jah4nsnBAW7k+V1TeeY4yyfLYPRvZUc67B6A
-fJ1XMrwnq9d+eQoLmxr9m9XHnolfE7ba1jjyyKe/0s4Esii/M7KddrVxniTPrRSB
-Z/fLefUCgYEAl2Al2BK4ZYK6HSeFxZ1kaVkcefL1QBMzgLY8LPVpReoaULdFzwat
-3elM8C31FDBvIaWzJCQMIIrFEldvU4tvBF7Mbe8lDDQXotoI6zTWMnNUGV3Xd0wc
-hep0oINBctav7pVJ7Mf+X0Wqfc4D40FPbMzHMUxfdKs9eo9qR/fktYI=
------END RSA PRIVATE KEY-----

software/caddy-frontend/test/testserver.srl

-D0D44569C8983953

software/caddy-frontend/test/wildcard.example.com.crt

------BEGIN CERTIFICATE-----
-MIIDjzCCAnegAwIBAgIJAP4QzV9d5d8KMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxFjAUBgNVBAMMDSouZXhhbXBsZS5jb20wIBcNMTgwNDE3
-MTE0MjAxWhgPMjExODAzMjQxMTQyMDFaMF0xCzAJBgNVBAYTAkFVMRMwEQYDVQQI
-DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx
-FjAUBgNVBAMMDSouZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC0MNnojTq6Yp60ecvP5lZGa6owZp64sumaT66JInTFJcSV/ls0AbPN
-KPTcNRgbFLIuv/3Xhgi6YAxIz2PXdCDPj1fp4rVIijhpedaWZaIOeTqSGEg+5/iL
-4UTxm166NgCU1zp0QsmU8MXJFv4YxTZsF9LlGFcP6uUQ9sY98yv+hErCxRXo+dXd
-GGG4LTVLGPeRYNX2JVD5BxoNkL5/3IMylrFvI8aRFTKVn1P8UPJ5K9du3E0wHJY6
-MkstZX3xKcGKSn2w1zIaq/NcrbLXvp6eZauLtMpZ9vW+CtYV3diOm2TiMvQIyCRM
-4mWbaf76bpGiz9/+11w6U9n6zMzKTq+5AgMBAAGjUDBOMB0GA1UdDgQWBBT/Kswu
-BKM3GXaIWvQ8Vs1xhs/1vzAfBgNVHSMEGDAWgBT/KswuBKM3GXaIWvQ8Vs1xhs/1
-vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAeeV7VIqbNL6Xe0I5y
-fl44ogBY0zoYJH+p7HCebazZKepy7f+EeWv8B3dHODrilSYCnsOqhta8mMSMrgsT
-TFByr/8NN/4UFe9FeKnxD9Sun0EetESkaeMqAGCK921lT0eU4IhA0JLRj16HomuK
-I/JBFwUXFn6vVypw5R41zwnikv+EB0fSC4biSXWXUarGqlRCF7o00CPKqAaTE0yX
-H4Yz3lR/Vuce7uFvkIY+F4vXtq1sy/tb4QBWlDS6t7cmeBGcvaQ8mlndA9T+us0l
-/wb9mzdTcwkrkM2kk++GnS0NCAQfOalF3x8wG6j8DrU2dQ1NXh205c/zo0BljQr8
-P84v
------END CERTIFICATE-----

software/caddy-frontend/test/wildcard.example.com.key

------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0MNnojTq6Yp60
-ecvP5lZGa6owZp64sumaT66JInTFJcSV/ls0AbPNKPTcNRgbFLIuv/3Xhgi6YAxI
-z2PXdCDPj1fp4rVIijhpedaWZaIOeTqSGEg+5/iL4UTxm166NgCU1zp0QsmU8MXJ
-Fv4YxTZsF9LlGFcP6uUQ9sY98yv+hErCxRXo+dXdGGG4LTVLGPeRYNX2JVD5BxoN
-kL5/3IMylrFvI8aRFTKVn1P8UPJ5K9du3E0wHJY6MkstZX3xKcGKSn2w1zIaq/Nc
-rbLXvp6eZauLtMpZ9vW+CtYV3diOm2TiMvQIyCRM4mWbaf76bpGiz9/+11w6U9n6
-zMzKTq+5AgMBAAECggEAR9n2+pFearYqnMK4b9Vkb7485gH1pqbJGdxON6bCs16F
-Dl6X1ZwcK2H6idiuHRZamuO5//gVgOQN4fa41FAdSUbagowBR8S+C+kmlWA/h8/1
-eA4wuMzdQkH4sPMIie5Auxk72OJM6ZQ8+huuBQiW0/GICgxzowhCgUo18LwHvfwt
-XWLHplRFczgM4WEu+HVx1W9y/irOhEUEzwNfXdDTVE4bnwzb24qR0CRIdp3gc8Os
-JoUFMgbV3qfJLmzqURLIlVc3Y9FFbWrr5zhzTx2vvoT1j83e56qKHbKanr2R6NQZ
-UOsCgDvzrc9WqKE9/hwvxvPlx/L3UWuhPMpljZ8gBQKBgQDX4Qo27l8KPk9fXA18
-SrRcAAGN+moc+Y0T9WbcbXCJLLU6TO3eJqW9H3Kwb80O/zycUBFK/dIOwZZYgsuQ
-oXFG4ykSXFY/JGTEBIkvQ7LI/7t5mn0xlw3tqB7xuMO5QEyZMQFi0xP5h1B5coiO
-Wv9T1xit4FHX2EN/CJLwlzzl1wKBgQDVrdvGi+j/1pGaEST1yhvrDduHrlMsF4BI
-X8VaNXNXg9+GxsAA6+pRPRoHvmmz/RUr/km+JxWLHEZpFDOhIzJV4JYXv/q7KDH+
-Mjf7uyRshBnR+QU38RqkENIJhEZJSa8ZYmkgU9yCDozkfVzYKdxUy6Z0+o2Omzls
-cpZP1PFE7wKBgQCGXZx0+kMPZh8TFIGURg8iYCKXkzBu3miP7qNaOYfc6YXXRsCb
-D+UC5MsGxF+WoQjBphhNW9RduOJyLt6zI7kUzRjoQ66u2GEbnFMipvlln765fo3D
-yugxbv3rp/uylzHV+6mIMCbzneRZ4w7ZxAu9zFihCMkIFqRUMir7MrcFuwKBgFbK
-88ZF9jJU+XdXF2gu3AAx9MW77VSvhw/ets7ZfyxBCH46JKs7KEYvR291zIGrfvoL
-o/B09681oPP1nLMLFNsFCnJDLJjwzr2tsEez0CuzzLkZKSF78ZJKssXi0JncMB9j
-dcgHyD2bo2b79MZo2nIm9kn1q6INMtn2AVAT8pxJAoGAZfysuUMc0bdKVi41SD0A
-Ej7qX+qbXX+aA4OkTqJP3QxssD6CuZZwUKW7qj8AoOcLKsmwdjetetny46OMEXzN
-5Fk3ahCD1cycFGBawNY10x5Xy+4iApzPiO1Ujd3t7FAIrLPWFwzmLIL8pxUNuHEn
-OC9RrI4tzsvWHhMaLKVCh0g=
------END PRIVATE KEY-----

software/erp5testnode/buildout.hash.cfg

@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e
 
 [template-default]
 filename = instance-default.cfg
-md5sum = d5a4270e5e7827db2e6a19d2eedb570b
+md5sum = ff368286a75243d0536ee6a974107b6f

software/erp5testnode/instance-default.cfg

@@ -85,8 +85,6 @@ rendered = $${basedirectory:services}/shellinaboxd
 template = inline:
   #!/bin/sh
   exec ${shellinabox:location}/bin/shellinaboxd \
-    --disable-ssl \
-    --disable-ssl-menu \
     --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
     --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
 

software/erp5testnode/testsuite/caddy-frontend/buildout.hash.cfg

@@ -15,4 +15,4 @@
 
 [template]
 filename = instance.cfg
-md5sum = a345d46655c3e841c2ecf4e3a0446c8f
+md5sum = d8d9e9a4bd00ccba2c448bb9d5d6aeae

software/erp5testnode/testsuite/caddy-frontend/instance.cfg

@@ -37,7 +37,7 @@ command-line =
 
 # XXX slapos.cookbook:wrapper does not allow extending env, so we add some default $PATH entries ( not sure they are needed )
 environment =
-  PATH=${curl:location}/bin/:${openssl:location}/bin/:/usr/bin/:/bin
+  PATH=${quic_client-bin:location}:${curl:location}/bin/:/usr/bin/:/bin
   LOCAL_IPV4=$${slap-configuration:ipv4-random}
   GLOBAL_IPV6=$${slap-configuration:ipv6-random}
   SLAPOS_TEST_WORKING_DIR=$${create-directory:working-dir}

software/erp5testnode/testsuite/caddy-frontend/software.cfg

@@ -3,7 +3,9 @@
 extends =
   ../../../../component/git/buildout.cfg
   ../../../../component/curl/buildout.cfg
+  ../../../../component/python-cryptography/buildout.cfg
   ../../../../stack/slapos.cfg
+  ../../../../component/quic_client-bin/buildout.cfg
   ./buildout.hash.cfg
 
 parts =
@@ -30,6 +32,7 @@ recipe = zc.recipe.egg
 eggs =
   ${slapos.test.caddy-frontend-setup:egg}
   ${erp5.util-setup:egg}
+  ${python-cryptography:egg}
   slapos.core
 entry-points =
   runTestSuite=erp5.util.testsuite:runTestSuite

software/erp5testnode/testsuite/seleniumrunner/README.md → software/erp5testnode/testsuite/seleniumserver/README.md

 # Selenium Server test
 
-This software release is simply to run the test suite from `../seleniumrunner/test/setup.py`
+This software release is simply to run the test suite from `../../seleniumserver/test/setup.py`
 
 Nexedi staff can see the results of this test from the test suite
-`SLAPOS-SELENIUMRUNNER-TEST` in test result module.
+`SLAPOS-SELENIUMSERVER-TEST` in test result module.
 

software/erp5testnode/testsuite/seleniumrunner/buildout.hash.cfg → software/erp5testnode/testsuite/seleniumserver/buildout.hash.cfg

@@ -15,5 +15,5 @@
 
 [template]
 filename = instance.cfg.in
-md5sum = 7e75c9eccb580f278da1784941363432
+md5sum = 3019fd19f6623cca92741582b265a1da
 

software/erp5testnode/testsuite/seleniumrunner/instance.cfg.in → software/erp5testnode/testsuite/seleniumserver/instance.cfg.in

@@ -33,7 +33,7 @@ wrapper-path = $${create-directory:bin}/runTestSuite
 command-line =
   ${buildout:bin-directory}/runTestSuite
   --python_interpreter=${buildout:bin-directory}/${eggs:interpreter}
-  --source_code_path_list=$${slapos:location}/software/seleniumrunner/test
+  --source_code_path_list=$${slapos:location}/software/seleniumserver/test
 
 
 # XXX we need "standard" path entries to compile softwares inside test

software/erp5testnode/testsuite/seleniumrunner/software.cfg → software/erp5testnode/testsuite/seleniumserver/software.cfg

@@ -16,10 +16,10 @@ parts =
 [setup-develop-egg]
 recipe = zc.recipe.egg:develop
 
-[slapos.test.seleniumrunner-setup]
+[slapos.test.seleniumserver-setup]
 <= setup-develop-egg
-egg = slapos.test.seleniumrunner
-setup = ${slapos-repository:location}/software/seleniumrunner/test/
+egg = slapos.test.seleniumserver
+setup = ${slapos-repository:location}/software/seleniumserver/test/
 
 [eggs]
 recipe = zc.recipe.egg
@@ -27,7 +27,7 @@ eggs =
   ${pillow-python:egg}
   ${python-pynacl:egg}
   ${bcrypt:egg}
-  ${slapos.test.seleniumrunner-setup:egg}
+  ${slapos.test.seleniumserver-setup:egg}
   slapos.core
 entry-points =
   runTestSuite=erp5.util.testsuite:runTestSuite

software/gitlab/gitlab-parameters.cfg

@@ -101,7 +101,7 @@ configuration.nginx_gzip_comp_level     = 2
 configuration.nginx_gzip_proxied        = any
 configuration.nginx_gzip_types          = text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json
 configuration.nginx_keepalive_timeout   = 65
-configuration.nginx_header_allow_origin = *
+configuration.nginx_header_allow_origin = $http_origin
 
 # configuring trusted proxies
 # GitLab is behind a reverse proxy, so we don't want the IP address of the proxy

software/gitlab/software.cfg

@@ -293,7 +293,7 @@ md5sum  = 7782f5c5d75663c2586e28d029c51e49
 
 [gitlab-parameters.cfg]
 <= download-file
-md5sum  = dec5d989e2d969369bd1eaffcbfb78d6
+md5sum  = 8f4537cb8a0c9a8e0058c30cb687681c
 
 [gitlab-shell-config.yml.in]
 <= download-template
@@ -325,7 +325,7 @@ md5sum  = a56a44e96f65f5ed20211bb6a54279f4
 
 [nginx-gitlab-http.conf.in]
 <= download-template
-md5sum  = 697140d980c75ddc1dd0a656b1c88447
+md5sum  = abcc5eda03e10b26c74619f299a7f6a8
 
 [nginx.conf.in]
 <= download-template
@@ -345,7 +345,7 @@ md5sum  = 4e1ced687a86e4cfff2dde91237e3942
 
 [template-gitlab-resiliency-restore.sh.in]
 <= download-template
-md5sum  = 420d999daae050351a51487b9d2f8fe0
+md5sum  = 590fcadf26085fdd17487175bc0a469d
 
 [unicorn.rb.in]
 <= download-template

software/gitlab/template/nginx-gitlab-http.conf.in

@@ -120,6 +120,7 @@ server {
   location {{ path }} {
     # Set CORS header
     add_header 'Access-Control-Allow-Origin' {{ cfg('nginx_header_allow_origin') }};
+    add_header 'Access-Control-Allow-Credentials' true;
     ## If you use HTTPS make sure you disable gzip compression
     ## to be safe against BREACH attack.
     {{ 'gzip off;' if cfg_https else ''}}

software/gitlab/template/template-gitlab-resiliency-restore.sh.in

@@ -69,7 +69,7 @@ trap "echo 'kill $postgres_pid" EXIT TERM INT
 echo "Starting Redis server..."
 $redis_executable &
 redis_pid=$!
-trap "kill $redis_pid" EXIT TERM INT
+trap "kill $postgres_pid $redis_pid" EXIT TERM INT
 echo "[OK]"
 echo "Restoring gitlab data..."
 
@@ -86,11 +86,11 @@ $promise_check/gitlab-app
 echo "Starting Unicorn to check gitlab-shell promise..."
 $unicorn_script &
 unicorn_pid=$!
-trap "kill $unicorn_pid" EXIT TERM INT
+trap "kill $postgres_pid $redis_pid $unicorn_pid" EXIT TERM INT
 sleep 60
 if [ -s "$run_location/unicorn.pid" ]; then
   unicorn_ppid=$(head -n 1 $run_location/unicorn.pid) > /dev/null 2>&1
-  trap "kill $unicorn_ppid" EXIT TERM INT
+  trap "kill $postgres_pid $redis_pid $unicorn_ppid" EXIT TERM INT
 fi
 $promise_check/gitlab-shell
 

software/kvm/instance-kvm-cluster.cfg.jinja2.in

@@ -136,7 +136,7 @@ return =
 {% if str(kvm_parameter_dict.get('use-tap', 'True')).lower() == 'true' -%}
 {{ '  ' }}tap-ipv4
 
-{% do publish_dict.__setitem__('lan-' ~ instance_name, '${' ~ section ~ ':connection-tap-ipv4}') -%}
+{% do publish_dict.__setitem__(instance_name ~ '-lan', '${' ~ section ~ ':connection-tap-ipv4}') -%}
 {% do kvm_hostname_list.append(instance_name ~ ' ' ~ '${' ~ section ~ ':connection-tap-ipv4}') -%}
 {% endif -%}
 {% do monitor_base_url_dict.__setitem__(instance_name, '${' ~ section ~ ':connection-monitor-base-url}') -%}

software/kvm/instance-kvm-export.cfg.jinja2

@@ -7,12 +7,15 @@ parts +=
   cron-entry-backup
 
   certificate-authority
+  certificate-authority-service
   publish-connection-information
   kvm-vnc-promise
   kvm-disk-image-corruption-promise
   websockify-sighandler
+  websockify-sighandler-service
   novnc-promise
   cron
+  cron-service
   frontend-promise
 # monitor parts
   monitor-base

software/kvm/instance-kvm.cfg.jinja2

@@ -184,8 +184,13 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg
 
 {% if use_nat == 'true' and nat_rule_list -%}
 {%   for port in nat_rule_list.split(' ') -%}
+{%     if ':' in port -%}
+{%       set proto, port = port.split(':') -%}
+{%     else -%}
+{%       set proto, port = 'tcp', port -%}
+{%     endif -%}
 {%     set external_port = 10000 + port|int() -%}
-{%     set section_name = '6tunnel-' ~ external_port -%}
+{%     set section_name = '6tunnel-' ~ proto ~ '-' ~ external_port -%}
 [{{ section_name }}]
 <= tunnel-6to4-base
 ipv4-port = {{ external_port }}
@@ -419,8 +424,13 @@ maximum-extra-disk-amount = {{ disk_number }}
 {%   if nat_rule_list -%}
 # Publish NAT port mapping status
 {%     for port in nat_rule_list.split(' ') -%}
+{%       if ':' in port -%}
+{%         set proto, port = port.split(':') -%}
+{%       else -%}
+{%         set proto, port = 'tcp', port -%}
+{%       endif -%}
 {%       set external_port = 10000 + port|int() -%}
-nat-rule-port-{{port}} = ${slap-network-information:global-ipv6} : ${6tunnel-{{external_port}}:ipv6-port}
+nat-rule-port-{{proto}}-{{port}} = ${slap-network-information:global-ipv6} : ${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
 {%       if slapparameter_dict.get('publish-nat-url', False) -%}
 nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{external_port}}:ipv6-port}
 {%       endif -%}

software/kvm/software.cfg

@@ -99,7 +99,7 @@ recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = 149df1bc788ce68c86a5fda4872e008e
+md5sum = 0668791e78430bafdec5300b4ea8d90a
 download-only = true
 on-update = true
 
@@ -108,7 +108,7 @@ recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = fa40e4729c27236c655f66966e43becf 
+md5sum = 1282296397d445ccae59e6de7915840c
 download-only = true
 on-update = true
 
@@ -144,7 +144,7 @@ recipe = hexagonit.recipe.download
 ignore-existing = true
 url = ${:_profile_base_location_}/instance-kvm-export.cfg.jinja2
 mode = 644
-md5sum = fbad91193be6ebde5fc4c05a38a55e7b
+md5sum = 00ce5e6da3c833d9d9d1825311f11a81
 download-only = true
 on-update = true
 

software/plantuml/software.cfg

@@ -31,9 +31,8 @@ output = ${buildout:directory}/${:_buildout_section_name_}
 
 [plantuml.war]
 recipe = slapos.recipe.build:download
-# XXX the war from sourceforge has no version in URL
-url = https://netcologne.dl.sourceforge.net/project/plantuml/plantuml.war#2018-10-21
-md5sum = f956cd28b18ec34740bb1757276f9641
+url = https://downloads.sourceforge.net/project/plantuml/1.2018.13/plantuml.1.2018.13.war
+md5sum = cda05c8163237de039d777c197b3d282
 
 [versions]
 slapos.recipe.template = 4.3

software/seleniumrunner/buildout.hash.cfg

@@ -15,8 +15,4 @@
 
 [template]
 filename = instance.cfg.in
-md5sum = c4ac5de141ae6a64848309af03e51d88
-
-[template-selenium]
-filename = instance-selenium.cfg.in
-md5sum = 4167621b473f81892d38389ac427c6ba
+md5sum = 1f31a063c79e19243dcc5508e08a6ae5

software/seleniumrunner/instance.cfg.in

 [buildout]
 parts =
-  switch-softwaretype
+# this sofware has no instance, it's only intended to make programs
+# available for erp5testnode from its software.
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 offline = true
 
-[switch-softwaretype]
-recipe = slapos.cookbook:softwaretype
-default = ${template-selenium:output}
-
-[slap-connection]
-# part to migrate to new - separated words
-computer-id = $${slap_connection:computer_id}
-partition-id = $${slap_connection:partition_id}
-server-url = $${slap_connection:server_url}
-software-release-url = $${slap_connection:software_release_url}
-key-file = $${slap_connection:key_file}
-cert-file = $${slap_connection:cert_file}

software/seleniumrunner/software.cfg

-# Selenium server
-# https://seleniumhq.github.io/docs/grid.html
+# Selenium runner, helper software for erp5testnode.
+#
+# Seleniumrunner responsability is to install Xvfb as
+# ${buildout:parts-directory}/xserver/bin/Xvfb, a default firefox as
+# ${buildout:bin-directory}/firefox and a geckodriver as
+# ${buildout:bin-directory}/geckodriver for erp5testnode.
 
 [buildout]
 extends =
    ../../component/xorg/buildout.cfg
-   ../../component/lxml-python/buildout.cfg
    ../../component/firefox/buildout.cfg
-   ../../component/chromium/buildout.cfg
-   ../../component/chromedriver/buildout.cfg
    ../../component/coreutils/buildout.cfg
-   ../../component/java/buildout.cfg
-   ../../component/caddy/buildout.cfg
-   ../../component/openssh/buildout.cfg
    ../../stack/slapos.cfg
    ./buildout.hash.cfg
 
 parts =
    slapos-cookbook
    template
+   xserver
    firefox-wrapper
    geckodriver
-# seleniumserver needs to install a default firefox as ${buildout:bin-directory}/firefox and
-# a geckodriver as ${buildout:bin-directory}/geckodriver for erp5testnode
 
-[instance-recipe]
-egg = slapos.cookbook
-module = seleniumrunner
-
-[selenium-server]
-recipe = slapos.recipe.build:download
-version = 3.14.0
-md5sum = 376450bd517510442b60018646deadfe
-filename = selenium-server-standalone-${:version}.jar
-url = https://selenium-release.storage.googleapis.com/3.14/${:filename}
 
 [macro-template]
 recipe = slapos.recipe.template
@@ -43,10 +30,6 @@ mode = 0644
 <= macro-template
 output = ${buildout:directory}/template.cfg
 
-[template-selenium]
-<= macro-template
-output = ${buildout:directory}/template-selenium.cfg
-
 [versions]
 plone.recipe.command = 1.1
 slapos.recipe.template = 4.3

software/seleniumrunner/test/README.md

-Tests for SeleniumRunner software release

software/seleniumserver/buildout.hash.cfg

+# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
+# The only allowed lines here are (regexes):
+# - "^#" comments, copied verbatim
+# - "^[" section beginings, copied verbatim
+# - lines containing an "=" sign which must fit in the following categorie.
+#   - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
+#     Copied verbatim.
+#   - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
+#     by the re-generation script.
+#     Re-generated.
+# - other lines are copied verbatim
+# Substitution (${...:...}), extension ([buildout] extends = ...) and
+# section inheritance (< = ...) are NOT supported (but you should really
+# not need these here).
+
+[template]
+filename = instance.cfg.in
+md5sum = c4ac5de141ae6a64848309af03e51d88
+
+[template-selenium]
+filename = instance-selenium.cfg.in
+md5sum = 4167621b473f81892d38389ac427c6ba

software/seleniumserver/instance.cfg.in

+[buildout]
+parts =
+  switch-softwaretype
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+[switch-softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = ${template-selenium:output}
+
+[slap-connection]
+# part to migrate to new - separated words
+computer-id = $${slap_connection:computer_id}
+partition-id = $${slap_connection:partition_id}
+server-url = $${slap_connection:server_url}
+software-release-url = $${slap_connection:software_release_url}
+key-file = $${slap_connection:key_file}
+cert-file = $${slap_connection:cert_file}

software/seleniumserver/software.cfg

+# Selenium server
+# https://seleniumhq.github.io/docs/grid.html
+
+[buildout]
+extends =
+   ../../component/xorg/buildout.cfg
+   ../../component/lxml-python/buildout.cfg
+   ../../component/firefox/buildout.cfg
+   ../../component/chromium/buildout.cfg
+   ../../component/chromedriver/buildout.cfg
+   ../../component/coreutils/buildout.cfg
+   ../../component/java/buildout.cfg
+   ../../component/caddy/buildout.cfg
+   ../../component/openssh/buildout.cfg
+   ../../stack/slapos.cfg
+   ./buildout.hash.cfg
+
+parts =
+   slapos-cookbook
+   template
+
+[selenium-server]
+recipe = slapos.recipe.build:download
+version = 3.14.0
+md5sum = 376450bd517510442b60018646deadfe
+filename = selenium-server-standalone-${:version}.jar
+url = https://selenium-release.storage.googleapis.com/3.14/${:filename}
+
+[macro-template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/${:filename}
+mode = 0644
+
+[template]
+<= macro-template
+output = ${buildout:directory}/template.cfg
+
+[template-selenium]
+<= macro-template
+output = ${buildout:directory}/template-selenium.cfg
+
+[versions]
+plone.recipe.command = 1.1
+slapos.recipe.template = 4.3

software/seleniumserver/test/README.md

+Tests for SeleniumServer software release

software/seleniumrunner/test/setup.py → software/seleniumserver/test/setup.py

@@ -27,12 +27,12 @@
 from setuptools import setup, find_packages
 
 version = '0.0.1.dev0'
-name = 'slapos.test.seleniumrunner'
+name = 'slapos.test.seleniumserver'
 long_description = open("README.md").read()
 
 setup(name=name,
       version=version,
-      description="Test for SlapOS' Seleniumrunner",
+      description="Test for SlapOS' Selenium Server",
       long_description=long_description,
       long_description_content_type='text/markdown',
       maintainer="Nexedi",

software/slapos-master/buildout.hash.cfg

@@ -14,11 +14,11 @@
 # not need these here).
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = 6dfda47ff95a3fa768382d8002c8a780
+md5sum = a617197b7be3cc40d97a97c75f923a48
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = 3c7afbf160b943d2a10f527722792a23
+md5sum = 0f0ff00eca0b2ba1f1626b6415acb719
 
 [template-apache-backend-conf]
 filename = apache-backend.conf.in

software/slapos-master/instance-balancer.cfg.in

@@ -3,7 +3,7 @@
 {% set caucase_url = slapparameter_dict.get('caucase-url', '') -%}
 {% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
 {% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
-{% set shared_ca_path = slapparameter_dict['shared-certificate-authority-path'] -%}
+{% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
 {#
 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
 per partition. No more (undefined result), no less (IndexError).
@@ -104,6 +104,7 @@ ipv4 = {{ ipv4 }}
 {% for family_name, parameter_id_list in sorted(
   slapparameter_dict['zope-family-dict'].iteritems()) -%}
 {%   set zope_family_address_list = [] -%}
+{%   set ssl_authentication = slapparameter_dict['ssl-authentication-dict'].get(family_name, False) -%}
 {%   set has_webdav = [] -%}
 {%   for parameter_id in parameter_id_list -%}
 {%     set zope_address_list = slapparameter_dict[parameter_id] -%}
@@ -130,7 +131,7 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
 {%       set test_runner_apache_url_list = [] %}
 {%       set test_runner_external_port = next_port() %}
 {%       for i, (test_runner_internal_ip, test_runner_internal_port) in
-             enumerate(slapparameter_dict[parameter_id ~ '-test-runner-address-list']) %}
+             enumerate(slapparameter_dict.get(parameter_id ~ '-test-runner-address-list', [])) %}
 {%         do test_runner_backend_mapping.__setitem__(
                 'unit_test_' ~ i,
                 'http://' ~ test_runner_internal_ip ~ ':' ~ test_runner_internal_port ) %}
@@ -162,7 +163,6 @@ ipv6 = {{ zope_address.split(']:')[0][1:] }}
 {%     set internal_scheme = 'http' -%}
 {%     set external_scheme = 'https' -%}
 {%   endif -%}
-{%   set ssl_authentication = slapparameter_dict['ssl-authentication-dict'].get(family_name, False) -%}
 {%   do apache_dict.__setitem__(family_name, (next_port(), external_scheme, internal_scheme ~ '://' ~ ipv4 ~ ':' ~ haproxy_port ~ backend_path, ssl_authentication)) -%}
 {% endfor -%}
 
@@ -330,6 +330,12 @@ newcerts = ${:ca-dir}/newcerts
 crl = ${:ca-dir}/crl
 apachedex = ${monitor-directory:private}/apachedex
 
+[{{ section('resiliency-exclude-file') }}]
+# Generate rdiff exclude file in case of resiliency
+< = jinja2-template-base
+template = {{ 'inline:{{ "${directory:log}/**\\n" }}' }}
+rendered = ${directory:srv}/exporter.exclude
+
 [{{ section('monitor-generate-apachedex-report') }}]
 recipe = slapos.cookbook:cron.d
 cron-entries = ${cron:cron-entries}

software/slapos-master/instance-erp5.cfg.in

@@ -195,7 +195,9 @@ config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longreques
 config-large-file-threshold = {{ dumps(zope_parameter_dict.get('large-file-threshold', "10MB")) }}
 config-port-base = {{ dumps(zope_parameter_dict.get('port-base', 2200)) }}
 config-webdav = {{ dumps(zope_parameter_dict.get('webdav', False)) }}
+{%   if test_runner_enabled -%}
 config-test-runner-apache-url-list = ${publish-early:{{ zope_family }}-test-runner-url-list}
+{%   endif -%}
 {% endfor -%}
 
 {# if not explicitly configured, connect jupyter to first zope family, which  -#}
@@ -365,9 +367,11 @@ hosts-dict = {{ '${' ~ zope_address_list_id_dict.keys()[0] ~ ':connection-hosts-
 {% for name, value in publish_dict.items() -%}
 {{   name }} = {{ value }}
 {% endfor -%}
-{% for zope_family_name in zope_family_name_list -%}
+{% if test_runner_enabled -%}
+{%   for zope_family_name in zope_family_name_list -%}
 {{ zope_family_name }}-test-runner-url-list = ${request-balancer:connection-{{ zope_family_name }}-test-runner-url-list}
-{% endfor -%}
+{%   endfor -%}
+{% endif -%}
 
 
 [publish-early]
@@ -378,9 +382,11 @@ recipe = slapos.cookbook:publish-early
 {%- if has_posftix %}
   smtpd-sasl-password gen-smtpd-sasl-password:passwd
 {%- endif %}
-{% for zope_family_name in zope_family_name_list %}
+{% if test_runner_enabled -%}
+{%   for zope_family_name in zope_family_name_list %}
   {{ zope_family_name }}-test-runner-url-list default-balancer-test-runner-url-list:default
-{% endfor -%}
+{%   endfor -%}
+{% endif -%}
 {%- if neo %}
   neo-cluster gen-neo-cluster:name
 {%-  if neo[0] %}

software/slapos-testing/software.cfg

@@ -38,6 +38,7 @@ setup = ${caucase-repository:location}
 <= setup-develop-egg
 egg = kedifa
 setup = ${kedifa-repository:location}
+depends = ${caucase-setup:egg}
 
 [slapos.libnetworkcache-setup]
 <= setup-develop-egg

software/slaprunner/buildout.hash.cfg

@@ -18,7 +18,7 @@ md5sum = f0cab61c7b8478afb8b676fc725d50d5
 
 [template-runner]
 filename = instance-runner.cfg
-md5sum = cd855670076979919c0fd00cc0f5938c
+md5sum = d9096d49eda70f3aa02c44615077f6c9
 
 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2
@@ -26,11 +26,11 @@ md5sum = ed2e08c07a6727b2012f15da67c0705d
 
 [instance-runner-import]
 filename = instance-runner-import.cfg.in
-md5sum = 2d516c6f1337efb7def32771c2eabc2b
+md5sum = 1ed9526a6e5ac9a80e5b3add2d0a88fe
 
 [instance-runner-export]
 filename = instance-runner-export.cfg.in
-md5sum = 01395b98534066ec23a5ad5c96d5f1e7
+md5sum = 8132130c89896c2d30a08f3b3a7000ff
 
 [template-resilient]
 filename = instance-resilient.cfg.jinja2

software/slaprunner/instance-runner-export.cfg.in

@@ -23,6 +23,7 @@ parts +=
   runner-sshkeys-authority
   runner-sshkeys-authority-service
   runner-sshkeys-sshd
+  runner-sshkeys-sshd-service
   runtestsuite
   symlinks
   shellinabox

software/slaprunner/instance-runner-import.cfg.in

@@ -19,6 +19,7 @@ parts +=
   runner-sshkeys-authority
   runner-sshkeys-authority-service
   runner-sshkeys-sshd
+  runner-sshkeys-sshd-service
   runtestsuite
   shellinabox
   shellinabox-service

software/slaprunner/instance-runner.cfg

@@ -703,8 +703,6 @@ rendered = $${directory:bin}/shellinaboxd
 template = inline:
   #!/bin/sh
   exec ${shellinabox:location}/bin/shellinaboxd \
-    --disable-ssl \
-    --disable-ssl-menu \
     --unixdomain-only=$${:socket}:$(id -u):$(id -g):0600 \
     --service "/:$(id -u):$(id -g):HOME:$${shell-environment:shell} -l"
 

software/unstable/MediaWiki/software.cfg

@@ -60,68 +60,7 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
-
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.5
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/b2evolution/software.cfg

@@ -45,68 +45,8 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
 
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.6
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/cmsmadesimple/software.cfg

@@ -44,68 +44,7 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
-
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.5
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/coppermine/software.cfg

@@ -55,68 +55,7 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
-
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.5
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/dotclear/software.cfg

@@ -55,68 +55,7 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
-
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.5
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/dotproject/software.cfg

@@ -55,68 +55,7 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
-
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.5
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/eSKUeL/software.cfg

@@ -44,68 +44,7 @@ buildout-versions = 1.7
 hexagonit.recipe.cmmi = 1.5.0
 meld3 = 0.6.7
 plone.recipe.command = 1.1
-slapos.cookbook = 0.34
-slapos.recipe.build = 0.7
 slapos.recipe.template = 2.2
-slapos.toolbox = 0.10
-
-# Required by:
-# slapos.core==0.18
-# slapos.toolbox==0.10
-Flask = 0.8
-
-# Required by:
-# slapos.cookbook==0.34
-PyXML = 0.8.4
-
-# Required by:
-# hexagonit.recipe.cmmi==1.5.0
-hexagonit.recipe.download = 1.6nxd002
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.core==0.18
-# slapos.toolbox==0.10
-# xml-marshaller==0.9.7
-lxml = 2.3.1
-
-# Required by:
-# slapos.cookbook==0.34
-netaddr = 0.7.6
-
-# Required by:
-# slapos.core==0.18
-netifaces = 0.6
-
-# Required by:
-# slapos.toolbox==0.10
-paramiko = 1.7.7.1
-
-# Required by:
-# slapos.toolbox==0.10
-psutil = 0.3.0
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-slapos.core = 0.18
-
-# Required by:
-# slapos.core==0.18
-supervisor = 3.0a10
-
-# Required by:
-# slapos.cookbook==0.34
-# slapos.toolbox==0.10
-xml-marshaller = 0.9.7
-
-# Required by:
-# slapos.cookbook==0.34
-zc.recipe.egg = 1.3.2
-
-# Required by:
-# slapos.core==0.18
-zope.interface = 3.8.0
 
 [downloadcache-workaround]
 # workaround irritating problem of hexagonit.recipe.cmmi which automatically

software/unstable/lxc/software.cfg

@@ -65,8 +65,3 @@ eggs =
   slapos.toolbox
 
 [versions]
-
-# if you upgrade to >1.0.29 this recipe may break
-# as slapos.cookbook:downloader was removed.
-slapos.cookbook = 0.64.1
-slapos.toolbox = 0.30