Merge branch 'master' into apache

Conflicts:
	CHANGES.txt
	component/slapos/buildout.cfg
	setup.py
	slapos/recipe/kumofs/__init__.py
	slapos/recipe/memcached/__init__.py
	slapos/recipe/mysql/__init__.py
	software/kumofs/software.cfg
	software/mysql-5.1/software.cfg

CHANGES.txt

-0.13 (unreleased)
-================
+Changes
+=======
 
- * No change yet.
+0.16 (unreleased)
+-----------------
+
+ * No changes yet.
+
+0.15 (2011-07-13)
+-----------------
+
+ * Encrypt connection by default. [Vivien Alger]
+
+0.14 (2011-07-13)
+-----------------
+
+ * Provide new way to instantiate kvm. [Cedric de Saint Martin, Vivien Alger]
+
+0.13 (2011-07-13)
+-----------------
+
+ * Implement generic execute_wait wrapper, which allows to wait for some files
+   to appear before starting service depending on it. [Łukasz Nowak]
 
 0.12 (2011-07-11)
-=================
+-----------------
 
  * Fix slaprunner, phpmyadmin software releases, added
    wordpress software release. [Cedric de Saint Martin]
 
 0.11 (2011-07-07)
-=================
+-----------------
 
  * Enable test suite runner for vifib.
 
 0.10 (2011-07-01)
-=================
+-----------------
 
  * Add PHPMyAdmin software release used in SlapOS tutorials
  [Cedric de Saint Martin]
  * Add slaprunner software release [Cedric de Saint Martin]
 
+
 0.9 (2011-06-24)
-================
+----------------
 
  * mysql recipe : Changing slapos.recipe.erp5.execute to
    slapos.recipe.librecipe.execute [Cedric de Saint Martin]
 
 0.8 (2011-06-15)
-================
+----------------
 
  * Add MySQL and MariaDB standalone software release and recipe
    [Cedric de Saint Martin]
  * Fixed slapos.recipe.erp5testnode instantiation [Sebastien Robin]
 
 0.7 (2011-06-14)
-================
+----------------
 
  * Fix slapos.recipe.erp5 package by providing site.zcml in it. [Łukasz Nowak]
  * Improve slapos.recipe.erp5testnode partition instantiation error reporting
    [Sebastien Robin]
 
 0.6 (2011-06-13)
-================
+----------------
 
  * Fixed slapos.recipe.erp5 instantiation. [Łukasz Nowak]
 
 0.5 (2011-06-13)
-================
+----------------
 
  * Implement zabbix agent instantiation. [Łukasz Nowak]
  * Drop dependency on Zope2. [Łukasz Nowak]
  * Share more in slapos.recipe.librecipe module. [Łukasz Nowak]
 
 0.4 (2011-06-09)
-================
+----------------
 
  * Remove reference to slapos.tool.networkcache as it was removed from pypi. [Łukasz Nowak]
  * Add Kumofs standalone software release and recipe [Cedric de Saint Martin]
  * Add Memcached standalone software release and recipe [Cedric de Saint Martin]
 
 0.3 (2011-06-09)
-================
+----------------
 
  * Moved out template and build to separate distributions [Łukasz Nowak]
  * Depend on slapos.core instead of depracated slapos.slap [Romain Courteaud]
@@ -69,11 +89,11 @@
  * Allow to control full environment in erp5 module [Łukasz Nowak]
 
 0.2 (2011-05-30)
-================
+----------------
 
   * Allow to pass zope_environment in erp5 entry point [Łukasz Nowak]
 
 0.1 (2011-05-27)
-================
+----------------
 
   * All slapos.recipe.* became slapos.cookbook:* [Łukasz Nowak]

README.txt

 slapos.cookbook
 ===============
+
+Cookbook of SlapOS recipes.

component/gzip/buildout.cfg

+[buildout]
+parts =
+  gzip
+
+[gzip]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnu.org/pub/gnu/gzip/gzip-1.4.tar.gz
+md5sum = e381b8506210c794278f5527cba0e765

component/noVNC/buildout.cfg

+[buildout]
+parts =
+  noVNC
+
+[noVNC]
+recipe = hexagonit.recipe.download
+url = https://github.com/kanaka/noVNC/tarball/master
+strip-top-level-dir = true

component/slapos/buildout.cfg

@@ -12,6 +12,15 @@ find-links =
 
 versions = versions
 
+allow-hosts =
+  *.googlecode.com
+  *.nexedi.org
+  *.python.org
+  alastairs-place.net
+  code.google.com
+  github.com
+  peak.telecommunity.com
+
 # separate from system python
 include-site-packages = false
 exec-sitecustomize = false

setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.13dev'
+version = '0.16-dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"

slapos/recipe/kumofs/__init__.py

@@ -220,9 +220,10 @@ class Recipe(BaseSlapRecipe):
         self.substituteTemplate(template_filename,
           stunnel_conf))
     wrapper = zc.buildout.easy_install.scripts([('stunnel',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
-      self.wrapper_directory, arguments=[
-        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
       )[0]
     self.path_list.append(wrapper)
 

slapos/recipe/kvm/__init__.py

@@ -30,113 +30,291 @@ from slapos.recipe.librecipe import BaseSlapRecipe
 import subprocess
 import binascii
 import random
-
+import zc.buildout
 import pkg_resources
-
+import ConfigParser
+import hashlib
 
 class Recipe(BaseSlapRecipe):
 
   def _install(self):
+    """
+    Set the connection dictionnary for the computer partition and create a list
+    of paths to the different wrappers
+
+    Parameters : none
+
+    Returns    : List path_list
+    """
+    self.path_list = []
+
+    self.requirements, self.ws           = self.egg.working_set()
+    self.cron_d                          = self.installCrond()    
+
+    self.ca_conf                         = self.installCertificateAuthority()
+    self.key_path, self.certificate_path = self.requestCertificate('noVNC')
+     
+    kvm_conf = self.installKvm(vnc_ip = self.getLocalIPv4Address())
+    
+    vnc_port = 5900 + kvm_conf['vnc_display']
+    
+    noVNC_conf = self.installNoVnc(source_ip   = self.getGlobalIPv6Address(),
+                                   source_port = 6080,
+                                   target_ip   = kvm_conf['vnc_ip'],
+                                   target_port = vnc_port,
+                                   python_path = kvm_conf['python_path'])
+    
+    self.linkBinary()
+    self.computer_partition.setConnectionDict(dict(
+        url = "https://[%s]:%s/vnc.html?host=[%s]&port=%s&encrypt=1" % (noVNC_conf['source_ip'],
+                                                     noVNC_conf['source_port'],
+                                                     noVNC_conf['source_ip'],
+                                                     noVNC_conf['source_port']
+                                                     ), 
+        password = kvm_conf['vnc_passwd']))
+    
+    return self.path_list
+
+  def installKvm(self, vnc_ip):
+    """
+    Create kvm configuration dictionnary and instanciate a wrapper for kvm and 
+    kvm controller 
+
+    Parameters : IP the vnc server is listening on
+
+    Returns    : Dictionnary kvm_conf
+    """
+    kvm_conf = dict(vnc_ip = vnc_ip)
     
-    #Get the IP list
     connection_found = False
-    ip = self.getGlobalIPv6Address()
-    for tap, dummy in self.parameter_dict['ip_list']:
+    for tap_interface, dummy in self.parameter_dict['ip_list']:
       # Get an ip associated to a tap interface
-      if tap:
+      if tap_interface:
         connection_found = True
     if not connection_found:
       raise NotImplementedError("Do not support ip without tap interface")
 
+    kvm_conf['tap_interface'] = tap_interface
+    
     # Disk path
-    disk_path = os.path.join(self.data_root_directory, 'virtual.qcow2')
-    socket_path = os.path.join(self.var_directory, 'qmp_socket')
+    kvm_conf['disk_path'] = os.path.join(self.data_root_directory,
+        'virtual.qcow2')
+    kvm_conf['socket_path'] = os.path.join(self.var_directory, 'qmp_socket')
     # XXX Weak password
-    vnc_passwd = binascii.hexlify(os.urandom(4))
+    ##XXX -Vivien: add an option to generate one password for all instances 
+    # and/or to input it yourself
+    kvm_conf['vnc_passwd'] = binascii.hexlify(os.urandom(4))
 
-    #XXX pid_file path, database_path and xml path
-    pid_file_path = os.path.join(self.run_directory, 'pid_file')
-    database_path = os.path.join(self.data_root_directory, 'slapmonitor_database')
+    #XXX pid_file path, database_path, path to python binary and xml path
+    kvm_conf['pid_file_path'] = os.path.join(self.run_directory, 'pid_file')
+    kvm_conf['database_path'] = os.path.join(self.data_root_directory,
+        'slapmonitor_database')
+    kvm_conf['python_path']   = sys.executable
+    kvm_conf['qemu_path']     = self.options['qemu_path']
     #xml_path = os.path.join(self.var_directory, 'slapreport.xml' )
 
     # Create disk if needed
-    if not os.path.exists(disk_path):
+    if not os.path.exists(kvm_conf['disk_path']):
       retcode = subprocess.call(["%s create -f qcow2 %s %iG" % (
-          self.options['qemu_img_path'], disk_path,
+          self.options['qemu_img_path'], kvm_conf['disk_path'],
           int(self.options['disk_size']))], shell=True)
       if retcode != 0:
         raise OSError, "Disk creation failed!"
     
-    # Instanciate KVM
-    kvm_config = {}
     # Options nbd_ip and nbd_port are provided by slapos master
-    kvm_config.update(self.options)
-    #raise NotImplementedError("%s" % self.parameter_dict)
-    kvm_config['vnc_ip'] = ip
-    kvm_config['tap_interface'] = tap
-    kvm_config['nbd_ip'] = self.parameter_dict['nbd_ip']
-    kvm_config['nbd_port'] = self.parameter_dict['nbd_port']
-    #XXX
-    kvm_config['pid_file'] = pid_file_path 
-    kvm_config['image'] = disk_path
+    kvm_conf['nbd_ip']   = self.parameter_dict['nbd_ip']
+    kvm_conf['nbd_port'] = self.parameter_dict['nbd_port']
+
     # First octet has to represent a locally administered address
     octet_list         = [254] + [random.randint(0x00, 0xff) for x in range(5)]
-    kvm_config['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
-    kvm_config['qmp_socket'] = socket_path
-    kvm_config['hostname'] = "slaposkvm"
+    kvm_conf['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
 
-    kvm_wrapper_template_location = pkg_resources.resource_filename(
+    kvm_conf['hostname']    = "slaposkvm"
+    kvm_conf['smp_count']   = self.options['smp_count']
+    kvm_conf['ram_size']    = self.options['ram_size']
+
+    kvm_conf['vnc_display'] = 1
+    
+    # Instanciate KVM
+    kvm_template_location = pkg_resources.resource_filename(          
                                              __name__, os.path.join(         
                                              'template', 'kvm_run.in'))     
+    
     kvm_runner_path = self.createRunningWrapper("kvm",                        
-          self.substituteTemplate(kvm_wrapper_template_location, kvm_config))
+          self.substituteTemplate(kvm_template_location,
+                                  kvm_conf))
    
+    self.path_list.append(kvm_runner_path)
 
     # Instanciate KVM controller
-    controller_config = {}
-    # Options nbd_ip and nbd_port are provided by slapos master
-    controller_config.update(self.options)
-    controller_config['qmp_socket'] = socket_path
-    controller_config['vnc_passwd'] = vnc_passwd
-    controller_config['python_path'] = sys.executable
-
-    controller_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'kvm_controller_run.in'))
-    controller_runner_path = self.createRunningWrapper("kvm_controller",
-          self.substituteTemplate(controller_wrapper_template_location, controller_config))
-
-    #XXX Instanciate Slapmonitor
-    slapmonitor_config={}
-    slapmonitor_config.update(self.options)
-    slapmonitor_config['database_path'] = database_path 
-    slapmonitor_config['pid_file'] = pid_file_path
-    slapmonitor_config['python_path'] = sys.executable
-    slapmonitor_wrapper_template_location = pkg_resources.resource_filename(
+    kvm_controller_template_location = pkg_resources.resource_filename(          
                                              __name__, os.path.join(         
-                                             'template', 'slapmonitor_run.in'))
-    slapmonitor_runner_path = self.createRunningWrapper("slapmonitor",
-          self.substituteTemplate(slapmonitor_wrapper_template_location, slapmonitor_config))
+                                             'template',
+                                             'kvm_controller_run.in' ))     
     
+    kvm_controller_runner_path = self.createRunningWrapper("kvm_controller",                        
+          self.substituteTemplate(kvm_controller_template_location,
+                                  kvm_conf))
    
-    #XXX Instanciate Slapreport
-    slapreport_config={}
-    slapreport_config.update(self.options)
-    slapreport_config['database_path'] = database_path 
-    slapreport_config['python_path'] = sys.executable
-    slapreport_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'slapreport_run.in'))
-    slapreport_runner_path = self.createReportRunningWrapper(self.substituteTemplate(
-                      slapreport_wrapper_template_location, slapreport_config))
+    self.path_list.append(kvm_controller_runner_path)
    
+    # Instanciate Slapmonitor
+    ##slapmonitor_runner_path = self.instanciate_wrapper("slapmonitor",
+    #    [database_path, pid_file_path, python_path])
+    # Instanciate Slapreport
+    ##slapreport_runner_path = self.instanciate_wrapper("slapreport",
+    #    [database_path, python_path])
     
+    return kvm_conf
 
+  def installNoVnc(self, source_ip, source_port, target_ip, target_port, 
+                   python_path):
+    """
+    Create noVNC configuration dictionnary and instanciate Websockify proxy
 
-    self.computer_partition.setConnectionDict(dict(
-      vnc_connection_string="vnc://[%s]:1" % ip,
-      vnc_password=vnc_passwd,
-    ))
+    Parameters : IP of the proxy, port on which is situated the proxy,
+                 IP of the vnc server, port on which is situated the vnc server,
+                 path to python binary
+
+    Returns    : noVNC configuration dictionnary
+    """
+
+    noVNC_conf = {}
+   
+    noVNC_conf['source_ip']   = source_ip                                          
+    noVNC_conf['source_port'] = source_port
+    
+    # Instanciate Websockify
+    websockify_runner_path = zc.buildout.easy_install.scripts([('websockify',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [python_path.strip(),
+         self.options['websockify_path'],
+         '--web',
+         self.options['noVNC_location'],
+         '--key=%s' % (self.key_path),
+         '--cert=%s' % (self.certificate_path),
+         '--ssl-only',
+         '%s:%s' % (source_ip, source_port),
+         '%s:%s' % (target_ip, target_port)],
+        [self.certificate_path, self.key_path]]
+       )[0]
+    
+    self.path_list.append(websockify_runner_path)
+  
+    return noVNC_conf
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+      
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
   
-    return [kvm_runner_path, controller_runner_path]
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
   
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d

slapos/recipe/kvm/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/kvm/template/kvm_controller_run.in

@@ -11,7 +11,7 @@ so = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 connected = False
 while not connected:
   try:
-    so.connect('%(qmp_socket)s')
+    so.connect('%(socket_path)s')
   except socket.error:
     time.sleep(1)
   else:

slapos/recipe/kvm/template/kvm_run.in

@@ -10,8 +10,8 @@ exec %(qemu_path)s \
   -smp %(smp_count)s \
   -m %(ram_size)s \
   -cdrom nbd:[%(nbd_ip)s]:%(nbd_port)s \
-  -drive file=%(image)s,if=virtio,boot=on \
-  -vnc [%(vnc_ip)s]:1,ipv6,tls,password \
+  -drive file=%(disk_path)s,if=virtio,boot=on \
+  -vnc %(vnc_ip)s:1,ipv4,password \
   -boot menu=on \
-  -qmp unix:%(qmp_socket)s,server \
-  -pidfile %(pid_file)s
+  -qmp unix:%(socket_path)s,server \
+  -pidfile %(pid_file_path)s

slapos/recipe/kvm/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		  = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file      		  = $ENV::HOME/.oid
+oid_section		    = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions	     	= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs			  # Where the issued certs are kept
+crl_dir		= $dir/crl			    # Where the issued crl are kept
+database	= $dir/index.txt		    # database index file.
+#unique_subject	= no			      	       # Set to 'no' to allow creation of
+		      					       	     # several ctificates with same subject.
+new_certs_dir	= $dir/newcerts	       # default place for new certs.
+
+certificate	= $dir/cacert.pem 	       # The CA certificate
+serial		= $dir/serial 	       	 # The current serial number
+crlnumber	= $dir/crlnumber		 # the current crl number
+				       # must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem        # The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	  # private random number file
+
+x509_extensions	= usr_cert		    # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt      = ca_default		# Subject Name options
+cert_opt      = ca_default		  # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days	 = 3650			# how long to certify for
+default_crl_days = 30			      # how long before next CRL
+default_md	 = default		      	# use public key default MD
+preserve	 = no				      # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy	       	      = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName	= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions		= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	    : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName				= Country Name (2 letter code)
+countryName_value			= %(country_code)s
+countryName_min				= 2
+countryName_max				= 2
+
+stateOrProvinceName			= State or Province Name (full name)
+stateOrProvinceName_value		= %(state)s
+
+localityName				= Locality Name (eg, city)
+localityName_value			= %(city)s
+
+0.organizationName			= Organization Name (eg, company)
+0.organizationName_value		= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName  	= Second Organization Name (eg, company)
+#1.organizationName_default	 = World Wide Web Pty Ltd
+
+commonName	   = Common Name (eg, your name or your server\'s hostname)
+commonName_max	   = 64
+
+emailAddress	   = Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max   = 64
+
+# SET-ex3	   = SET extension number 3
+
+#[ req_attributes ]
+#challengePassword	= A challenge password
+#challengePassword_min	= 4
+#challengePassword_max	= 20
+#
+#unstructuredName	= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType 	    = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment      		 = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType 	    = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment      		 = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir	                = /etc/pki/tls  	  # TSA root directory
+serial	                = $dir/tsaserial	  # The current serial number (mandatory)
+crypto_device           = builtin		    # OpenSSL engine to use for signing
+signer_cert             = $dir/tsacert.pem    # The TSA signing certificate
+	      		      	  # (optional)
+certs	                = $dir/cacert.pem	# Certificate chain to include in reply
+		  	      # (optional)
+signer_key              = $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy          = tsa_policy1		  # Policy if request did not specify it
+					    	   # (optional)
+other_policies          = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests	                = md5, sha1  	      # Acceptable message digests (mandatory)
+accuracy                = secs:1, millisecs:500, microsecs:100	   # (optional)
+clock_precision_digits  = 0	    # number of digits after dot. (optional)
+ordering		= yes	    # Is ordering defined for timestamps?
+			  	       # (optional, default: no)
+tsa_name		= yes	    # Must the TSA name be included in the reply?
+			  	      # (optional, default: no)
+ess_cert_id_chain	= no	   # Must the ESS cert id chain be included?
+				     # (optional, default: no)

slapos/recipe/kvm/template/slapmonitor_run.in

 #!/bin/sh
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapmonitor_path)s %(pid_file)s %(database_path)s
+exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s

slapos/recipe/librecipe/execute.py

@@ -10,6 +10,23 @@ def execute(args):
   # Note: Candidate for slapos.lib.recipe
   os.execv(args[0], args + sys.argv[1:])
 
+def execute_wait(args):
+  """Execution but after all files in args[1] exists"""
+  exec_list = list(args[0])
+  file_list = list(args[1])
+  sleep = 60
+  while True:
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        print 'File %r does not exists, sleeping for %s' % (f, sleep)
+        ready = False
+    if ready:
+      break
+    time.sleep(sleep)
+  os.execv(exec_list[0], exec_list + sys.argv[1:])
+
+
 child_pg = None
 
 

slapos/recipe/memcached/__init__.py

@@ -220,9 +220,10 @@ class Recipe(BaseSlapRecipe):
         self.substituteTemplate(template_filename,
           stunnel_conf))
     wrapper = zc.buildout.easy_install.scripts([('stunnel',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
-      self.wrapper_directory, arguments=[
-        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
       )[0]
     self.path_list.append(wrapper)
     return stunnel_conf

slapos/recipe/mysql/__init__.py

@@ -224,9 +224,10 @@ class Recipe(BaseSlapRecipe):
         self.substituteTemplate(template_filename,
           stunnel_conf))
     wrapper = zc.buildout.easy_install.scripts([('stunnel',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
-      self.wrapper_directory, arguments=[
-        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
       )[0]
     self.path_list.append(wrapper)
     return stunnel_conf

software/kumofs/software.cfg

 [buildout]
-
-extensions =
-  slapos.zcbworkarounds
-  slapos.rebootstrap
-
 find-links +=
     http://www.nexedi.org/static/packages/source/slapos.buildout/
 
@@ -29,18 +24,6 @@ allow-hosts =
   psutil.googlecode.com
   www.dabeaz.com
 
-# Use only quite well working sites.
-allow-hosts =
-  *.nexedi.org
-  *.python.org
-  *.sourceforge.net
-  dist.repoze.org
-  effbot.org
-  github.com
-  peak.telecommunity.com
-  psutil.googlecode.com
-  www.dabeaz.com
-
 versions = versions
 
 parts +=
@@ -56,11 +39,6 @@ parts +=
 # development / fast switching environment for whole software
 unzip = true
 
-[rebootstrap]
-# Default first version of rebootstrapped python
-version = 2
-section = python2.7
-
 [instance-recipe]
 egg = slapos.cookbook
 module = kumofs
@@ -85,13 +63,13 @@ output = ${buildout:directory}/template.cfg
 mode = 0644
 
 [versions]
-slapos.cookbook = 0.7
+slapos.cookbook = 0.13
 
 erp5.recipe.cmmiforcei686 = 0.1.1
 hexagonit.recipe.cmmi = 1.5.0
 hexagonit.recipe.download = 1.5.0
 
-# Required by slapos.cookbook==0.7
+# Required by slapos.cookbook==0.13
 slapos.core = 0.2
 collective.recipe.template = 1.8
 netaddr = 0.7.5

software/kvm/instance.cfg

+[buildout]
+parts =
+  kvminstance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory} 
+
+[kvminstance]
+recipe = slapos.cookbook:kvm
+qemu_path = ${kvm:location}/bin/qemu-system-x86_64
+qemu_img_path = ${kvm:location}/bin/qemu-img
+#slapmonitor_path = ${buildout:bin-directory}/slapmonitor
+#slapreport_path = ${buildout:bin-directory}/slapreport
+websockify_path = ${noVNC:location}/utils/wsproxy.py
+noVNC_location = ${noVNC:location}
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+dcrond_binary = ${dcron:location}/sbin/crond
+
+smp_count = 1
+ram_size = 1024
+disk_size = 10

software/kvm/software.cfg

+[buildout]
+extends =
+  ../../stack/kvm.cfg
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = d899f2111aab18ad25776f35ed49a91b
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[kvmsource]
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} && cd ${:location} && git reset --hard 94ee45cc02e69798cac8209d2296fd1751125018) || (rm -fr ${:location} ; exit 1)
+update-command =
+
+[versions]
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+plone.recipe.command = 1.1
+slapos.cookbook = 0.15
+slapos.recipe.template = 1.1
+z3c.recipe.scripts = 1.0.1
+
+# Required by:
+# slapos.core==0.9
+Flask = 0.7.2
+
+# Required by:
+# slapos.cookbook==0.15
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.15
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.9
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.15
+# slapos.core==0.9
+# zc.buildout==1.5.3-dev-SlapOS-005
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.15
+slapos.core = 0.9
+
+# Required by:
+# slapos.core==0.9
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.15
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.15
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.9
+zope.interface = 3.6.4

software/mysql-5.1/software.cfg

 [buildout]
-
-extensions =
-  slapos.zcbworkarounds
-  slapos.rebootstrap
-
 find-links +=
     http://www.nexedi.org/static/packages/source/slapos.buildout/
 
@@ -47,11 +42,6 @@ parts +=
 # development / fast switching environment for whole software
 unzip = true
 
-[rebootstrap]
-# Default first version of rebootstrapped python
-version = 2
-section = python2.7
-
 [instance-recipe]
 egg = slapos.cookbook
 module = mysql
@@ -76,9 +66,9 @@ output = ${buildout:directory}/template.cfg
 mode = 0644
 
 [versions]
-slapos.cookbook = 0.9
+slapos.cookbook = 0.13
 
-# Required by slapos.cookbook==0.9
+# Required by slapos.cookbook==0.13
 slapos.core = 0.4
 collective.recipe.template = 1.8
 netaddr = 0.7.5

stack/kvm.cfg

+[buildout]
+extends =
+  shacache-client.cfg
+  ../component/python-2.7/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+  ../component/git/buildout.cfg
+  ../component/zlib/buildout.cfg
+  ../component/readline/buildout.cfg
+  ../component/ncurses/buildout.cfg
+  ../component/libuuid/buildout.cfg
+  ../component/noVNC/buildout.cfg
+  ../component/openssl/buildout.cfg
+  ../component/rdiff-backup/buildout.cfg
+  ../component/dcron/buildout.cfg
+
+parts =
+  template
+  gnutls
+  kvm
+  eggs
+
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+[gpg-error]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.10.tar.gz
+md5sum = 7c2710ef439f82ac429b88fec88e9a4c
+
+[gcrypt]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.gz
+md5sum = bfd45922eefb8a24d598af77366220d4
+configure-options =
+  --with-gpg-error-prefix=${gpg-error:location}
+environment =
+  CPPFLAGS=-I${gpg-error:location}/include
+  LDFLAGS=-Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gpg-error:location}/lib/libgpg-error.so.0
+
+[gnutls]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/gnutls/gnutls-2.8.6.tar.bz2
+md5sum = eb0a6d7d3cb9ac684d971c14f9f6d3ba
+configure-options =
+  --with-libgcrypt-prefix=${gcrypt:location}
+environment =
+  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${gcrypt:location}/include -I${gpg-error:location}/include
+  LDFLAGS=-L${readline:location}/lib -L${ncurses:location}/lib -L${gcrypt:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${gcrypt:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gcrypt:location}/lib/libgcrypt.so.11
+  PKG_CONFIG=${zlib:location}/lib/pkgconfig
+
+[kvm]
+recipe = hexagonit.recipe.cmmi
+path = ${kvmsource:location}/
+configure-options =
+  --disable-sdl
+  --disable-xen
+  --enable-vnc-tls
+  --disable-vnc-sasl
+  --disable-curses
+  --disable-curl
+  --enable-kvm
+  --disable-docs
+  --enable-vnc-png
+  --disable-vnc-jpeg
+  --extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include"
+  --extra-ldflags="-Wl,-rpath -Wl,${gnutls:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib"
+  --disable-werror
+environment =
+  PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig
+
+[kvmsource]
+recipe=plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+#tag = slapos-v0.1
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} ) || (rm -fr ${:location} ; exit 1)
+update-command =
+ cd ${:location} && ${git:location}/bin/git pull --quiet origin master
+
+[eggs]
+python = python2.7
+recipe = z3c.recipe.scripts
+eggs =
+  ${lxml-python:egg}
+  slapos.cookbook
+
+[versions]
+zc.buildout = 1.5.3-dev-SlapOS-005