Merge branch 'master' into erp5-cluster

Dropped commit 971d0bb7
("erp5: Make possible extent the list of initial business templates to install").

Conflicts:
	stack/erp5/buildout.cfg
	stack/erp5/instance-erp5-cluster.cfg.in
	stack/erp5/instance-erp5-single.cfg.in
	stack/erp5/instance.cfg.in

component/file/buildout.cfg

@@ -8,8 +8,8 @@ extends =
 
 [file]
 recipe = slapos.recipe.cmmi
-url = ftp://ftp.astron.com/pub/file/file-5.22.tar.gz
-md5sum = 8fb13e5259fe447e02c4a37bc7225add
+url = ftp://ftp.astron.com/pub/file/file-5.23.tar.gz
+md5sum = 61db35209ce71a6d576392ce6e1d2f80
 configure-options =
   --disable-static
 environment =

component/gcc/buildout.cfg

@@ -10,8 +10,8 @@ parts =
 
 [mpfr]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnu.org/gnu/mpfr/mpfr-3.1.2.tar.xz
-md5sum = e3d203d188b8fe60bb6578dd3152e05c
+url = http://ftp.gnu.org/gnu/mpfr/mpfr-3.1.3.tar.xz
+md5sum = 6969398cd2fbc56a6af570b5273c56a9
 configure-options =
   --with-gmp=${gmp:location}
   --disable-static

component/glib/buildout.cfg

@@ -10,9 +10,10 @@ parts =
 
 [glib]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/glib-2.42.1.tar.xz
-md5sum = 89c4119e50e767d3532158605ee9121a
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/glib-2.44.1.tar.xz
+md5sum = 83efba4722a9674b97437d1d99af79db
 configure-options =
+  --with-python=${python2.7:location}/bin/python2.7
   --disable-static
   --disable-selinux
   --disable-fam

component/glibmm/buildout.cfg

@@ -11,8 +11,8 @@ parts =
 
 [glibmm]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/glibmm-2.42.0.tar.xz
-md5sum = 7c52cc42085d30ac3b73d74c3f2eb22e
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/glibmm-2.44.0.tar.xz
+md5sum = 32ee4150b436d097fe2506d0b0b13a75
 pkg_config_depends = ${glib:location}/lib/pkgconfig:${libsigc:location}/lib/pkgconfig
 configure-options =
   --disable-documentation

component/groonga/buildout.cfg

@@ -13,8 +13,8 @@ extends =
 
 [groonga]
 recipe = slapos.recipe.cmmi
-url = http://packages.groonga.org/source/groonga/groonga-5.0.4.tar.gz
-md5sum = 4c83e9b12e9fad96a5b51874ddf66dc4
+url = http://packages.groonga.org/source/groonga/groonga-5.0.5.tar.gz
+md5sum = c119a73e4fcb3308d0ce6b955e1867b2
 # temporary patch to respect more tokens in natural language mode.
 patches =
   ${:_profile_base_location_}/groonga.patch#9ed02fbe8400402d3eab47eee149978b

component/gtk-2/buildout.cfg

@@ -80,8 +80,8 @@ environment =
 
 [gdk-pixbuf]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/gdk-pixbuf-2.31.1.tar.xz
-md5sum = 74cde211f5b7ac1015d1a7c9feee037c
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/gdk-pixbuf-2.31.4.tar.xz
+md5sum = b4ce8f0d7548cb8cbdcb833e1c4d095e
 pkg_config_depends = ${glib:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}
 configure-options =
   --disable-static
@@ -97,8 +97,11 @@ environment =
 
 [atk]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/atk-2.14.0.tar.xz
-md5sum = ecb7ca8469a5650581b1227d78051b8b
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/atk-2.16.0.tar.xz
+md5sum = c7c5002bd6e58b4723a165f1bf312116
+configure-options =
+  --with-python=${python2.7:location}/bin/python2.7
+  --disable-gtk-doc-html
 environment =
   PATH=${glib:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
@@ -107,8 +110,8 @@ environment =
 
 [gtk-2]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/gtk+-2.24.25.tar.xz
-md5sum = 612350704dd3aacb95355a4981930c6f
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/gtk+-2.24.28.tar.xz
+md5sum = bfacf87b2ea67e4e5c7866a9003e6526
 pkg_config_depends = ${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${atk:location}/lib/pkgconfig:${gdk-pixbuf:location}/lib/pkgconfig
 configure-options =
   --disable-static

component/gtkmm/buildout.cfg

@@ -28,8 +28,8 @@ environment =
 
 [pangomm]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.12/3.12.2/sources/pangomm-2.34.0.tar.xz
-md5sum = 2c702caede167323c9ed9eed2b933098
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/pangomm-2.36.0.tar.xz
+md5sum = 62910723211d86ab825b666b479871c9
 pkg_config_depends = ${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${glibmm:location}/lib/pkgconfig:${glibmm:pkg_config_depends}:${cairomm:location}/lib/pkgconfig
 configure-options =
   --disable-static

component/haproxy/buildout.cfg

@@ -11,8 +11,8 @@ parts = haproxy
 
 [haproxy]
 recipe = slapos.recipe.cmmi
-url = http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
-md5sum = 5500a79d0d2b238d4a1e9749bd0c2cb2
+url = http://www.haproxy.org/download/1.5/src/haproxy-1.5.14.tar.gz
+md5sum = ad9d7262b96ba85a0f8c6acc6cb9edde
 configure-command = true
 # If the system is running on Linux 2.6, we use "linux26" as the TARGET,
 # otherwise use "generic".

component/librsvg/buildout.cfg

@@ -21,8 +21,8 @@ environment =
 
 [librsvg]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/librsvg-2.40.5.tar.xz
-md5sum = c2b044fccf415902a052d0e978e0ea60
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/librsvg-2.40.9.tar.xz
+md5sum = 31df15e3beaa8fbbf538ca3c52b400d2
 pkg_config_depends = ${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${zlib:location}/lib/pkgconfig:${gdk-pixbuf:location}/lib/pkgconfig:${libcroco:location}/lib/pkgconfig
 configure-options =
   --disable-static

component/libsigc/buildout.cfg

@@ -9,8 +9,8 @@ parts =
 
 [libsigc]
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/core/3.14/3.14.2/sources/libsigc++-2.4.0.tar.xz
-md5sum = c6cd2259f5ef973e4c8178d0abbdbfa7
+url = http://ftp.gnome.org/pub/gnome/core/3.16/3.16.2/sources/libsigc++-2.4.1.tar.xz
+md5sum = 55945ba6e1652f89999e910f6b52047c
 configure-options =
   --disable-documentation
 environment =

component/libtool/buildout.cfg

 [buildout]
 extends =
+  ../m4/buildout.cfg
   ../xz-utils/buildout.cfg
 parts = libtool
 
@@ -10,4 +11,5 @@ url = http://ftp.gnu.org/gnu/libtool/libtool-2.4.5.tar.xz
 configure-options =
   --disable-static
 environment =
+  M4=${m4:location}/bin/m4
   PATH=${xz-utils:location}/bin:%(PATH)s

component/mariadb/buildout.cfg

@@ -20,9 +20,9 @@ parts =
 
 [mariadb]
 recipe = slapos.recipe.cmmi
-version = 10.0.19
+version = 10.0.20
 url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb
-md5sum = aeaf101c688515dc8f73a5250e6c1df9
+md5sum = 59d6c00827ad56f2ac76340fece32fc0
 patch-options = -p0
 patches =
   ${:_profile_base_location_}/mariadb_10.0.8_create_system_tables__no_test.patch#a176d491cf45fccd53ee397c70393bc4
@@ -57,8 +57,8 @@ environment =
 # mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
 # http://mroonga.github.com/
 recipe = slapos.recipe.cmmi
-url = http://packages.groonga.org/source/mroonga/mroonga-5.03.tar.gz
-md5sum = 4f5413d5c94ebc44caeeb5cb62d346ed
+url = http://packages.groonga.org/source/mroonga/mroonga-5.04.tar.gz
+md5sum = 5679e317050df819c0f812de49e27043
 configure-command = mkdir fake_mariadb_source && ln -s ${mariadb:location}/include/mysql/private fake_mariadb_source/sql && ./configure
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}

component/openssl/buildout.cfg

@@ -16,13 +16,13 @@ parts =
 
 [openssl]
 recipe = slapos.recipe.cmmi
-url = https://www.openssl.org/source/openssl-1.0.1m.tar.gz
-md5sum = d143d1555d842a069cb7cc34ba745a06
+url = https://www.openssl.org/source/openssl-1.0.2c.tar.gz
+md5sum = 8c8d81a9ae7005276e486702edbcd4b6
 patch-binary = ${patch:location}/bin/patch
 patches =
-  ${:_profile_base_location_}/openssl-nodoc.patch#dd1345ae7ed18ccf176bc6b77c516f98
+  ${:_profile_base_location_}/openssl-nodoc.patch#a78c14908fe9ec624b1fb9fa97e01bb9
   ${:_profile_base_location_}/openssl-exlibs.patch#fba5c873cf974ba80a973be41da3c738
-  ${:_profile_base_location_}/openssl-1.0.1m-parallel-build.patch#a1ddd93b5b296473c7446131deb31f93
+  ${:_profile_base_location_}/openssl-1.0.2a-parallel-build.patch#2a79dd064f610860857b50a41eace64d
 patch-options = -p1
 configure-command = ./config
 configure-options =

component/openssl/openssl-1.0.1m-parallel-build.patch → component/openssl/openssl-1.0.2a-parallel-build.patch

-https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/
-http://rt.openssl.org/Ticket/Display.html?id=2084
+https://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
+https://rt.openssl.org/Ticket/Display.html?id=3738&user=guest&pass=guest
 
---- openssl-1.0.1m/crypto/Makefile
-+++ openssl-1.0.1m/crypto/Makefile
+--- openssl-1.0.2a/crypto/Makefile
++++ openssl-1.0.2a/crypto/Makefile
 @@ -85,11 +85,11 @@
  	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
  
@@ -11,7 +11,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
 +	+@target=all; $(RECURSIVE_MAKE)
  
  files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+ 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
 -	@target=files; $(RECURSIVE_MAKE)
 +	+@target=files; $(RECURSIVE_MAKE)
  
@@ -24,7 +24,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
 -$(LIB):	$(LIBOBJ)
 +$(LIB):	$(LIBOBJ) | subdirs
  	$(AR) $(LIB) $(LIBOBJ)
- 	[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
  	$(RANLIB) $(LIB) || echo Never mind.
 @@ -111,7 +111,7 @@
  	fi
@@ -44,25 +44,8 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
  
  lint:
  	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.1m/crypto/objects/Makefile
-+++ openssl-1.0.1m/crypto/objects/Makefile
-@@ -44,11 +44,11 @@
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--	@sleep 1; touch obj_mac.h; sleep 1
- 
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--	@sleep 1; touch obj_xref.h; sleep 1
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
---- openssl-1.0.1m/engines/Makefile
-+++ openssl-1.0.1m/engines/Makefile
+--- openssl-1.0.2a/engines/Makefile
++++ openssl-1.0.2a/engines/Makefile
 @@ -72,7 +72,7 @@
  
  all:	lib subdirs
@@ -90,62 +73,38 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
  
  tags:
  	ctags $(SRC)
---- openssl-1.0.1m/Makefile.org
-+++ openssl-1.0.1m/Makefile.org
-@@ -273,17 +273,17 @@
+--- openssl-1.0.2a/Makefile.org
++++ openssl-1.0.2a/Makefile.org
+@@ -274,17 +274,17 @@
  build_libs: build_crypto build_ssl build_engines
  
  build_crypto:
 -	@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
--	@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
 +	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
 +build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
 +	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
 +build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
 +	+@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
 +build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
 +	+@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
 +build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
 +	+@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
 +build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
 +	+@dir=tools; target=all; $(BUILD_ONE_CMD)
  
  all_testapps: build_libs build_testapps
  build_testapps:
-@@ -538,9 +538,9 @@
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
- 
--install: all install_docs install_sw
-+install: install_docs install_sw
- 
--install_sw:
-+install_dirs:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -549,12 +549,19 @@
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+	@$(PERL) $(TOP)/util/mkdir-p.pl \
-+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- 	do \
+@@ -555,7 +555,7 @@
  	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
  	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
  	done;
@@ -154,22 +113,8 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
  	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
  	do \
  		if [ -f "$$i" ]; then \
-@@ -634,12 +641,7 @@
- 		done; \
- 	done
- 
--install_docs:
--	@$(PERL) $(TOP)/util/mkdir-p.pl \
--		$(INSTALL_PREFIX)$(MANDIR)/man1 \
--		$(INSTALL_PREFIX)$(MANDIR)/man3 \
--		$(INSTALL_PREFIX)$(MANDIR)/man5 \
--		$(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- 	here="`pwd`"; \
- 	filecase=; \
---- openssl-1.0.1m/Makefile.shared
-+++ openssl-1.0.1m/Makefile.shared
+--- openssl-1.0.2a/Makefile.shared
++++ openssl-1.0.2a/Makefile.shared
 @@ -105,6 +105,7 @@
      SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
      LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
@@ -186,9 +131,9 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
  			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
  			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
  		fi; \
---- openssl-1.0.1m/test/Makefile
-+++ openssl-1.0.1m/test/Makefile
-@@ -130,7 +130,7 @@
+--- openssl-1.0.2a/test/Makefile
++++ openssl-1.0.2a/test/Makefile
+@@ -133,7 +133,7 @@
  tags:
  	ctags $(SRC)
  
@@ -197,7 +142,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -388,118 +388,118 @@
+@@ -402,121 +402,121 @@
  		link_app.$${shlib_target}
  
  $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -344,6 +289,10 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
 -	@target=$(SRPTEST); $(BUILD_CMD)
 +	+@target=$(SRPTEST); $(BUILD_CMD)
  
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+-	@target=$(V3NAMETEST); $(BUILD_CMD)
++	+@target=$(V3NAMETEST); $(BUILD_CMD)
+ 
  $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
 -	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
 +	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
@@ -354,7 +303,7 @@ http://rt.openssl.org/Ticket/Display.html?id=2084
  
  #$(AESTEST).o: $(AESTEST).c
  #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -512,7 +512,7 @@
+@@ -529,7 +529,7 @@
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)

component/openssl/openssl-nodoc.patch

---- a/Makefile	2012-01-18 14:42:28.000000000 +0100
-+++ b/Makefile	2012-01-24 17:43:40.000000000 +0100
-@@ -494,7 +494,7 @@
+diff -ur openssl-1.0.2c.orig/Makefile openssl-1.0.2c/Makefile
+--- openssl-1.0.2c.orig/Makefile	2015-06-12 17:10:40.000000000 +0200
++++ openssl-1.0.2c/Makefile	2015-06-25 15:06:08.858209486 +0200
+@@ -528,7 +528,7 @@
  dist_pem_h:
  	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
  

component/patch/buildout.cfg

@@ -6,7 +6,7 @@ parts =
 
 [patch]
 recipe = slapos.recipe.cmmi
-url = ftp://ftp.gnu.org/gnu/patch/patch-2.7.3.tar.xz
-md5sum = 29b87be845e4662ab0ca0d48a805ecc6
+url = ftp://ftp.gnu.org/gnu/patch/patch-2.7.5.tar.xz
+md5sum = e3da7940431633fb65a01b91d3b7a27a
 environment =
   PATH=${xz-utils:location}/bin:%(PATH)s

component/pcre/buildout.cfg

@@ -4,8 +4,8 @@ parts =
 
 [pcre]
 recipe = slapos.recipe.cmmi
-url = http://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.36.tar.bz2
-md5sum = b767bc9af0c20bc9c1fe403b0d41ad97
+url = http://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.bz2
+md5sum = ed91be292cb01d21bc7e526816c26981
 configure-options =
   --disable-static
   --enable-unicode-properties

component/qemu-kvm/buildout.cfg

@@ -43,9 +43,9 @@ environment =
 [debian-amd64-netinst.iso]
 # Download the installer of Debian 8 (Jessie)
 recipe = hexagonit.recipe.download
-url = http://cdimage.debian.org/debian-cd/8.0.0/amd64/iso-cd/debian-8.0.0-amd64-netinst.iso
+url = http://cdimage.debian.org/debian-cd/8.1.0/amd64/iso-cd/debian-8.1.0-amd64-netinst.iso
 filename = ${:_buildout_section_name_}
-md5sum = d9209f355449fe13db3963571b1f52d4 
+md5sum = 1a311f9afb68d6365211b13b4342c40b
 download-only = true
 mode = 0644
 location = ${buildout:parts-directory}/${:_buildout_section_name_}

component/ragel/buildout.cfg

@@ -8,7 +8,7 @@ parts =
 
 [ragel]
 recipe = slapos.recipe.cmmi
-url = http://www.complang.org/ragel/ragel-6.8.tar.gz
+url = http://www.colm.net/files/ragel/ragel-6.8.tar.gz
 md5sum = 1bb39745ac23da449019f9f2cb4b0d01
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}

component/rpy2/buildout.cfg

@@ -26,6 +26,7 @@ rpath =
   ${pcre:location}/lib
   ${readline:location}/lib
   ${xz-utils:location}/lib
+  ${r-language:location}/lib/R/lib
 library-dirs =
   ${pcre:location}/lib
   ${readline:location}/lib

component/tesseract/buildout.cfg

@@ -33,7 +33,7 @@ configure-command =
 # tesseract has a non-standard way of testing for leptonica, hence the
 # LIBLEPT_HEADERSDIR entry below:
 environment =
-  PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:%(PATH)s
+  PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin:%(PATH)s
   ACLOCAL_ARGS=-I${libtool:location}/share/aclocal
   LIBLEPT_HEADERSDIR=${leptonica:location}/include
   CPPFLAGS=-I${leptonica:location}/include

component/trafficserver/buildout.cfg

@@ -20,8 +20,8 @@ parts =
 
 [trafficserver]
 recipe = slapos.recipe.cmmi
-url = http://apache.claz.org/trafficserver/trafficserver-4.2.2.tar.bz2
-md5sum = e2249555837f4f7196d3189716b2828a
+url = http://apache.claz.org/trafficserver/trafficserver-4.2.3.tar.bz2
+md5sum = 1d06a6e9063ceea3f19dbb84752ec710
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
   --with-openssl=${openssl:location}

component/wendelin.core/buildout.cfg

@@ -15,6 +15,11 @@ egg = wendelin.core
 recipe = zc.recipe.egg:develop
 egg = wendelin.core
 setup = ${wendelin.core-repository-submoduleinit:location}
+environment = wendelin.core-dev-env
+
+[wendelin.core-dev-env]
+# wendelin.core-dev needs git to build
+PATH = ${git:location}/bin:%(PATH)s
 
 
 [wendelin.core-repository]

setup.py

@@ -87,6 +87,7 @@ setup(name=name,
           'check_page_content = slapos.recipe.check_page_content:Recipe',
           'check_port_listening = slapos.recipe.check_port_listening:Recipe',
           'check_url_available = slapos.recipe.check_url_available:Recipe',
+          'check_parameter = slapos.recipe.check_parameter:Recipe',
           'cloud9 = slapos.recipe.cloud9:Recipe',
           'cloudooo.test = slapos.recipe.erp5_test:CloudoooRecipe',
           'condor = slapos.recipe.condor:Recipe',

slapos/recipe/check_parameter/__init__.py

+# vim: set et sts=2:
+##############################################################################
+#
+# Copyright (c) 2015 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  Check listening port promise
+  """
+
+  def install(self):
+    config = dict(
+      value=self.options['value'],
+      python_path=sys.executable,
+    )
+
+    if self.options.get('expected-type') == "ipv6":
+      template = self.getTemplateFilename('check_ipv6.py.in')
+
+    elif self.options.get('expected-type') == "ipv4":
+      template = self.getTemplateFilename('check_ipv4.py.in')
+    else:
+      config["expected-value"] = self.options.get('expected-value')
+ 
+      config["expected-not-value"] = self.options.get('expected-not-value')
+
+      template = self.getTemplateFilename('check_parameter.py.in')
+
+    promise = self.createExecutable(
+      self.options['path'],
+      self.substituteTemplate(template, config))
+
+    return [promise]

slapos/recipe/check_parameter/template/check_ipv4.py.in

+#!%(python_path)s
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+import socket
+
+address = "%(value)s"
+
+try:
+  socket.inet_pton(socket.AF_INET, address)
+except AttributeError:  # no inet_pton here, sorry
+  try:
+    socket.inet_aton(address)
+  except socket.error:
+    sys.exit(127)
+  if address.count('.') != 3:
+    sys.exit(127)
+
+except socket.error:  # not a valid address
+   sys.exit(127)

slapos/recipe/check_parameter/template/check_ipv6.py.in

+#!%(python_path)s
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+import socket
+import sys
+
+address = "%(value)s"
+
+try:
+  socket.inet_pton(socket.AF_INET6, address)
+except socket.error:  # not a valid address
+  sys.exit(127)

slapos/recipe/check_parameter/template/check_parameter.py.in

+#!%(python_path)s
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+import socket
+import sys
+
+value = "%(value)s"
+expected = "%(expected-value)s"
+not_expected = "%(expected-not-value)s"
+
+if expected != "" and value != expected:
+  print "FAIL: %s != %s" % (value, expected)
+  sys.exit(127)
+
+if not_expected != "" and value == not_expected: 
+  print "FAIL: %s == %s" % (value, not_expected)
+  sys.exit(127)
+

slapos/recipe/re6stnet/__init__.py

@@ -253,8 +253,12 @@ class Recipe(GenericBaseRecipe):
             msg = 'Token is ready for use'
           elif status == 'TOKEN_USED':
             msg = 'Token not available, it has been used to generate re6stnet certificate.'
+
+          ipv6_file = os.path.join(token_list_path, '%s.ipv6' % slave_reference)
+          ipv6 = self.readFile(ipv6_file) or '::'
+
           computer_partition.setConnectionDict(
-              {'token':token, '1_info':msg},
+              {'token':token, '1_info':msg, 'ipv6': ipv6},
               slave_reference)
         except Exception:
           self.logger.fatal("Error while sending slave %s informations: %s",

slapos/recipe/re6stnet/re6stnet.py

@@ -7,9 +7,10 @@ import sqlite3
 import slapos
 import traceback
 
-from re6st import registry, x509
+from re6st import registry, utils, x509
 from OpenSSL import crypto
 
+
 log = logging.getLogger('SLAPOS-RE6STNET')
 logging.basicConfig(level=logging.DEBUG)
 
@@ -36,7 +37,7 @@ def getDb(db_path):
   db = sqlite3.connect(db_path, isolation_level=None,
                                                   check_same_thread=False)
   db.text_factory = str
-  
+
   return db.cursor()
 
 def bang(args):
@@ -90,14 +91,14 @@ def requestAddToken(args, can_bang=True):
         call_bang = True
     else:
       log.debug('Bad token. Request add token fail for %s...' % request_file)
-  
+
   if can_bang and call_bang:
     bang(args)
 
 def requestRemoveToken(args):
   base_token_path = args['token_base_path']
   path_list = [x for x in os.listdir(base_token_path) if x.endswith('.remove')]
-  
+
   if not path_list:
     log.info("No token to delete. Exiting...")
     return
@@ -126,6 +127,10 @@ def requestRemoveToken(args):
         status_file = os.path.join(base_token_path, '%s.status' % reference)
         if os.path.exists(status_file):
           os.unlink(status_file)
+        ipv6_file = os.path.join(base_token_path, '%s.ipv6' % reference)
+        if os.path.exists(ipv6_file):
+          os.unlink(ipv6_file)
+
     else:
       log.debug('Bad token. Request add token fail for %s...' % request_file)
 
@@ -162,6 +167,28 @@ def requestRevoqueCertificate(args):
       os.unlink(os.path.join(base_token_path, reference_key))
       log.info("Certificate revoked for slave instance %s." % reference)
 
+
+def dumpIPv6Network(slave_reference, db, network, ipv6_file):
+  email = '%s@slapos' % slave_reference.lower()
+
+  try:
+    cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
+        (email,)).next()
+  except StopIteration:
+    # Certificate was not generated yet !!!
+    pass
+
+  try:
+    if cert_string:
+      cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
+      cn = x509.subnetFromCert(cert)
+      subnet = network + utils.binFromSubnet(cn)
+      ipv6 = utils.ipFromBin(subnet)
+      writeFile(ipv6_file, ipv6)
+  except Exception:
+    log.debug('XXX for %s... \n %s' % (slave_reference,
+              traceback.format_exc()))
+
 def checkService(args, can_bang=True):
   base_token_path = args['token_base_path']
   token_dict = loadJsonFile(args['token_json'])
@@ -175,16 +202,21 @@ def checkService(args, can_bang=True):
   computer_guid = args['computer_id']
   partition_id = args['partition_id']
   slap = slapos.slap.slap()
+  client = registry.RegistryClient(args['registry_url'])
+  ca = client.getCa()
+  network = x509.networkFromCa(crypto.load_certificate(crypto.FILETYPE_PEM, ca))
 
   # Check token status
   for slave_reference, token in token_dict.iteritems():
     status_file = os.path.join(base_token_path, '%s.status' % slave_reference)
+    ipv6_file = os.path.join(base_token_path, '%s.ipv6' % slave_reference)
     if not os.path.exists(status_file):
       # This token is not added yet!
       continue
 
     msg = readFile(status_file)
     if msg == 'TOKEN_USED':
+      dumpIPv6Network(slave_reference, db, network, ipv6_file)
       continue
 
     # Check if token is not in the database
@@ -200,8 +232,8 @@ def checkService(args, can_bang=True):
       # Token is used to register client
       call_bang = True
       try:
-        time.sleep(1)
         writeFile(status_file, 'TOKEN_USED')
+        dumpIPv6Network(slave_reference, db, network, ipv6_file)
         log.info("Token status of %s updated to 'used'." % slave_reference)
       except IOError:
         # XXX- this file should always exists

slapos/recipe/request.py

@@ -29,9 +29,11 @@ from zc.buildout import UserError
 from slapos.recipe.librecipe import wrap, JSON_SERIALISED_MAGIC_KEY
 import json
 from slapos import slap as slapmodule
+from slapos.slap import SoftwareProductCollection
 import slapos.recipe.librecipe.generic as librecipe
 import traceback
 
+SOFTWARE_PRODUCT_NAMESPACE = "product."
 DEFAULT_SOFTWARE_TYPE = 'RootSoftwareInstance'
 
 class Recipe(object):
@@ -130,6 +132,19 @@ class Recipe(object):
       options['computer-id'],
       options['partition-id'],
     ).request
+
+    if software_url is not None and \
+      software_url.startswith(SOFTWARE_PRODUCT_NAMESPACE):
+    
+      product = SoftwareProductCollection(self.logger, slap)
+      
+      try:
+        software_url = product.__getattr__(
+          software_url[len(SOFTWARE_PRODUCT_NAMESPACE):])
+      except AttributeError as e:
+        self.logger.warning('Error on get software release : %s ' % e.message)
+        
+
     self._raise_request_exception = None
     self._raise_request_exception_formatted = None
     self.instance = None

software/apache-frontend/common.cfg

@@ -65,7 +65,7 @@ mode = 0644
 [template-apache-frontend]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-apache-frontend.cfg
-md5sum = cd5a385c44d56b4d13392eba4e938969
+md5sum = f65456f704a32c43822b1efefc7ae4b7
 output = ${buildout:directory}/template-apache-frontend.cfg
 mode = 0644
 
@@ -78,7 +78,7 @@ mode = 0644
 [template-slave-list]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/apache-custom-slave-list.cfg.in
-md5sum = 1fe76dde85c488e94baf8510775ebcaf
+md5sum = f09759a0b68337d820c70e72afb4dbf9
 mode = 640
 
 [template-slave-configuration]
@@ -102,7 +102,7 @@ mode = 640
 [template-apache-cached-configuration]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/apache_cached.conf.in
-md5sum = 0c4393db80670daf18b432b7f07383e9
+md5sum = a1c744e48b465a63c2d6f0f384466013
 mode = 640
 
 [template-rewrite-cached]
@@ -127,13 +127,19 @@ mode = 640
 [template-default-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/000.conf.in
-md5sum = ed1b680e31e30596bf051682ec0270b4
+md5sum = d98a01182f38868612948c87d5231428
 mode = 640
 
 [template-default-slave-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
-md5sum = 5463dd67f1b1bea0bee57a421e371dd0
+md5sum = aed0077ee82aaa7fbd2b7e84ce5fbd69
+mode = 640
+
+[template-cached-slave-virtualhost]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/templates/cached-virtualhost.conf.in
+md5sum = b1fd5f2b94f026ccca5ff47167015f23
 mode = 640
 
 [template-log-access]

software/apache-frontend/instance-apache-frontend.cfg

@@ -159,6 +159,8 @@ filename = custom-personal-instance-slave-list.cfg
 extensions = jinja2.ext.do
 extra-context =
     key apache_configuration_directory apache-directory:slave-configuration
+    key apache_cached_configuration_directory apache-directory:slave-with-cache-configuration
+    key cached_port apache-configuration:cache-through-port
     key http_port instance-parameter:configuration.plain_http_port
     key https_port instance-parameter:configuration.port
     key public_ipv4 instance-parameter:configuration.public-ipv4
@@ -172,7 +174,7 @@ extra-context =
     raw empty_template ${template-empty:target}
     raw template_custom_slave_configuration ${template-slave-configuration:target}
     raw template_default_slave_configuration ${template-default-slave-virtualhost:target}
-    raw template_rewrite_cached ${template-rewrite-cached:target}
+    raw template_cached_slave_configuration ${template-cached-slave-virtualhost:target}
     raw software_type single-custom-personal
     section logrotate_dict logrotate
     section frontend_configuration frontend-configuration
@@ -297,6 +299,7 @@ extra-context =
     key access_log apache-configuration:cache-access-log
     key error_log apache-configuration:cache-error-log
     key pid_file apache-configuration:cache-pid-file
+    key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
     key apachecachedmap_path apache-configuration:cached-rewrite-file
 
 [apache-cached]
@@ -317,6 +320,7 @@ link-binary =
 recipe = slapos.cookbook:mkdirectory
 document-root = $${directory:srv}/htdocs
 slave-configuration = $${directory:etc}/apache-slave-conf.d/
+slave-with-cache-configuration = $${directory:etc}/apache-slave-with-cache-conf.d/
 cache = $${directory:var}/cache
 mod-ssl = $${:cache}/httpd_mod_ssl
 vh-ssl = $${:slave-configuration}/ssl

software/apache-frontend/instance-slave-apache-input-schema.json

@@ -72,6 +72,21 @@
       "enum": ["false", "true"]
     },
 
+    "ssl-proxy-verify": {
+      "title": "Verify Backend Certificates",
+      "description": "If set to true, Backend Certificates are checked",
+      "type": "string",
+      "default": "false",
+      "enum": ["false", "true"]
+    },
+
+    "ssl_proxy_ca_crt": {
+      "title": "SSL Backend Authority's Certificate",
+      "description": "SSL Certificate Authority of the backen (to be used with ssl-proxy-verify)",
+      "type": "string",
+      "default": ""
+    },
+
     "enable_cache": {
       "title": "Enable Cache",
       "description": "If set to true, the cache is used",
@@ -88,6 +103,14 @@
       "enum": ["false", "true"]
     },
 
+    "disable-via-header": {
+      "title": "Disable 'Via' headers from cache",
+      "description": "If set to true, via headers will be disabled",
+      "type": "string",
+      "default": "false",
+      "enum": ["false", "true"]
+    },
+
     "prefer-gzip-encoding-to-backend": {
       "title": "Prefer gzip Encoding for Backend",
       "description": "If set to true, if a request is made with accept encoding 'gzip', only that one will be transferred to the backend",

software/apache-frontend/templates/000.conf.in

@@ -2,16 +2,15 @@
   ServerName www.example.org
   SSLEngine on
   SSLProxyEngine on
-  SSLProtocol ALL -SSLv2 -SSLv3
-  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+  SSLHonorCipherOrder on
 
   # Rewrite part
-  ProxyVia On
   ProxyPreserveHost On
   ProxyTimeout 600
   RewriteEngine On
 
-
   ErrorDocument 404 /notfound.html
 
 </VirtualHost>

software/apache-frontend/templates/apache-custom-slave-list.cfg.in

@@ -12,7 +12,6 @@
 {% endif -%}
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
-rendered = {{ apache_configuration_directory }}/${:filename}
 extra-context =
 context =
     key eggs_directory buildout:eggs-directory
@@ -31,6 +30,7 @@ context =
 {%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
 {%   set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
 {%   set slave_publish_dict = {} -%}
+{%   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
 {%   do part_list.append(slave_section_title) -%}
 
 ############################
@@ -98,7 +98,7 @@ command = {{frontend_configuration.get('apache-directory')}}/bin/htpasswd -cb ${
 #### Set Slave Certificates if needed
 
 # Set ssl certificates for each slave
-{%   for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr')-%}
+{%   for cert_name in ('ssl_key', 'ssl_crt', 'ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%}
 {%     if cert_name in slave_instance -%}
 {%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
 {%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
@@ -129,6 +129,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
 < = jinja2-template-base
 template = {{ template_custom_slave_configuration }}
 filename = {{ '%s.conf' % slave_reference }}
+rendered = {{ apache_configuration_directory }}/${:filename}
 extra-context =
     key apache_custom_https {{ 'slave-instance-%s-configuration:apache_custom_https' % slave_reference }}
     key apache_custom_http {{ 'slave-instance-%s-configuration:apache_custom_http' % slave_reference }}
@@ -136,20 +137,24 @@ extra-context =
     raw http_port {{ http_port }}
 {{ '\n' }}
 
+# The slave use cache
+{%     if 'enable_cache' in slave_instance and 'url' in slave_instance and 'domain' in slave_instance -%}
+{%       do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) -%}
+{%       do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%}
+{%       do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%}
+{%     endif -%}
 
 # Set apache configuration value for slave
-[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
-{%   set apache_custom_http = ((slave_instance.get('apache_custom_http', '')) % slave_parameter_dict) -%}
-{%   set apache_custom_https = ((slave_instance.get('apache_custom_https', '')) % slave_parameter_dict) -%}
+[{{ slave_configuration_section_name }}]
+{%   set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) -%}
+{%   set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) -%}
 apache_custom_http = {{ dumps(apache_custom_http) }}
 apache_custom_https = {{ dumps(apache_custom_https) }}
+{%     for key, value in slave_instance.iteritems() -%}
+{{ key }} = {{ dumps(value) }}
+{%     endfor %}
 {{ '\n' }}
 
-# The slave use cache
-{%     if 'enable_cache' in slave_instance and 'url' in slave_instance and 'domain' in slave_instance -%}
-{%       do cached_server_dict.__setitem__(slave_instance.get('domain'), slave_instance.get('url')) -%}
-{%     endif -%}
-
 # Publish information
 {%     do slave_publish_dict.update(**{'slave-reference':slave_instance.get('slave_reference'), 'public-ipv4':public_ipv4, 'log-access': slave_log_access_url}) %}
 
@@ -163,15 +168,16 @@ apache_custom_https = {{ dumps(apache_custom_https) }}
 
 # The slave use cache
 # Next line is forbidden and people who copy it will be hanged short
-{%   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_instance.get('type', '') != 'redirect') -%}
+{%     set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_instance.get('type', '') != 'redirect') -%}
 {%     if enable_cache -%}
-{%       do cached_server_dict.__setitem__(slave_instance.get('custom_domain'), slave_instance.get('url')) -%}
+{%       do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%}
 {%       do slave_instance.__setitem__('url', cache_access) -%}
+{%       do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%}
 {%     endif -%}
 {%     do part_list.append(slave_section_title) -%}
 
 
-[{{ ('slave-instance-%s-configuration' % slave_reference) }}]
+[{{ slave_configuration_section_name }}]
 {%     for key, value in slave_instance.iteritems() -%}
 {{ key }} = {{ dumps(value) }}
 {%     endfor %}
@@ -181,10 +187,10 @@ apache_custom_https = {{ dumps(apache_custom_https) }}
 < = jinja2-template-base
 template = {{ template_default_slave_configuration }}
 filename = {{ '%s.conf' % slave_reference }}
-
+rendered = {{ apache_configuration_directory }}/${:filename}
 extensions = jinja2.ext.do
 extra-context =
-    section slave_parameter {{ 'slave-instance-%s-configuration' % slave_reference }}
+    section slave_parameter {{ slave_configuration_section_name }}
     raw https_port {{ https_port }}
     raw http_port {{ http_port }}
 {{ '\n' }}
@@ -193,6 +199,25 @@ extra-context =
 
 {%   endif -%}
 
+############################
+### Prepare virtualhost for slaves using cache
+
+{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
+{%   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
+{%   do part_list.append(cached_slave_configuration_section_title) -%}
+[{{ cached_slave_configuration_section_title }}]
+< = jinja2-template-base
+template = {{ template_cached_slave_configuration }}
+filename = {{ '%s.conf' % slave_reference }}
+rendered = {{ apache_cached_configuration_directory }}/${:filename}
+extensions = jinja2.ext.do
+extra-context =
+    section slave_parameter {{ slave_configuration_section_name }}
+    raw cached_port {{ cached_port }}
+{{ '\n' }}
+{% endfor %}
+
+
 ############################
 #### Publish Slave Information
 
@@ -239,18 +264,6 @@ slave-instance-information-list = {{ json_module.dumps(slave_instance_informatio
 {% endif -%}
 monitor_url = {{ monitor_url }}
 
-{% do part_list.append('cached-rewrite-rules') -%}
-[cached-rewrite-rules]
-< = jinja2-template-base
-template = {{ template_rewrite_cached }}
-rendered = {{ rewrite_cached_configuration }}
-extra-context =
-    import json_module json
-    key server_dict rewrite-rules:rules
-
-[rewrite-rules]
-rules = {{ dumps(cached_server_dict) }}
-
 [buildout]
 parts +=
 {% for part in part_list -%}

software/apache-frontend/templates/apache_cached.conf.in

@@ -105,9 +105,10 @@ SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
 SSLSessionCacheTimeout  300
 SSLRandomSeed startup /dev/urandom 256
 SSLRandomSeed connect builtin
-SSLProtocol -ALL +SSLv3 +TLSv1
-SSLHonorCipherOrder On
-SSLCipherSuite RC4-SHA:HIGH:!ADH
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+SSLHonorCipherOrder on
+
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
       SSLOptions +StdEnvVars
 </FilesMatch>
@@ -115,19 +116,10 @@ SSLCipherSuite RC4-SHA:HIGH:!ADH
 SSLProxyCheckPeerCN off
 SSLProxyCheckPeerExpire off
 
-# Only accept generic (i.e not Zope) backends on http
-<VirtualHost *:{{ cached_port }}>
-  SSLProxyEngine on
-  # Rewrite part
-  ProxyVia On
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-
-  RewriteMap apachemapcached txt:{{ apachecachedmap_path }}
-  RewriteCond ${apachemapcached:%{SERVER_NAME}} >""
-  RewriteRule ^/(.*)$ ${apachemapcached:%{SERVER_NAME}}/$1 [L,P]
-
-  # If nothing exist : put a nice error
-  ErrorDocument 404 /notfound.html
-</VirtualHost>
+NameVirtualHost *:{{ cached_port }}
+
+include {{ slave_with_cache_configuration_directory }}/*.conf
+
+ErrorDocument 404 /notfound.html
+RewriteRule (.*) /notfound.html [R=404,L]
+

software/apache-frontend/templates/cached-virtualhost.conf.in

+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+# Only accept generic (i.e not Zope) backends on http
+<VirtualHost *:{{ cached_port }}>
+  ServerName {{ slave_parameter.get('custom_domain') }}
+  SSLProxyEngine on
+
+{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
+  # Rewrite part
+  ProxyPreserveHost On
+  ProxyTimeout 600
+  RewriteEngine On
+
+  RewriteRule ^/(.*)$ {{ slave_parameter.get('backend_url', '') }}/$1 [L,P]
+
+</VirtualHost>

software/apache-frontend/templates/default-virtualhost.conf.in

 {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
 {% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
+{% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
 {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
  
 <VirtualHost *:{{ https_port }}>
@@ -15,9 +16,18 @@
 
   SSLEngine on
   SSLProxyEngine on
+{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
   SSLProtocol all -SSLv2 -SSLv3
-  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
-
+  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
+  SSLHonorCipherOrder on
 
 {% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
        			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),
@@ -38,9 +48,11 @@
   CustomLog "{{ slave_parameter.get('access_log') }}" combined
 
   # Rewrite part
-  ProxyVia On
   ProxyPreserveHost On
   ProxyTimeout 600
+{% if disable_via_header %}
+  Header unset Via
+{% endif -%}
   RewriteEngine On
 
 {% if disable_no_cache_header %}
@@ -89,10 +101,21 @@
 {% endif %}
 
   SSLProxyEngine on
+{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
+{% if ssl_proxy_verify -%}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter -%}
+  SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
+{%   endif %}
+  SSLProxyVerify require
+  #SSLProxyCheckPeerCN on
+  SSLProxyCheckPeerExpire on
+{% endif %}
   # Rewrite part
-  ProxyVia On
   ProxyPreserveHost On
   ProxyTimeout 600
+{% if disable_via_header %}
+  Header unset Via
+{% endif -%}
   RewriteEngine On
 
   # One Slave two logs

software/cdn-me/instance-cdn-request.cfg

+[buildout]
+parts =
+  request-re6stnet-token-slave
+  request-frontend-token-slave
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+offline = true
+
+# Create all needed directories
+[directory]
+recipe = slapos.cookbook:mkdirectory
+home = $${buildout:directory}
+etc = $${:home}/etc/
+var = $${:home}/var/
+srv = $${:home}/srv/
+bin = $${:home}/bin/
+tmp = $${:home}/tmp/
+
+[request-frontend-token-slave]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = WebSite Frontend
+# XXX We have hardcoded SR URL here.
+software-url = product.frontend
+slave = true
+config-url = http://$${request-re6stnet-token-slave:connection-ipv6}/
+config-domain = $${slap-parameter:frontend-domain}
+return = site_url domain
+
+[request-re6stnet-token-slave]
+<= slap-connection
+recipe = slapos.cookbook:requestoptional
+name = Re6st token Frontend
+# XXX We have hardcoded SR URL here.
+software-url = product.re6st
+slave = true
+return = token info_1 ipv6
+
+[publish-connection-informations]
+recipe = slapos.cookbook:publish
+url =  https://$${request-frontend-token-slave:connection-domain}
+token = $${request-re6stnet-token-slave:connection-token}
+ipv6 = $${request-re6stnet-token-slave:connection-ipv6}
+info_1 = $${request-re6stnet-token-slave:info_1}
\ No newline at end of file

software/cdn-me/instance.cfg

+[buildout]
+parts =
+  switch_softwaretype
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[switch_softwaretype]
+recipe = slapos.cookbook:softwaretype
+default = $${instance-base-runner:rendered}
+
+[instance-base-runner]
+recipe = slapos.recipe.template:jinja2
+template = ${template-cdn-request:output}
+rendered = $${buildout:directory}/template-cdn.cfg
+extensions = jinja2.ext.do
+context = key buildout buildout:bin-directory
+          key develop_eggs_directory buildout:develop-eggs-directory
+          key eggs_directory buildout:eggs-directory
+          key slapparameter_dict slap-configuration:configuration
+mode = 0644
+
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration
+computer = $${slap-connection:computer-id}
+partition = $${slap-connection:partition-id}
+url = $${slap-connection:server-url}
+key = $${slap-connection:key-file}
+cert = $${slap-connection:cert-file}

software/cdn-me/software.cfg

+[buildout]
+extends =
+  ../../stack/slapos.cfg
+
+# stacks are listed from most generic to most specific,
+# to avoid versioning issues
+
+parts =
+  slapos-cookbook-develop
+  template
+  eggs
+  template-cdn-request
+
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+output = ${buildout:directory}/template.cfg
+md5sum = a91fe7c80720d57c2acbf606a6a0d84d
+mode = 0644
+
+[template-cdn-request]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance-cdn-request.cfg
+output = ${buildout:directory}/template-cdn-request.cfg
+md5sum = 4c5ad2a5e9c4364588e1e4212ed8d1aa
+mode = 0644
+
+[slapos.cookbook-repository]
+branch = request.product
+
+[eggs]
+recipe = z3c.recipe.scripts
+eggs =
+  collective.recipe.environment
+  cns.recipe.symlink
+  erp5.util
+  lock-file
+  plone.recipe.command
+  slapos.recipe.build
+  ${slapos-cookbook:eggs}
\ No newline at end of file

software/ipython_notebook/software.cfg

@@ -53,30 +53,30 @@ output = ${buildout:directory}/instance.cfg
 PyRSS2Gen = 1.1
 Pygments = 2.0.2
 cns.recipe.symlink = 0.2.3
-ipython = 3.1.0
+ipython = 3.2.0
 matplotlib = 1.4.3
-mistune = 0.5.1
-nose = 1.3.6
-pandas = 0.16.0
+mistune = 0.6
+nose = 1.3.7
+pandas = 0.16.2
 plone.recipe.command = 1.1
-pyzmq = 14.6.0
+pyzmq = 14.7.0
 scikit-learn = 0.16.1
 scipy = 0.15.1
 simpy = 3.0.7
 slapos.recipe.template = 2.7
 terminado = 0.5
-tornado = 4.1
+tornado = 4.2
 
 # Required by:
 # dream==0.0.1
 MySQL-python = 1.2.5
 
 # Required by:
-# tornado==4.1
+# tornado==4.2
 backports.ssl-match-hostname = 3.4.0.2
 
 # Required by:
-# tornado==4.1
+# tornado==4.2
 certifi = 2015.4.28
 
 # Required by:
@@ -89,7 +89,7 @@ numpy = 1.9.2
 
 # Required by:
 # terminado==0.5
-ptyprocess = 0.4
+ptyprocess = 0.5
 
 # Required by:
 # dream==0.0.1
@@ -97,15 +97,15 @@ pydot = 1.0.28
 
 # Required by:
 # matplotlib==1.4.3
-# pandas==0.16.0
+# pandas==0.16.1
 python-dateutil = 2.4.2
 
 # Required by:
 # dream==0.0.1
-rpy2 = 2.5.6
+rpy2 = 2.6.0
 
 # Required by:
-# rpy2==2.5.6
+# rpy2==2.6.0
 singledispatch = 3.4.0.3
 
 # Required by:

software/kvm/common.cfg

@@ -103,7 +103,7 @@ on-update = true
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = cc72d7b89d8b474d7b4f2c9319b385d5
+md5sum = 1f7dc7b7f2740cf416927b144e93ccb1
 download-only = true
 on-update = true
 

software/kvm/instance-for-erp5testnode.cfg.in

@@ -26,6 +26,9 @@ pull-backup = ${template-pull-backup:output}
 [storage-configuration]
 storage-home = 
 
+[network-information]
+global-ipv4-network = 
+
 [slap-configuration]
 recipe = slapos.cookbook:slapconfiguration.serialised
 computer = $${slap-connection:computer-id}
@@ -43,6 +46,7 @@ extensions = jinja2.ext.do
 context =
     key develop_eggs_directory buildout:develop-eggs-directory
     key eggs_directory buildout:eggs-directory
+    key global_ipv4_prefix network-information:global-ipv4-network
     key slapparameter_dict slap-configuration:configuration
     key storage_dict slap-configuration:storage-dict
     key tap_network_dict slap-configuration:tap-network-information-dict
@@ -51,10 +55,13 @@ context =
     raw dcron_executable_location ${dcron:location}/sbin/crond
     raw debian_amd64_netinst_location ${debian-amd64-netinst.iso:location}/${debian-amd64-netinst.iso:filename}
     raw novnc_location ${noVNC:location}
+    raw netcat_bin ${netcat:location}/bin/netcat
     raw openssl_executable_location ${openssl:location}/bin/openssl
     raw qemu_executable_location ${kvm:location}/bin/qemu-system-x86_64
     raw qemu_img_executable_location ${kvm:location}/bin/qemu-img
     raw sixtunnel_executable_location ${6tunnel:location}/bin/6tunnel
+    raw template_httpd_cfg ${template-httpd:rendered}
+    raw template_content ${template-content:location}/${template-content:filename}
     raw websockify_executable_location ${buildout:directory}/bin/websockify
 template-parts-destination = ${template-parts:destination}
 template-replicated-destination = ${template-replicated:destination}

software/kvm/instance-kvm-cluster.cfg.jinja2.in

@@ -94,7 +94,7 @@ return =
 {%   set error = '' -%}
 {%   if frontend_parameter_dict.get('kvm-partition-name', '') != '' -%}
 {%     set kvm_name = frontend_parameter_dict['kvm-partition-name'] -%}
-{%     set service_port = frontend_parameter_dict['service-port'] -%}
+{%     set service_port = str(frontend_parameter_dict['service-port']) -%}
 {%     if kvm_name in kvm_instance_dict.keys()  and not kvm_instance_dict[kvm_name][0] -%}
 {%       set error = "You should set parameter use-nat to 'true' for '" ~ kvm_name ~ "', or provide url to use for frontend." -%}
 {%     elif kvm_name in kvm_instance_dict.keys() and service_port in kvm_instance_dict[kvm_name][1] -%}

software/kvm/instance-kvm-input-schema.json

@@ -37,13 +37,13 @@
       "maximum": 8
     },
     "cpu-options": {
-      "title": "Additional options (cores, threads, sockets, maxcpus) to use with cpu-count.",
-      "description": "Additional options to use with cpu-count. Options are separated by coma: [cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]. Only set this option if you really know what you're doing.",
+      "title": "CPU Additional options: cores, threads, sockets, maxcpus.",
+      "description": "Additional options to use with cpu-count. Options are separated by coma: [cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]. Set this option if you know what you're doing.",
       "type": "string"
     },
     "numa": {
-      "title": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally.",
-      "description": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally. Each numa option are separated by space: node,nodeid=4,cpus=40-49,mem=64g node,nodeid=1,cpus=10-19,mem=128g. Only set this option if you really know what you're doing.",
+      "title": "Simulate a multi node NUMA system.",
+      "description": "Simulate a multi node NUMA system. If mem and cpus are omitted, resources are split equally. Each numa option are separated by space: node,nodeid=4,cpus=40-49,mem=64g node,nodeid=1,cpus=10-19,mem=128g. Set this option if you know what you're doing.",
       "type": "string"
     },
 
@@ -103,10 +103,10 @@
       "default": 0
     },
     "external-disk-size": {
-      "title": "Number of additional disk to create for virtual machine, in Gigabytes",
-      "description": "Specify the number of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
+      "title": "Size of additional disk to create for virtual machine, in Gigabytes",
+      "description": "Specify the size of additional disk to create for virtual machine in data folder of SlapOS Node. Requires instance_storage_home to be configured on SlapOS Node.",
       "type": "integer",
-      "minimum": 5,
+      "minimum": 10,
       "maximum": 1000,
       "default": 20
     },

software/kvm/software-for-erp5testnode.cfg

@@ -5,6 +5,6 @@ extends = development.cfg
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-for-erp5testnode.cfg.in
-md5sum = 5883432c9a004cf505db2718c596ce6a
+md5sum = e0af93ba7209cabd5db6d9afcb15c2aa
 output = ${buildout:directory}/template.cfg
 mode = 0644
\ No newline at end of file

software/kvm/software.cfg

@@ -5,41 +5,46 @@ extends = common.cfg
 # XXX - use websockify = 0.5.1 for compatibility with kvm frontend
 websockify = 0.5.1
 
+slapos.toolbox = 0.48
 PyRSS2Gen = 1.1
-apache-libcloud = 0.16.0
+apache-libcloud = 0.17.0
 cns.recipe.symlink = 0.2.3
-collective.recipe.template = 1.11
-ecdsa = 0.11
-erp5.util = 0.4.42
+ecdsa = 0.13
 gitdb = 0.6.4
 plone.recipe.command = 1.1
 pycrypto = 2.6.1
 slapos.recipe.download = 1.0.dev-r4053
 slapos.recipe.template = 2.7
-slapos.toolbox = 0.46.1
 smmap = 0.9.0
-z3c.recipe.scripts = 1.0.1
 
 # Required by:
-# slapos.toolbox==0.46.1
-GitPython = 0.3.6
+# slapos.toolbox==0.48
+GitPython = 1.0.1
 
 # Required by:
-# slapos.toolbox==0.46.1
+# slapos.toolbox==0.48
 atomize = 0.2.0
 
 # Required by:
-# slapos.toolbox==0.46.1
-feedparser = 5.1.3
+# apache-libcloud==0.17.0
+backports.ssl-match-hostname = 3.4.0.2
 
 # Required by:
-# slapos.toolbox==0.46.1
+# slapos.toolbox==0.48
+feedparser = 5.2.0.post1
+
+# Required by:
+# slapos.toolbox==0.48
 lockfile = 0.10.2
 
 # Required by:
 # websockify==0.5.1
-numpy = 1.9.1
+numpy = 1.9.2
 
 # Required by:
-# slapos.toolbox==0.46.1
+# slapos.toolbox==0.48
 paramiko = 1.15.2
+
+# Required by:
+# slapos.toolbox==0.48
+rpdb = 0.1.5

software/re6stnet/instance-re6stnet.cfg.in

@@ -176,21 +176,21 @@ command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}
 recipe = slapos.cookbook:cron.d
 cron-entries = ${cron:cron-entries}
 name = re6stnet-check-token
-frequency = 0 */1 * * *
+frequency = */5 * * * *
 command = {{ python_bin }} ${re6st-registry:check-service-wrapper}
 
 [cron-entry-re6st-revoke]
 recipe = slapos.cookbook:cron.d
 cron-entries = ${cron:cron-entries}
 name = re6stnet-revoke-cert
-frequency = */30 * * * *
+frequency = */5 * * * *
 command = {{ python_bin }} ${re6st-registry:revoke-service-wrapper}
 
 [cron-entry-re6st-drop]
 recipe = slapos.cookbook:cron.d
 cron-entries = ${cron:cron-entries}
 name = re6stnet-drop-token
-frequency = */30 * * * *
+frequency = */5 * * * *
 command = {{ python_bin }} ${re6st-registry:drop-service-wrapper}
 
 [logrotate-entry-re6stnet]

software/wendelin/software.cfg

 [buildout]
+versions = versions
 extends =
   ../../software/ipython_notebook/software.cfg
   ../../component/fluentd/buildout.cfg
@@ -42,8 +43,19 @@ repository_id_list += wendelin
 [local-bt5-repository]
 # we need to override it
 list = ${erp5:location}/bt5 ${erp5:location}/product/ERP5/bootstrap ${wendelin:location}/bt5/
+bt5_list = erp5_full_text_myisam_catalog erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung erp5_configurator_run_my_doc erp5_configurator_ebusiness_lotse erp5_wendelin_configurator
 
 [wendelin]
 <= erp5
 repository = https://lab.nexedi.cn/nexedi/wendelin.git
 branch = master
+
+[versions]
+scikit-learn = 0.16.1
+scipy = 0.15.1
+pandas = 0.16.1
+msgpack-python = 0.4.6
+numpy = 1.9.2
+wendelin.core = 0.3
+ipython = 3.2.0
+matplotlib = 1.4.3

stack/erp5/buildout.cfg

@@ -568,7 +568,7 @@ setup = ${erp5:location}
 
 [cloudooo-repository]
 branch =
-revision = 8db3977b312e3cf8dbb64660c6f4f9e639b749c9
+revision = 3241978a6ec832f6aa71d1df1a62e22a8feae2f1
 
 [slapos.cookbook-repository]
 branch = erp5-cluster
@@ -599,6 +599,7 @@ cloudooo = 1.2.5-dev
 PasteDeploy = 1.5.2
 Pygments = 2.0.2
 coverage = 3.7.1
+zope.dottedname = 4.1.0
 
 # test_UserManagerInterfaces in testERP5Security fails with 1.10.0.
 Products.PluggableAuthService = 1.9.0
@@ -634,13 +635,13 @@ zope.app.testing = 3.8.1
 
 # Pinned versions
 MySQL-python = 1.2.5
-Pillow = 2.8.1
+Pillow = 2.9.0
 Products.CMFActionIcons = 2.1.3
 Products.DCWorkflowGraph = 0.4.1
 Products.ExternalEditor = 1.1.0
 Products.GenericSetup = 1.7.5
 Products.LongRequestLogger = 1.1.0
-Products.MimetypesRegistry = 2.0.7
+Products.MimetypesRegistry = 2.0.8
 Products.PluginRegistry = 1.3
 Products.TIDStorage = 5.4.9
 PyPDF2 = 1.24
@@ -660,23 +661,23 @@ eventlet = 0.17.4
 five.formlib = 1.0.4
 five.localsitemanager = 2.0.5
 gitdb = 0.6.4
-greenlet = 0.4.6
+greenlet = 0.4.7
 http-parser = 0.8.3
 httplib2 = 0.9.1
 huBarcode = 1.0.0
 interval = 1.0.0
 ipdb = 0.8.1
-ipython = 3.1.0
-logilab-common = 0.63.2
+ipython = 3.2.0
+logilab-common = 1.0.1
 numpy = 1.9.2
 plone.recipe.command = 1.1
 ply = 3.6
 polib = 1.0.6
 pprofile = 1.7.3
-pycountry = 1.10
+pycountry = 1.12
 pycrypto = 2.6.1
-pyflakes = 0.9.0
-pylint = 1.4.3
+pyflakes = 0.9.2
+pylint = 1.4.4
 python-ldap = 2.4.19
 python-magic = 0.4.6
 python-memcached = 1.54

stack/slapos.cfg

@@ -113,19 +113,19 @@ Jinja2 = 2.7.3
 MarkupSafe = 0.23
 Werkzeug = 0.10.4
 buildout-versions = 1.7
-cffi = 1.1.0
+cffi = 1.1.2
 cmd2 = 0.6.8
 collective.recipe.template = 1.11
-cryptography = 0.9
+cryptography = 0.9.1
 inotifyx = 0.2.2
 itsdangerous = 0.24
 lxml = 3.4.4
 meld3 = 1.0.2
 mr.developer = 1.33
-netaddr = 0.7.14
-pbr = 0.11.0
+netaddr = 0.7.15
+pbr = 1.2.0
 prettytable = 0.7.2
-psutil = 2.2.1
+psutil = 3.0.1
 pyOpenSSL = 0.15.1
 pyparsing = 2.0.3
 pytz = 2015.4
@@ -148,29 +148,33 @@ z3c.recipe.scripts = 1.0.1
 Flask = 0.10.1
 
 # Required by:
-# cliff==1.12.0
-# stevedore==1.4.0
+# cliff==1.13.0
+# stevedore==1.5.0
 argparse = 1.3.0
 
 # Required by:
 # slapos.core==1.3.10
-cliff = 1.12.0
+cliff = 1.13.0
 
 # Required by:
-# cryptography==0.9
+# cryptography==0.9.1
 enum34 = 1.0.4
 
 # Required by:
-# cryptography==0.9
+# jsonschema==2.5.1
+functools32 = 3.2.3.post1
+
+# Required by:
+# cryptography==0.9.1
 idna = 2.0
 
 # Required by:
-# cryptography==0.9
+# cryptography==0.9.1
 ipaddress = 1.0.7
 
 # Required by:
 # slapos.cookbook==0.102
-jsonschema = 2.4.0
+jsonschema = 2.5.1
 
 # Required by:
 # slapos.cookbook==0.102
@@ -181,16 +185,12 @@ lock-file = 2.0
 netifaces = 0.10.4
 
 # Required by:
-# pbr==0.11.0
-pip = 7.0.3
-
-# Required by:
-# cryptography==0.9
-pyasn1 = 0.1.7
+# cryptography==0.9.1
+pyasn1 = 0.1.8
 
 # Required by:
-# cffi==1.0.3
-pycparser = 2.13
+# cffi==1.1.2
+pycparser = 2.14
 
 # Required by:
 # slapos.core==1.3.10
@@ -212,14 +212,10 @@ download-dir-url = http://www.shacache.org/shadir
 #   Romain Courteaud
 #   Sebastien Robin
 #   Kazuhiko Shiozaki
-#   Cedric de Saint Martin
-#   Yingjie Xu
 #   Gabriel Monnerat
-#   Łukasz Nowak
 #   Test Agent (Automatic update from tests)
 #   Aurélien Calonne
 #   Rafael Monnerat
-#   Antoine Catton
 signature-certificate-list =
   -----BEGIN CERTIFICATE-----
   MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJGUjEZMBcGA1UE
@@ -261,32 +257,6 @@ signature-certificate-list =
   vaZhjNYKWQf79l6zXfOvphzJ
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
-  MIIB9jCCAV+gAwIBAgIJAO4V/jiMoICoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
-  BAMMCENPTVAtMjMyMCAXDTEyMDIxNjExMTAyM1oYDzIxMTIwMTIzMTExMDIzWjAT
-  MREwDwYDVQQDDAhDT01QLTIzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-  wi/3Z8W9pUiegUXIk/AiFDQ0UJ4JFAwjqr+HSRUirlUsHHT+8DzH/hfcTDX1I5BB
-  D1ADk+ydXjMm3OZrQcXjn29OUfM5C+g+oqeMnYQImN0DDQIOcUyr7AJc4xhvuXQ1
-  P2pJ5NOd3tbd0kexETa1LVhR6EgBC25LyRBRae76qosCAwEAAaNQME4wHQYDVR0O
-  BBYEFMDmW9aFy1sKTfCpcRkYnP6zUd1cMB8GA1UdIwQYMBaAFMDmW9aFy1sKTfCp
-  cRkYnP6zUd1cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAskbFizHr
-  b6d3iIyN+wffxz/V9epbKIZVEGJd/6LrTdLiUfJPec7FaxVCWNyKBlCpINBM7cEV
-  Gn9t8mdVQflNqOlAMkOlUv1ZugCt9rXYQOV7rrEYJBWirn43BOMn9Flp2nibblby
-  If1a2ZoqHRxoNo2yTmm7TSYRORWVS+vvfjY=
-  -----END CERTIFICATE-----
-  -----BEGIN CERTIFICATE-----
-  MIIB9jCCAV+gAwIBAgIJAIlBksrZVkK8MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
-  BAMMCENPTVAtMzU3MCAXDTEyMDEyNjEwNTUyOFoYDzIxMTIwMTAyMTA1NTI4WjAT
-  MREwDwYDVQQDDAhDT01QLTM1NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-  ts+iGUwi44vtIfwXR8DCnLtHV4ydl0YTK2joJflj0/Ws7mz5BYkxIU4fea/6+VF3
-  i11nwBgYgxQyjNztgc9u9O71k1W5tU95yO7U7bFdYd5uxYA9/22fjObaTQoC4Nc9
-  mTu6r/VHyJ1yRsunBZXvnk/XaKp7gGE9vNEyJvPn2bkCAwEAAaNQME4wHQYDVR0O
-  BBYEFKuGIYu8+6aEkTVg62BRYaD11PILMB8GA1UdIwQYMBaAFKuGIYu8+6aEkTVg
-  62BRYaD11PILMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMoTRpBxK
-  YLEZJbofF7gSrRIcrlUJYXfTfw1QUBOKkGFFDsiJpEg4y5pUk1s5Jq9K3SDzNq/W
-  it1oYjOhuGg3al8OOeKFrU6nvNTF1BAvJCl0tr3POai5yXyN5jlK/zPfypmQYxE+
-  TaqQSGBJPVXYt6lrq/PRD9ciZgKLOwEqK8w=
-  -----END CERTIFICATE-----
-  -----BEGIN CERTIFICATE-----
   MIIB9jCCAV+gAwIBAgIJAPHoWu90gbsgMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
   BAMMCXZpZmlibm9kZTAeFw0xMjAzMTkyMzIwNTVaFw0xMzAzMTkyMzIwNTVaMBQx
   EjAQBgNVBAMMCXZpZmlibm9kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
@@ -300,19 +270,6 @@ signature-certificate-list =
   yDuimQfvJjBFMVrdn9iP6SfMjxKaGk6gVmI=
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
-  MIIB9jCCAV+gAwIBAgIJAMNZBmoIOXPBMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
-  BAMMCENPTVAtMTMyMCAXDTEyMDUwMjEyMDQyNloYDzIxMTIwNDA4MTIwNDI2WjAT
-  MREwDwYDVQQDDAhDT01QLTEzMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-  6peZQt1sAmMAmSG9BVxxcXm8x15kE9iAplmANYNQ7z2YO57c10jDtlYlwVfi/rct
-  xNUOKQtc8UQtV/fJWP0QT0GITdRz5X/TkWiojiFgkopza9/b1hXs5rltYByUGLhg
-  7JZ9dZGBihzPfn6U8ESAKiJzQP8Hyz/o81FPfuHCftsCAwEAAaNQME4wHQYDVR0O
-  BBYEFNuxsc77Z6/JSKPoyloHNm9zF9yqMB8GA1UdIwQYMBaAFNuxsc77Z6/JSKPo
-  yloHNm9zF9yqMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAl4hBaJy1
-  cgiNV2+Z5oNTrHgmzWvSY4duECOTBxeuIOnhql3vLlaQmo0p8Z4c13kTZq2s3nhd
-  Loe5mIHsjRVKvzB6SvIaFUYq/EzmHnqNdpIGkT/Mj7r/iUs61btTcGUCLsUiUeci
-  Vd0Ozh79JSRpkrdI8R/NRQ2XPHAo+29TT70=
-  -----END CERTIFICATE-----
-  -----BEGIN CERTIFICATE-----
   MIIB9jCCAV+gAwIBAgIJAKRvzcy7OH0UMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
   BAMMCENPTVAtNzcyMCAXDTEyMDgxMDE1NDI1MVoYDzIxMTIwNzE3MTU0MjUxWjAT
   MREwDwYDVQQDDAhDT01QLTc3MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
@@ -351,16 +308,3 @@ signature-certificate-list =
   j8LgKB3tZCbBj+HDj+AeD+q9V+cqMFLKc6LezvQYUuum6bZdfUNnPv1K1ULYSPjq
   /jsRBbabCWSXqxR6gYEM6ooauj3udBMXhHE=
   -----END CERTIFICATE-----
-  -----BEGIN CERTIFICATE-----
-  MIIB9jCCAV+gAwIBAgIJAKRvzcy7OH0UMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
-  BAMMCENPTVAtNzcyMCAXDTEyMDgxMDE1NDI1MVoYDzIxMTIwNzE3MTU0MjUxWjAT
-  MREwDwYDVQQDDAhDT01QLTc3MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-  o7aipd6MbnuGDeR1UJUjuMLQUariAyQ2l2ZDS6TfOwjHiPw/mhzkielgk73kqN7A
-  sUREx41eTcYCXzTq3WP3xCLE4LxLg1eIhd4nwNHj8H18xR9aP0AGjo4UFl5BOMa1
-  mwoyBt3VtfGtUmb8whpeJgHhqrPPxLoON+i6fIbXDaUCAwEAAaNQME4wHQYDVR0O
-  BBYEFEfjy3OopT2lOksKmKBNHTJE2hFlMB8GA1UdIwQYMBaAFEfjy3OopT2lOksK
-  mKBNHTJE2hFlMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAaNRx6YN2
-  M/p3R8/xS6zvH1EqJ3FFD7XeAQ52WuQnKSREzuw0dsw12ClxjcHiQEFioyTiTtjs
-  5pW18Ry5Ie7iFK4cQMerZwWPxBodEbAteYlRsI6kePV7Gf735Y1RpuN8qZ2sYL6e
-  x2IMeSwJ82BpdEI5niXxB+iT0HxhmR+XaMI=
-  -----END CERTIFICATE-----