see bd1b1928 (component/postfix: disable build on Linux >= 5, 2021-04-08)

supervisord unsets PATH and execvp falls back on the default value
  /bin:/usr/bin

See merge request nexedi/slapos!930

Sources of domains and IPs are:

 * default hardcoded in template/whitelist-domains-default
 * /etc/resolv.conf
 * provided in the request
 * provided in the special downloadble repository

Then they are parsed with dnsresolver and .slapos-whitelist-firewall file is
produced with list of IPs to be whitelisted.

This allows slapos.core whitelistfirewall manager to lock-down the partition
to only whitelisted list of IPs.

Provides dnsresolver tool.

See merge request nexedi/slapos!950

Even if boot-image-url-select is not designed to contain bad values, they can
happen, so add protection just like with boot-image-url-list.

Real images are not needed, so avoid big downloads from external resources and
just provide it via local http server.

Parameters coming from the user can result in having incorrect buildout
profile so dumps them for safety.

instance-kvm-export.cfg were copying parts defined in instance-kvm.cfg, but as
the latter one was evolving a lot, it was missing features.

For simplicity let instance-kvm.cfg expose the parts in a way, that
instance-kvm-export.cfg can blindly append the to list of own parts, as it has
to support resiliency exporter by itself.

Now that we updated postfix, we can use default openssl

According to http://www.postfix.org/announcements/postfix-3.1.2.html

> Fixed with Postfix 3.1.2:
> Changes to make Postfix build with OpenSSL 1.1.0.

Going Go1.15.10 -> Go1.15.11 brings in fixes to compiler, runtime and stdlib:

https://golang.org/doc/devel/release.html#go1.15.minor

Tested on helloworld SR (by adjusting it to use go1.15 instead of go1.16).

Going Go1.16.2 -> Go1.16.3 brings in fixes to compiler, runtime and stdlib:

https://golang.org/doc/devel/release.html#go1.16.minor

Tested on helloworld SR.

See merge request nexedi/slapos!940

Gcc fails to recognize hard-float kernel on Olimex-Lime2 board.

For that reason gcc is automatically compiled using soft-float
convention and causes a failure.

The only purpose of Apache is to protect the registry process
from public internet, because we don't trust Python2 HTTP layer.

The re6st registry is designed to work with plain HTTP
because it does authentication & encryption internally.

This repository from the source of the pull request was removed, let's use a
local copy for now.

also:
 - install logcli for convenience / debugging
 - no longer set golang version here, now that 1.16 is the default

Before this commit buildout could fail when instantiating Theia after
updating to a new software release because it tried to create already
existing symbolic links. These symlinks were to let the backend Caddy
serve the logo and fonts.

This commit solves the issue by systematically overwriting existing
files when creating the symlinks, and also directly copies the logo.

adjust to changes in kvm software release and erp5.util

Apps where downloaded during "slapos node instance" step, which has several
problems:
 - first, instance step is not supposed to require network access
 - this was downloading "latest" version of the app, which made the software
   not reproductible
 - since a few weeks this was no longer working, as we could see in test results

This is unused obsolete feature, which results with users being tricked to
configure VMs wrongly.