This "simple" approach of using LD_PRELOAD to inject errors when using
inotify no longer works on glibc 2.34 and it's now much more complicated,
as we can see in discussions from https://stackoverflow.com/questions/15599026/how-can-i-intercept-dlsym-calls-using-ld-preload
or code from https://gitlab.com/torkel104/libstrangle/-/commit/720f0ba2ce4423ce5f3e7ebe135e126007365bac

This test was for reproduction of a very specific problem that does not
happen so much on modern linux which has a much higher limit of inotify
watches, the easiest is to remove this test now.

Promise from a8271791 (stack/erp5: new promise to check software
release URL of zope instances, 2020-12-04) was never executed. Adding
the section seemed to be change timing to make the upgrade test, but
this was not correct to not run the promise.

For more detail see discussion on
nexedi/slapos!1414 (comment 189341)

https://github.com/rust-lang/cargo/issues/7169

https://doc.rust-lang.org/nightly/cargo/commands/cargo-install.html#dealing-with-the-lockfile

See merge request !1414

See merge request !1413

This reverts commit 9497c734.
This reverts commit c55337f2.

This causes other build failures on some environments.
Turns out, this was not even enough to get gcc to fully build on my
environment, so more fixes are needed.

Most tests were unaffected by partitions now having different IPv6.
The main issue is that there is now a .slapos-resource file in each
subpartition as well, same as in normal top-level partitions, which
interferes with a hidden behavior of slapconfiguration recipe that
allowed a kvm in a subpartition to transparently use the tap of the
top-level partition. Now we need to explictly take this tap and put
it in the .slapos-resource file of the subpartition.

Since slapos.core!515 services of stopped instance do not appear in
supervisord anymore.

The test depended on the partition's address list ordering IPv4 before
IPv6. This was an unspecified, undocumented behavior of slapos format
that standalone 'broke' when it started using IPv6 range. This changes
the test so it doesn't rely on this behavior anymore.

Properly reset forced instance processing flag (whether `--all`) to
its previous value after forcing it to true in some resiliency tests.

When IPv6 range is be enabled in testnodes, `_ipv6_address` does not
contain a single IPv6 address shared by all partitions anymore, but
instead the IPv6 range from which each partition will obtain its own
IPv6 address. Instead there is now `computer_partition_ipv6_address`
which contains the IPv6 address of the main partition.

This change blindly replaces all occurences of `_ipv6_address` with
`computer_partition_ipv6_address`, since that will fix most simple
cases. The remaining cases, such as tests with instance trees that
use multiple partitions, can be investigated and fixed individually.

Avahi was not buildable on Debian 11.

These md5 changes come from unrelated changes.

Fixes building gcc-8.5.0 on libc6 version 2.36 (at least).
Fixes this error:
  configure: error: in `.../parts/gcc-8.5/.build/gcc-8.5.0':
  configure: error: C compiler cannot create executables
  See `config.log' for more details.
relevant config.log extract:
  configure:4326: gcc   -Wl,-rpath=.../parts/gmp/lib -Wl,-rpath=.../parts/isl/lib -Wl,-rpath=.../parts/mpc/lib -Wl,-rpath=.../parts/mpfr/lib conftest.c  >&5
  .../parts/binutils/bin/ld: /lib/x86_64-linux-gnu/libc.so.6: unknown type [0x13] section `.relr.dyn'

because this metabase now needs SNI properly configured, which means
that the backend must know the frontend domain name and can not be
accessed by its IP address, we stop serving https on IPv6 directly from
metabase's embedded jetty and reconfigure it to serve http on IPv4 and
add an haproxy instance to serve https on IPv6. This is just an
"internal" change because the external IP will be same and the
certificate is still a self-signed one for now.

references:
 - https://github.com/metabase/metabase/issues/29660
 - https://discourse.metabase.com/t/http-error-400-invalid-sni-when-upgrading-from-0-45-3-to-0-46-0/24599/8

The configuration of caucase used here is to have certificates valid for
3*31 days and renew them 31 days before the expiration date.
This test was running the updater 2 months later, which by chance was
62 days at the time of the test was written, because this test was
written in July (both July and August have 31 days), but this does not
work in other months.
Adjust the test to run the updater using a fixed number of days in the
future.

note: updating to a more recent version would require more changes
because now jetty must have a certificate matching the hostname, see
https://github.com/metabase/metabase/issues/29660#issuecomment-1496625318

Since go1.18 is no longer supported, we should switch to a newer
version (("Each major Go release is supported until there are two
newer major releases" [1]).

[1] https://go.dev/doc/devel/release

/reviewed-by @kirr
/reviewed-on nexedi/slapos!1417

We should upgrade to Go 1.20, because Go 1.18 is already no longer supported.
("Each major Go release is supported until there are two newer major releases" [1]).
Go 1.20 is the incremental improvement for earlier go 1.19 release.
We skip Go 1.19, because it's also unsupported as soon as Go 1.21 is
released (this is expected to happen in one month [2]).

Please find all details in the official release note:

    https://go.dev/doc/go1.20

It was released on 2023-02-01 [1]. Due to the go promise of compatibility
most software should still compile without any problems.

We need to differentiate between go before 1.19 and go after 1.19, because
go before 1.19 needs TestSCMCredentials patch, while starting from go
1.19 this patch has been applied upstream [3].

[1] https://go.dev/doc/devel/release
[2] https://tip.golang.org/doc/go1.21
[3] https://github.com/golang/go/commit/f839aaa22b66bc556fac72f7396082212d2ef45d

/reviewed-by @kirr
/reviewed-on nexedi/slapos!1417

See merge request nexedi/slapos!1415

Forward enb.xlog to another fluentd or fluentbit server using fluentd's
forward protocol.

Currently, TLS is enabled and a pre-shared secret key is used for
authentication, but certificate verification is disabled.

Since the wendelin.core 2.alpha3 release 9 month ago, new fixes
were added to wendelin.core, which we would like to have in SlapOS.
One very important new feature is that this wendelin.core version now
support golang 1.20, so with this we can easily proceed to upgrade our
default golang version.

/reviewed-by @kirr
/reviewed-on !1416

without this cleanup, the software integration tests of KVM were stuck
forever because unittest was waiting for the subprocess to stop.