Merge branch 'master' into accords

Conflicts:
	setup.py

CHANGES.txt

 Changes
 =======
 
+0.46 (Unreleased)
+-----------------
+
+  * No change yet.
+
+0.45 (2012-03-29)
+-----------------
+
+  * slaprunner: change number of available partitions to 7 [Alain Takoudjou]
+
+0.44 (2012-03-28)
+-----------------
+
+  * minor: apachephp: update apache configuration to work with Apache2.4
+
+0.43 (2012-03-28)
+-----------------
+
+  * minor: erp5: add missing .zcml files into egg. [Cedric de Saint Martin]
+
+0.42 (2012-03-26)
+-----------------
+
+ * erp5: Add web_checker recipe. [Tatuya Kamada]
+ * erp5: Add generic_varnish recipe. [Tatuya Kamada]
+ * erp5: Simplify erp5_update to only create the ERP5 site. [Romain Courteaud]
+ * erp5: Allow to pass CA parameters from section. [Łukasz Nowak]
+
+0.41 (2012-03-21)
+-----------------
+
+ * Release new "generic" version of KVM, includes frontend.
+   [Cedric de Saint Martin]
+
 0.40.1 (2012-03-01)
 -----------------
 

MANIFEST.in

 include CHANGES.txt
-include slapos/recipe/generic_zope/template/site.zcml
 include slapos/recipe/apache_frontend/template/notfound.html
 recursive-include slapos/recipe *.in
 recursive-include slapos/recipe *.bin
 recursive-include slapos/recipe README.*.txt
+recursive-include slapos/recipe *.js
+recursive-include slapos/recipe *.zcml

component/alsa/buildout.cfg

@@ -6,7 +6,7 @@ parts =
 # Contains libasound
 recipe = hexagonit.recipe.cmmi
 url = ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.0.24.1.tar.bz2
-#md5sum = d55a9d7d2a79d738a1b7a511cffda4b6
+md5sum = 7cc05f25e1d5b65da8fb3fdcd540f226
 configure-options =
   --disable-static
   --disable-aload
@@ -18,4 +18,4 @@ configure-options =
   --disable-ucm
   --disable-alisp
   --disable-old-symbols
-  --disable-python
\ No newline at end of file
+  --disable-python

component/apache-php/buildout.cfg

 [buildout]
 parts = apache-php
 
-extends = 
+extends =
   ../apache/buildout.cfg
+  ../bzip2/buildout.cfg
   ../cclient/buildout.cfg
-  ../curl/buildout.cfg  
+  ../curl/buildout.cfg
   ../freetype/buildout.cfg
   ../gettext/buildout.cfg
   ../libiconv/buildout.cfg
@@ -19,13 +20,14 @@ extends =
 [apache-php]
 # Note: Shall react on each build of apache and reinstall itself
 recipe = hexagonit.recipe.cmmi
-url = http://fr2.php.net/distributions/php-5.3.8.tar.gz
-md5sum = f4ce40d5d156ca66a996dbb8a0e7666a
+url = http://fr2.php.net/distributions/php-5.3.10.tar.gz
+md5sum = 2b3d2d0ff22175685978fb6a5cbcdc13
 configure-options =
   --with-apxs2=${apache:location}/bin/apxs
   --with-libxml-dir=${libxml2:location}
   --with-mysql=${mariadb:location}
   --with-zlib-dir=${zlib:location}
+  --with-bz2-dir=${bzip2:location}
   --with-mcrypt=${libmcrypt:location}
   --with-gd
   --with-jpeg-dir=${libjpeg:location}
@@ -37,7 +39,7 @@ configure-options =
   --with-mysqli=mysqlnd
   --with-curl=${curl:location}
   --with-zip-dir=${zip:location}
-  --with-imap=${cclient:location}  
+  --with-imap=${cclient:location}
   --with-iconv-dir=${libiconv:location}
   --with-gettext=${gettext:location}
   --with-ldap=${openldap:location}
@@ -48,12 +50,13 @@ configure-options =
   --enable-session
   --enable-exif
   --enable-zip
+  --enable-bz2
   --enable-ftp
 
 environment =
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
-  PATH=${pkgconfig:location}/bin:${libxml2:location}/bin:%(PATH)s
-  LDFLAGS =-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
+  PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
+  LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
 
 
 [libmcrypt]
@@ -64,4 +67,4 @@ md5sum = c4f491dd411a09e9de3b8702ea6f73eb
 [xml-rpc]
 recipe = hexagonit.recipe.cmmi
 url = http://downloads.sourceforge.net/project/phpxmlrpc/phpxmlrpc/2.2.2/xmlrpc-2.2.2.tar.gz
-md5sum = 59a644c636c6d98267d0c99b406ae9e8
\ No newline at end of file
+md5sum = 59a644c636c6d98267d0c99b406ae9e8

component/apache/buildout.cfg

@@ -13,14 +13,30 @@ extends =
   ../sqlite3/buildout.cfg
   ../zlib/buildout.cfg
 
+[apr]
+recipe = hexagonit.recipe.download
+version = 1.4.6
+url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-${:version}.tar.bz2
+md5sum = ffee70a111fd07372982b0550bbb14b7
+
+[apr-util]
+recipe = hexagonit.recipe.download
+version = 1.4.1
+url = http://mir2.ovh.net/ftp.apache.org/dist/apr/apr-util-${:version}.tar.bz2
+md5sum = 52b31b33fb1aa16e65ddaefc76e41151
+
 [apache]
 # inspired on http://old.aclark.net/team/aclark/blog/a-lamp-buildout-for-wordpress-and-other-php-apps/
 recipe = hexagonit.recipe.cmmi
 depends =
   ${gdbm:version}
-url = http://mir2.ovh.net/ftp.apache.org/dist//httpd/httpd-2.2.22.tar.bz2
-md5sum = 9fe3093194c8a57f085ff7c3fc43715f
-configure-options = --disable-static
+version = 2.4.1
+revision = 1
+url = http://mir2.ovh.net/ftp.apache.org/dist/httpd/httpd-${:version}.tar.bz2
+md5sum = 7d3001c7a26b985d17caa367a868f11c
+configure-command = cp -ar ${apr:location}/apr-${apr:version} srclib/apr/; cp -ar ${apr-util:location}/apr-util-${apr-util:version} srclib/apr-util; ./configure
+configure-options = --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
+                    --disable-static
                     --enable-authn-alias
                     --enable-bucketeer
                     --enable-cache
@@ -47,6 +63,7 @@ configure-options = --disable-static
                     --enable-dav-fs
                     --enable-so
                     --enable-ssl
+                    --disable-lua
                     --with-included-apr
                     --with-ssl=${openssl:location}
                     --with-z=${zlib:location}
@@ -72,11 +89,27 @@ environment =
   CPPFLAGS =-I${libuuid:location}/include
   LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib
 
+[mod_antiloris-apache-2.4.patch]
+# http://www.apachelounge.com/viewtopic.php?p=19139
+# http://www.apachelounge.com/viewtopic.php?p=20551
+recipe = hexagonit.recipe.download
+url =${:_profile_base_location_}/${:filename}
+filename = mod_antiloris-apache-2.4.patch
+download-only = true
+md5sum = 4f074f035d3b37f3f3e71cd9616440f3
+
 [apache-antiloris]
 # Note: Shall react on each build of apache and reinstall itself
 recipe = hexagonit.recipe.cmmi
 url = http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2/download
 md5sum = 66862bf10e9be3a023e475604a28a0b4
+patch-options = -p0
+patches =
+  ${mod_antiloris-apache-2.4.patch:location}/${mod_antiloris-apache-2.4.patch:filename}
+depends =
+  ${apache:version}
+  ${apache:revision}
+  ${mod_antiloris-apache-2.4.patch:md5sum}
 configure-command = ${apache:location}/bin/apxs
 configure-options = -c mod_antiloris.c
 make-binary = ${:configure-command}

component/apache/mod_antiloris-apache-2.4.patch

+--- mod_antiloris.c.orig	2009-07-28 15:27:42.000000000 +0200
++++ mod_antiloris.c	2012-03-06 11:05:50.167576066 +0100
+@@ -1,5 +1,5 @@
+ /*
+-   mod_antiloris 0.2
++   mod_antiloris 0.5
+    Copyright (C) 2008 Monshouwer Internet Diensten
+ 
+    Author: Kees Monshouwer
+@@ -22,11 +22,16 @@
+ #include "http_connection.h"
+ #include "http_log.h"
+ #include "ap_mpm.h"
++#include "ap_release.h" 
+ #include "apr_strings.h"
+ #include "scoreboard.h"
+ 
+ #define MODULE_NAME "mod_antiloris"
+-#define MODULE_VERSION "0.4"
++#define MODULE_VERSION "0.5.1"
++
++#ifdef APLOG_USE_MODULE 
++APLOG_USE_MODULE(antiloris); 
++#endif 
+ 
+ module AP_MODULE_DECLARE_DATA antiloris_module;
+ 
+@@ -58,6 +63,8 @@
+ /* Parse the IPReadLimit directive */
+ static const char *ipreadlimit_config_cmd(cmd_parms *parms, void *mconfig, const char *arg)
+ {
++    signed long int limit;
++
+     antiloris_config *conf = ap_get_module_config(parms->server->module_config, &antiloris_module);
+     const char *err = ap_check_cmd_context (parms, GLOBAL_ONLY);
+     
+@@ -65,7 +72,7 @@
+ 	return err;
+     }
+     
+-    signed long int limit = strtol(arg, (char **) NULL, 10);
++    limit = strtol(arg, (char **) NULL, 10);
+ 
+     /* No reasonable person would want more than 2^16. Better would be
+        to use LONG_MAX but that causes portability problems on win32 */
+@@ -80,7 +87,7 @@
+ 
+ /* Array describing structure of configuration directives */
+ static command_rec antiloris_cmds[] = {
+-    AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections in READ state per IP address"),
++    AP_INIT_TAKE1("IPReadLimit", ipreadlimit_config_cmd, NULL, RSRC_CONF, "Maximum simultaneous connections per IP address"),
+     {NULL}
+ };
+ 
+@@ -103,12 +110,15 @@
+     ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started");
+     ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
+     ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
++    ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION); 
+     return OK;
+ }
+ 
+ 
+ static int pre_connection(conn_rec *c)
+ {
++    char *client_ip;
++
+     antiloris_config *conf = ap_get_module_config (c->base_server->module_config,  &antiloris_module);
+     sb_handle *sbh = c->sbh;
+     
+@@ -123,16 +133,26 @@
+     worker_score *ws_record;
+     
+     ws_record = &ap_scoreboard_image->servers[sbh->child_num][sbh->thread_num];
+-    apr_cpystrn(ws_record->client, c->remote_ip, sizeof(ws_record->client));
++    apr_cpystrn(ws_record->client, c->client_ip, sizeof(ws_record->client)); 
+     
+-    char *client_ip = ws_record->client;
++    client_ip = ws_record->client;
+     
+     /* Count up the number of connections we are handling right now from this IP address */
+     for (i = 0; i < server_limit; ++i) {
+ 	for (j = 0; j < thread_limit; ++j) {
+-    	    ws_record = ap_get_scoreboard_worker(i, j);
++#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER > 2 
++    	    ws_record = ap_get_scoreboard_worker_from_indexes(i, j); 
++#else 
++    	    ws_record = ap_get_scoreboard_worker(i, j); 
++#endif 
+             switch (ws_record->status) {
+         	case SERVER_BUSY_READ:
++        	case SERVER_BUSY_WRITE:
++        	case SERVER_BUSY_KEEPALIVE:
++        	case SERVER_BUSY_DNS:
++        	case SERVER_BUSY_LOG:
++        	case SERVER_CLOSING:
++        	case SERVER_GRACEFUL:
+             	    if (strcmp(client_ip, ws_record->client) == 0)
+             		ip_count++;
+                     break;
+@@ -143,7 +163,7 @@
+     }
+     
+     if (ip_count > conf->limit) {
+-	ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected, too many connections in READ state from %s", c->remote_ip);
++	ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "[client %s] Antiloris rejected, too many connections", c->client_ip); 
+ 	return OK;
+     } else {
+ 	return DECLINED;
+@@ -151,17 +171,10 @@
+ }
+ 
+ 
+-static void child_init (apr_pool_t *p, server_rec *s)
+-{
+-    ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION);
+-}
+-
+-
+ static void register_hooks(apr_pool_t *p)
+ {
+     ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
+     ap_hook_process_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST);
+-    ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);    
+ }
+ 
+ module AP_MODULE_DECLARE_DATA antiloris_module = {

component/aspell/buildout.cfg

+[buildout]
+parts =
+  aspell
+
+extends = 
+  ../ncurses/buildout.cfg
+
+[aspell]
+recipe = hexagonit.recipe.cmmi
+url = http://ftp.gnu.org/gnu/aspell/aspell-0.60.6.1.tar.gz
+md5sum = e66a9c9af6a60dc46134fdacf6ce97d7

component/automake/buildout.cfg

@@ -10,7 +10,7 @@ parts =
 
 [automake-1.11]
 recipe = hexagonit.recipe.cmmi
-md5sum = c2972c4d9b3e29c03d5f2af86249876f
-url = http://ftp.gnu.org/gnu/automake/automake-1.11.1.tar.bz2
+md5sum = 93ecb319f0365cb801990b00f658d026
+url = http://ftp.gnu.org/gnu/automake/automake-1.11.3.tar.gz
 environment =
   PATH =${autoconf:location}/bin:${perl:location}/bin:%(PATH)s

component/cloud9/buildout.cfg

+[buildout]
+extends =
+  ../dcron/buildout.cfg
+  ../libxml2/buildout.cfg
+  ../logrotate/buildout.cfg
+  ../rdiff-backup/buildout.cfg
+  ../nodejs/buildout.cfg
+
+parts =
+  nodejs
+  npm
+  cloud9
+
+[cloud9]
+<= cloud9-git
+
+[cloud9-git]
+# Online IDE written in javascript/node.js
+# URL : c9.io
+# You can use it using the following command :
+# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location} 
+recipe = plone.recipe.command
+stop-on-error = true
+commit = 97db1467c517d265438684bd2a70b0b76ee282f6
+repository = https://github.com/ajaxorg/cloud9.git
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+git-binary = ${git:location}/bin/git
+npm-binary = ${nodejs-0.4:location}/bin/node ${npm:location}/bin/npm
+command = export GIT_SSL_NO_VERIFY=true; (${:git-binary} clone --quiet ${:repository} ${:location} && cd ${:location} && ${:git-binary} reset --hard ${:commit} && ${:git-binary} submodule update --init && cd support/jsdav && PATH=${nodejs-0.4:location}/bin:$PATH LDFLAGS=-L${libxml2:location}/lib ${:npm-binary} install) || (rm -fr ${:location}; exit 1)
+update-command =
+
+[cloud9-npm]
+# Online IDE written in javascript/node.js
+# URL : c9.io 
+# You can use it using the following command :
+# NODE_PATH=${:destination}/node_modules ${nodejs:node_location} ${:cloud9_js_location} 
+recipe = slapos.recipe.npm
+# Node part has to be specified, otherwise system node is used.
+node = nodejs-0.6
+# List of packages to install
+packages =
+  cloud9
+# Specify environment jsDAV (dependency of cloud9) needs libxml2
+environment = 
+  LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib

component/file/buildout.cfg

@@ -8,8 +8,8 @@ extends =
 
 [file]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.astron.com/pub/file/file-5.10.tar.gz
-md5sum = 4cea34b087b060772511e066e2038196
+url = ftp://ftp.astron.com/pub/file/file-5.11.tar.gz
+md5sum = 16a407bd66d6c7a832f3a5c0d609c27b
 configure-options =
   --disable-static
 environment =

component/firefox/buildout.cfg

@@ -20,8 +20,8 @@ depends =
   ${liberation-fonts:location}
   ${ipaex-fonts:location}
 
-x86 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/linux-i686/fr/firefox-7.0.1.tar.bz2 42c2559892f26ed2a0563faaf693a00f
-x86-64 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/7.0.1/linux-x86_64/en-US/firefox-7.0.1.tar.bz2 20d6c8e3dfc97d08d1dec7d0479f924f
+x86 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/11.0/linux-i686/fr/firefox-11.0.tar.bz2 a7e9c614ddac993476ef771afaedf568
+x86-64 = http://releases.mozilla.org/pub/mozilla.org/firefox/releases/11.0/linux-x86_64/fr/firefox-11.0.tar.bz2 b358865c08145211314a62660e871614
 
 script =
   if not self.options.get('url'): self.options['url'], self.options['md5sum'] = self.options[guessPlatform()].split(' ')

component/fontconfig/buildout.cfg

@@ -4,6 +4,7 @@ extends =
   ../freetype/buildout.cfg
   ../libxml2/buildout.cfg
   ../pkgconfig/buildout.cfg
+  ../bzip2/buildout.cfg
   ../zlib/buildout.cfg
 
 parts =
@@ -23,5 +24,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig
-  CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${bzip2:location}/include
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib

component/freetype/buildout.cfg

@@ -3,6 +3,7 @@
 
 [buildout]
 extends =
+  ../bzip2/buildout.cfg
   ../zlib/buildout.cfg
 
 parts =
@@ -10,10 +11,10 @@ parts =
 
 [freetype]
 recipe = hexagonit.recipe.cmmi
-url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.8.tar.bz2
-md5sum = dbf2caca1d3afd410a29217a9809d397
+url = http://download.savannah.gnu.org/releases/freetype/freetype-2.4.9.tar.bz2
+md5sum = 77a893dae81fd5b896632715ca041179
 configure-options =
   --disable-static
 environment =
-  CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/gettext/buildout.cfg

@@ -20,6 +20,7 @@ configure-options =
   --without-emacs
   --disable-acl
   --disable-openmp
+  --without-git
 
 environment =
   CPPFLAGS=-I${libxml2:location}/include -I${zlib:location}/include -I${ncurses:location}/include

component/ghostscript/buildout.cfg

@@ -9,24 +9,25 @@ parts = ghostscript
 
 [ghostscript-common]
 recipe = hexagonit.recipe.cmmi
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-cups
-  --disable-cairo
+  --with-system-libtiff
   --without-x
   --with-drivers=FILES
 # it seems that parallel build sometimes fails for ghostscript.
 make-options = -j1
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig
-  CPPFLAGS=-I${libtiff:location}/include
-  LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib
-  LD_LIBRARY_PATH=${fontconfig:location}/lib
+  PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig
+  LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -Wl,-rpath=${libtiff:location}/lib
+  LD_LIBRARY_PATH=${fontconfig:location}/lib:${libtiff:location}/lib
 
 [ghostscript]
 <= ghostscript-9
 
 [ghostscript-9]
 <= ghostscript-common
-url = http://downloads.ghostscript.com/public/ghostscript-9.04.tar.bz2
-md5sum = 9f6899e821ab6d78ab2c856f10fa3023
+url = http://downloads.ghostscript.com/public/ghostscript-9.05.tar.bz2
+md5sum = 8bcef1f33ddf8a4d12b2cf8da385c191

component/git/buildout.cfg

@@ -13,8 +13,8 @@ parts =
 
 [git]
 recipe = hexagonit.recipe.cmmi
-url = http://git-core.googlecode.com/files/git-1.7.8.3.tar.gz
-md5sum = 7a4bc5160166537d4da5eb48a7670dff
+url = http://git-core.googlecode.com/files/git-1.7.8.4.tar.gz
+md5sum = e6c3319d76d52a830af395046fc56143
 configure-options =
   --with-curl=${curl:location}
   --with-openssl=${openssl:location}

component/gnutls/buildout.cfg

@@ -13,13 +13,13 @@ md5sum = 7c2710ef439f82ac429b88fec88e9a4c
 
 [gcrypt]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.gz
-md5sum = bfd45922eefb8a24d598af77366220d4
+url = ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.0.tar.gz
+md5sum = 78f8f8bec4580f75b25816f7896d0389
 configure-options =
   --with-gpg-error-prefix=${gpg-error:location}
 environment =
   CPPFLAGS=-I${gpg-error:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gpg-error:location}/lib/libgpg-error.so.0
+  LDFLAGS=-lgpg-error -L${gpg-error:location}/lib -Wl,-rpath=${gpg-error:location}/lib
 
 [gnutls]
 # XXX-Cedric : update to latest gnutls
@@ -28,7 +28,8 @@ url = ftp://ftp.gnupg.org/gcrypt/gnutls/gnutls-2.8.6.tar.bz2
 md5sum = eb0a6d7d3cb9ac684d971c14f9f6d3ba
 configure-options =
   --with-libgcrypt-prefix=${gcrypt:location}
+  --disable-static
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${gcrypt:location}/include -I${gpg-error:location}/include
-  LDFLAGS=-L${readline:location}/lib -L${ncurses:location}/lib -L${gcrypt:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${gcrypt:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gcrypt:location}/lib/libgcrypt.so.11
+  LDFLAGS=-lgcrypt -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${gcrypt:location}/lib -Wl,-rpath=${gcrypt:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${gpg-error:location}/lib -Wl,-rpath=${gpg-error:location}/lib
   PKG_CONFIG=${zlib:location}/lib/pkgconfig

component/graphviz/buildout.cfg

@@ -5,6 +5,7 @@
 parts =
   graphviz
 extends =
+  ../bzip2/buildout.cfg
   ../fontconfig/buildout.cfg
   ../freetype/buildout.cfg
   ../libpng/buildout.cfg
@@ -50,5 +51,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig
-  CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/groonga/buildout.cfg

@@ -7,10 +7,11 @@ parts =
 
 [groonga]
 recipe = hexagonit.recipe.cmmi
-url = http://packages.groonga.org/source/groonga/groonga-1.2.9.tar.gz
-md5sum = 47117baa401a3db08362e00f94fced12
+url = http://packages.groonga.org/source/groonga/groonga-2.0.0.tar.gz
+md5sum = 09e6a34db15cf42b6a3aff07e0f841ff
 configure-options =
   --disable-static
   --disable-glibtest
   --disable-benchmark
+  --disable-document
   --without-mecab

component/haproxy/buildout.cfg

@@ -10,6 +10,6 @@ configure-command = true
 # otherwise use "generic".
 # For ARCH value, x86_64 and i[3456]86 are supported.
 make-options =
-  TARGET="$(uname -sr 2>/dev/null|grep -q '^Linux 2\.6' && echo linux26 || echo generic)"
+  TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6|3)' && echo linux26 || echo generic)"
   ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
   PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}

component/imagemagick/buildout.cfg

@@ -27,8 +27,10 @@ filename = imagemagick-6.6.6-1-no-gsx-gsc-probe.patch
 
 [imagemagick]
 recipe = hexagonit.recipe.cmmi
-url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.3-10.tar.bz2
-md5sum = 3c1d1a04b1ed2998217e16001b58069f
+url = ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.5-10.tar.bz2
+md5sum = 99bc7ec1e756fa75f1af6150df3d1383
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-static
   --without-x

component/java/buildout.cfg

@@ -29,8 +29,8 @@ slapos_promisee =
   directory:javaws
   file:lib/rt.jar
   file:bin/java
-x86 = http://javadl.sun.com/webapps/download/AutoDL?BundleId=52240 0bd27d325c5ce11ce863d982ad052f7f
-x86-64 =  http://javadl.sun.com/webapps/download/AutoDL?BundleId=52242 a4d929bc4d6511290c07c3745477b77b
+x86 = http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jre-6u30-linux-i586.bin 3e80243483bc825c34ae01a4373cce5f
+x86-64 = http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jre-6u30-linux-x64.bin a4d28c49251d6b9c2d300b3d61f1ce95
 script =
   if not self.options.get('url'): self.options['url'], self.options['md5sum'] = self.options[guessPlatform()].split(' ')
   download_file = self.download(self.options['url'], self.options.get('md5sum'))
@@ -43,7 +43,7 @@ script =
   subprocess.call([auto_extract_bin])
   self.cleanup_dir_list.append(extract_dir)
   workdir = guessworkdir(extract_dir)
-  self.copyTree(os.path.join(workdir, "jre1.6.0_27"), "%(location)s")
+  self.copyTree(os.path.join(workdir, "jre1.6.0_30"), "%(location)s")
 
 [java-sdk-1.6.0]
 recipe = slapos.recipe.build

component/libjpeg/buildout.cfg

@@ -4,7 +4,7 @@ parts =
 
 [libjpeg]
 recipe = hexagonit.recipe.cmmi
-url = http://www.ijg.org/files/jpegsrc.v8b.tar.gz
-md5sum = e022acbc5b36cd2cb70785f5b575661e
+url = http://www.ijg.org/files/jpegsrc.v8d.tar.gz
+md5sum = 52654eb3b2e60c35731ea8fc87f1bd29
 configure-options =
   --disable-static

component/libpng/buildout.cfg

@@ -3,6 +3,7 @@ extends =
   ../zlib/buildout.cfg
 
 parts =
+  libpng12
   libpng
 
 [libpng-common]
@@ -13,7 +14,12 @@ environment =
   CPPFLAGS =-I${zlib:location}/include
   LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
 
+[libpng12]
+<= libpng-common
+url = http://download.sourceforge.net/libpng/libpng-1.2.47.tar.bz2
+md5sum = 4389dab9fcd2f9d57ac14701b9115f59
+
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.5.5.tar.bz2
-md5sum = 3270bf2990c3174ae939388398de751e
+url = http://download.sourceforge.net/libpng/libpng-1.5.9.tar.bz2
+md5sum = 684ba5f05da436a99c6303a83c7856d6

component/libreoffice-bin/buildout.cfg

@@ -12,15 +12,15 @@ find-links =
 [libreoffice-bin]
 recipe = slapos.recipe.build
 # here, two %s are used, first one is for directory name (eg. x86_64), and second one is for filename (eg. x86-64).
-version = 3.4.5
+version = 3.5.1
 url = http://download.documentfoundation.org/libreoffice/stable/${:version}/rpm/%s/LibO_${:version}_Linux_%s_install-rpm_en-US.tar.gz
 
 # supported architectures md5sums
-md5sum_x86 = 34786e6aa570782abac551ab092f3fb3
-md5sum_x86-64 = 2159a50daab707c02b669a83f635ff0c
+md5sum_x86 = ee46fdafb8361b8e131994508c2723b3
+md5sum_x86-64 = ddda58719358e5c97ca5d1c118646574
 
 # where office code can be found?
-officedir = libreoffice3.4
+officedir = libreoffice3.5
 
 # script to install
 script =
@@ -38,7 +38,11 @@ script =
   rpmsdir = os.path.join(workdir, [q for q in os.listdir(workdir) if q == 'RPMS'][0])
   rpmlist = [os.path.join(rpmsdir, q) for q in os.listdir(rpmsdir) if q.endswith('.rpm') and 'javafilter' not in q and 'xsltfilter' not in q]
   [self.pipeCommand([[sys.executable, '${:rpm2cpio}', rpm], ['${:cpio}', '-idum']], cwd=storagedir) for rpm in rpmlist]
-  self.copyTree(os.path.join(storagedir, 'opt', '${:officedir}'), location, ['basis3.4', 'ure'])
+  self.copyTree(os.path.join(storagedir, 'opt', '${:officedir}'), location, ['ure-link'])
+  os.symlink('ure', os.path.join(location, 'ure-link'))
+  # backward compatibility for cloudooo configuration
+  os.mkdir(os.path.join(location, 'basis-link'))
+  os.symlink(os.path.join('..', 'program'), os.path.join(location, 'basis-link', 'program'))
 
 # helper binaries
 cpio = ${cpio:location}/bin/cpio

component/libtiff/buildout.cfg

@@ -9,10 +9,11 @@ parts =
 
 [libtiff]
 recipe = hexagonit.recipe.cmmi
-#url = http://download.osgeo.org/libtiff/tiff-3.9.5.tar.gz
+version = 4.0.1
+#url = http://download.osgeo.org/libtiff/tiff-${:version}.tar.gz
 # server is down - circumvent
-url = http://www.imagemagick.org/download/delegates/tiff-3.9.5.tar.gz
-md5sum = 8fc7ce3b4e1d0cc8a319336967815084
+url = http://www.imagemagick.org/download/delegates/tiff-${:version}.tar.gz
+md5sum = fae149cc9da35c598d8be897826dfc63
 configure-options =
   --disable-static
   --without-x

component/mariadb/buildout.cfg

@@ -3,10 +3,13 @@
 
 [buildout]
 extends =
+  ../cmake/buildout.cfg
   ../zlib/buildout.cfg
   ../groonga/buildout.cfg
+  ../libaio/buildout.cfg
   ../libevent/buildout.cfg
   ../ncurses/buildout.cfg
+  ../openssl/buildout.cfg
   ../pkgconfig/buildout.cfg
   ../readline/buildout.cfg
 
@@ -22,9 +25,9 @@ download-only = true
 
 [mariadb]
 recipe = hexagonit.recipe.cmmi
-version = 5.3.3-rc
+version = 5.3.5-ga
 url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http:/ftp.osuosl.org/pub/mariadb
-md5sum = 715c61bb101acc7d37e893f6a9de9267
+md5sum = 98ce0441b37c8d681855150495fdc03b
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 # configure: how to avoid searching for my.cnf?
@@ -42,10 +45,9 @@ configure-options =
   --with-extra-charsets=complex
   --with-collation=utf8_unicode_ci
   --with-big-tables
-  --with-embedded-server
+  --without-embedded-server
   --with-plugins=max-no-ndb
   --with-aria-tmp-tables
-  --without-plugin-innodb_plugin
   --without-plugin-oqgraph
   --without-readline
   --with-ssl
@@ -61,11 +63,68 @@ environment =
 
 [mroonga-mariadb]
 recipe = hexagonit.recipe.cmmi
-url = https://github.com/downloads/mroonga/mroonga/mroonga-1.11.tar.gz
-md5sum = 69e56246226e0b9969ee7f99e08aa7da
+url = https://github.com/downloads/mroonga/mroonga/mroonga-2.00.tar.gz
+md5sum = 49dab92863b5c3fa1d49344c73357ca2
 configure-options =
   --with-mysql-source=${mariadb:location}__compile__/mariadb-${mariadb:version}
   --with-mysql-config=${mariadb:location}/bin/mysql_config
+depends =
+  ${mariadb:version}
+environment =
+  PATH=${groonga:location}/bin:${pkgconfig:location}/bin:%(PATH)s
+  CPPFLAGS=-I${groonga:location}/include/groonga
+  LDFLAGS=-L${groonga:location}/lib
+  PKG_CONFIG_PATH=${groonga:location}/lib/pkgconfig
+
+[mariadb-5.5-no_test-patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = 14e6d713c16298a10f40d29f2b799aca
+filename = mariadb_5.5_create_system_tables__no_test.patch
+download-only = true
+
+[mariadb-5.5]
+recipe = hexagonit.recipe.cmmi
+version = 5.5.20
+url = http://downloads.askmonty.org/f/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz/from/http://ftp.osuosl.org/pub/mariadb
+md5sum = e618343b5039fa468c0e1e6098785e3c
+# compile directory is required to build mysql plugins.
+keep-compile-dir = true
+patch-options = -p0
+patches =
+  ${mariadb-5.5-no_test-patch:location}/${mariadb-5.5-no_test-patch:filename}
+configure-command = ${cmake:location}/bin/cmake
+configure-options =
+  -DCMAKE_INSTALL_PREFIX=${buildout:parts-directory}/${:_buildout_section_name_}
+  -DBUILD_CONFIG=mysql_release
+  -DDEFAULT_CHARSET=utf8
+  -DDEFAULT_COLLATION=utf8_unicode_ci
+  -DWITH_SSL=system
+  -DWITH_ZLIB=system
+  -DWITH_READLINE=0
+  -DWITH_PIC=1
+  -DWITH_EXTRA_CHARSETS=complex
+  -DWITH_EMBEDDED_SERVER=0
+  -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1
+  -DWITHOUT_DAEMON_EXAMPLE=1
+  -DWITH_SPHINX_STORAGE_ENGINE=1
+  -DCMAKE_C_FLAGS="-I${libaio:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${zlib:location}/include"
+  -DCMAKE_INSTALL_RPATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+environment =
+  CMAKE_PROGRAM_PATH=${cmake:location}/bin
+  CMAKE_INCLUDE_PATH=${libaio:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${zlib:location}/include
+  CMAKE_LIBRARY_PATH=${libaio:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${zlib:location}/lib
+  LDFLAGS=-L${libaio:location}/lib
+
+[mroonga-mariadb-5.5]
+recipe = hexagonit.recipe.cmmi
+url = https://github.com/downloads/mroonga/mroonga/mroonga-2.00.tar.gz
+md5sum = 49dab92863b5c3fa1d49344c73357ca2
+configure-options =
+  --with-mysql-source=${mariadb-5.5:location}__compile__/mariadb-${mariadb-5.5:version}
+  --with-mysql-config=${mariadb-5.5:location}/bin/mysql_config
+depends =
+  ${mariadb-5.5:version}
 environment =
   PATH=${groonga:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   CPPFLAGS=-I${groonga:location}/include/groonga

component/noVNC/buildout.cfg

@@ -3,6 +3,6 @@ parts =
   noVNC
 
 [noVNC]
-recipe = hexagonit.recipe.download
-url = https://github.com/kanaka/noVNC/tarball/master
+recipe = slapos.recipe.build:download-unpacked
+url = https://github.com/kanaka/noVNC/tarball/v0.2
 strip-top-level-dir = true

component/nodejs/buildout.cfg

+[buildout]
+extends =
+  ../git/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../openssl/buildout.cfg
+  ../python-2.7/buildout.cfg
+  ../zlib/buildout.cfg
+
+parts =
+  nodejs
+
+[nodejs]
+# Server-side Javascript.
+recipe = hexagonit.recipe.cmmi
+url = http://nodejs.org/dist/v0.6.12/node-v0.6.12.tar.gz
+md5sum = a12766ae4003c9712927d1fa134ed9f6
+configure-options =
+  --openssl-includes=${openssl:location}/include
+  --openssl-libpath=${openssl:location}/lib
+environment =
+  PATH=${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/
+  CPPFLAGS=-I${zlib:location}/include
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+
+[nodejs-0.4]
+recipe = hexagonit.recipe.cmmi
+url = http://nodejs.org/dist/node-v0.4.12.tar.gz
+md5sum = a6375eaa43db5356bf443e25b828ae16
+configure-options =
+  --openssl-includes=${openssl:location}/include
+  --openssl-libpath=${openssl:location}/lib
+environment =
+  PATH=${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig/
+  CPPFLAGS=-I${zlib:location}/include
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+
+[npm]
+# Node.js Package Manager
+# Deprecated. Included in node >= 0.6.3.
+recipe = plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+commit = 3136abc5c6b3ed332c4700ece24450fada63639b
+origin = https://github.com/isaacs/npm.git
+git-bin = ${git:location}/bin/git
+node-bin = ${nodejs-0.4:location}/bin/node
+command = (GIT_SSL_NO_VERIFY=true ${:git-bin} clone --quiet ${:origin} ${:location} && cd ${:location} && ${:git-bin} reset --hard ${:commit} && ${:location}/configure --prefix=${:location} && GIT_SSL_NO_VERIFY=true ${:git-bin} submodule update --init --recursive && ${:node-bin} cli.js install npm@1.0.106 -g -f) || (rm -fr ${:location}; exit 1)
+update-command =

component/openssl/buildout.cfg

@@ -19,12 +19,20 @@ url = ${:_profile_base_location_}/${:filename}
 filename = ${:_buildout_section_name_}
 download-only = true
 
+[openssl-exlibs.patch]
+recipe = hexagonit.recipe.download
+md5sum = dfb8979460d6d75f2d23d1ea83bbb40a
+url = ${:_profile_base_location_}/${:filename}
+filename = ${:_buildout_section_name_}
+download-only = true
+
 [openssl]
 recipe = hexagonit.recipe.cmmi
-url = https://www.openssl.org/source/openssl-1.0.0g.tar.gz
-md5sum = 07ecbe4324f140d157478637d6beccf1
+url = https://www.openssl.org/source/openssl-1.0.1.tar.gz
+md5sum = 134f168bc2a8333f19f81d684841710b
 patches =
   ${openssl-nodoc.patch:location}/${openssl-nodoc.patch:filename}
+  ${openssl-exlibs.patch:location}/${openssl-exlibs.patch:filename}
 patch-options = -p0
 configure-command = ./config
 configure-options =
@@ -33,13 +41,11 @@ configure-options =
   --openssldir=${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
   --libdir=lib
-  shared
-  no-zlib
+  shared no-idea no-mdc2 no-rc5 zlib
+  -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib
 
 # it seems that parallel build sometimes fails for openssl.
 make-options =
   -j1
 make-targets =
   install && rm -f ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/* && for i in ${ca-certificates:location}/certs/*/*.crt; do ln -sv $i ${buildout:parts-directory}/${:_buildout_section_name_}/etc/ssl/certs/`${buildout:parts-directory}/${:_buildout_section_name_}/bin/openssl x509 -hash -noout -in $i`.0; done; true
-  LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
-  SHARED_LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"

component/openssl/openssl-exlibs.patch

+--- engines/ccgost/Makefile~	2010-08-24 23:46:34.000000000 +0200
++++ engines/ccgost/Makefile	2012-03-14 10:11:46.826419864 +0100
+@@ -7,6 +7,7 @@
+ AR= ar r
+ CFLAGS= $(INCLUDES) $(CFLAG)
+ LIB=$(TOP)/libcrypto.a
++EX_LIBS= 
+ 
+ LIBSRC= gost2001.c gost2001_keyx.c gost89.c gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c
+ 
+@@ -32,7 +33,7 @@
+ 		$(MAKE) -f $(TOP)/Makefile.shared -e \
+ 			LIBNAME=$(LIBNAME) \
+ 			LIBEXTRAS='$(LIBOBJ)' \
+-			LIBDEPS='-L$(TOP) -lcrypto' \
++			LIBDEPS='-L$(TOP) -lcrypto $(EX_LIBS)' \
+ 			link_o.$(SHLIB_TARGET); \
+ 	else \
+ 		$(AR) $(LIB) $(LIBOBJ); \

component/percona-toolkit/buildout.cfg

@@ -10,7 +10,7 @@ parts =
 recipe = hexagonit.recipe.cmmi
 depends =
   ${perl:version}
-url = http://www.percona.com/redir/downloads/percona-toolkit/percona-toolkit-2.0.1.tar.gz
-md5sum = 3a78c78672cb7c634bda35dfb2f817bf
+url = http://www.percona.com/redir/downloads/percona-toolkit/2.0.4/percona-toolkit-2.0.4.tar.gz
+md5sum = df7dffcccb48d50f143849629228d4b4
 configure-command =
   ${perl:location}/bin/perl Makefile.PL

component/poppler/buildout.cfg

 [buildout]
 parts = poppler
 extends =
+  ../bzip2/buildout.cfg
   ../fontconfig/buildout.cfg
   ../freetype/buildout.cfg
   ../jbigkit/buildout.cfg
@@ -17,10 +18,12 @@ extends =
 recipe = hexagonit.recipe.cmmi
 md5sum = b566d1fbaa29b9257bf0ecc130e7b2ca
 url = http://poppler.freedesktop.org/poppler-0.17.2.tar.gz
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-cairo-output
   --disable-cms
-  --disable-curl
+  --disable-libcurl
   --disable-gtk-doc-html
   --disable-gtk-test
   --disable-poppler-cpp
@@ -31,5 +34,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig
-  CPPFLAGS=-I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${bzip2:location}/include -I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/python-2.6/buildout.cfg

@@ -30,16 +30,18 @@ depends =
 # other settings in this part if we don't set it explicitly here.
 prefix = ${buildout:parts-directory}/${:_buildout_section_name_}
 version = 2.6
-package_version = ${:version}.7
+package_version = ${:version}.8
+package_version_suffix = rc1
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tar.bz2
-md5sum = d40ef58ed88438a870bbeb0ac5d4217b
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
+md5sum = df6ccdac7da3b7c7c79124b92110277e
 patch-options = -p1
 patches =
   ${python-2.6.6-no_system_inc_dirs.patch:location}/${python-2.6.6-no_system_inc_dirs.patch:filename}
 configure-options =
+  --enable-ipv6
   --enable-unicode=ucs4
   --with-threads
 

component/python-2.7/buildout.cfg

@@ -3,6 +3,7 @@ extends =
   ../bzip2/buildout.cfg
   ../gdbm/buildout.cfg
   ../gettext/buildout.cfg
+  ../libexpat/buildout.cfg
   ../ncurses/buildout.cfg
   ../openssl/buildout.cfg
   ../readline/buildout.cfg
@@ -12,21 +13,6 @@ extends =
 parts =
     python2.7
 
-[python2.7]
-<= python2.7.2
-
-[python2.7.1]
-<= python2.7common
-package_version = 2.7.1
-md5sum = aa27bc25725137ba155910bd8e5ddc4f
-package_version_suffix =
-
-[python2.7.2]
-<= python2.7common
-package_version = 2.7.2
-md5sum = ba7b2f11ffdbf195ee0d111b9455a5bd
-package_version_suffix =
-
 [bootstrap2.7]
 recipe = zc.recipe.egg
 eggs = zc.buildout
@@ -36,8 +22,12 @@ scripts =
 arguments = sys.argv[1:] + ["bootstrap"]
 python = python2.7
 
-[python2.7common]
+[python2.7]
 recipe = hexagonit.recipe.cmmi
+package_version = 2.7.3
+package_version_suffix = rc1
+md5sum = 72aaa940dfa2777de161d7cb27c91df7
+
 depends =
   ${gdbm:version}
 # This is actually the default setting for prefix, but we can't use it in
@@ -49,9 +39,11 @@ executable = ${:prefix}/bin/python${:version}
 url =
   http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
 configure-options =
+  --enable-ipv6
   --enable-unicode=ucs4
+  --with-system-expat
   --with-threads
 
 environment =
-  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib

component/readline/buildout.cfg

@@ -12,18 +12,6 @@ configure-options =
   --enable-multibyte
   --disable-static
 
-# readline-5.x is still used for GPL2 only softwares.
-[readline5]
-recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/readline/readline-5.2.tar.gz
-md5sum = e39331f32ad14009b9ff49cc10c5e751
-configure-options =
-  --enable-multibyte
-  --disable-static
-  --with-ncurses=${ncurses:location}
-environment =
-    LDFLAGS =-Wl,-rpath=${ncurses:location}/lib
-
 [readline]
 recipe = hexagonit.recipe.cmmi
 url = http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz

component/slapos/buildout.cfg

@@ -120,17 +120,17 @@ Werkzeug = 0.8.3
 buildout-versions = 1.7
 collective.recipe.template = 1.9
 hexagonit.recipe.cmmi = 1.5.0
-lxml = 2.3.3
+lxml = 2.3.4
 meld3 = 0.6.8
 netaddr = 0.7.6
-slapos.core = 0.23
+slapos.core = 0.24
 slapos.libnetworkcache = 0.12
 xml-marshaller = 0.9.7
-z3c.recipe.scripts = 1.0.1 
+z3c.recipe.scripts = 1.0.1
 zc.recipe.egg = 1.3.2
 
 # Required by:
-# slapos.core==0.23
+# slapos.core==0.24
 Flask = 0.8
 
 # Required by:
@@ -138,11 +138,11 @@ Flask = 0.8
 hexagonit.recipe.download = 1.5.0
 
 # Required by:
-# slapos.core==0.23
+# slapos.core==0.24
 netifaces = 0.8
 
 # Required by:
-# slapos.core==0.23
+# slapos.core==0.24
 # slapos.libnetworkcache==0.12
 # supervisor==3.0a12
 # zc.buildout==1.6.0-dev-SlapOS-004
@@ -150,9 +150,9 @@ netifaces = 0.8
 setuptools = 0.6c12dev-r88846
 
 # Required by:
-# slapos.core==0.23
+# slapos.core==0.24
 supervisor = 3.0a12
 
 # Required by:
-# slapos.core==0.23
+# slapos.core==0.24
 zope.interface = 3.8.0

component/sphinx/buildout.cfg

@@ -21,9 +21,7 @@ recipe = hexagonit.recipe.cmmi
 url = http://sphinxsearch.com/files/sphinx-2.0.2-beta.tar.gz
 md5sum = fafe0f1a71d0ded32404c067eba7d0b3
 configure-options =
-  --with-mysql
-  --with-mysql-includes=${mariadb:location}/include/mysql
-  --with-mysql-libs=${mariadb:location}/lib/mysql
+  --with-mysql=${mariadb:location}
   --with-libstemmer
   --with-iconv
   --without-pgsql

component/stunnel/buildout.cfg

@@ -17,8 +17,8 @@ filename = stunnel-4-hooks.py
 
 [stunnel-4]
 recipe = hexagonit.recipe.cmmi
-url = http://mirror.bit.nl/stunnel/stunnel-4.52.tar.gz
-md5sum = f5e713dda0e8efa659f372832ecd0c2c
+url = http://mirror.bit.nl/stunnel/stunnel-4.53.tar.gz
+md5sum = ab3bfc915357d67da18c73f73610d593
 pre-configure-hook = ${stunnel-4-hook-download:location}/${stunnel-4-hook-download:filename}:pre_configure_hook
 configure-options =
   --enable-ipv6

component/tesseract/buildout.cfg

@@ -23,6 +23,8 @@ stop-on-error = yes
 recipe = hexagonit.recipe.cmmi
 url = http://tesseract-ocr.googlecode.com/files/tesseract-3.00.tar.gz
 md5sum = cc812a261088ea0c3d2da735be35d09f
+depends =
+  ${libtiff:version}
 configure-options =
   --disable-static
   --datarootdir=${tesseract-share:location}

component/tomcat/buildout.cfg

+# Apache Tomcat - an open source software implementation of the Java Servlet and JavaServer Pages technologies.
+# http://tomcat.apache.org/
+
+[buildout]
+
+parts =
+  tomcat
+
+[tomcat]
+<= tomcat6
+
+[tomcat6]
+recipe = hexagonit.recipe.download
+strip-top-level-dir = true
+url = http://apache.multidist.com/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz
+md5sum = 171d255cd60894b29a41684ce0ff93a8
+
+[tomcat7]
+recipe = hexagonit.recipe.download
+strip-top-level-dir = true
+url = http://apache.multidist.com/tomcat/tomcat-7/v7.0.25/bin/apache-tomcat-7.0.25.tar.gz
+md5sum = 2aa59d23555d641b20efad4aed86b693

component/wget/buildout.cfg

+[buildout]
+extends =
+  ../openssl/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../zlib/buildout.cfg
+parts =
+  wget
+
+[wget]
+recipe = hexagonit.recipe.cmmi
+url = http://ftp.gnu.org/gnu/wget/wget-1.13.4.tar.bz2
+md5sum = 12115c3750a4d92f9c6ac62bac372e85
+configure-options =
+  --enable-ipv6
+  --enable-opie
+  --disable-iri
+  --with-ssl=openssl
+  --with-libssl-prefix=${openssl:location}
+  --with-zlib-lib=${zlib:location}
+
+environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
+  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib
+  CPPFLAGS=-I${zlib:location}/include -I${openssl:location}/include

component/xorg/buildout.cfg

@@ -13,8 +13,8 @@ parts =
   libXdmcp
   libXext
   libXau
-  libXinerama
   libSM
+  libXrender
 
 [xorg-aclocal]
 ACLOCAL=${xorg-util-macros:location}/share/aclocal
@@ -33,6 +33,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
   PATH=${libxml2:location}/bin:${pkgconfig:location}/bin:%(PATH)s
 
 [xextproto]
@@ -43,6 +44,9 @@ configure-options =
   --disable-specs
   --without-xmlto
   --without-fop
+environment =
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
+  PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [xtrans]
 recipe = hexagonit.recipe.cmmi
@@ -53,6 +57,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [libXau]
@@ -62,7 +67,7 @@ md5sum = 4a2cbd83727682f9ee1c1e719bac6adb
 configure-options =
   --disable-static
 environment =
-  PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [xcbproto]
@@ -99,7 +104,7 @@ recipe = hexagonit.recipe.cmmi
 url = http://www.x.org/releases/X11R7.6/src/lib/libXext-1.2.0.tar.bz2
 md5sum = 9bb236ff0193e9fc1c1fb504dd840331
 environment =
-  PKG_CONFIG_PATH=${xcbproto:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xcbproto:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig
   CPPFLAGS=-I${xcbproto:location}/include -I${libXau:location}/include -I${xproto:location}/include -I${xorg-libpthread-stubs:location}/include -I${xextproto:location}/include -I${libX11:location}/include -I${libxcb:location}/include
   LD_LIBRARY_PATH=${xcbproto:location}/lib:${libXau:location}/lib:${xorg-libpthread-stubs:location}/lib:${xextproto:location}/lib:${libX11:location}/lib:${libxcb:location}/lib
   LD_RUN_PATH=${xcbproto:location}/lib:${libXau:location}/lib:${xorg-libpthread-stubs:location}/lib:${xextproto:location}/lib:${libX11:location}/lib:${libxcb:location}/lib
@@ -148,7 +153,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
-  PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${inputproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${inputproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig
   LD_LIBRARY_PATH=${xproto:location}/lib:${xextproto:location}/lib:${libxcb:location}/lib
   LD_RUN_PATH=${xproto:location}/lib:${xextproto:location}/lib:${libxcb:location}/lib
   PATH=${pkgconfig:location}/bin:%(PATH)s
@@ -329,7 +334,7 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
-  PKG_CONFIG_PATH=${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
 
 [libSM]
@@ -341,10 +346,26 @@ configure-options =
   --without-xmlto
   --without-fop
 environment =
-  PKG_CONFIG_PATH=${libICE:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${libICE:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xtrans:location}/share/pkgconfig
   PATH=${pkgconfig:location}/bin:%(PATH)s
   LIBUUID_CFLAGS=-I${libuuid:location}/include
 
+[renderproto]
+recipe = hexagonit.recipe.cmmi
+url = http://www.x.org/releases/X11R7.6/src/proto/renderproto-0.11.1.tar.bz2
+md5sum = a914ccc1de66ddeb4b611c6b0686e274
+
+[libXrender]
+recipe = hexagonit.recipe.cmmi
+url = http://www.x.org/releases/X11R7.6/src/lib/libXrender-0.9.6.tar.bz2
+md5sum = 3b3b7d076c2384b6c600c0b5f4ba971f
+configure-options =
+  --disable-static
+environment =
+  PKG_CONFIG_PATH=${libX11:location}/lib/pkgconfig:${renderproto:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  CPPFLAGS=-I${libX11:location}/include -I${renderproto:location}/include -I${xproto:location}/include
+
 [libXt]
 recipe = hexagonit.recipe.cmmi
 url = http://www.x.org/releases/X11R7.6/src/lib/libXt-1.0.9.tar.bz2

component/zlib/buildout.cfg

@@ -4,5 +4,5 @@ parts =
 
 [zlib]
 recipe = hexagonit.recipe.cmmi
-url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.5.tar.gz?download
-md5sum = c735eab2d659a96e5a594c9e8541ad63
+url = http://prdownloads.sourceforge.net/libpng/zlib-1.2.6.tar.bz2?download
+md5sum = dc2cfa0d2313ca77224b4d932b2911e9

setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.40.1'
+version = '0.46-dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
@@ -47,6 +47,7 @@ setup(name=name,
           'apache.zope.backend = slapos.recipe.apache_zope_backend:Recipe',
           'certificate_authority = slapos.recipe.certificate_authority:Recipe',
           'certificate_authority.request = slapos.recipe.certificate_authority:Request',
+          'check_port_listening = slapos.recipe.check_port_listening:Recipe',
           'copyfilelist = slapos.recipe.copyfilelist:Recipe',
           'cron = slapos.recipe.dcron:Recipe',
           'cron.d = slapos.recipe.dcron:Part',
@@ -58,14 +59,18 @@ setup(name=name,
           'erp5scalabilitytestbed = slapos.recipe.erp5scalabilitytestbed:Recipe',
           'equeue = slapos.recipe.equeue:Recipe',
           'erp5testnode = slapos.recipe.erp5testnode:Recipe',
+          'generate.mac = slapos.recipe.generatemac:Recipe',
+          'nbdserver = slapos.recipe.nbdserver:Recipe',
+          'generic.onetimeupload = slapos.recipe.generic_onetimeupload:Recipe',
           'helloworld = slapos.recipe.helloworld:Recipe',
           'generic.cloudooo = slapos.recipe.generic_cloudooo:Recipe',
           'fontconfig = slapos.recipe.fontconfig:Recipe',
           'java = slapos.recipe.java:Recipe',
           'kumofs = slapos.recipe.kumofs:Recipe',
+          'kvm = slapos.recipe.kvm:Recipe',
+          'kvm.frontend = slapos.recipe.kvm_frontend:Recipe',
           'generic.kumofs = slapos.recipe.generic_kumofs:Recipe',
           'haproxy = slapos.recipe.haproxy:Recipe',
-          'kvm = slapos.recipe.kvm:Recipe',
           'libcloud = slapos.recipe.libcloud:Recipe',
           'libcloudrequest = slapos.recipe.libcloudrequest:Recipe',
           'lockfile = slapos.recipe.lockfile:Recipe',
@@ -75,11 +80,11 @@ setup(name=name,
           'mydumper = slapos.recipe.mydumper:Recipe',
           'generic.mysql = slapos.recipe.generic_mysql:Recipe',
           'mkdirectory = slapos.recipe.mkdirectory:Recipe',
-          'nbdserver = slapos.recipe.nbdserver:Recipe',
           'nosqltestbed = slapos.recipe.nosqltestbed:NoSQLTestBed',
           'notifier = slapos.recipe.notifier:Recipe',
           'notifier.callback = slapos.recipe.notifier:Callback',
           'notifier.notify = slapos.recipe.notifier:Notify',
+          'novnc = slapos.recipe.novnc:Recipe',
           'lamp = slapos.recipe.lamp:Request',
           'lamp.request = slapos.recipe.lamp:Request',
           'lamp.static = slapos.recipe.lamp:Static',
@@ -117,8 +122,12 @@ setup(name=name,
           'generate.cloudooo = slapos.recipe.generate_cloudooo:Recipe',
           'zeo = slapos.recipe.zeo:Recipe',
           'tidstorage = slapos.recipe.tidstorage:Recipe',
+          'erp5.bootstrap = slapos.recipe.erp5_bootstrap:Recipe',
+          'erp5.promise = slapos.recipe.erp5_promise:Recipe',
           'erp5.update = slapos.recipe.erp5_update:Recipe',
           'erp5.test = slapos.recipe.erp5_test:Recipe',
+          'generic.varnish = slapos.recipe.generic_varnish:Recipe',
+          'webchecker = slapos.recipe.web_checker:Recipe',
         ],
         'slapos.recipe.nosqltestbed.plugin': [
           'kumo = slapos.recipe.nosqltestbed.kumo:KumoTestBed',

slapos/recipe/README.apache_frontend.txt

 apache_frontend
 ==========
 
-Frontend using Apache, allowing to rewrite and proxy URLs like myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
\ No newline at end of file
+Frontend using Apache, allowing to rewrite and proxy URLs like
+myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
+
+apache_frontend works using the master instance / slave instance design.
+It means that a single main instance of Apache will be used to act as frontend
+for many slaves.
+
+
+How to use
+========
+First, you will need to request a "master" instance of Apache Frontend with
+"domain" parameter, like : 
+<?xml version='1.0' encoding='utf-8'?>
+<instance>
+ <parameter id="domain">moulefrite.com</parameter>
+ <parameter id="port">443</parameter>
+</instance>
+
+Then, it is possible to request many slave instances
+(currently only from slapconsole, UI doesn't work yet)
+of Apache Frontend, like : 
+instance = request(
+       software_release=apache_frontend,
+       partition_reference='frontend2',
+       shared=True,
+       partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"}
+     )
+Those slave instances will be redirected to the "master" instance,
+and you will see on the "master" instance the associated RewriteRules of
+all slave instances.
+
+Finally, the slave instance will be accessible from :
+https://someidentifier.moulefrite.com.

slapos/recipe/README.kvm_frontend.txt

+kvm_frontend
+===
+
+Introduction
+------------
+
+The ``slapos.recipe.kvm_frontend`` aims to provide proxy server to KVM instances.
+
+It allows HTTPS IPv4/IPv6 proxying (with or without domain name), and supports
+the WebSocket technology needed for VNC-in-webapplication noVNC.
+
+It works following the master/slave instances system. A master instance is
+created, containing all what is needed to run the proxy. Slave instances
+are later created, adding one line in the master instance's proxy configuration
+that specify the IP/port to proxy to the KVM.
+
+The slave instance (kvm) is then accessible from
+http://[masterinstanceIPorhostname]/[randomgeneratednumber]
+
+
+Instance parameters
+------------
+
+Incoming master instance parameters
++++++++
+
+``port``                - Port of server, optional, defaults to 4443.
+``domain``              - domain name to use, optional, default to
+                          "host.vifib.net".
+``redirect_plain_http`` - if value is one of ['y', 'yes', '1', 'true'], instance
+                          will try to create a simple http server on port 80
+                          redirecting to the proxy. Optional.
+
+Incoming slave instance parameters
++++++++
+
+``host``    - KVM instance IP or hostname. Mandatory.
+``port``    - KVM instance port, Mandatory.
+``https``   - if value is one of ['n', 'no', '0', 'false'], will try to connect
+              to target in plain http. Optional.
+
+Connection parameters
+-------------
+
+Outgoing master connection parameters
++++++++
+
+``domain_ipv6_address``  - Proxy IP
+``site_url``             - Proxy URL
+
+Outgoing slave connection parameters are :
++++++++
+
+``site_url``             - URL of instance
+``domain_name``          - Domain name of proxy
+``port``                 - Port of proxy

slapos/recipe/apache_zope_backend/__init__.py

@@ -33,10 +33,33 @@ class Recipe(GenericBaseRecipe):
     ip = self.options['ip']
     port = self.options['port']
     backend = self.options['backend']
-    key = self.options['key-file']
-    certificate = self.options['cert-file']
-    access_control_string = self.options['access-control-string']
+
     apache_conf = dict()
+
+    scheme = self.options['scheme']
+    if scheme == 'http':
+      required_path_list = []
+      apache_conf['ssl_snippet'] = ''
+    elif scheme == 'https':
+      key = self.options['key-file']
+      certificate = self.options['cert-file']
+      required_path_list = [key, certificate]
+      apache_conf['key'] = key
+      apache_conf['certificate'] = certificate
+      apache_conf['ssl_session_cache'] = self.options['ssl-session-cache']
+      apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
+          'template/snippet.ssl.in') % apache_conf
+      if 'ssl-authentication' in self.options and self.optionIsTrue(
+          'ssl-authentication'):
+        apache_conf['ssl_snippet'] += pkg_resources.resource_string(__name__,
+          'template/snippet.ssl.ca.in') % dict(
+            ca_certificate=self.options['ssl-authentication-certificate'],
+            ca_crl=self.options['ssl-authentication-crl']
+          )
+    else:
+      raise ValueError, "Unsupported scheme %s" % scheme
+
+    access_control_string = self.options['access-control-string']
     apache_conf['pid_file'] = self.options['pid-file']
     apache_conf['lock_file'] = self.options['lock-file']
     apache_conf['ip'] = ip
@@ -45,11 +68,10 @@ class Recipe(GenericBaseRecipe):
     apache_conf['error_log'] = self.options['error-log']
     apache_conf['access_log'] = self.options['access-log']
     apache_conf['server_name'] = '%s' % apache_conf['ip']
-    apache_conf['certificate'] = certificate
-    apache_conf['key'] = key
     apache_conf['path'] = '/'
     apache_conf['access_control_string'] = access_control_string
-    apache_conf['rewrite_rule'] = "RewriteRule (.*) %s$1 [L,P]" % backend
+    apache_conf['rewrite_rule'] = "RewriteRule (.*) %s%s [L,P]" % (backend,
+      self.options.get('backend-path', '/'))
     apache_conf_string = pkg_resources.resource_string(__name__,
           'template/apache.zope.conf.in') % apache_conf
     apache_config_file = self.createFile(self.options['configuration-file'],
@@ -58,7 +80,7 @@ class Recipe(GenericBaseRecipe):
     wrapper = self.createPythonScript(self.options['wrapper'], __name__ +
       '.apache.runApache', [
             dict(
-              required_path_list=[key, certificate],
+              required_path_list=required_path_list,
               binary=self.options['apache-binary'],
               config=apache_config_file
             )

slapos/recipe/apache_zope_backend/template/apache.zope.conf.in

@@ -2,12 +2,16 @@
 # Automatically generated
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule ssl_module modules/mod_ssl.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule dav_module modules/mod_dav.so
@@ -18,24 +22,23 @@ LoadModule headers_module modules/mod_headers.so
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 ServerAdmin %(server_admin)s
 TypesConfig conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
 
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
+
+# Apache 2.4's default value (60 seconds) can be a bit too short
+TimeOut 300
+
 # As backend is trusting REMOTE_USER header unset it always
 RequestHeader unset REMOTE_USER
 
-# SSL Configuration
-SSLEngine on
-SSLCertificateFile %(certificate)s
-SSLCertificateKeyFile %(key)s
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-
-SSLProxyEngine On
+%(ssl_snippet)s
 
 # Log configuration
 ErrorLog "%(error_log)s"

slapos/recipe/apache_zope_backend/template/snippet.ssl.ca.in

+SSLVerifyClient require
+RequestHeader set REMOTE_USER %%{SSL_CLIENT_S_DN_CN}s
+SSLCACertificateFile %(ca_certificate)s
+SSLCARevocationPath %(ca_crl)s

slapos/recipe/apache_zope_backend/template/snippet.ssl.in

+
+# SSL Configuration
+SSLEngine on
+SSLCertificateFile %(certificate)s
+SSLCertificateKeyFile %(key)s
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+SSLProtocol -ALL +SSLv3 +TLSv1
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
+SSLSessionCache shmcb:%(ssl_session_cache)s(512000)
+SSLProxyEngine On

slapos/recipe/apachephp/template/apache.in

@@ -3,7 +3,6 @@
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 PHPINIDir %(php_ini_dir)s
 ServerAdmin someone@email
@@ -25,20 +24,21 @@ CustomLog "%(access_log)s" common
 <Directory />
     Options FollowSymLinks
     AllowOverride None
-    Order deny,allow
-    Deny from all
+    Require all denied
 </Directory>
 
 <Directory %(document_root)s>
   Options FollowSymLinks
   AllowOverride All
-  Order allow,deny
-  Allow from all
+  Require all granted
 </Directory>
 DocumentRoot %(document_root)s
 DirectoryIndex index.html index.php
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so

slapos/recipe/certificate_authority/__init__.py

@@ -45,13 +45,14 @@ class Recipe(GenericBaseRecipe):
   def install(self):
     path_list = []
 
-    # XXX: We gotta find better a way to get these options
-    ca_country_code = 'XX'
-    ca_email = 'xx@example.com'
-    ca_state = 'State',
-    ca_city = 'City'
-    ca_company = 'Company'
-    # XXX: end
+    ca_country_code = self.options.get('country-code', 'XX')
+    ca_email = self.options.get('email', 'xx@example.com')
+    # XXX-BBB: State by mistake has been configured as string "('State',)"
+    #          string, so keep this for backward compatibility of existing
+    #          automatically setup CAs
+    ca_state = self.options.get('state', "('State',)")
+    ca_city = self.options.get('city', 'City')
+    ca_company = self.options.get('company', 'Company')
 
     self.setPath()
 

slapos/recipe/check_port_listening/__init__.py

+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  Check listening port promise
+  """
+
+  def install(self):
+    config = dict(
+      hostname=self.options['hostname'],
+      port=self.options['port'],
+      python_path=sys.executable,
+    )
+
+    vnc_promise = self.createExecutable(
+      self.options['path'],
+      self.substituteTemplate(
+        self.getTemplateFilename('socket_connection_attempt.py.in'),
+        config))
+
+    return [vnc_promise]

slapos/recipe/check_port_listening/template/socket_connection_attempt.py.in

+#!%(python_path)s
+# BEWARE: This file is operated by slapgrid
+# BEWARE: It will be overwritten automatically
+import socket
+import sys
+
+hostname = "%(hostname)s"
+port = %(port)s
+
+connection_okay = False
+
+try:
+  s = socket.create_connection((hostname, port))
+  connection_okay = True
+  s.close()
+except (socket.error, socket.timeout):
+  connection_okay = False
+
+if not connection_okay:
+  print >> sys.stderr, "%(port)s on %(hostname)s isn't listening"
+  sys.exit(127)

slapos/recipe/davstorage/template/httpd.conf.in

@@ -3,6 +3,9 @@ ServerRoot "%(server_root)s"
 Listen [%(ip)s]:%(port)s
 
 # Needed modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authn_file_module "%(modules_dir)s/mod_authn_file.so"
 LoadModule authz_host_module "%(modules_dir)s/mod_authz_host.so"
 LoadModule authz_user_module "%(modules_dir)s/mod_authz_user.so"
@@ -11,6 +14,7 @@ LoadModule auth_digest_module "%(modules_dir)s/mod_auth_digest.so"
 LoadModule log_config_module "%(modules_dir)s/mod_log_config.so"
 LoadModule headers_module "%(modules_dir)s/mod_headers.so"
 LoadModule setenvif_module "%(modules_dir)s/mod_setenvif.so"
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule ssl_module "%(modules_dir)s/mod_ssl.so"
 LoadModule mime_module "%(modules_dir)s/mod_mime.so"
 LoadModule dav_module "%(modules_dir)s/mod_dav.so"
@@ -25,7 +29,6 @@ ServerTokens ProductOnly
 
 DocumentRoot "%(document_root)s"
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 DavLockDB "%(davlock_db)s"
 
 <Directory />

slapos/recipe/erp5/template/apache.zope.conf.in

@@ -2,12 +2,16 @@
 # Automatically generated
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule version_module modules/mod_version.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 LoadModule ssl_module modules/mod_ssl.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule dav_module modules/mod_dav.so
@@ -19,7 +23,6 @@ LoadModule antiloris_module modules/mod_antiloris.so
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 ServerAdmin %(server_admin)s
 TypesConfig conf/mime.types

slapos/recipe/erp5_bootstrap/__init__.py

+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from slapos.recipe.librecipe import GenericBaseRecipe
+import os
+import sys
+import urlparse
+
+class Recipe(GenericBaseRecipe):
+  """
+  Instanciate ERP5 in Zope
+  """
+
+  def install(self):
+    parsed = urlparse.urlparse(self.options['mysql-url'])
+    mysql_connection_string = "%(database)s@%(hostname)s:%(port)s "\
+        "%(username)s %(password)s" % dict(
+      database=parsed.path.split('/')[1],
+      hostname=parsed.hostname,
+      port=parsed.port,
+      username=parsed.username,
+      password=parsed.password
+    )
+
+    zope_parsed = urlparse.urlparse(self.options['zope-url'])
+
+    config = dict(
+      python_path=sys.executable,
+      user=zope_parsed.username,
+      password=zope_parsed.password,
+      site_id=zope_parsed.path.split('/')[1],
+      host="%s:%s" % (zope_parsed.hostname, zope_parsed.port),
+      sql_connection_string=mysql_connection_string,
+    )
+
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['runner-path'],
+      self.substituteTemplate(self.getTemplateFilename('erp5_bootstrap.in'),
+                              config))
+
+    return [runner_path]

slapos/recipe/erp5_bootstrap/template/erp5_bootstrap.in

+#!%(python_path)s
+
+import httplib
+import urllib
+import base64
+
+user = "%(user)s"
+password = "%(password)s"
+host = "%(host)s"
+site_id = "%(site_id)s"
+erp5_catalog_storage = 'erp5_mysql_innodb_catalog'
+mysql_url = "%(sql_connection_string)s"
+
+header_dict = {'Authorization': 'Basic %%s' %% \
+  base64.encodestring('%%s:%%s' %% (user, password)).strip()}
+zope_connection = httplib.HTTPConnection(host)
+
+# Check if an ERP5 site is already created, as ERP5 does support having
+# 2 instances in the same zope, and this script should not destroy user data
+zope_connection.request('GET', '/isERP5SitePresent', headers=header_dict)
+result = zope_connection.getresponse()
+
+if result.status == 204: # and (result.read() == "False"):
+
+  # Create the expected ERP5 instance
+  zope_connection.request(
+    'POST', '/manage_addProduct/ERP5/manage_addERP5Site',
+    urllib.urlencode({
+      'id': site_id,
+      'erp5_catalog_storage': erp5_catalog_storage,
+      'erp5_sql_connection_string': mysql_url,
+      'cmf_activity_sql_connection_string': mysql_url,
+    }),
+    headers=header_dict)
+

slapos/recipe/erp5_promise/__init__.py

+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from slapos.recipe.librecipe import GenericBaseRecipe
+import ConfigParser
+
+class Recipe(GenericBaseRecipe):
+  """
+  Generate ERP5 promise configuration file
+  """
+
+  def install(self):
+
+    promise_parser = ConfigParser.RawConfigParser()
+
+    promise_parser.add_section('portal_templates')
+    promise_parser.set('portal_templates', 'repository', self.options['bt5-repository-url'])
+    promise_parser.set('portal_templates', 'expected_bt5', self.options['bt5'])
+
+    promise_parser.add_section('external_service')
+    promise_parser.set('external_service', 'cloudooo_url', self.options['cloudooo-url'])
+    promise_parser.set('external_service', 'memcached_url', self.options['memcached-url'])
+    promise_parser.set('external_service', 'kumofs_url', self.options['kumofs-url'])
+    promise_parser.set('external_service', 'smtp_url', self.options['smtp-url'])
+
+    promise_parser.write(open(self.options['promise-path'], 'w'))
+
+    return [self.options['promise-path']]

slapos/recipe/fontconfig/template/fontconfig.cfg.in

 <?xml version="1.0"?>
 <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
 <fontconfig>
+<cachedir>~/.fontconfig</cachedir>
 %(font_folder_path_snippet)s
 </fontconfig>
\ No newline at end of file

slapos/recipe/generate_erp5_tidstorage.py

@@ -57,6 +57,9 @@ class Recipe(GenericSlapRecipe):
     known_tid_storage_identifier_dict = {}
     snippet_zeo = open(self.options['snippet-zeo']).read()
     for zeo_id, zeo_configuration_list in json_data['zeo'].iteritems():
+      if not type(zeo_configuration_list) in (type([]), type(set()), type(())):
+        raise ValueError('%s passed in json is not a list, json: %s.' % (
+          zeo_configuration_list, json_data))
       storage_list = []
       a = storage_list.append
       for zeo_slave in zeo_configuration_list:
@@ -92,7 +95,8 @@ class Recipe(GenericSlapRecipe):
     zeo_connection_string = '\n'.join(zeo_connection_list)
     zope_dict.update(
       timezone=json_data['timezone'],
-      zeo_connection_string=zeo_connection_string
+      zeo_connection_string=zeo_connection_string,
+      site_id=site_id,
     )
     # always one distribution node
     current_zope_port += 1
@@ -151,32 +155,72 @@ class Recipe(GenericSlapRecipe):
           longrequest_logger_interval=longrequest_logger_interval,
           **zope_dict)
         haproxy_backend_list.append('${%(part_name)s:ip}:${%(part_name)s:port}' % dict(part_name=part_name))
+
+      scheme = backend_configuration.get('scheme', ['https'])
+
       # now generate backend access
       current_apache_port += 1
       current_haproxy_port += 1
-      part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name))
       backend_dict = dict(
         backend_name=backend_name,
         apache_port=current_apache_port,
+        apache_public_port=current_apache_port+1,
         haproxy_port=current_haproxy_port,
         access_control_string=backend_configuration['access-control-string'],
         maxconn=backend_configuration['maxconn'],
         server_check_path='/%s/getId' % site_id,
-        haproxy_backend_list=' '.join(haproxy_backend_list)
+        haproxy_backend_list=' '.join(haproxy_backend_list),
+        ssl_authentication=backend_configuration.get('ssl-authentication',
+          False),
+        backend_path=backend_configuration.get('backend-path', '/') % {
+            'site-id': site_id}
+
       )
-      publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict(
-        backend_name=backend_name))
+      current_apache_port += 1
       output += snippet_backend % backend_dict
+
+      if 'http' in scheme:
+        part_list.append('apache-public-%(backend_name)s logrotate-entry-apache-public-%(backend_name)s' % dict(backend_name=backend_name))
+        publish_url_list.append('url-public-%(backend_name)s = http://[${apache-public-%(backend_name)s:ip}]:${apache-public-%(backend_name)s:port}' % dict(
+          backend_name=backend_name))
+      if 'https' in scheme:
+        part_list.append('apache-%(backend_name)s ca-apache-%(backend_name)s logrotate-entry-apache-%(backend_name)s haproxy-%(backend_name)s' % dict(backend_name=backend_name))
+        publish_url_list.append('url-%(backend_name)s = https://[${apache-%(backend_name)s:ip}]:${apache-%(backend_name)s:port}' % dict(
+          backend_name=backend_name))
+
     output += SECTION_BACKEND_PUBLISHER + '\n'
     output += '\n'.join(publish_url_list)
     part_list.append('publish-apache-backend-list')
+    master_dict = self.parameter_dict.copy()
+    if 'erp5-ca' in json_data:
+      erp5_ca = json_data['erp5-ca']
+      # Fetching exactly named parameters from json in order to raise proper
+      # error if required
+      master_dict.update(
+        erp5_ca_country_code = erp5_ca['country-code'],
+        erp5_ca_email = erp5_ca['email'],
+        erp5_ca_state = erp5_ca['state'],
+        erp5_ca_city = erp5_ca['city'],
+        erp5_ca_company = erp5_ca['company']
+      )
+    else:
+      master_dict.update(dict(
+        erp5_ca_country_code = 'XX',
+        erp5_ca_email = 'xx@example.com',
+        # XXX-BBB: State by mistake has been configured as string "('State',)"
+        #          string, so keep this for backward compatibility of existing
+        #          automatically setup CAs
+        erp5_ca_state = "('State',)",
+        erp5_ca_city = 'City',
+        erp5_ca_company = 'Company'
+      ))
     prepend = open(self.options['snippet-master']).read() % dict(
         part_list='  \n'.join(['  '+q for q in part_list]),
         known_tid_storage_identifier_dict=known_tid_storage_identifier_dict,
         haproxy_section="haproxy-%s" % backend_name,
         zope_section=zope_id,
         site_id=site_id,
-        **self.parameter_dict
+        **master_dict
         )
     output = prepend + output
     with open(self.options['output'], 'w') as f:

slapos/recipe/generatemac.py

+
+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import random
+
+from slapos.recipe.librecipe import GenericBaseRecipe
+
+class Recipe(GenericBaseRecipe):
+
+  def __init__(self, buildout, name, options):
+    # First octet has to represent a locally administered address
+    octet_list = [254] + [random.randint(0x00, 0xff) for x in range(5)]
+    options['mac-address'] = ':'.join(['%02x' % x for x in octet_list])
+
+  def install(self):
+    return []

slapos/recipe/generic_kumofs/__init__.py

@@ -52,7 +52,8 @@ class Recipe(GenericBaseRecipe):
       kumo_manager_port=kumo_manager_port,
       kumo_server_port=kumo_server_port,
       kumo_server_listen_port=kumo_server_listen_port,
-      kumo_gateway_port=kumo_gateway_port
+      kumo_gateway_port=kumo_gateway_port,
+      shell_path=self.options['shell-path'],
     )
 
     path_list.append(self.createExecutable(self.options['gateway-wrapper'],

slapos/recipe/generic_kumofs/template/kumo_gateway.in

-#!/bin/sh
+#!%(shell_path)s
 exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s

slapos/recipe/generic_kumofs/template/kumo_manager.in

-#!/bin/sh
+#!%(shell_path)s
 exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s

slapos/recipe/generic_kumofs/template/kumo_server.in

-#!/bin/sh
+#!%(shell_path)s
 exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s

slapos/recipe/generic_memcached/__init__.py

@@ -46,6 +46,7 @@ class Recipe(GenericBaseRecipe):
         memcached_binary=self.options['binary_path'],
         memcached_ip=self.options['ip'],
         memcached_port=self.options['port'],
+        shell_path=self.options['shell-path'],
     )
 
     executable_path = self.createExecutable(

slapos/recipe/generic_memcached/template/memcached.in

-#!/bin/sh
+#!%(shell_path)s
 exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s

slapos/recipe/generic_mysql/__init__.py

@@ -67,6 +67,12 @@ class Recipe(GenericBaseRecipe):
 
     mysql_script_list = []
 
+    # user defined functions
+    mysql_script_list.append(self.substituteTemplate(
+      self.getTemplateFilename('mysql-init-function.sql.in'),
+      {
+      }
+    ))
     # real database
     mysql_script_list.append(self.substituteTemplate(
       self.getTemplateFilename('initmysql.sql.in'),

slapos/recipe/generic_mysql/template/my.cnf.in

@@ -17,15 +17,15 @@ pid-file = %(pid_file)s
 log-error = %(error_log)s
 slow_query_log
 slow_query_log_file = %(slow_query_log)s
-long_query_time = 5
+long_query_time = 1
 max_allowed_packet = 128M
 query_cache_size = 32M
 
-plugin-load = ha_groonga.so;ha_sphinx.so
+plugin-load = ha_mroonga.so;ha_sphinx.so;handlersocket.so
 
 # By default only 100 connections are allowed, when using zeo
 # we may have much more connections
-# max_connections = 1000
+max_connections = 1000
 
 # The following are important to configure and depend a lot on to the size of
 # your database and the available resources.

slapos/recipe/erp5/template/mysql-init-function.sql.in → slapos/recipe/generic_mysql/template/mysql-init-function.sql.in

 USE mysql;
 DROP FUNCTION IF EXISTS last_insert_grn_id;
-CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME 'ha_groonga.so';
+CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME 'ha_mroonga.so';
 DROP FUNCTION IF EXISTS sphinx_snippets;
 CREATE FUNCTION sphinx_snippets RETURNS STRING SONAME 'sphinx.so';

slapos/recipe/generic_onetimeupload/__init__.py

+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe
+import binascii
+import os
+import sys
+
+class Recipe(GenericBaseRecipe):
+  """
+  kvm instance configuration.
+  """
+
+  def __init__(self, buildout, name, options):
+    options['key'] = binascii.hexlify(os.urandom(24))
+    return GenericBaseRecipe.__init__(self, buildout, name, options)
+
+  def install(self):
+    config = dict(
+      ip=self.options['ip'],
+      port=self.options['port'],
+      onetimeupload_path=self.options['onetimeupload-path'],
+      shell_path=self.options['shell-path'],
+      log_path=self.options['log-path'],
+      image=self.options['image-path'],
+      key=self.options['key'],
+    )
+
+    # Runners
+    runner_path = self.createExecutable(
+      self.options['path'],
+      self.substituteTemplate(self.getTemplateFilename('onetimeupload_run.in'),
+                              config))
+
+    return [runner_path]
+

slapos/recipe/nbdserver/template/onetimeupload_run.in → slapos/recipe/generic_onetimeupload/template/onetimeupload_run.in

-#!/bin/sh
+#!%(shell_path)s
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
 exec %(onetimeupload_path)s -l %(log_path)s %(ip)s %(port)s %(image)s %(key)s 

slapos/recipe/generic_varnish/__init__.py

+##############################################################################
+#
+# Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import os
+import re
+from slapos.recipe.librecipe import GenericSlapRecipe
+
+class Recipe(GenericSlapRecipe):
+  """
+    Instantiate varnish daemon
+
+    TODO:
+      - use varnish3.x and replace .vcl for it
+  """
+  def _install(self):
+    ip = self.options['ip']
+    backend_url = self.parameter_dict['tidstorage-url']
+    backend_ip, backend_port = self._getBackendServer(backend_url)
+    varnishd_manager_port = int(self.options['manager-port'])
+    varnishd_server_port = int(self.options['server-port'])
+    path_list = []
+    config = dict(
+      varnishd_binary=self.options['varnishd-binary'],
+      varnish_ip=ip,
+      varnishlog_binary=self.options['varnishlog-binary'],
+      varnishd_manager_port=varnishd_manager_port,
+      varnishd_server_port=varnishd_server_port,
+      varnishd_pid_file=self.options['pid-file'],
+      varnish_instance_name=self.options['varnish-instance-name'],
+      varnish_data=self.options['varnish-data'],
+      shell_path=self.options['shell-path'],
+      vcl_file=self.options['vcl-file'],
+      backend_ip = backend_ip,
+      backend_port = backend_port,
+      backend_server = "[%s]" % backend_ip,
+    )
+
+    path_list.append(self.createExecutable(self.options['varnishd-wrapper'],
+      self.substituteTemplate(self.getTemplateFilename('varnishd.in'),
+        config)))
+    path_list.append(self.createExecutable(self.options['varnishlog-wrapper'],
+      self.substituteTemplate(self.getTemplateFilename('varnishlog.in'),
+        config)))
+    path_list.append(self.createFile(self.options['vcl-file'],
+      self.substituteTemplate(self.getTemplateFilename('default.vcl.in'),
+        config)))
+    return path_list
+
+  def _getBackendServer(self, url):
+    r = re.compile('\/\/\[(.*)\]:(\d*)')
+    result = r.search(url)
+    ip = result.groups()[0]
+    port = result.groups()[1]
+    return (ip, port)

slapos/recipe/generic_varnish/template/default.vcl.in

+#This is a basic VCL configuration file for varnish.  See the vcl(7)
+#man page for details on VCL syntax and semantics.
+#
+#Default backend definition.  Set this to point to your content
+#server.
+#
+backend default {
+  .host = "%(backend_ip)s";
+  .port = "%(backend_port)s";
+  .probe = {
+           .timeout = 30s;
+           .interval = 5s;
+           .window = 4;
+           .threshold = 3;
+           .request =
+             "OPTIONS /erp5/getId HTTP/1.1"
+             "Host: %(backend_server)s:%(backend_port)s"
+             "Accept-Encoding: identity"
+             "Connection: close"
+             "User-Agent: Varnish";
+  }
+}
+#
+#Below is a commented-out copy of the default VCL logic.  If you
+#redefine any of these subroutines, the built-in logic will be
+#appended to your code.
+#
+
+sub vcl_recv {
+  if (req.request != "GET" &&
+    req.request != "HEAD" &&
+    req.request != "PUT" &&
+    req.request != "POST" &&
+    req.request != "TRACE" &&
+    req.request != "OPTIONS" &&
+    req.request != "PURGE" &&
+    req.request != "DELETE") {
+      /* Non-RFC2616 or CONNECT which is weird. */
+      pipe;
+  }
+  if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {
+      /* We only deal with GET and HEAD by default */
+      pass;
+  }
+  remove req.http.Cookie;
+  remove req.http.Set-Cookie;
+  if (req.http.Accept-Encoding) {
+    if (req.http.Accept-Encoding ~ "gzip") {
+      set req.http.Accept-Encoding = "gzip";
+    } elsif (req.http.Accept-Encoding ~ "deflate") {
+      set req.http.Accept-Encoding = "deflate";
+    } else {
+      # unkown algorithm
+      remove req.http.Accept-Encoding;
+    }
+  }
+  # Force deflate
+  remove req.http.Accept-Encoding;
+  # We do not care about Accept-Language, this is url controlled
+  remove req.http.Accept-Language;
+  #if (req.request == "PURGE") {
+  #  if (!client.ip ~ purge) {
+  #    error 405 "Not allowed.";
+  #  }
+  #  purge_url(req.url);
+  #  error 200 "HASHPURGED";
+  #  unset req.http.x;
+  #}
+  set req.grace = 30d;
+  lookup;
+}
+
+sub vcl_hash {
+    set req.hash += req.url;
+    hash;
+}
+
+sub vcl_hit {
+   #if (req.request == "PURGE" && client.ip ~ purge) {
+   #  set obj.ttl = 0s;
+   #  error 200 "Purged.";
+   #}
+
+   #if (client.ip ~ purge){
+   #  # Force refresh from localhost
+   #  set obj.ttl = 0s;
+   #  return (restart);
+   #}
+   # According Vary Header do not return those headers
+   remove req.http.Accept-Language;
+   remove req.http.Accept-Encoding;
+   remove req.http.Cookie;
+   deliver;
+}
+
+sub vcl_miss {
+    fetch;
+}
+
+sub vcl_fetch {
+    /* Never send request to backend even if client ask refreshed content */
+    if (obj.cacheable) {
+       /* Setup grace period for 30days for all cacheable contents */
+      #set req.grace = 30d;
+      set obj.grace = 30d;
+      }
+   deliver;
+   }
+
+
+sub vcl_deliver {
+   if (obj.hits > 0) {
+     set resp.http.X-Cache = obj.hits;
+   } else {
+     set resp.http.X-Cache = "MISS";
+   }
+   #if (obj.hash) {
+   #  set resp.http.X-Hash = obj.hash;
+   #} else {
+   #  set resp.http.X-Hash = "No hash";
+   #}
+
+   deliver;
+}

slapos/recipe/generic_varnish/template/varnishd.in

+#!%(shell_path)s
+
+DAEMON_OPTS="-F \
+             -a %(varnish_ip)s:%(varnishd_server_port)s \
+             -T %(varnish_ip)s:%(varnishd_manager_port)s \
+             -n %(varnish_instance_name)s \
+             -f %(vcl_file)s \
+             -s file,%(varnish_data)s/varnish_storage.bin,1G"
+
+PIDFILE=%(varnishd_pid_file)s
+# exporting PATH here so that we will pass the PATH variable to the subprocess
+export PATH
+output=$(/bin/tempfile -s.varnish)
+exec %(varnishd_binary)s -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1
+

slapos/recipe/generic_varnish/template/varnishlog.in

+#!%(shell_path)s
+
+DAEMON_OPTS="-a %(varnish_ip)s:%(varnishd_server_port)s \
+             -n %(varnish_instance_name)s"
+
+exec %(varnishlog_binary)s ${DAEMON_OPTS} "$@"

slapos/recipe/generic_varnish/template/varnishlogd.in

+#!%(shell_path)s
+
+DAEMON_OPTS="-F \
+             -a %(varnish_ip)s:%(varnishd_server_port)s \
+             -T %(varnish_ip)s:%(varnishd_manager_port)s \
+             -n %(varnish_instance_name)s \
+             -f %(vcl_file)s \
+             -s file,%(varnish_data)s/varnish_storage.bin,1G"
+
+PIDFILE=%(varnishd_pid_file)s
+# exporting PATH here so that it will pass the PATH variable to the subprocess
+export PATH
+
+# If unset, or set to "0" or "no", exit
+if [ -z "${VARNISHLOG_ENABLED}" ] || \
+   [ "${VARNISHLOG_ENABLED}" = "0" ] || \
+   [ "${VARNISHLOG_ENABLED}" = "no" ]; then
+  exit 0;
+fi
+
+output=$(/bin/tempfile -s.varnish)
+exec %(varnishlog_binary)s ${DAEMON_OPTS} > ${output} 2>&1

slapos/recipe/generic_zope/__init__.py

@@ -128,6 +128,13 @@ class Recipe(GenericBaseRecipe):
     zope_conf_content = self.substituteTemplate(zope_wrapper_template_location,
       zope_config)
 
+    if ('promise-path' in self.options) and ('site-id' in self.options):
+      zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
+          'zope.conf.promise.in'), {
+            'site-id': self.options['site-id'],
+            'promise-path': self.options['promise-path'],
+            })
+
     zope_conf_path = self.createFile(self.options['configuration-file'], zope_conf_content)
     path_list.append(zope_conf_path)
     # Create init script

slapos/recipe/generic_zope/template/zope.conf.in

@@ -20,6 +20,11 @@ zserver-threads %(thread_amount)s
 pid-filename %(pid-filename)s
 lock-filename %(lock-filename)s
 
+# Encoding
+rest-input-encoding utf-8
+rest-output-encoding utf-8
+default-zpublisher-encoding utf-8
+
 # Temporary storage database (for sessions)
 <zodb_db temporary>
      <temporarystorage>

slapos/recipe/generic_zope/template/zope.conf.promise.in

+
+# ERP5 promise
+<product-config /%(site-id)s>
+  promise_path %(promise-path)s
+</product-config>

slapos/recipe/generic_zope_zeo_client/__init__.py

@@ -115,7 +115,7 @@ class Recipe(GenericBaseRecipe):
       TMPDIR=self.options['tmp-path'],
       HOME=self.options['tmp-path'],
       PATH=self.options['bin-path'],
-      TIMEZONE=self.options['timezone'],
+      TZ=self.options['timezone'],
     )
 
     # longrequestlogger product which requires environment settings
@@ -157,6 +157,18 @@ class Recipe(GenericBaseRecipe):
     if self.isTrueValue(self.options['timeserver']):
       zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
           'zope.conf.timeserver.in'), {})
+    if 'tidstorage-ip' in self.options:
+      zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
+          'zope.conf.tidstorage.in'), {
+            'tidstorage-ip': self.options['tidstorage-ip'],
+            'tidstorage-port': self.options['tidstorage-port'],
+            })
+    if ('promise-path' in self.options) and ('site-id' in self.options):
+      zope_conf_content += self.substituteTemplate(self.getTemplateFilename(
+          'zope.conf.promise.in'), {
+            'site-id': self.options['site-id'],
+            'promise-path': self.options['promise-path'],
+            })
 
     zope_conf_path = self.createFile(self.options['configuration-file'], zope_conf_content)
     path_list.append(zope_conf_path)

slapos/recipe/generic_zope_zeo_client/template/zope.conf.in

@@ -20,6 +20,11 @@ zserver-threads %(thread_amount)s
 pid-filename %(pid-filename)s
 lock-filename %(lock-filename)s
 
+# Encoding
+rest-input-encoding utf-8
+rest-output-encoding utf-8
+default-zpublisher-encoding utf-8
+
 # Temporary storage database (for sessions)
 <zodb_db temporary>
      <temporarystorage>

slapos/recipe/generic_zope_zeo_client/template/zope.conf.promise.in

+
+# ERP5 promise
+<product-config /%(site-id)s>
+  promise_path %(promise-path)s
+</product-config>

slapos/recipe/generic_zope_zeo_client/template/zope.conf.tidstorage.in

+
+# TIDStorage connection
+<product-config TIDStorage>
+  backend-ip %(tidstorage-ip)s
+  backend-port %(tidstorage-port)s
+</product-config>

slapos/recipe/generic_zope_zeo_client/template/zope.conf.timeserver.in

@@ -2,5 +2,5 @@
 # ERP5 Timer Service
 %%import timerserver
 <timer-server>
-  interval 5
+  interval 1
 </timer-server>

slapos/recipe/kvm/certificate_authority.py

-import os
-import subprocess
-import time
-import ConfigParser
-import uuid
-
-
-def popenCommunicate(command_list, input=None):
-  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
-  if input is not None:
-    subprocess_kw.update(stdin=subprocess.PIPE)
-  popen = subprocess.Popen(command_list, **subprocess_kw)
-  result = popen.communicate(input)[0]
-  if popen.returncode is None:
-    popen.kill()
-  if popen.returncode != 0:
-    raise ValueError('Issue during calling %r, result was:\n%s' % (
-      command_list, result))
-  return result
-
-
-class CertificateAuthority:
-  def __init__(self, key, certificate, openssl_binary,
-      openssl_configuration, request_dir):
-    self.key = key
-    self.certificate = certificate
-    self.openssl_binary = openssl_binary
-    self.openssl_configuration = openssl_configuration
-    self.request_dir = request_dir
-
-  def checkAuthority(self):
-    file_list = [ self.key, self.certificate ]
-    ca_ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ca_ready = False
-        break
-    if ca_ready:
-      return
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    try:
-      # no CA, let us create new one
-      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
-          self.openssl_configuration, '-new', '-x509', '-extensions', 'v3_ca',
-          '-keyout', self.key, '-out', self.certificate, '-days', '10950'],
-          # Authority name will be random, so no instance has the same issuer
-          'Certificate Authority %s\n' % uuid.uuid1())
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-
-  def _checkCertificate(self, common_name, key, certificate):
-    file_list = [key, certificate]
-    ready = True
-    for f in file_list:
-      if not os.path.exists(f):
-        ready = False
-        break
-    if ready:
-      return False
-    for f in file_list:
-      if os.path.exists(f):
-        os.unlink(f)
-    csr = certificate + '.csr'
-    try:
-      popenCommunicate([self.openssl_binary, 'req', '-config',
-        self.openssl_configuration, '-nodes', '-new', '-keyout',
-        key, '-out', csr, '-days', '3650'],
-        common_name + '\n')
-      try:
-        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
-          self.openssl_configuration, '-out', certificate,
-          '-infiles', csr])
-      finally:
-        if os.path.exists(csr):
-          os.unlink(csr)
-    except:
-      try:
-        for f in file_list:
-          if os.path.exists(f):
-            os.unlink(f)
-      except:
-        # do not raise during cleanup
-        pass
-      raise
-    else:
-      return True
-
-  def checkRequestDir(self):
-    for request_file in os.listdir(self.request_dir):
-      parser = ConfigParser.RawConfigParser()
-      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
-      if self._checkCertificate(parser.get('certificate', 'name'),
-          parser.get('certificate', 'key_file'), parser.get('certificate',
-            'certificate_file')):
-        print 'Created certificate %r' % parser.get('certificate', 'name')
-
-def runCertificateAuthority(args):
-  ca_conf = args[0]
-  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
-      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
-      ca_conf['request_dir'])
-  while True:
-    ca.checkAuthority()
-    ca.checkRequestDir()
-    time.sleep(60)

slapos/recipe/kvm/socket_connection_attempt.py

-import socket
-import sys
-
-def connection_attempt():
-
-  try:
-    hostname, port = sys.argv[1:3]
-  except ValueError:
-    print >> sys.stderr, """Bad command line.
-  Usage: %s hostname|ip port""" % sys.argv[0]
-    sys.exit(1)
-
-  connection_okay = False
-
-  try:
-    s = socket.create_connection((hostname, port))
-    connection_okay = True
-    s.close()
-  except (socket.error, socket.timeout):
-    connection_okay = False
-
-  if not connection_okay:
-    print >> sys.stderr, "%(port)s on %(ip)s isn't listening" % {
-      'port': port, 'ip': hostname
-    }
-    sys.exit(127)

slapos/recipe/kvm/template/kvm_run.in

-#!/bin/sh
+#!%(python_path)s
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
 
-# TODO: -net nic,model=virtio, but OS installer has to provide the virtio_net
-# module
-exec %(qemu_path)s \
-  -net nic,macaddr=%(mac_address)s \
-  -net tap,ifname=%(tap_interface)s,script=no,downscript=no \
-  -smp %(smp_count)s \
-  -m %(ram_size)s \
-  -cdrom nbd:[%(nbd_ip)s]:%(nbd_port)s \
-  -drive file=%(disk_path)s,if=virtio,boot=on \
-  -vnc %(vnc_ip)s:1,ipv4,password \
-  -boot menu=on \
-  -qmp unix:%(socket_path)s,server \
-  -pidfile %(pid_file_path)s
+# Echo client program
+import os
+import socket
+import subprocess
+
+def getSocketStatus(host, port):
+  s = None
+  for res in socket.getaddrinfo(host, port,
+      socket.AF_UNSPEC, socket.SOCK_STREAM):
+    af, socktype, proto, canonname, sa = res
+    try:
+      s = socket.socket(af, socktype, proto)
+    except socket.error, msg:
+      s = None
+      continue
+    try:
+      s.connect(sa)
+    except socket.error, msg:
+      s.close()
+      s = None
+      continue
+    break
+  return s
+
+# create disk if doesn't exist
+disk_path = '%(disk_path)s'
+if not os.path.exists(disk_path):
+  subprocess.Popen(['%(qemu_img_path)s', 'create' ,'-f', 'qcow2',
+      '%(disk_path)s', '%(disk_size)sG'])
+
+kvm_argument_list = ['kvm', '-net', 'nic,macaddr=%(mac_address)s',
+  '-net', 'tap,ifname=%(tap_interface)s,script=no,downscript=no',
+  '-smp', '%(smp_count)s',
+  '-m', '%(ram_size)s',
+  '-drive', 'file=%(disk_path)s,if=virtio,boot=on',
+  '-vnc', '%(vnc_ip)s:1,ipv4,password',
+  '-boot', 'menu=on',
+  '-qmp', 'unix:%(socket_path)s,server',
+  '-pidfile', '%(pid_file_path)s',
+]
+
+# Try to connect to NBD server
+s = getSocketStatus('%(nbd_ip)s', %(nbd_port)s)
+if s is None:
+  # NBD is not available : launch kvm without it
+  print 'Warning : Nbd is not available.'
+  os.execv('%(qemu_path)s', kvm_argument_list)
+else:
+  # NBD is available
+  kvm_argument_list.extend(['-cdrom', 'nbd:[%(nbd_ip)s]:%(nbd_port)s'])
+  os.execv('%(qemu_path)s', kvm_argument_list)

slapos/recipe/kvm/template/port_listening_promise.in

-#!/usr/bin/env sh
-
-"%(check_port_listening_script)s" "%(hostname)s" "%(port)s"
-exit $?

slapos/recipe/kvm/template/slapreport_run.in

-#!/bin/sh
-# BEWARE: This file is operated by slapgrid
-# BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapreport_path)s $1 %(database_path)s

slapos/recipe/kvm_frontend/__init__.py

+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import GenericBaseRecipe, GenericSlapRecipe
+import json
+import zc.buildout
+
+class Recipe(GenericSlapRecipe):
+  """
+  kvm frontend instance configuration.
+  """
+
+  def _getRewriteRuleContent(self, slave_instance_list):
+    """Generate rewrite rules list from slaves list"""
+    rewrite_rule_list = []
+    for slave_instance in slave_instance_list:
+      self.logger.info("Processing slave instance %s..." %
+          slave_instance['slave_reference'])
+      # Check for mandatory fields
+      if slave_instance.get('host', None) is None:
+        self.logger.warn('No "host" parameter is defined for %s slave'\
+            'instance. Ignoring it.' % slave_instance['slave_reference'])
+        continue
+      if slave_instance.get('port', None) is None:
+        self.logger.warn('No "host" parameter is defined for %s slave'\
+            'instance. Ignoring it.' % slave_instance['slave_reference'])
+        continue
+
+      current_slave_dict = dict()
+
+      # Get host, and if IPv6 address, remove "[" and "]"
+      current_slave_dict['host'] = slave_instance['host'].\
+          replace('[', '').replace(']', '')
+      current_slave_dict['port'] = slave_instance['port']
+
+      # Check if target is https or http
+      current_slave_dict['https'] = slave_instance.get('https', 'true')
+      if current_slave_dict['https'] in GenericBaseRecipe.FALSE_VALUES:
+        current_slave_dict['https'] = 'false'
+      # Set reference and resource url
+      # Reference is raw reference from SlapOS Master, resource is
+      # URL-compatible name
+      reference = slave_instance.get('slave_reference')
+      current_slave_dict['reference'] = reference
+      current_slave_dict['resource'] = reference.replace('-', '')
+      rewrite_rule_list.append(current_slave_dict)
+    return rewrite_rule_list
+
+  def _getProxyTableContent(self, rewrite_rule_list):
+    """Generate proxy table file content from rewrite rules list"""
+    proxy_table = dict()
+    for rewrite_rule in rewrite_rule_list:
+      proxy_table[rewrite_rule['resource']] = {
+          'port': rewrite_rule['port'],
+          'host': rewrite_rule['host'],
+          'https': rewrite_rule['https'],
+      }
+
+    proxy_table_content = json.dumps(proxy_table)
+    return proxy_table_content
+
+  def _install(self):
+    # Check for mandatory field
+    if self.options.get('domain', None) is None:
+      raise zc.buildout.UserError('No domain name specified. Please define '
+          'the "domain" instance parameter.')
+    # Generate rewrite rules
+    rewrite_rule_list = self._getRewriteRuleContent(
+      json.loads(self.options['slave-instance-list']))
+    # Create Map
+    map_content = self._getProxyTableContent(rewrite_rule_list)
+    map_file = self.createFile(self.options['map-path'], map_content)
+
+    # Create configuration
+    conf = open(self.getTemplateFilename('kvm-proxy.js'), 'r')
+    conf_file = self.createFile(self.options['conf-path'], conf.read())
+    conf.close()
+
+    # Do we create http dummy server used to redirect to https?
+    if self.options['http-redirection'] in GenericBaseRecipe.TRUE_VALUES:
+      http_redirect_server = '1'
+    else:
+      http_redirect_server = ''
+
+    config = dict(
+      ip=self.options['ip'],
+      port=self.options['port'],
+      key=self.options['ssl-key-path'],
+      certificate=self.options['ssl-cert-path'],
+      name=self.options['domain'],
+      shell_path=self.options['shell-path'],
+      node_path=self.options['node-binary'],
+      node_env=self.options['node-env'],
+      conf_path=conf_file,
+      map_path=map_file,
+      plain_http=http_redirect_server,
+    )
+
+    runner_path = self.createExecutable(
+      self.options['wrapper-path'],
+      self.substituteTemplate(self.getTemplateFilename('nodejs_run.in'),
+                              config))
+
+    # Send connection parameters of slave instances
+    site_url = "https://%s:%s/" % (self.options['domain'], self.options['port'])
+    for slave in rewrite_rule_list:
+      self.setConnectionDict(
+          dict(url="%s%s" % (site_url, slave['resource']),
+               domainname=self.options['domain'],
+               port=self.options['port'],
+               resource=slave['resource']),
+          slave['reference'])
+
+    return [map_file, conf_file, runner_path]

slapos/recipe/kvm_frontend/template/kvm-proxy.js

+/*****************************************************************************
+*
+* Copyright (c) 2012 Vifib SARL and Contributors. All Rights Reserved.
+*
+* WARNING: This program as such is intended to be used by professional
+* programmers who take the whole responsibility of assessing all potential
+* consequences resulting from its eventual inadequacies and bugs
+* End users who are looking for a ready-to-use solution with commercial
+* guarantees and support are strongly adviced to contract a Free Software
+* Service Company
+*
+* This program is Free Software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 3
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*
+*****************************************************************************/
+
+/* Wrapper used to configure the httpproxy node package to proxy
+   http://myhost/myinstance
+   to real IP/URL of myinstance
+*/
+
+var fs = require('fs'),
+    util = require('util'),
+    colors = require('colors'),
+    http = require('http'),
+    httpProxy = require('http-proxy'),
+    proxyByUrl = require('proxy-by-url');
+
+var listenInterface = process.argv[2],
+    port = process.argv[3],
+    sslKeyFile = process.argv[4],
+    sslCertFile = process.argv[5],
+    proxyTable = process.argv[6],
+    redirect = process.argv[7] || false,
+    isRawIPv6;
+
+if (process.argv.length < 7) {
+    console.error("Too few arguments. Exiting.");
+  process.exit(1);
+}
+
+isRawIPv6 = function checkipv6(str) {
+  // Inspired by http://forums.intermapper.com/viewtopic.php?t=452
+  return (/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/.test(str));
+}(listenInterface);
+
+/**
+ * Dummy middleware that throws 404 not found. Does not contain websocket
+ * middleware.
+ */
+var middlewareNotFound = function(req, res, proxy) {
+  res.statusCode = 404;
+  res.setHeader('Content-Type', 'text/plain');
+  res.end('This URL is not known. Please check your URL or contact your ' +
+      'SlapOS administrator.');
+};
+
+/**
+ * Create server
+ */
+var proxyServer = httpProxy.createServer(
+  // We declare our proxyByUrl middleware
+  proxyByUrl(proxyTable),
+  // Then we add your dummy middleware, called when proxyByUrl doesn't find url.
+  middlewareNotFound,
+  // And we set HTTPS options for server. HTTP will be forbidden.
+  {
+    https: {
+      key: fs.readFileSync(
+        sslKeyFile,
+        'utf8'
+      ),
+      cert: fs.readFileSync(
+        sslCertFile,
+        'utf8'
+      )
+    },
+    source: {
+    host: listenInterface,
+    port: port
+  }}
+);
+
+console.log('HTTPS server starting and trying to listen on ' +
+            listenInterface + ':' + port);
+// Release the beast.
+proxyServer.listen(port, listenInterface);
+
+// Dummy HTTP server redirecting to HTTPS. Only has sense if we can use port 80
+if (redirect === '1') {
+  console.log('HTTP redirect server starting and trying to listen on ' +
+              listenInterface + ':' + httpPort);
+  try {
+    var httpPort = 80;
+    http.createServer(function(req, res) {
+      var url;
+      if (isRawIPv6 === true) {
+        url = 'https://[' + listenInterface + ']';
+      } else {
+        url = 'https://' + listenInterface;
+      }
+      // If non standard port : need to specify it
+      if (port !== 443) {
+        url = url + ':' + port;
+      }
+      // Add last part of URL
+      url = url + req.url;
+      console.log(url);
+      // Anwser "permanently redirected"
+      res.statusCode = 301;
+      res.setHeader('Location', url);
+      res.end();
+    }).listen(httpPort, listenInterface);
+  } catch (error) {
+    console.log('Couldn\'t start plain HTTP redirection server : ' + error)
+  }
+}

slapos/recipe/kvm/template/slapmonitor_run.in → slapos/recipe/kvm_frontend/template/nodejs_run.in

-#!/bin/sh
+#!%(shell_path)s
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s
+export NODE_PATH=%(node_env)s
+exec %(node_path)s %(conf_path)s %(ip)s %(port)s %(key)s %(certificate)s %(map_path)s %(plain_http)s

slapos/recipe/lamp/__init__.py

@@ -33,6 +33,8 @@ import sys
 import zc.recipe.egg
 import urlparse
 
+# Warning : this recipe is deprecated and has been replaced by apachephp.
+
 class BaseRecipe(BaseSlapRecipe):
   def getTemplateFilename(self, template_name):
     return pkg_resources.resource_filename(__name__,

slapos/recipe/lamp/template/apache.in

@@ -3,7 +3,6 @@
 
 # Basic server configuration
 PidFile "%(pid_file)s"
-LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 PHPINIDir %(php_ini_dir)s
 ServerAdmin someone@email
@@ -39,6 +38,9 @@ DocumentRoot %(document_root)s
 DirectoryIndex index.html index.php
 
 # List of modules
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule setenvif_module modules/mod_setenvif.so

slapos/recipe/lamp/template/my.cnf.in

@@ -21,7 +21,7 @@ long_query_time = 5
 max_allowed_packet = 128M
 query_cache_size = 32M
 
-plugin-load = ha_groonga.so;ha_sphinx.so
+plugin-load = ha_mroonga.so;ha_sphinx.so
 
 # The following are important to configure and depend a lot on to the size of
 # your database and the available resources.