Merge branch 'upstream_master'

Conflicts:
	software/erp5/software.cfg
Resolved by accepting upstream version.

00.Repository.Rules.txt

+SlapOS repository rules
+=======================
+
+Short version for impatient
+---------------------------
+
+'master' branch is always stable. One shall never work in this branch. One
+shall expect reversion or removal of his commits in 'master' branch, if they
+are not because of merging another branch.
+
+Everyone has to create branch, basing on 'master' or any other branch. All
+work shall be done in such branch. It is advised to review it before merging
+into 'master'. It is very good habit to tag such merges.
+
+A bit more background
+---------------------
+
+SlapOS repository 'master' branch is supposed to be stable. No new work is
+accepted on this branch. Each time someone uses (clones, extends) 'master'
+branch it is supposed to work (as far as it was tested).
+
+Tags on 'master' branch are supposed to be repeatable software definitions
+forever. All versions and external links shall be setup in a way, that they
+wouldn't change in day, month, year, etc.
+
+Everyone can make his own branch to introduce new software to SlapOS. There
+are no rules about those branches, as each software is specific.
+
+It is good idea to ask for review before merging changes into 'master' branch.
+Peer review can detect issues not detected by testing, development or self
+analysis.
+
+After some software is stabilised and no more work is planned it is acceptable
+to remove such abandoned branch in order to minimise amount of branches.

CHANGES.txt

-0.3 (unreleased)
+0.9 (unreleased)
 ================
 
-  * No changes yet.
+ * No changes yet.
+
+0.8 (2011-06-15)
+================
+
+ * Add MySQL and MariaDB standalone software release and recipe [Cedric de Saint Martin]
+ * Fixed slapos.recipe.erp5testnode instantiation [Sebastien Robin]
+
+0.7 (2011-06-14)
+================
+
+ * Fix slapos.recipe.erp5 package by providing site.zcml in it. [Łukasz Nowak]
+ * Improve slapos.recipe.erp5testnode partition instantiation error reporting
+   [Sebastien Robin]
+
+0.6 (2011-06-13)
+================
+
+ * Fixed slapos.recipe.erp5 instantiation. [Łukasz Nowak]
+
+0.5 (2011-06-13)
+================
+
+ * Implement zabbix agent instantiation. [Łukasz Nowak]
+ * Drop dependency on Zope2. [Łukasz Nowak]
+ * Share more in slapos.recipe.librecipe module. [Łukasz Nowak]
+
+0.4 (2011-06-09)
+================
+
+ * Remove reference to slapos.tool.networkcache as it was removed from pypi. [Łukasz Nowak]
+ * Add Kumofs standalone software release and recipe [Cedric de Saint Martin]
+ * Add Memcached standalone software release and recipe [Cedric de Saint Martin]
+
+0.3 (2011-06-09)
+================
+
+ * Moved out template and build to separate distributions [Łukasz Nowak]
+ * Depend on slapos.core instead of depracated slapos.slap [Romain Courteaud]
+ * Fix apache module configuration [Kazuhiko Shiozaki]
+ * Allow to control full environment in erp5 module [Łukasz Nowak]
 
 0.2 (2011-05-30)
 ================

MANIFEST.in

 include CHANGES.txt
+include slapos/recipe/erp5/template/site.zcml
 recursive-include slapos/recipe *.in
 recursive-include slapos/recipe README.*.txt

component/apache/buildout.cfg

@@ -67,7 +67,7 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
   CPPFLAGS =-I${libuuid:location}/include
-  LDFLAGS =-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -Wl,-rpath -Wl,${libexpat:location}/lib -Wl,-rpath -Wl,${pcre:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib
+  LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${gdbm:location}/lib
 
 [apache-antiloris]
 # Note: Shall react on each build of apache and reinstall itself

component/bison/buildout.cfg

@@ -6,7 +6,7 @@ parts =
 
 [bison]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/bison/bison-2.4.3.tar.gz
-md5sum = ea45c778b36bdc7a720096819e292a73
+url = http://ftp.gnu.org/gnu/bison/bison-2.5.tar.bz2
+md5sum = 9dba20116b13fc61a0846b0058fbe004
 environment =
   M4=${m4:location}/bin/m4

component/cloudooo-development/buildout.cfg

-[buildout]
-
-extends =
-  ../cloudooo/buildout.cfg
-
-extensions = mr.developer
-sources = sources
-auto-checkout = ${buildout:cloudooo-packages}
-
-[sources]
-cloudooo = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo
-cloudooo.handler.pdf = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.pdf/
-cloudooo.handler.ffmpeg = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.ffmpeg/
-cloudooo.handler.imagemagick = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.imagemagick/
-cloudooo.handler.ooo = svn https://svn.erp5.org/repos/public/erp5/trunk/utils/cloudooo.handler.ooo/

component/coreutils/buildout.cfg

@@ -4,8 +4,8 @@ parts =
 
 [coreutils]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.9.tar.gz
-md5sum = 36909ae68840d73a800120cf74af794a
+url = http://ftp.gnu.org/gnu/coreutils/coreutils-8.12.tar.gz
+md5sum = fce7999953a67243d00d75cc86dbcaa6
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --enable-install-program=tr,basename,uname,cat,cp,ls
 environment =

component/curl/buildout.cfg

@@ -37,4 +37,4 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
-  LDFLAGS=-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib
+  LDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib

component/cyrus-sasl/buildout.cfg

@@ -38,4 +38,4 @@ make-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/fastjar/buildout.cfg

@@ -9,4 +9,4 @@ url = http://sourceforge.net/projects/fastjar/files/fastjar/0.94/fastjar-0.94.ta
 md5sum = 14d4bdfac236e347d806c6743dba48c6
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/ffmpeg/buildout.cfg

@@ -95,8 +95,8 @@ configure-options =
  --enable-shared
  --enable-zlib
  --disable-static
- --extra-ldflags="-Wl,-rpath -Wl,${buildout:parts-directory}/${:_buildout_section_name_}/lib"
+ --extra-ldflags="-Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
 environment = 
   CPPFLAGS=-I${bzip2:location}/include -I${libogg:location}/include -I${libvorbis:location}/include -I${libtheora:location}/include -I${libvpx:location}/include -I${libx264:location}/include -I${lame:location}/include -I${opencore-amr:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libogg:location}/lib -Wl,-rpath -Wl,${libogg:location}/lib -L${libvorbis:location}/lib -Wl,-rpath -Wl,${libvorbis:location}/lib -L${libtheora:location}/lib -Wl,-rpath -Wl,${libtheora:location}/lib -L${libvpx:location}/lib -Wl,-rpath -Wl,${libvpx:location}/lib -L${libx264:location}/lib -Wl,-rpath -Wl,${libx264:location}/lib -L${lame:location}/lib -Wl,-rpath -Wl,${lame:location}/lib -L${opencore-amr:location}/lib -Wl,-rpath -Wl,${opencore-amr:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${libogg:location}/lib -Wl,-rpath=${libogg:location}/lib -L${libvorbis:location}/lib -Wl,-rpath=${libvorbis:location}/lib -L${libtheora:location}/lib -Wl,-rpath=${libtheora:location}/lib -L${libvpx:location}/lib -Wl,-rpath=${libvpx:location}/lib -L${libx264:location}/lib -Wl,-rpath=${libx264:location}/lib -L${lame:location}/lib -Wl,-rpath=${lame:location}/lib -L${opencore-amr:location}/lib -Wl,-rpath=${opencore-amr:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
   PATH=${yasm:location}/bin:%(PATH)s

component/file/buildout.cfg

@@ -12,4 +12,4 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/flare/buildout.cfg

@@ -14,5 +14,5 @@ configure-options =
   --with-tokyocabinet=${tokyocabinet:location}
   --with-boost=${boost-lib:location}
 environment =
-  LDFLAGS =-Wl,-rpath -Wl,${tokyocabinet:location}/lib -Wl,-rpath -Wl,${boost-lib:location}/lib
+  LDFLAGS =-Wl,-rpath=${tokyocabinet:location}/lib -Wl,-rpath=${boost-lib:location}/lib
 

component/fontconfig/buildout.cfg

@@ -23,4 +23,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/freetype/buildout.cfg

@@ -16,4 +16,4 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/gcc/buildout.cfg

@@ -28,7 +28,7 @@ configure-options =
   --with-gmp=${gmp:location}
 environment =
   CPPFLAGS =-I${gmp:location}/include
-  LDFLAGS =-L${gmp:location}/lib -Wl,-rpath -Wl,${gmp:location}/lib
+  LDFLAGS =-L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib
 
 [mpc]
 recipe = hexagonit.recipe.cmmi
@@ -39,7 +39,7 @@ configure-options =
   --with-mpfr=${mpfr:location}
 environment =
   CPPFLAGS =-I${mpfr:location}/include -I${gmp:location}/include
-  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath -Wl,${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath -Wl,${gmp:location}/lib
+  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath=${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib
 
 [ecj]
 recipe = hexagonit.recipe.download
@@ -90,7 +90,7 @@ configure-options =
 
 environment =
   CPPFLAGS =-I${mpfr:location}/include -I${gmp:location}/include -I${mpc:location}/include
-  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath -Wl,${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath -Wl,${gmp:location}/lib -Wl,-rpath -Wl,${mpc:location}/lib
+  LDFLAGS =-L${mpfr:location}/lib -Wl,-rpath=${mpfr:location}/lib -L${gmp:location}/lib -Wl,-rpath=${gmp:location}/lib -Wl,-rpath=${mpc:location}/lib
   PATH=${zip:location}/bin:%(PATH)s
 # make install does not work when several core are used
 make-targets = install -j1

component/gettext/buildout.cfg

@@ -23,4 +23,4 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${libxml2:location}/include -I${zlib:location}/include -I${ncurses:location}/include
-  LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath -Wl,${libxml2:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib
+  LDFLAGS=-L${libxml2:location}/lib -Wl,-rpath=${libxml2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib

component/ghostscript/buildout.cfg

@@ -28,7 +28,7 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig
   CPPFLAGS=-I${libtiff:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath -Wl,${libtiff:location}/lib
+  LDFLAGS=-Wl,-rpath=${fontconfig:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib
   LD_LIBRARY_PATH=${fontconfig:location}/lib
 
 [ghostscript]

component/git/buildout.cfg

@@ -27,4 +27,4 @@ configure-options =
 environment =
   PATH=${curl:location}/bin:%(PATH)s
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib

component/glib/buildout.cfg

@@ -5,8 +5,8 @@ extends =
 
 [glib]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/sources/glib/2.28/glib-2.28.6.tar.bz2
-md5sum = 7d8fc15ae70d5111c0cf2a79d50ef717
+url = http://ftp.gnome.org/pub/gnome/sources/glib/2.28/glib-2.28.7.tar.bz2
+md5sum = feda1650c8646ad39c7b01d95b03766b
 configure-options =
   --disable-static
   --disable-selinux
@@ -15,5 +15,5 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
   PATH=${gettext:location}/bin:%(PATH)s

component/graphviz/buildout.cfg

@@ -53,4 +53,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/grep/buildout.cfg

@@ -10,4 +10,4 @@ url = http://ftp.gnu.org/gnu/grep/grep-2.8.tar.gz
 md5sum = cb2dfc502c5afc7a4a6e5f6cefd6850e
 environment =
   PKG_CONFIG_PATH=${pcre:location}/lib/pkgconfig
-  LDFLAGS =-Wl,--as-needed -Wl,-rpath -Wl,${pcre:location}/lib
+  LDFLAGS =-Wl,--as-needed -Wl,-rpath=${pcre:location}/lib

component/imagemagick/buildout.cfg

@@ -71,4 +71,4 @@ environment =
   PATH=${freetype:location}/bin:${ghostscript:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig
   CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtiff:location}/include -I${libpng:location}/include -I${jasper:location}/include -I${freetype:location}/include
-  LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -L${zlib:location}/lib -Wl,${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath -Wl,${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath -Wl,${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath -Wl,${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath -Wl,${freetype:location}/lib
+  LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath=${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath=${freetype:location}/lib

component/jasper/buildout.cfg

@@ -13,4 +13,4 @@ configure-command =
   /bin/sh ./configure --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --disable-static --enable-shared --disable-opengl
 environment =
   CPPFLAGS=-I${libjpeg:location}/include
-  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib
+  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib

component/kumo/buildout.cfg

@@ -35,4 +35,4 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${openssl:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath -Wl,${tokyocabinet:location}/lib -Wl,-rpath -Wl,${messagepack:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${openssl:location}/lib -Wl,-rpath=${tokyocabinet:location}/lib -Wl,-rpath=${messagepack:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib

component/libpng/buildout.cfg

@@ -12,7 +12,7 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS =-I${zlib:location}/include
-  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
 
 [libpng12]
 <= libpng-common
@@ -21,5 +21,5 @@ md5sum = e3ac7879d62ad166a6f0c7441390d12b
 
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.5.1.tar.bz2
-md5sum = 8fdcb7c0e78d54ff0362a800cbe3bc31
+url = http://download.sourceforge.net/libpng/libpng-1.5.2.tar.bz2
+md5sum = a003b37ed9afb0d9164eb7228421057c

component/librsync/buildout.cfg

@@ -15,4 +15,4 @@ configure-options =
   --enable-shared
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${bzip2:location}/include -I${popt:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${popt:location}/lib -Wl,-rpath -Wl,${popt:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib

component/libtiff/buildout.cfg

@@ -16,4 +16,4 @@ configure-options =
   --without-x
 environment =
   CPPFLAGS=-I${libjpeg:location}/include -I${jbigkit:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath -Wl,${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/libxml2/buildout.cfg

@@ -15,4 +15,4 @@ configure-options =
   --without-python
   --with-zlib=${zlib:location}
 environment =
-    LDFLAGS = -Wl,-rpath -Wl,${zlib:location}/lib
+    LDFLAGS = -Wl,-rpath=${zlib:location}/lib

component/libxslt/buildout.cfg

@@ -19,5 +19,5 @@ configure-options =
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-Wl,-rpath=${zlib:location}/lib
   PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig

component/logrotate/buildout.cfg

@@ -10,4 +10,4 @@ md5sum = eeba9dbca62a9210236f4b83195e4ea5
 configure-command = true
 make-options = PREFIX=${buildout:parts-directory}/${:_buildout_section_name_} 
 environment =
-  POPT_DIR=${popt:location}/include -L${popt:location}/lib -Wl,-rpath -Wl,${popt:location}/lib
+  POPT_DIR=${popt:location}/include -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib

component/m4/buildout.cfg

@@ -4,5 +4,5 @@ parts =
 
 [m4]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/m4/m4-1.4.15.tar.gz
-md5sum = 5649a2e593b6c639deae9e72ede777dd
+url = http://ftp.gnu.org/gnu/m4/m4-1.4.16.tar.bz2
+md5sum = 8a7cef47fecab6272eb86a6be6363b2f

component/mariadb/buildout.cfg

@@ -35,4 +35,4 @@ configure-options =
 
 environment =
   CPPFLAGS =-I${ncurses:location}/include -I${readline:location}/include
-  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib

component/memcached/buildout.cfg

@@ -49,5 +49,5 @@ patches =
   ${memcached-gcc4.6.patch:location}/${memcached-gcc4.6.patch:filename}
 patch-options = -p1
 environment =
-    LDFLAGS =-Wl,-rpath ${libevent:location}/lib
+    LDFLAGS =-Wl,-rpath=${libevent:location}/lib
 

component/mysql-5.1/buildout.cfg

@@ -21,9 +21,9 @@ download-only = true
 
 [mysql-5.1]
 recipe = hexagonit.recipe.cmmi
-version = 5.1.54
+version = 5.1.57
 url = http://mysql.he.net/Downloads/MySQL-5.1/mysql-${:version}.tar.gz
-md5sum = 2a0f45a2f8b5a043b95ce7575796a30b
+md5sum = 8d6998ef0f2e2d1dac2a761348c71c21
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 # configure: how to avoid searching for my.cnf?
@@ -60,4 +60,4 @@ patches =
 environment =
   PATH =${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${bison:location}/bin:${flex:location}/bin:%(PATH)s
   CPPFLAGS =-I${ncurses:location}/include -I${readline:location}/include
-  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+  LDFLAGS =-L${readline:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib

component/mysql-tritonn-5.0/buildout.cfg

@@ -90,4 +90,4 @@ patches =
 environment =
     PATH=${senna:location}/bin:${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${bison:location}/bin:${flex:location}/bin:%(PATH)s
     CPPFLAGS=-I${senna:location}/include/senna -I${ncurses:location}/include -I${readline:location}/include
-    LDFLAGS=-L${senna:location}/lib -L${readline:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+    LDFLAGS=-L${senna:location}/lib -L${readline:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${readline:location}/lib

component/neon/buildout.cfg

@@ -25,4 +25,4 @@ environment =
   PATH=${libxml2:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig:${libxml2:location}/lib/pkgconfig
   CPPFLAGS=-I${openssl:location}/include -I${zlib:location}/include
-  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${libxml2:location}/lib
+  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${libxml2:location}/lib

component/openldap/buildout.cfg

@@ -23,4 +23,4 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
-  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath -Wl,${cyrus-sasl:location}/lib
+  LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib

component/openssl/buildout.cfg

@@ -27,5 +27,5 @@ configure-options =
 # it seems that parallel build sometimes fails for openssl.
 make-options =
   -j1
-  LDFLAGS="-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${buildout:parts-directory}/${:_buildout_section_name_}/lib"
-  SHARED_LDFLAGS="-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${buildout:parts-directory}/${:_buildout_section_name_}/lib"
+  LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"
+  SHARED_LDFLAGS="-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib"

component/pdftk/buildout.cfg

@@ -40,5 +40,5 @@ make-options =
 pre-make-hook = ${pdftk-hooks-download:location}/${pdftk-hooks-download:filename}:pre_make_hook
 environment =
   PATH=${gcc-java:location}/bin:${fastjar:location}/bin:%(PATH)s
-  LDFLAGS=-L${gcc-java:location}/lib -Wl,-rpath -Wl,${gcc-java:location}/lib -L${gcc-java:location}/lib64 -Wl,-rpath -Wl,${gcc-java:location}/lib64
+  LDFLAGS=-L${gcc-java:location}/lib -Wl,-rpath=${gcc-java:location}/lib -L${gcc-java:location}/lib64 -Wl,-rpath=${gcc-java:location}/lib64
   LD_LIBRARY_PATH=${gcc-java:location}/lib:${gcc-java:location}/lib64

component/perl-SGML-Parser-OpenSP/buildout.cfg

@@ -17,4 +17,4 @@ configure-command =
   ${perl:location}/bin/perl Makefile.PL
 make-options =
   INC=-I${opensp:location}/include
-  OTHERLDFLAGS="-L${opensp:location}/lib -Wl,-rpath -Wl,${opensp:location}/lib"
+  OTHERLDFLAGS="-L${opensp:location}/lib -Wl,-rpath=${opensp:location}/lib"

component/perl-XML-LibXML/buildout.cfg

@@ -23,7 +23,7 @@ configure-command =
 # Parallel make does not work for this package on fast machines
 # with many cores
 make-options =
-  OTHERLDFLAGS=" -Wl,-rpath -Wl,${libxml2:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib" -j1
+  OTHERLDFLAGS=" -Wl,-rpath=${libxml2:location}/lib -Wl,-rpath=${zlib:location}/lib" -j1
 environment =
   LD_LIBRARY_PATH=${libxml2:location}/lib:${zlib:location}/lib
   PERLLIB=blib/lib

component/perl/buildout.cfg

@@ -25,7 +25,7 @@ configure-command =
     -Dprefix=${buildout:parts-directory}/${:_buildout_section_name_} \
     -Dsiteprefix=${buildout:parts-directory}/site_${:_buildout_section_name_} \
     -Dcflags=-I${gdbm:location}/include \
-    -Dldflags="-L${gdbm:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib" \
+    -Dldflags="-L${gdbm:location}/lib -Wl,-rpath=${gdbm:location}/lib" \
     -Ui_db \
     -Dnoextensions=ODBM_File
 environment =

component/pkgconfig/buildout.cfg

@@ -26,4 +26,4 @@ environment =
   PATH=${:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig
   CPPFLAGS=-I${glib:location}/include -I${popt:location}/include
-  LDFLAGS=-L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath -Wl,${glib:location}/lib -L${popt:location}/lib -Wl,-rpath -Wl,${popt:location}/lib
+  LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${popt:location}/lib -Wl,-rpath=${popt:location}/lib

component/poppler/buildout.cfg

+[buildout]
+parts = poppler
+extends =
+  ../fontconfig/buildout.cfg
+  ../freetype/buildout.cfg
+  ../jbigkit/buildout.cfg
+  ../libjpeg/buildout.cfg
+  ../libpng/buildout.cfg
+  ../libtiff/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../zlib/buildout.cfg
+
+[poppler]
+<= poppler-0.17.1
+
+[poppler-0.17.1]
+recipe = hexagonit.recipe.cmmi
+md5sum = 8d7276d1943078c76aabe9f2ec52d50b
+url = http://poppler.freedesktop.org/poppler-0.17.1.tar.gz
+configure-options =
+  --disable-cairo-output
+  --disable-cms
+  --disable-curl
+  --disable-gtk-doc-html
+  --disable-gtk-test
+  --disable-poppler-cpp
+  --disable-poppler-glib
+  --disable-poppler-qt4
+  --disable-splash-output
+  --enable-zlib
+environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${fontconfig:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig
+  CPPFLAGS=-I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${zlib:location}/include
+  LDFLAGS=-L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/postfix/buildout.cfg

@@ -15,5 +15,5 @@ url = ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.8.3.tar
 md5sum = b3922ededd3fd6051f759e58a4ada3ae
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 configure-command = make
-configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${pcre:location}/lib -Wl,-rpath -Wl,${libdb:location}/lib'
+configure-options = makefiles CCARGS='-DUSE_TLS -DHAS_PCRE -DHAS_DB -I${libdb:location}/include -I${pcre:location}/include -I${openssl:location}/include' AUXLIBS='-L${openssl:location}/lib -L${pcre:location}/lib -L${libdb:location}/lib -lssl -lpcre -ldb -lcrypto -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${libdb:location}/lib'
 make-targets = non-interactive-package install_root=${:location}

component/python-2.4/buildout.cfg

@@ -59,7 +59,7 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
 
 [pythonbin2.4]
 # XXX/Note: This is hackish way to have fully featured python interpreter

component/python-2.6/buildout.cfg

+
 [buildout]
 # XXX: Extends shall not jump out of software
 extends =
@@ -27,12 +28,12 @@ recipe = hexagonit.recipe.cmmi
 # other settings in this part if we don't set it explicitly here.
 prefix = ${buildout:parts-directory}/${:_buildout_section_name_}
 version = 2.6
-package_version = ${:version}.6
+package_version = ${:version}.7
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tgz
-md5sum = b2f209df270a33315e62c1ffac1937f0
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}.tar.bz2
+md5sum = d40ef58ed88438a870bbeb0ac5d4217b
 patch-options = -p1
 patches =
   ${python-2.6.6-no_system_inc_dirs.patch:location}/${python-2.6.6-no_system_inc_dirs.patch:filename}
@@ -42,7 +43,7 @@ configure-options =
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib
 
 [bootstrap2.6]
 recipe = zc.recipe.egg

component/python-2.7/buildout.cfg

@@ -13,18 +13,18 @@ parts =
     python2.7
 
 [python2.7]
-<= python2.7.1
+<= python2.7.2
 
-[python2.7.0]
+[python2.7.1]
 <= python2.7common
-package_version = 2.7
-md5sum = 35f56b092ecf39a6bd59d64f142aae0f
+package_version = 2.7.1
+md5sum = aa27bc25725137ba155910bd8e5ddc4f
 package_version_suffix =
 
-[python2.7.1]
+[python2.7.2]
 <= python2.7common
-package_version = 2.7.1
-md5sum = 15ed56733655e3fab785e49a7278d2fb
+package_version = 2.7.2
+md5sum = ba7b2f11ffdbf195ee0d111b9455a5bd
 package_version_suffix =
 
 [bootstrap2.7]
@@ -45,11 +45,11 @@ version = 2.7
 executable = ${:prefix}/bin/python${:version}
 
 url =
-  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tgz
+  http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.bz2
 configure-options =
   --enable-unicode=ucs4
   --with-threads
 
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include/ -I${ncurses:location}/include/ncursesw/ -I${bzip2:location}/include  -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
-  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${gdbm:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath -Wl,${gettext:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib

component/readline/buildout.cfg

@@ -12,4 +12,4 @@ configure-options =
   --disable-static
   --with-ncurses=${ncurses:location}
 environment =
-    LDFLAGS =-Wl,-rpath ${ncurses:location}/lib
+    LDFLAGS =-Wl,-rpath=${ncurses:location}/lib

component/serf/buildout.cfg

@@ -17,4 +17,4 @@ configure-options =
   --with-openssl=${openssl:location}
 environment =
   CFLAGS=-I${zlib:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib

component/slapos/buildout.cfg

 [buildout]
 extends =
   ../lxml-python/buildout.cfg
+  ../python-2.7/buildout.cfg
 
 parts =
   slapos
@@ -10,8 +11,12 @@ find-links =
 
 versions = versions
 
+[lxml-python]
+python = python2.7
+
 [slapos]
 recipe = z3c.recipe.scripts
+python = python2.7
 eggs =
   ${lxml-python:egg}
   slapos.core
@@ -24,13 +29,13 @@ hexagonit.recipe.cmmi = 1.5.0
 lxml = 2.3
 meld3 = 0.6.7
 setuptools = 0.6c12dev-r88795
-slapos.core = 0.1
+slapos.core = 0.2
 xml-marshaller = 0.9.7
 z3c.recipe.scripts = 1.0.1
 zc.recipe.egg = 1.3.2
 
 # Required by:
-# slapos.core==0.1
+# slapos.core==0.2
 Flask = 0.6.1
 
 # Required by:
@@ -38,17 +43,18 @@ Flask = 0.6.1
 hexagonit.recipe.download = 1.5.0
 
 # Required by:
-# slapos.core==0.1
+# slapos.core==0.2
 netaddr = 0.7.5
 
 # Required by:
-# slapos.core==0.1
+# slapos.core==0.2
 netifaces = 0.5
 
 # Required by:
-# slapos.core==0.1
+# slapos.core==0.2
 supervisor = 3.0a10
 
 # Required by:
-# slapos.core==0.1
+# slapos.core==0.2
 zope.interface = 3.6.3
+

component/sphinx/buildout.cfg

@@ -38,4 +38,4 @@ patches =
   ${sphinx-1.10-beta-snowball.patch:location}/${sphinx-1.10-beta-snowball.patch:filename}
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${libexpat:location}/include
-  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath ${mariadb:location}/lib/mysql -L${libexpat:location}/lib -Wl,-rpath ${libexpat:location}/lib
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${mariadb:location}/lib/mysql -L${libexpat:location}/lib -Wl,-rpath=${libexpat:location}/lib

component/sqlite3/buildout.cfg

@@ -5,11 +5,11 @@ parts =
 
 [sqlite3]
 recipe = hexagonit.recipe.cmmi
-url = http://www.sqlite.org/sqlite-autoconf-3070602.tar.gz
-md5sum = f16c08617968b4087b3d591fd575f59f
+url = http://www.sqlite.org/sqlite-autoconf-3070603.tar.gz
+md5sum = 7eb41eea5ffa5cbe359a48629084c425
 configure-options =
   --disable-static
   --enable-readline
 environment =
   CPPFLAGS=-I${readline:location}/include -I${ncurses:location}/include
-  LDFLAGS=-L${buildout:parts-directory}/${:_buildout_section_name_} -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib
+  LDFLAGS=-L${buildout:parts-directory}/${:_buildout_section_name_} -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${readline:location}/lib -L${ncurses:location}/lib

component/stunnel/buildout.cfg

@@ -26,4 +26,4 @@ configure-options =
   --with-ssl=${openssl:location}
 environment =
   CPPFLAGS=-I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath -Wl,${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/subversion/buildout.cfg

@@ -24,8 +24,8 @@ md5sum = 8d911ec2422dc4c08a00693ac915a07a
 
 [subversion]
 recipe = hexagonit.recipe.cmmi
-url = http://subversion.tigris.org/downloads/subversion-1.6.16.tar.bz2
-md5sum = 32f25a6724559fe8691d1f57a63f636e
+url = http://subversion.tigris.org/downloads/subversion-1.6.17.tar.bz2
+md5sum = 81e5dc5beee4b3fc025ac70c0b6caa14
 patches =
   ${subversion-1.6.0-disable_linking_against_unneeded_libraries:location}/${subversion-1.6.0-disable_linking_against_unneeded_libraries:filename}
 configure-options =
@@ -58,4 +58,4 @@ environment =
   PATH=${pkgconfig:location}/bin:${neon:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${apache:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${neon:location}/lib/pkgconfig
   CPPFLAGS=-I${libexpat:location}/include -I${libuuid:location}/include
-  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib -Wl,-rpath -Wl,${neon:location}/lib -Wl,-rpath -Wl,${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
+  LDFLAGS=-L${libexpat:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${neon:location}/lib -Wl,-rpath=${apache:location}/lib -L${libuuid:location}/lib -Wl,-rpath=${libuuid:location}/lib

component/tesseract/buildout.cfg

@@ -28,7 +28,7 @@ configure-options =
   --datarootdir=${tesseract-share:location}
 environment =
   CPPFLAGS=-I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtiff:location}/include -I${libpng:location}/include
-  LDFLAGS =-Wl,-rpath -L${zlib:location}/lib -Wl,${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath -Wl,${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath -Wl,${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath -Wl,${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib
+  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib
 
 [tesseract-eng-traineddata]
 recipe = hexagonit.recipe.download

component/tokyocabinet/buildout.cfg

@@ -14,4 +14,4 @@ configure-options =
   --with-bzip=${bzip2:location}
 
 environment =
-  LDFLAGS =-Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib
+  LDFLAGS =-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib

component/varnish/buildout.cfg

@@ -22,7 +22,7 @@ configure-options =
   --disable-static
 environment =
   CPPFLAGS=-I${ncurses:location}/include
-  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib
+  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib
 
 [varnish-2.1]
 recipe = hexagonit.recipe.cmmi
@@ -34,4 +34,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${pcre:location}/lib/pkgconfig
   CPPFLAGS=-I${ncurses:location}/include
-  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib
+  LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib

component/w3m/buildout.cfg

@@ -31,4 +31,4 @@ environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig
   CPPFLAGS=-I${ncurses:location}/include/ -I${zlib:location}/include/
-  LDFLAGS=-Wl,--as-needed -L${garbage-collector:location}/lib -Wl,-rpath -Wl,${garbage-collector:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -L${openssl:location}/lib -Wl,-rpath -Wl,${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib
+  LDFLAGS=-Wl,--as-needed -L${garbage-collector:location}/lib -Wl,-rpath=${garbage-collector:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib

component/xtrabackup/allow_force_ibbackup.patch

+commit c052380cf84e33b32268af97a7c1539c8a6771e5
+Author: Łukasz Nowak <luke@nexedi.com>
+Date:   Mon Jun 6 13:29:32 2011 +0200
+
+    Really use option_ibbackup_binary.
+
+diff --git a/innobackupex b/innobackupex
+index 67d0d44..ed06294 100755
+--- a/innobackupex
++++ b/innobackupex
+@@ -214,6 +214,7 @@ check_args();
+ print_version();
+ 
+ # initialize global variables and perform some checks
++if ( $option_ibbackup_binary eq "autodetect" ){
+ if ($option_copy_back) {
+     $option_ibbackup_binary = 'xtrabackup_51';
+ } elsif ($option_apply_log) {
+@@ -250,6 +251,7 @@ if ($option_copy_back) {
+ } else {
+     $option_ibbackup_binary = set_xtrabackup_version();
+ }
++}
+ init();
+ 
+ my $ibbackup_exit_code = 0;

component/xtrabackup/buildout.cfg

 # xtrabackup: hot backup utility for MySQL
 # http://www.percona.com/
-
+# Depends on SlapOS patched buildout for _profile_base_location_ functionality
 [buildout]
 extends =
   ../autoconf/buildout.cfg
@@ -15,6 +15,11 @@ extends =
 parts =
   xtrabackup
 
+find-links =
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
 [xtrabackup-build-patch-download]
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
@@ -22,18 +27,31 @@ md5sum = e018df8bb3ed672891388556b8e91e35
 download-only = true
 filename = xtrabackup_build.patch
 
+[allow_force_ibbackup.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+md5sum = d642ea7b30d1322a516fbece4ee100e0
+download-only = true
+filename = ${:_buildout_section_name_}
+
 [xtrabackup]
 recipe = hexagonit.recipe.cmmi
 url = http://www.percona.com/redir/downloads/XtraBackup/XtraBackup-1.6/source/xtrabackup-1.6.tar.gz
 md5sum = 7c263723312cba36539df4cd7a119744
 make-binary = true
-patches = ${xtrabackup-build-patch-download:location}/${xtrabackup-build-patch-download:filename}
+patches =
+  ${xtrabackup-build-patch-download:location}/${xtrabackup-build-patch-download:filename}
+  ${allow_force_ibbackup.patch:location}/${allow_force_ibbackup.patch:filename}
 patch-options = -p1
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 configure-command = utils/build.sh innodb51_builtin ${:location} ${libtool:location}
 environment =
   CPPFLAGS =-I${zlib:location}/include -I${ncurses:location}/include -I${readline:location}/include
-  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -L${readline:location}/lib -Wl,-rpath -Wl,${readline:location}/lib
+  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${readline:location}/lib -Wl,-rpath=${readline:location}/lib
   PATH=${autoconf:location}/bin:${automake-1.11:location}/bin:${libtool:location}/bin:${flex:location}/bin:%(PATH)s:${bison:location}/bin
 make-options =
   -j1
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

component/zabbix/buildout.cfg

@@ -4,8 +4,8 @@ parts =
 
 [zabbix-agent]
 recipe = hexagonit.recipe.cmmi
-url = http://prdownloads.sourceforge.net/zabbix/zabbix-1.8.4.tar.gz?download
-md5sum = 969ce09317c98b205bc96157e16f5c8c
+url = http://prdownloads.sourceforge.net/zabbix/zabbix-1.8.5.tar.gz?download
+md5sum = 58b9253fb0eace1e20b2fe5c1fce32a3
 configure-options =
   --enable-agent
   --enable-ipv6

setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '0.3-dev'
+version = '0.9-dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"
@@ -27,7 +27,6 @@ setup(name=name,
       include_package_data=True,
       install_requires=[
         'PyXML', # for full blown python interpreter
-        'Zope2', # some recipes like to play with zope
         'lxml', # for full blown python interpreter
         'netaddr', # to manipulate on IP addresses
         'setuptools', # namespaces
@@ -46,9 +45,12 @@ setup(name=name,
           'erp5testnode = slapos.recipe.erp5testnode:Recipe',
           'helloworld = slapos.recipe.helloworld:Recipe',
           'java = slapos.recipe.java:Recipe',
+          'kumofs = slapos.recipe.kumofs:Recipe',
           'kvm = slapos.recipe.kvm:Recipe',
           'libcloud = slapos.recipe.libcloud:Recipe',
           'libcloudrequest = slapos.recipe.libcloudrequest:Recipe',
+          'memcached = slapos.recipe.memcached:Recipe',
+          'mysql = slapos.recipe.mysql:Recipe',
           'nbdserver = slapos.recipe.nbdserver:Recipe',
           'nosqltestbed = slapos.recipe.nosqltestbed:NoSQLTestBed',
           'proactive = slapos.recipe.proactive:Recipe',
@@ -58,5 +60,6 @@ setup(name=name,
           'testnode = slapos.recipe.testnode:Recipe',
           'vifib = slapos.recipe.vifib:Recipe',
           'xwiki = slapos.recipe.xwiki:Recipe',
+          'zabbixagent = slapos.recipe.zabbixagent:Recipe',
       ]},
     )

slapos/recipe/README.cloudooo.txt

+cloudooo
+=========
+
+Instantiates CloudOOo instance.

slapos/recipe/README.kumofs.txt

+kumofs
+=========
+
+Instantiates KumoFS instance.

slapos/recipe/README.memcached.txt

+memcached
+=========
+
+Instantiates Memcached instance.

slapos/recipe/README.mysql.txt

+mysql
+=========
+
+Instantiates MySQL instance.

slapos/recipe/README.zabbixagent.txt

+zabbixagent
+===========

slapos/recipe/cloudooo/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.lib.recipe.BaseSlapRecipe import BaseSlapRecipe
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import zc.recipe.egg
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set([__name__])
+    # Use killpidfromfile from ERP5.
+    self.killpidfromfile = zc.buildout.easy_install.scripts(
+        [('killpidfromfile', __name__ + 'slapos.recipe.erp5.killpidfromfile',
+          'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
+    self.path_list.append(self.killpidfromfile)
+    conversion_server_conf = self.installConversionServer(
+        self.getLocalIPv4Address(), 23000, 23060)
+
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      site_url="http://%s:%s/" % (self.getLocalIPv4Address(), 23000),
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+
+  def installConversionServer(self, ip, port, openoffice_port):
+    name = 'conversion_server'
+    working_directory = self.createDataDirectory(name)
+    conversion_server_dict = dict(
+      working_path=working_directory,
+      uno_path=self.options['ooo_uno_path'],
+      office_binary_path=self.options['ooo_binary_path'],
+      ip=ip,
+      port=port,
+      openoffice_port=openoffice_port,
+    )
+    for env_line in self.options['environment'].splitlines():
+      env_line = env_line.strip()
+      if not env_line:
+        continue
+      if '=' in env_line:
+        env_key, env_value = env_line.split('=')
+        conversion_server_dict[env_key.strip()] = env_value.strip()
+      else:
+        raise zc.buildout.UserError('Line %r in environment parameter is '
+            'incorrect' % env_line)
+    config_file = self.createConfigurationFile(name + '.cfg',
+        self.substituteTemplate(self.getTemplateFilename('cloudooo.cfg.in'),
+          conversion_server_dict))
+    self.path_list.append(config_file)
+    # Use execute from erp5.
+    self.path_list.extend(zc.buildout.easy_install.scripts([(name,
+      __name__ + 'slapos.recipe.librecipe.execute',
+      'execute_with_signal_translation')], self.ws,
+      sys.executable, self.wrapper_directory,
+      arguments=[self.options['ooo_paster'].strip(), 'serve', config_file]))
+    return {
+      name + '_port': conversion_server_dict['port'],
+      name + '_ip': conversion_server_dict['ip']
+      }

slapos/recipe/cloudooo/template/cloudooo.cfg.in

+[app:main]
+use = egg:cloudooo
+#
+## System config
+#
+debug_mode = True
+# Folder where pid files, lock files and virtual frame buffer mappings
+# are stored. In this folder is necessary create a folder tmp, because this
+# folder is used to create all temporary documents.
+working_path = %(working_path)s
+# Folder where UNO library is installed
+uno_path = %(uno_path)s
+# Folder where soffice.bin is installed
+office_binary_path = %(office_binary_path)s
+#
+## Monitor Settings
+#
+# Limit to use the Openoffice Instance. if pass of the limit, the instance is
+# stopped and another is started.
+limit_number_request = 100
+# Interval to check the factory
+monitor_interval = 10
+timeout_response = 180
+enable_memory_monitor = True
+# Set the limit in MB
+# e.g 1000 = 1 GB, 100 = 100 MB
+limit_memory_used = 3000
+#
+## OOFactory Settings
+#
+# The pool consist of several OpenOffice.org instances
+application_hostname = %(ip)s
+# OpenOffice Port
+openoffice_port = %(openoffice_port)s
+# LD_LIBRARY_PATH passed to OpenOffice
+env-LD_LIBRARY_PATH = %(LD_LIBRARY_PATH)s
+
+#
+# Mimetype Registry
+# It is used to select the handler that will be used in conversion.
+# Priority matters, first match take precedence on next lines.
+mimetype_registry =
+  application/pdf * ooo
+  video/* * ffmpeg
+  audio/* * ffmpeg
+  application/x-shockwave-flash * ffmpeg
+  application/ogg * ffmpeg
+  application/ogv * ffmpeg
+  image/* * ooo
+  text/* * ooo
+  application/zip * ooo
+  application/msword * ooo
+  application/vnd* * ooo
+  application/x-vnd* * ooo
+  application/postscript * ooo
+  application/wmf * ooo
+  application/csv * ooo
+  application/x-openoffice-gdimetafile * ooo
+  application/x-emf * ooo
+  application/emf * ooo
+  application/octet* * ooo
+  * application/vnd.oasis.opendocument* ooo
+
+[server:main]
+use = egg:PasteScript#wsgiutils
+host = %(ip)s
+port = %(port)s

slapos/recipe/erp5/__init__.py

@@ -34,8 +34,13 @@ import sys
 import zc.buildout
 import zc.recipe.egg
 import ConfigParser
-from Zope2.utilities.mkzopeinstance import write_inituser
 
+# based on Zope2.utilities.mkzopeinstance.write_inituser
+def Zope2InitUser(path, username, password):
+  open(path, 'w').write('')
+  os.chmod(path, 0600)
+  open(path, "w").write('%s:{SHA}%s\n' % (
+    username,binascii.b2a_base64(hashlib.sha1(password).digest())[:-1]))
 
 class Recipe(BaseSlapRecipe):
   def getTemplateFilename(self, template_name):
@@ -307,7 +312,7 @@ class Recipe(BaseSlapRecipe):
     self._createDirectory(cron_d)
     self._createDirectory(crontabs)
     wrapper = zc.buildout.easy_install.scripts([('crond',
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
         '-t', timestamps, '-f', '-l', '5', '-M', catcher]
@@ -412,7 +417,7 @@ class Recipe(BaseSlapRecipe):
           conversion_server_dict))
     self.path_list.append(config_file)
     self.path_list.extend(zc.buildout.easy_install.scripts([(name,
-      __name__ + '.execute', 'execute_with_signal_translation')], self.ws,
+     'slapos.recipe.librecipe.execute', 'execute_with_signal_translation')], self.ws,
       sys.executable, self.wrapper_directory,
       arguments=[self.options['ooo_paster'].strip(), 'serve', config_file]))
     return {
@@ -436,7 +441,7 @@ class Recipe(BaseSlapRecipe):
         config))
     self.path_list.append(haproxy_conf_path)
     wrapper = zc.buildout.easy_install.scripts([('haproxy_%s' % name,
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['haproxy_binary'].strip(), '-f', haproxy_conf_path]
       )[0]
@@ -455,7 +460,7 @@ class Recipe(BaseSlapRecipe):
     password = self.generatePassword()
     # XXX Unhardcoded me please
     user = 'zope'
-    write_inituser(
+    Zope2InitUser(
         os.path.join(self.erp5_directory, "inituser"), user, password)
 
     self._createDirectory(self.erp5_directory)
@@ -542,7 +547,7 @@ class Recipe(BaseSlapRecipe):
         self.substituteTemplate(self.getTemplateFilename('zeo.conf.in'), config))
       self.path_list.append(zeo_conf_path)
       wrapper = zc.buildout.easy_install.scripts([('zeo_%s' % zeo_number,
-        __name__ + '.execute', 'execute')], self.ws, sys.executable,
+       'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
         self.wrapper_directory, arguments=[
           self.options['runzeo_binary'].strip(), '-C', zeo_conf_path]
         )[0]
@@ -588,7 +593,7 @@ class Recipe(BaseSlapRecipe):
       )))
     # TID server
     tidstorage_server = zc.buildout.easy_install.scripts([('tidstoraged',
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['tidstoraged_binary'], '--nofork', '--config',
         tidstorage_config])[0]
@@ -599,7 +604,7 @@ class Recipe(BaseSlapRecipe):
 
     # repozo wrapper
     tidstorage_repozo = zc.buildout.easy_install.scripts([('tidstorage_repozo',
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.bin_directory, arguments=[
         self.options['tidstorage_repozo_binary'], '--config', tidstorage_config,
       '--repozo', self.options['repozo_binary'], '-z'])[0]
@@ -637,7 +642,7 @@ class Recipe(BaseSlapRecipe):
     )
     # configure default Zope2 zcml
     open(os.path.join(self.erp5_directory, 'etc', 'site.zcml'), 'w').write(
-        pkg_resources.resource_string('Zope2', 'utilities/skel/etc/site.zcml'))
+        pkg_resources.resource_string(__name__, 'template/site.zcml'))
     zope_config['zodb_configuration_string'] = zodb_configuration_string
     zope_config['instance'] = self.erp5_directory
     zope_config['event_log'] = os.path.join(self.log_directory,
@@ -687,7 +692,7 @@ class Recipe(BaseSlapRecipe):
     self.path_list.append(zope_conf_path)
     # Create init script
     wrapper = zc.buildout.easy_install.scripts([(name,
-      __name__ + '.execute', 'execute')], self.ws, sys.executable,
+     'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
       self.wrapper_directory, arguments=[
         self.options['runzope_binary'].strip(), '-C', zope_conf_path]
       )[0]
@@ -789,6 +794,8 @@ class Recipe(BaseSlapRecipe):
               config=apache_config_file
             )
           ]))
+    # Note: IPv6 is assumed always
+    return 'https://[%(ip)s]:%(port)s' % apache_conf
 
   def installBackendApache(self, ip, port, backend, key, certificate,
       suffix='', access_control_string=None):
@@ -899,16 +906,17 @@ class Recipe(BaseSlapRecipe):
     innobackupex_argument_list = [self.options['perl_binary'],
         self.options['innobackupex_binary'],
         '--defaults-file=%s' % mysql_conf_path,
-        '--socket=%s' %mysql_conf['socket'].strip(), '--user=root']
+        '--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
+        '--ibbackup=%s'% self.options['xtrabackup_binary']]
     environment = dict(PATH='%s' % self.bin_directory)
     innobackupex_incremental = zc.buildout.easy_install.scripts([(
-      'innobackupex_incremental', __name__ + '.execute', 'executee')],
+      'innobackupex_incremental','slapos.recipe.librecipe.execute', 'executee')],
       self.ws, sys.executable, self.bin_directory, arguments=[
         innobackupex_argument_list + ['--incremental'],
         environment])[0]
     self.path_list.append(innobackupex_incremental)
     innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
-      __name__ + '.execute', 'executee')], self.ws,
+     'slapos.recipe.librecipe.execute', 'executee')], self.ws,
       sys.executable, self.bin_directory, arguments=[
         innobackupex_argument_list,
         environment])[0]

slapos/recipe/erp5/template/apache.zope.conf.in

 # Apache configuration file for Zope
 # Automatically generated
 
+# List of modules
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule antiloris_module modules/mod_antiloris.so
+
 # Basic server configuration
 PidFile "%(pid_file)s"
 LockFile "%(lock_file)s"
 Listen %(ip)s:%(port)s
 ServerAdmin %(server_admin)s
-DefaultType text/plain
 TypesConfig conf/mime.types
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
@@ -19,7 +34,6 @@ RequestHeader unset REMOTE_USER
 
 # Log configuration
 ErrorLog "%(error_log)s"
-LogLevel warn
 LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
 LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
 CustomLog "%(access_log)s" common
@@ -37,19 +51,3 @@ CustomLog "%(access_log)s" common
 # Magic of Zope related rewrite
 RewriteEngine On
 %(rewrite_rule)s
-
-# List of modules
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule antiloris_module modules/mod_antiloris.so

slapos/recipe/erp5/template/site.zcml

+<configure
+    xmlns="http://namespaces.zope.org/zope"
+    xmlns:meta="http://namespaces.zope.org/meta"
+    xmlns:five="http://namespaces.zope.org/five">
+
+  <include package="Products.Five" />
+  <meta:redefinePermission from="zope2.Public" to="zope.Public" />
+
+
+  <!-- Load the meta -->
+  <include files="package-includes/*-meta.zcml" />
+  <five:loadProducts file="meta.zcml"/>
+
+  <!-- Load the configuration -->
+  <include files="package-includes/*-configure.zcml" />
+  <five:loadProducts />
+
+  <!-- Load the configuration overrides-->
+  <includeOverrides files="package-includes/*-overrides.zcml" />
+  <five:loadProductsOverrides />
+
+
+  <securityPolicy
+      component="Products.Five.security.FiveSecurityPolicy" />
+
+</configure>

slapos/recipe/erp5testnode/SlapOSControler.py

@@ -46,45 +46,49 @@ class SlapOSControler(object):
  'reference': config['computer_id'],
  'software_root': config['software_root']}))
 
-  def runSoftwareRelease(self, config, environment, process_group_pid_set=None):
+  def runSoftwareRelease(self, config, environment, process_group_pid_set=None,
+                         stdout=None, stderr=None):
     print "SlapOSControler.runSoftwareRelease"
-    while True:
-      cpu_count = os.sysconf("SC_NPROCESSORS_ONLN")
-      os.putenv('MAKEFLAGS', '-j%s' % cpu_count)
-      os.environ['PATH'] = environment['PATH']
-      stdout = open(os.path.join(
-                    config['instance_root'],'.runSoftwareRelease_out'),
-                    'w+')
-      stderr = open(os.path.join(
-                    config['instance_root'],'.runSoftwareRelease_err'),
-                    'w+')
-      slapgrid = subprocess.Popen([config['slapgrid_software_binary'], '-v', '-c',
-        #'--buildout-parameter',"'-U -N' -o",
-        config['slapos_config']],
-        stdout=stdout, stderr=stderr,
-        close_fds=True, preexec_fn=os.setsid)
-      process_group_pid_set.add(slapgrid.pid)
-      slapgrid.wait()
-      stdout.seek(0)
-      stderr.seek(0)
-      process_group_pid_set.remove(slapgrid.pid)
-      status_dict = {'status_code':slapgrid.returncode,
-                     'stdout':stdout.read(),
-                     'stderr':stderr.read()}
-      stdout.close()
-      stderr.close()
-      return status_dict
+    cpu_count = os.sysconf("SC_NPROCESSORS_ONLN")
+    os.putenv('MAKEFLAGS', '-j%s' % cpu_count)
+    os.environ['PATH'] = environment['PATH']
+    slapgrid = subprocess.Popen([config['slapgrid_software_binary'], '-v', '-c',
+      #'--buildout-parameter',"'-U -N' -o",
+      config['slapos_config']],
+      stdout=stdout, stderr=stderr,
+      close_fds=True, preexec_fn=os.setsid)
+    process_group_pid_set.add(slapgrid.pid)
+    slapgrid.wait()
+    stdout.seek(0)
+    stderr.seek(0)
+    process_group_pid_set.remove(slapgrid.pid)
+    status_dict = {'status_code':slapgrid.returncode,
+                    'stdout':stdout.read(),
+                    'stderr':stderr.read()}
+    stdout.close()
+    stderr.close()
+    return status_dict
 
-  def runComputerPartition(self, config, process_group_pid_set=None):
+  def runComputerPartition(self, config, environment,
+                           process_group_pid_set=None,
+                           stdout=None, stderr=None):
     print "SlapOSControler.runSoftwareRelease"
     slap = slapos.slap.slap()
     slap.registerOpenOrder().request(self.software_profile,
         partition_reference='testing partition',
         partition_parameter_kw=config['instance_dict'])
     slapgrid = subprocess.Popen([config['slapgrid_partition_binary'],
-      config['slapos_config'], '-c', '-v'], close_fds=True, preexec_fn=os.setsid)
+      config['slapos_config'], '-c', '-v'],
+      stdout=stdout, stderr=stderr,
+      close_fds=True, preexec_fn=os.setsid)
     process_group_pid_set.add(slapgrid.pid)
     slapgrid.wait()
+    stdout.seek(0)
+    stderr.seek(0)
     process_group_pid_set.remove(slapgrid.pid)
-    if slapgrid.returncode != 0:
-      raise ValueError('Slapgrid instance failed')
+    status_dict = {'status_code':slapgrid.returncode,
+                    'stdout':stdout.read(),
+                    'stderr':stderr.read()}
+    stdout.close()
+    stderr.close()
+    return status_dict

slapos/recipe/erp5testnode/Updater.py

@@ -147,7 +147,7 @@ class Updater(object):
       # edit .git/info/sparse-checkout if you want sparse checkout
       if revision:
         if type(revision) is str:
-          h = self._git_find_rev('r' + revision)
+          h = revision
         else:
           h = revision[1]
         if h != self._git('rev-parse', 'HEAD'):

slapos/recipe/erp5testnode/__init__.py

@@ -83,36 +83,25 @@ class Recipe(BaseSlapRecipe):
               git_binary=self.options['git_binary'],
               software_root=CONFIG['software_root'],
               working_directory=CONFIG['working_directory'],
-              vcs_repository=self.parameter_dict.get('vcs_repository'),
+              vcs_repository_list=eval(self.parameter_dict.get('vcs_repository_list'),),
               node_quantity=self.parameter_dict.get('node_quantity', '1'),
-              branch=self.parameter_dict.get('branch', None),
               test_suite_master_url=self.parameter_dict.get(
                                 'test_suite_master_url', None),
-              test_suite_name=self.parameter_dict.get('test_suite_name'),
+              test_suite=self.parameter_dict.get('test_suite'),
               test_suite_title=self.parameter_dict.get('test_suite_title'),
+              test_node_title=self.parameter_dict.get('test_node_title'),
+              project_title=self.parameter_dict.get('project_title'),
               bin_directory=self.bin_directory,
-              foo='bar',
               # botenvironemnt is splittable string of key=value to substitute
               # environment of running bot
               bot_environment=self.parameter_dict.get('bot_environment', ''),
               partition_reference=CONFIG['partition_reference'],
               environment=dict(PATH=os.environ['PATH']),
+              vcs_authentication_list=eval(self.parameter_dict.get(
+                     'vcs_authentication_list', 'None')),
             )
           ]))
 
-  def installLocalSvn(self):
-    svn_dict = dict(svn_binary = self.options['svn_binary'])
-    svn_dict.update(self.parameter_dict)
-    self._writeExecutable(os.path.join(self.bin_directory, 'svn'), """\
-#!/bin/sh
-%(svn_binary)s --username %(svn_username)s --password %(svn_password)s \
---non-interactive --trust-server-cert --no-auth-cache "$@" """% svn_dict)
-
-    svnversion = os.path.join(self.bin_directory, 'svnversion')
-    if os.path.lexists(svnversion):
-      os.unlink(svnversion)
-    os.symlink(self.options['svnversion_binary'], svnversion)
-
   def installLocalGit(self):
     git_dict = dict(git_binary = self.options['git_binary'])
     git_dict.update(self.parameter_dict)
@@ -122,19 +111,19 @@ class Recipe(BaseSlapRecipe):
     home_directory = os.path.join(*os.path.split(self.bin_directory)[0:-1])
     print "home_directory : %r" % home_directory
     git_dict.setdefault("git_server_name", "git.erp5.org")
-    if git_dict.get('vcs_username', None) is not None:
+    if git_dict.get('vcs_authentication_list', None) is not None:
+      vcs_authentication_list = eval(git_dict['vcs_authentication_list'])
       netrc_file = open(os.path.join(home_directory, '.netrc'), 'w')
-      netrc_file.write("""
-  machine %(git_server_name)s
-  login %(vcs_username)s
-  password %(vcs_password)s""" % git_dict)
+      for vcs_authentication_dict in vcs_authentication_list:
+        netrc_file.write("""
+machine %(host)s
+login %(user_name)s
+password %(password)s
+""" % vcs_authentication_dict)
       netrc_file.close()
 
   def installLocalRepository(self):
-    if self.parameter_dict.get('vcs_repository').endswith('git'):
-      self.installLocalGit()
-    else:
-      self.installLocalSvn()
+    self.installLocalGit()
 
   def installLocalZip(self):
     zip = os.path.join(self.bin_directory, 'zip')

slapos/recipe/erp5testnode/testnode.py

@@ -55,44 +55,64 @@ def safeRpcCall(function, *args):
       time.sleep(retry)
       retry += retry >> 1
 
+def getInputOutputFileList(config, command_name):
+  stdout = open(os.path.join(
+                config['instance_root'],'.%s_out' % command_name),
+                'w+')
+  stdout.write("%s\n" % command_name)
+  stderr = open(os.path.join(
+                config['instance_root'],'.%s_err' % command_name),
+                'w+')
+  return (stdout, stderr)
+
 slapos_controler = None
 
 def run(args):
   config = args[0]
   slapgrid = None
-  branch = config.get('branch', None)
   supervisord_pid_file = os.path.join(config['instance_root'], 'var', 'run',
         'supervisord.pid')
   subprocess.check_call([config['git_binary'],
                 "config", "--global", "http.sslVerify", "false"])
   previous_revision = None
-  run_software = True
-  # find what will be the path of the repository
-  repository_name = config['vcs_repository'].split('/')[-1].split('.')[0]
-  repository_path = os.path.join(config['working_directory'],repository_name)
-  config['repository_path'] = repository_path
-  sys.path.append(repository_path)
 
+  run_software = True
   # Write our own software.cfg to use the local repository
   custom_profile_path = os.path.join(config['working_directory'], 'software.cfg')
   config['custom_profile_path'] = custom_profile_path
-  
-  # create a profile in order to use the repository we already have
-  custom_profile = open(custom_profile_path, 'w')
-  profile_content = """
+  vcs_repository_list = config['vcs_repository_list']
+  profile_content = None
+  assert len(vcs_repository_list), "we must have at least one repository"
+  for vcs_repository in vcs_repository_list:
+    url = vcs_repository['url']
+    buildout_section_id = vcs_repository.get('buildout_section_id', None)
+    repository_id = buildout_section_id or \
+                                  url.split('/')[-1].split('.')[0]
+    repository_path = os.path.join(config['working_directory'],repository_id)
+    vcs_repository['repository_id'] = repository_id
+    vcs_repository['repository_path'] = repository_path
+    if profile_content is None:
+      profile_content = """
 [buildout]
 extends = %(software_config_path)s
-
-[%(repository_name)s]
+""" %  {'software_config_path': os.path.join(repository_path,
+                                          config['profile_path'])}
+    if not(buildout_section_id is None):
+      profile_content += """
+[%(buildout_section_id)s]
 repository = %(repository_path)s
-""" %     {'software_config_path': os.path.join(repository_path,
-                                          config['profile_path']),
-    'repository_name': repository_name,
-    'repository_path' : repository_path}
-  if branch is not None:
-    profile_content += "\nbranch = %s" % branch
+branch = %(branch)s
+""" %  {'buildout_section_id': buildout_section_id,
+        'repository_path' : repository_path,
+        'branch' : vcs_repository.get('branch','master')}
+
+  custom_profile = open(custom_profile_path, 'w')
   custom_profile.write(profile_content)
   custom_profile.close()
+  config['repository_path'] = repository_path
+  sys.path.append(repository_path)
+  test_suite_title = config['test_suite_title'] or config['test_suite']
+
   retry_software = False
   try:
     while True:
@@ -104,19 +124,24 @@ repository = %(repository_path)s
           except:
             pass
         process_group_pid_set.clear()
+        full_revision_list = []
         # Make sure we have local repository
-        if not os.path.exists(repository_path):
-          parameter_list = [config['git_binary'], 'clone',
-                            config['vcs_repository']]
-          if branch is not None:
-            parameter_list.extend(['-b',branch])
-          parameter_list.append(repository_path)
-          subprocess.check_call(parameter_list)
-          # XXX this looks like to not wait the end of the command
-        # Make sure we have local repository
-        updater = Updater(repository_path, git_binary=config['git_binary'])
-        updater.checkout()
-        revision = updater.getRevision()
+        for vcs_repository in vcs_repository_list:
+          repository_path = vcs_repository['repository_path']
+          repository_id = vcs_repository['repository_id']
+          if not os.path.exists(repository_path):
+            parameter_list = [config['git_binary'], 'clone',
+                              vcs_repository['url']]
+            if vcs_repository.get('branch') is not None:
+              parameter_list.extend(['-b',vcs_repository.get('branch')])
+            parameter_list.append(repository_path)
+            subprocess.check_call(parameter_list)
+          # Make sure we have local repository
+          updater = Updater(repository_path, git_binary=config['git_binary'])
+          updater.checkout()
+          revision = "-".join(updater.getRevision())
+          full_revision_list.append('%s=%s' % (repository_id, revision))
+        revision = ','.join(full_revision_list)
         if previous_revision == revision:
           time.sleep(120)
           if not(retry_software):
@@ -137,57 +162,41 @@ repository = %(repository_path)s
           master = portal.portal_task_distribution
           assert master.getProtocolRevision() == 1
           test_result = safeRpcCall(master.createTestResult,
-            config['test_suite_name'], revision, [],
-            False, config['test_suite_title'])
+            config['test_suite'], revision, [],
+            False, test_suite_title,
+            config['test_node_title'], config['project_title'])
         print "testnode, test_result : %r" % (test_result,)
         if test_result:
           test_result_path, test_revision = test_result
           if revision != test_revision:
-            # other testnodes on other boxes are already ready to test another
-            # revision
-            updater = Updater(repository_path, git_binary=config['git_binary'],
-                              revision=test_revision)
-            updater.checkout()
+            for i, repository_revision in enumerate(test_revision.split(',')):
+              vcs_repository = vcs_repository_list[i]
+              repository_path = vcs_repository['repository_path']
+              # other testnodes on other boxes are already ready to test another
+              # revision
+              updater = Updater(repository_path, git_binary=config['git_binary'],
+                                revision=repository_revision.split('-')[1])
+              updater.checkout()
 
-          # Now prepare the installation of SlapOS
+          # Now prepare the installation of SlapOS and create instance
           slapos_controler = SlapOSControler(config,
             process_group_pid_set=process_group_pid_set)
-          # this should be always true later, but it is too slow for now
-          status_dict = slapos_controler.runSoftwareRelease(config,
-            environment=config['environment'],
-            process_group_pid_set=process_group_pid_set,
-            )
+          for method_name in ("runSoftwareRelease", "runComputerPartition"):
+            stdout, stderr = getInputOutputFileList(config, method_name)
+            slapos_method = getattr(slapos_controler, method_name)
+            status_dict = slapos_method(config,
+              environment=config['environment'],
+              process_group_pid_set=process_group_pid_set,
+              stdout=stdout, stderr=stderr
+              )
+            if status_dict['status_code'] != 0:
+              break
           if status_dict['status_code'] != 0:
             safeRpcCall(master.reportTaskFailure,
-              test_result_path, status_dict, config['test_suite_title'])
+              test_result_path, status_dict, config['test_node_title'])
             retry_software = True
             continue
 
-          # create instances, it should take some seconds only
-          slapos_controler.runComputerPartition(config,
-                  process_group_pid_set=process_group_pid_set)
-
-          # update repositories downloaded by buildout. Later we should get
-          # from master a list of repositories
-          repository_path_list = glob(os.path.join(config['software_root'],
-                                  '*', 'parts', 'git_repository', '*'))
-          assert len(repository_path_list) >= 0
-          for repository_path in repository_path_list:
-            updater = Updater(repository_path, git_binary=config['git_binary'])
-            updater.checkout()
-            if os.path.split(repository_path)[-1] == repository_name:
-              # redo checkout with good revision, the previous one is used
-              # to pull last code
-              updater = Updater(repository_path, git_binary=config['git_binary'],
-                                revision=revision)
-              updater.checkout()
-            # calling dist/externals is only there for backward compatibility,
-            # the code will be removed soon
-            if os.path.exists(os.path.join(repository_path, 'dist/externals.py')):
-              process = subprocess.Popen(['dist/externals.py'],
-                        cwd=repository_path)
-              process.wait()
-
           partition_path = os.path.join(config['instance_root'],
                                         config['partition_reference'])
           run_test_suite_path = os.path.join(partition_path, 'bin',
@@ -206,8 +215,9 @@ repository = %(repository_path)s
           if line[:2] == '#!':
             invocation_list = line[2:].split()
           invocation_list.extend([run_test_suite_path,
-                                  '--test_suite', config['test_suite_name'],
+                                  '--test_suite', config['test_suite'],
                                   '--revision', revision,
+                                  '--test_suite_title', test_suite_title,
                                   '--node_quantity', config['node_quantity'],
                                   '--master_url', config['test_suite_master_url']])
           run_test_suite = subprocess.Popen(invocation_list)
@@ -232,5 +242,4 @@ repository = %(repository_path)s
       if os.path.exists(supervisord_pid_file):
         os.kill(int(open(supervisord_pid_file).read().strip()), signal.SIGTERM)
     except:
-      pass
-
+      pass
\ No newline at end of file

slapos/recipe/kumofs/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import hashlib
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    # XXX-Cedric : add logrotate?
+    self.cron_d = self.installCrond()
+    kumo_conf = self.installKumo(self.getLocalIPv4Address())
+    
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('Login Based Access')
+    
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, kumo_conf['kumo_gateway_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
+    
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_ip = stunnel_conf['public_ip'],
+      stunnel_port = stunnel_conf['public_port'],
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+  
+
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+  
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installStunnel(self, public_ip, private_ip, public_port, private_port,
+      ca_certificate, key, ca_crl, ca_path):
+    """Installs stunnel"""
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        public_ip=public_ip,
+        private_ip=private_ip,
+        public_port=public_port,
+        pid_file=pid_file,
+        log=log,
+        cert = ca_certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        private_port = private_port,
+    )
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+      )[0]
+    self.path_list.append(wrapper)
+
+    return stunnel_conf
+
+  def installKumo(self, ip, kumo_manager_port=13101, kumo_server_port=13201,
+      kumo_server_listen_port=13202, kumo_gateway_port=13301):
+    # XXX: kumo is not storing pid in file, unless it is not running as daemon
+    #      but running daemons is incompatible with SlapOS, so there is currently
+    #      no way to have Kumo's pid files to rotate logs and send signals to them
+    config = dict(
+      kumo_gateway_binary=self.options['kumo_gateway_binary'],
+      kumo_gateway_ip=ip,
+      kumo_gateway_log=os.path.join(self.log_directory, "kumo-gateway.log"),
+      kumo_manager_binary=self.options['kumo_manager_binary'],
+      kumo_manager_ip=ip,
+      kumo_manager_log=os.path.join(self.log_directory, "kumo-manager.log"),
+      kumo_server_binary=self.options['kumo_server_binary'],
+      kumo_server_ip=ip,
+      kumo_server_log=os.path.join(self.log_directory, "kumo-server.log"),
+      kumo_server_storage=os.path.join(self.data_root_directory, "kumodb.tch"),
+      kumo_manager_port=kumo_manager_port,
+      kumo_server_port=kumo_server_port,
+      kumo_server_listen_port=kumo_server_listen_port,
+      kumo_gateway_port=kumo_gateway_port
+    )
+
+    self.path_list.append(self.createRunningWrapper('kumo_gateway',
+      self.substituteTemplate(self.getTemplateFilename('kumo_gateway.in'),
+        config)))
+
+    self.path_list.append(self.createRunningWrapper('kumo_manager',
+      self.substituteTemplate(self.getTemplateFilename('kumo_manager.in'),
+        config)))
+
+    self.path_list.append(self.createRunningWrapper('kumo_server',
+      self.substituteTemplate(self.getTemplateFilename('kumo_server.in'),
+        config)))
+
+    return dict(
+      kumo_address = '%s:%s' % (config['kumo_gateway_ip'],
+        config['kumo_gateway_port']),
+      kumo_gateway_ip=config['kumo_gateway_ip'],
+      kumo_gateway_port=config['kumo_gateway_port'],
+    )
\ No newline at end of file

slapos/recipe/kumofs/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/kumofs/template/kumo_gateway.in

+#!/bin/sh
+exec %(kumo_gateway_binary)s -F -E -m %(kumo_manager_ip)s:%(kumo_manager_port)s -t %(kumo_gateway_ip)s:%(kumo_gateway_port)s -o %(kumo_gateway_log)s

slapos/recipe/kumofs/template/kumo_manager.in

+#!/bin/sh
+exec %(kumo_manager_binary)s -a -l %(kumo_manager_ip)s:%(kumo_manager_port)s -o %(kumo_manager_log)s

slapos/recipe/kumofs/template/kumo_server.in

+#!/bin/sh
+exec %(kumo_server_binary)s -l %(kumo_server_ip)s:%(kumo_server_port)s -L %(kumo_server_listen_port)s -m %(kumo_manager_ip)s:%(kumo_manager_port)s -s %(kumo_server_storage)s -o %(kumo_server_log)s

slapos/recipe/kumofs/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
+
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+#[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+#
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

slapos/recipe/kumofs/template/stunnel.conf.in

+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+
+[service]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s

slapos/recipe/memcached/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import hashlib
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    # XXX-Cedric : add logrotate?
+    self.cron_d = self.installCrond()
+    memcached_conf = self.installMemcached(ip=self.getLocalIPv4Address(),
+        port=11000)
+        
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('Memcached')
+
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, memcached_conf['memcached_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
+    
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_ip = stunnel_conf['public_ip'],
+      stunnel_port = stunnel_conf['public_port'],
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+  
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+  
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installStunnel(self, public_ip, private_ip, public_port, private_port,
+      ca_certificate, key, ca_crl, ca_path):
+    """Installs stunnel"""
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        public_ip=public_ip,
+        private_ip=private_ip,
+        public_port=public_port,
+        pid_file=pid_file,
+        log=log,
+        cert = ca_certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        private_port = private_port,
+    )
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+      )[0]
+    self.path_list.append(wrapper)
+    return stunnel_conf
+
+  def installMemcached(self, ip, port):
+    config = dict(
+        memcached_binary=self.options['memcached_binary'],
+        memcached_ip=ip,
+        memcached_port=port,
+    )
+    self.path_list.append(self.createRunningWrapper('memcached',
+      self.substituteTemplate(self.getTemplateFilename('memcached.in'),
+        config)))
+    return dict(memcached_url='%s:%s' %
+        (config['memcached_ip'], config['memcached_port']),
+        memcached_ip=config['memcached_ip'],
+        memcached_port=config['memcached_port'])

slapos/recipe/memcached/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/memcached/template/memcached.in

+#!/bin/sh
+exec %(memcached_binary)s -p %(memcached_port)s -U %(memcached_port)s -l %(memcached_ip)s

slapos/recipe/memcached/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
+
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+#[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+#
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

slapos/recipe/memcached/template/stunnel.conf.in

+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+
+[service]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s

slapos/recipe/mysql/__init__.py

+##############################################################################
+#
+# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import hashlib
+import os
+import pkg_resources
+import sys
+import zc.buildout
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def getTemplateFilename(self, template_name):
+    return pkg_resources.resource_filename(__name__,
+        'template/%s' % template_name)
+
+  def _install(self):
+    self.path_list = []
+
+    self.requirements, self.ws = self.egg.working_set()
+    # self.cron_d is a directory, where cron jobs can be registered
+    self.cron_d = self.installCrond()
+    self.logrotate_d, self.logrotate_backup = self.installLogrotate()
+    
+    mysql_conf = self.installMysqlServer(self.getLocalIPv4Address(), 45678)
+      
+    ca_conf = self.installCertificateAuthority()
+    key, certificate = self.requestCertificate('MySQL')
+    
+    stunnel_conf = self.installStunnel(self.getGlobalIPv6Address(),
+        self.getLocalIPv4Address(), 12345, mysql_conf['tcp_port'],
+        certificate, key, ca_conf['ca_crl'],
+        ca_conf['certificate_authority_path'])
+    
+    self.linkBinary()
+    self.setConnectionDict(dict(
+      stunnel_ip = stunnel_conf['public_ip'],
+      stunnel_port = stunnel_conf['public_port'],
+      mysql_database = mysql_conf['mysql_database'],
+      mysql_user = mysql_conf['mysql_user'],
+      mysql_password = mysql_conf['mysql_password'],
+    ))
+    return self.path_list
+
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.erp5.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+  
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list, postrotate_script):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        self.substituteTemplate(self.getTemplateFilename(
+          'logrotate_entry.in'),
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+            postrotate=postrotate_script, olddir=self.logrotate_backup)))
+
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
+
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+
+  def installStunnel(self, public_ip, private_ip, public_port, private_port,
+      ca_certificate, key, ca_crl, ca_path):
+    """Installs stunnel"""
+    template_filename = self.getTemplateFilename('stunnel.conf.in')
+    log = os.path.join(self.log_directory, 'stunnel.log')
+    pid_file = os.path.join(self.run_directory, 'stunnel.pid')
+    stunnel_conf = dict(
+        public_ip=public_ip,
+        private_ip=private_ip,
+        public_port=public_port,
+        pid_file=pid_file,
+        log=log,
+        cert = ca_certificate,
+        key = key,
+        ca_crl = ca_crl,
+        ca_path = ca_path,
+        private_port = private_port,
+    )
+    stunnel_conf_path = self.createConfigurationFile("stunnel.conf",
+        self.substituteTemplate(template_filename,
+          stunnel_conf))
+    wrapper = zc.buildout.easy_install.scripts([('stunnel',
+      'slapos.recipe.erp5.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+      )[0]
+    self.path_list.append(wrapper)
+    return stunnel_conf
+
+    
+  def installMysqlServer(self, ip, port, database='db', user='user',
+      template_filename=None, mysql_conf=None):
+    if mysql_conf is None:
+      mysql_conf = {}
+    backup_directory = self.createBackupDirectory('mysql')
+    if template_filename is None:
+      template_filename = self.getTemplateFilename('my.cnf.in')
+    error_log = os.path.join(self.log_directory, 'mysqld.log')
+    slow_query_log = os.path.join(self.log_directory, 'mysql-slow.log')
+    mysql_conf.update(
+        ip=ip,
+        data_directory=os.path.join(self.data_root_directory,
+          'mysql'),
+        tcp_port=port,
+        pid_file=os.path.join(self.run_directory, 'mysqld.pid'),
+        socket=os.path.join(self.run_directory, 'mysqld.sock'),
+        error_log=error_log,
+        slow_query_log=slow_query_log,
+        mysql_database=database,
+        mysql_user=user,
+        mysql_password=self.generatePassword(),
+    )
+    self.registerLogRotation('mysql', [error_log, slow_query_log],
+        '%(mysql_binary)s --no-defaults -B --user=root '
+        '--socket=%(mysql_socket)s -e "FLUSH LOGS"' % dict(
+          mysql_binary=self.options['mysql_binary'],
+          mysql_socket=mysql_conf['socket']))
+    self._createDirectory(mysql_conf['data_directory'])
+
+    mysql_conf_path = self.createConfigurationFile("my.cnf",
+        self.substituteTemplate(template_filename,
+          mysql_conf))
+
+    mysql_script_list = []
+    for x_database, x_user, x_password in \
+          [(mysql_conf['mysql_database'],
+            mysql_conf['mysql_user'],
+            mysql_conf['mysql_password']),
+          ]:
+      mysql_script_list.append(pkg_resources.resource_string(__name__,
+                     'template/initmysql.sql.in') % {
+                        'mysql_database': x_database,
+                        'mysql_user': x_user,
+                        'mysql_password': x_password})
+    mysql_script_list.append('EXIT')
+    mysql_script = '\n'.join(mysql_script_list)
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysql_update',
+      __name__ + '.mysql', 'updateMysql')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_script=mysql_script,
+        mysql_binary=self.options['mysql_binary'].strip(),
+        mysql_upgrade_binary=self.options['mysql_upgrade_binary'].strip(),
+        socket=mysql_conf['socket'],
+        )]))
+    self.path_list.extend(zc.buildout.easy_install.scripts([('mysqld',
+      __name__ + '.mysql', 'runMysql')], self.ws,
+        sys.executable, self.wrapper_directory, arguments=[dict(
+        mysql_install_binary=self.options['mysql_install_binary'].strip(),
+        mysqld_binary=self.options['mysqld_binary'].strip(),
+        data_directory=mysql_conf['data_directory'].strip(),
+        mysql_binary=self.options['mysql_binary'].strip(),
+        socket=mysql_conf['socket'].strip(),
+        configuration_file=mysql_conf_path,
+       )]))
+    self.path_list.extend([mysql_conf_path])
+
+    # backup configuration
+    backup_directory = self.createBackupDirectory('mysql')
+    full_backup = os.path.join(backup_directory, 'full')
+    incremental_backup = os.path.join(backup_directory, 'incremental')
+    self._createDirectory(full_backup)
+    self._createDirectory(incremental_backup)
+    innobackupex_argument_list = [self.options['perl_binary'],
+        self.options['innobackupex_binary'],
+        '--defaults-file=%s' % mysql_conf_path,
+        '--socket=%s' %mysql_conf['socket'].strip(), '--user=root']
+    environment = dict(PATH='%s' % self.bin_directory)
+    # Use execute from erp5.
+    innobackupex_incremental = zc.buildout.easy_install.scripts([(
+      'innobackupex_incremental', 'slapos.recipe.erp5.execute', 'executee')],
+      self.ws, sys.executable, self.bin_directory, arguments=[
+        innobackupex_argument_list + ['--incremental'],
+        environment])[0]
+    self.path_list.append(innobackupex_incremental)
+    # Use execute from erp5.
+    innobackupex_full = zc.buildout.easy_install.scripts([('innobackupex_full',
+      'slapos.recipe.erp5.execute', 'executee')], self.ws,
+      sys.executable, self.bin_directory, arguments=[
+        innobackupex_argument_list,
+        environment])[0]
+    self.path_list.append(innobackupex_full)
+    backup_controller = zc.buildout.easy_install.scripts([
+      ('innobackupex_controller', __name__ + '.innobackupex', 'controller')],
+      self.ws, sys.executable, self.bin_directory,
+      arguments=[innobackupex_incremental, innobackupex_full, full_backup,
+        incremental_backup])[0]
+    self.path_list.append(backup_controller)
+    mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
+    open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
+    self.path_list.append(mysql_backup_cron)
+    # The return could be more explicit database, user ...
+    return mysql_conf

slapos/recipe/mysql/certificate_authority.py

+import os
+import subprocess
+import time
+import ConfigParser
+
+
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+
+
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)

slapos/recipe/mysql/mysql.py

+import os
+import subprocess
+import time
+import sys
+
+
+def runMysql(args):
+  sleep = 60
+  conf = args[0]
+  mysqld_wrapper_list = [conf['mysqld_binary'], '--defaults-file=%s' %
+      conf['configuration_file']]
+  # we trust mysql_install that if mysql directory is available mysql was
+  # correctly initalised
+  if not os.path.isdir(os.path.join(conf['data_directory'], 'mysql')):
+    while True:
+      # XXX: Protect with proper root password
+      # XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
+      popen = subprocess.Popen([conf['mysql_install_binary'],
+        '--skip-name-resolve', '--no-defaults', '--datadir=%s' %
+        conf['data_directory']],
+        stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = popen.communicate()[0]
+      if popen.returncode is None or popen.returncode != 0:
+        print "Failed to initialise server.\nThe error was: %s" % result
+        print "Waiting for %ss and retrying" % sleep
+        time.sleep(sleep)
+      else:
+        print "Mysql properly initialised"
+        break
+  else:
+    print "MySQL already initialised"
+  print "Starting %r" % mysqld_wrapper_list[0]
+  sys.stdout.flush()
+  sys.stderr.flush()
+  os.execl(mysqld_wrapper_list[0], *mysqld_wrapper_list)
+
+
+def updateMysql(args):
+  conf = args[0]
+  sleep = 30
+  is_succeed = False
+  while True:
+    if not is_succeed:
+      mysql_upgrade_list = [conf['mysql_upgrade_binary'], '--no-defaults', '--user=root', '--socket=%s' % conf['socket']]
+      mysql_upgrade = subprocess.Popen(mysql_upgrade_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+      result = mysql_upgrade.communicate()[0]
+      if mysql_upgrade.returncode is None:
+        mysql_upgrade.kill()
+      if mysql_upgrade.returncode != 0 and not 'is already upgraded' in result:
+        print "Command %r failed with result:\n%s" % (mysql_upgrade_list, result)
+        print 'Sleeping for %ss and retrying' % sleep
+      else:
+        if mysql_upgrade.returncode == 0:
+          print "MySQL database upgraded with result:\n%s" % result
+        else:
+          print "No need to upgrade MySQL database"
+        mysql_list = [conf['mysql_binary'].strip(), '--no-defaults', '-B', '--user=root', '--socket=%s' % conf['socket']]
+        mysql = subprocess.Popen(mysql_list, stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+        result = mysql.communicate(conf['mysql_script'])[0]
+        if mysql.returncode is None:
+          mysql.kill()
+        if mysql.returncode != 0:
+          print 'Command %r failed with:\n%s' % (mysql_list, result)
+          print 'Sleeping for %ss and retrying' % sleep
+        else:
+          is_succeed = True
+          print 'SlapOS initialisation script succesfully applied on database.'
+    sys.stdout.flush()
+    sys.stderr.flush()
+    time.sleep(sleep)

slapos/recipe/mysql/template/initmysql.sql.in

+CREATE DATABASE IF NOT EXISTS %(mysql_database)s;
+GRANT ALL PRIVILEGES ON %(mysql_database)s.* TO %(mysql_user)s@'%%' IDENTIFIED BY '%(mysql_password)s';
+#GRANT ALL PRIVILEGES ON %(mysql_database)s.* TO %(mysql_user)s@* IDENTIFIED BY '%(mysql_password)s';

slapos/recipe/mysql/template/logrotate_entry.in

+%(file_list)s {
+  daily
+  dateext
+  rotate 30
+  compress
+  notifempty
+  sharedscripts
+  create
+  postrotate
+    %(postrotate)s
+  endscript
+  olddir %(olddir)s
+}

slapos/recipe/mysql/template/my.cnf.in

+# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
+# The MySQL server
+[mysqld]
+# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
+# different engine, like MyISAM. Such behaviour generates problems only, when
+# tables requested as InnoDB are silently created with MyISAM engine.
+#
+# Loud fail is really required in such case.
+sql-mode="NO_ENGINE_SUBSTITUTION"
+
+skip-show-database
+port = %(tcp_port)s
+bind-address = %(ip)s
+socket = %(socket)s
+datadir = %(data_directory)s
+pid-file = %(pid_file)s
+log-error = %(error_log)s
+#log-slow-file = %(slow_query_log)s
+long_query_time = 5
+max_allowed_packet = 128M
+query_cache_size = 32M
+
+plugin-load = ha_innodb_plugin.so
+
+# The following are important to configure and depend a lot on to the size of
+# your database and the available resources.
+#innodb_buffer_pool_size = 4G
+#innodb_log_file_size = 256M
+#innodb_log_buffer_size = 8M
+
+# Some dangerous settings you may want to uncomment if you only want
+# performance or less disk access. Useful for unit tests.
+#innodb_flush_log_at_trx_commit = 0
+#innodb_flush_method = nosync
+#innodb_doublewrite = 0
+#sync_frm = 0
+
+# Uncomment the following if you need binary logging, which is recommended
+# on production instances (either for replication or incremental backups).
+#log-bin=mysql-bin
+
+# Force utf8 usage
+collation_server = utf8_unicode_ci
+character_set_server = utf8
+skip-character-set-client-handshake
+
+[mysql]
+no-auto-rehash
+socket = %(socket)s
+
+[mysqlhotcopy]
+interactive-timeout

slapos/recipe/mysql/template/openssl.cnf.ca.in

+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_value		= %(country_code)s
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_value	= %(state)s
+
+localityName			= Locality Name (eg, city)
+localityName_value		= %(city)s
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_value	= %(company)s
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+#[ req_attributes ]
+#challengePassword		= A challenge password
+#challengePassword_min		= 4
+#challengePassword_max		= 20
+#
+#unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= /etc/pki/tls		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

slapos/recipe/mysql/template/stunnel.conf.in

+foreground = yes
+output = %(log)s
+pid = %(pid_file)s
+syslog = no
+CApath = %(ca_path)s
+key = %(key)s
+CRLpath = %(ca_crl)s
+cert = %(cert)s
+
+[service]
+accept = %(public_ip)s:%(public_port)s
+connect = %(private_ip)s:%(private_port)s

slapos/recipe/vifib.py

@@ -147,6 +147,9 @@ SSLCARevocationPath %(ca_crl)s"""
         login_url_list)
     apache_login = self.installBackendApache(self.getGlobalIPv6Address(), 15000,
         login_haproxy, backend_key, backend_certificate)
+    apache_frontend_login = self.installFrontendZopeApache(
+        self.getGlobalIPv6Address(), 4443, 'vifib', '/',
+        apache_login, '/', backend_key, backend_certificate)
     # Four Web Service Nodes (Machine access)
     service_url_list = []
     for i in (1, 2, 3, 4):
@@ -170,6 +173,7 @@ SSLCARevocationPath %(ca_crl)s"""
         known_tid_storage_identifier_dict, 'http://'+login_haproxy)
     self.linkBinary()
     self.setConnectionDict(dict(
+      front_end_url=apache_frontend_login,
       site_url=apache_login,
       site_user=user,
       site_password=password,

slapos/recipe/zabbixagent/__init__.py

+##############################################################################
+#
+# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from slapos.recipe.librecipe import BaseSlapRecipe
+import binascii
+import os
+import pkg_resources
+import pprint
+import hashlib
+import sys
+import zc.buildout
+import zc.recipe.egg
+import ConfigParser
+
+class Recipe(BaseSlapRecipe):
+  def installLogrotate(self):
+    """Installs logortate main configuration file and registers its to cron"""
+    logrotate_d = os.path.abspath(os.path.join(self.etc_directory,
+      'logrotate.d'))
+    self._createDirectory(logrotate_d)
+    logrotate_backup = self.createBackupDirectory('logrotate')
+    logrotate_conf = self.createConfigurationFile("logrotate.conf",
+        "include %s" % logrotate_d)
+    logrotate_cron = os.path.join(self.cron_d, 'logrotate')
+    state_file = os.path.join(self.data_root_directory, 'logrotate.status')
+    open(logrotate_cron, 'w').write('0 0 * * * %s -s %s %s' %
+        (self.options['logrotate_binary'], state_file, logrotate_conf))
+    self.path_list.extend([logrotate_d, logrotate_conf, logrotate_cron])
+    return logrotate_d, logrotate_backup
+
+  def registerLogRotation(self, name, log_file_list):
+    """Register new log rotation requirement"""
+    open(os.path.join(self.logrotate_d, name), 'w').write(
+        pkg_resources.resource_string(__name__, 'template/logrotate_entry.in')%
+          dict(file_list=' '.join(['"'+q+'"' for q in log_file_list]),
+          olddir=self.logrotate_backup))
+
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
+
+  def _install(self):
+    self.path_list = []
+    self.requirements, self.ws = self.egg.working_set()
+    # self.cron_d is a directory, where cron jobs can be registered
+    self.cron_d = self.installCrond()
+    self.logrotate_d, self.logrotate_backup = self.installLogrotate()
+    zabbix_log_file = os.path.join(self.log_directory, 'zabbix_agentd.log')
+    self.registerLogRotation('zabbix_agentd', [zabbix_log_file])
+    zabbix_agentd = dict(
+      pid_file=os.path.join(self.run_directory, "zabbix_agentd.pid"),
+      log_file=zabbix_log_file,
+      ip=self.getGlobalIPv6Address(),
+      server=self.parameter_dict['server'],
+      hostname=self.parameter_dict['hostname'],
+      port='10050'
+    )
+    zabbix_agentd_conf = self.createConfigurationFile("zabbix_agentd.conf",
+         pkg_resources.resource_string(__name__,
+         'template/zabbix_agentd.conf.in') % zabbix_agentd)
+    self.path_list.append(zabbix_agentd_conf)
+    wrapper = zc.buildout.easy_install.scripts([('zabbixagentd',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.bin_directory, arguments=[
+        self.options['zabbix_agentd_binary'].strip(), '-c',
+        zabbix_agentd_conf])[0]
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('zabbixagentd', __name__ + '.svcdaemon', 'svcdaemon')],
+      self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+        real_binary=wrapper, pid_file=zabbix_agentd['pid_file'])]))
+    self.setConnectionDict(dict(ip=zabbix_agentd['ip'],
+      name=zabbix_agentd['hostname'], port=zabbix_agentd['port']))
+    return self.path_list

slapos/recipe/zabbixagent/catdatefile.py

+import os
+import sys
+import time
+def catdatefile(args):
+  directory = args[0]
+  try:
+    suffix = args[1]
+  except IndexError:
+    suffix = '.log'
+  f = open(os.path.join(directory,
+    time.strftime('%Y-%m-%d.%H:%M.%s') + suffix), 'aw')
+  for line in sys.stdin.read():
+    f.write(line)
+  f.close()

slapos/recipe/zabbixagent/svcdaemon.py

+import os
+import subprocess
+import time
+import signal
+import sys
+
+def get_pid(filename):
+  pid = None
+  if os.path.exists(filename):
+    data = open(pid_file).read()
+    try:
+      pid = int(data)
+    except ValueError:
+      pass
+  return pid
+
+pid_file = None
+def sig_handler(s, frame):
+  print "Killing on signal %s:" % s,
+  global pid_file
+  if pid_file is not None:
+    pid = get_pid(pid_file)
+    if pid is not None:
+      os.kill(pid, signal.SIGTERM)
+      try:
+        os.kill(pid, 0)
+      except Exception:
+        pass
+      else:
+        time.sleep(5)
+        try:
+          os.kill(pid, 0)
+        except Exception:
+          pass
+        else:
+          print 'with SIGKILL...',
+          os.kill(pid, signal.SIGKILL)
+    else:
+      raise ValueError('Pid is none.')
+  print 'done.'
+  sys.exit(0)
+
+signal.signal(signal.SIGINT, sig_handler)
+signal.signal(signal.SIGQUIT, sig_handler)
+signal.signal(signal.SIGTERM, sig_handler)
+
+
+def svcdaemon(args):
+  """Utility script to run daemons in supervisord"""
+  real_binary = args[0]['real_binary']
+  global pid_file
+  pid_file = args[0]['pid_file']
+  subprocess.check_call(real_binary)
+  print 'Started %r' % real_binary
+  while True:
+    time.sleep(5)
+    pid = get_pid(pid_file)
+    if pid is None:
+      raise ValueError('Pid is none')
+    os.kill(pid, 0)

slapos/recipe/zabbixagent/template/logrotate_entry.in

+%(file_list)s {
+  daily
+  dateext
+  rotate 30
+  compress
+  notifempty
+  sharedscripts
+  create
+  olddir %(olddir)s
+}

slapos/recipe/zabbixagent/template/zabbix_agentd.conf.in

+# This is a config file for Zabbix Agent (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+PidFile=%(pid_file)s
+
+### Option: LogFile
+#	Name of log file.
+#	If not set, syslog is used.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=%(log_file)s
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level
+#	0 - no debug
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#
+# Mandatory: no
+# Range: 0-4
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+SourceIP=%(ip)s
+
+### Option: EnableRemoteCommands
+#	Whether remote commands from Zabbix server are allowed.
+#	0 - not allowed
+#	1 - allowed
+#
+# Mandatory: no
+# Default:
+# EnableRemoteCommands=0
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses (or hostnames) of Zabbix servers.
+#	No spaces allowed. First entry is used for receiving list of and sending active checks.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
+#
+# Mandatory: yes
+# Default:
+# Server=
+Server=%(server)s
+
+### Option: Hostname
+#	Unique, case sensitive hostname.
+#	Required for active checks and must match hostname as configured on the server.
+#	System hostname is used if undefined.
+#
+# Default:
+# Hostname=system.hostname
+Hostname=%(hostname)s
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+ListenPort=%(port)s
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+ListenIP=%(ip)s
+
+### Option: DisablePassive
+#	Disable passive checks. The agent will not listen on any TCP port.
+#	Only active checks will be processed.
+#	0 - do not disable
+#	1 - disable
+#
+# Mandatory: no
+# Default:
+# DisablePassive=0
+
+##### Active checks related
+
+### Option: DisableActive
+#	Disable active checks. The agent will work in passive mode listening for server.
+#
+# Mandatory: no
+# Default:
+# DisableActive=0
+
+### Option: ServerPort
+#	Server port for retrieving list of and sending active checks.
+#
+# Mandatory: no
+# Default:
+# ServerPort=10051
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=100
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#       will try to switch to user 'zabbix' instead. Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+############ ADVANCED PARAMETERS #################
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartAgents=3
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/etc/zabbix/zabbix_agentd.userparams.conf
+# Include=/etc/zabbix/zabbix_agentd/
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	Note that shell command must not return empty string or EOL only.
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=

software/cloudooo/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+
+# cloudooo specific configuration
+ooo_binary_path = ${libreoffice-bin:location}/program
+ooo_paster = ${buildout:bin-directory}/cloudooo_paster
+ooo_uno_path = ${libreoffice-bin:location}/basis-link/program
+
+link_binary_list =
+  ${xpdf:location}/bin/pdfinfo
+  ${xpdf:location}/bin/pdftotext
+  ${ffmpeg:location}/bin/ffmpeg
+  ${ffmpeg:location}/bin/ffprobe
+  ${imagemagick:location}/bin/convert
+  ${imagemagick:location}/bin/identify
+  ${pdftk:location}/bin/pdftk
+
+environment =
+  LD_LIBRARY_PATH = ${file:location}/lib:${zlib:location}/lib:${freetype:location}/lib:${libXext:location}/lib:${libXau:location}/lib:${libX11:location}/lib:${libXdmcp:location}/lib:${libxcb:location}/lib

software/cloudooo/software.cfg

+[buildout]
+extensions =
+  slapos.rebootstrap
+  slapos.zcbworkarounds
+  mr.developer
+
+find-links =
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+    http://dist.repoze.org
+    http://www.nexedi.org/static/packages/source/
+
+extends =
+  ../../stack/cloudooo.cfg
+
+versions = versions
+
+parts +=
+# Create instance template
+  template
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[instance-recipe]
+# Note: In case if specific instantiation recipe is used this is the place to
+# put its name
+egg = slapos.cookbook
+module = cloudooo
+
+[template]
+# Default template for erp5 instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 45d8de2ca15f126506ad5c08357c5a26
+output = ${buildout:directory}/template.cfg
+mode = 0644

software/erp5/instance.cfg

@@ -30,6 +30,7 @@ runzeo_binary = ${buildout:bin-directory}/runzeo
 runzope_binary = ${buildout:bin-directory}/runzope
 tidstorage_repozo_binary = ${buildout:bin-directory}/tidstorage_repozo
 tidstoraged_binary = ${buildout:bin-directory}/tidstoraged
+xtrabackup_binary = ${xtrabackup:location}/bin/xtrabackup_51
 zabbix_agent_binary = ${zabbix-agent:location}/sbin/zabbix_agent
 
 # cloudooo specific configuration
@@ -48,15 +49,16 @@ link_binary_list =
   ${graphviz:location}/bin/dot
   ${grep:location}/bin/grep
   ${imagemagick:location}/bin/convert
+  ${imagemagick:location}/bin/identify
   ${mariadb:location}/bin/mysql
   ${mariadb:location}/bin/mysqldump
   ${pdftk:location}/bin/pdftk
   ${sed:location}/bin/sed
   ${tesseract:location}/bin/tesseract
   ${w3m:location}/bin/w3m
-  ${xpdf:location}/bin/pdfinfo
-  ${xpdf:location}/bin/pdftotext
-  ${xtrabackup:location}/bin/xtrabackup_51
+  ${poppler:location}/bin/pdfinfo
+  ${poppler:location}/bin/pdftotext
+  ${poppler:location}/bin/pdftohtml
 
 # XXX: products won't be needed as soon as all ERP5 (and products-deps)
 # products will be eggified so then it will be possible to use them thanks to

software/erp5/software.cfg

 [buildout]
-extensions =
-  slapos.rebootstrap
-  slapos.tool.networkcache
-  slapos.zcbworkarounds
-  mr.developer
-
-find-links =
-    http://www.nexedi.org/static/packages/source/slapos.buildout/
-    http://dist.repoze.org
-    http://www.nexedi.org/static/packages/source/
-
 extends =
   ../../stack/erp5.cfg
 
@@ -34,7 +23,7 @@ module = erp5
 # Default template for erp5 instance.
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 1b29b27aedcc7fa5f30f1053e8eab13f
+md5sum = 292646776e6b7b9decf4291886a66603
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
@@ -63,7 +52,7 @@ location = ${buildout:parts-directory}/${:_buildout_section_name_}
 stop-on-error = true
 repository = http://git.erp5.org/repos/erp5.git
 branch = master
-command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && cd ${:location} && ${git:location}/bin/git reset --quiet --hard 0eba9830dae07dbf5319f218989b79ddd5eb11b1
+command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && cd ${:location} && ${git:location}/bin/git reset --quiet --hard 870235a672541b87c53e96bff7ee07d41f6d7e1f
 update-command =
 
 [versions]
@@ -80,11 +69,306 @@ Products.DCWorkflowGraph = 0.4nxd001
 Products.ExternalEditor = 1.1.0
 Products.GenericSetup = 1.6.3
 Products.MimetypesRegistry = 2.0.2
-Products.PluggableAuthService = 1.7.4
+Products.PluggableAuthService = 1.7.5
+Products.PluginRegistry = 1.3b1
+Products.TIDStorage = 5.4.7.dev-r45842
+Products.Zelenium = 1.0.3
+StructuredText = 2.11.1
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+cElementTree = 1.0.5-20051216
+chardet = 1.0.1
+cloudooo = 1.2.3
+cloudooo.handler.ffmpeg = 0.1
+cloudooo.handler.imagemagick = 0.1
+cloudooo.handler.ooo = 0.2
+cloudooo.handler.pdf = 0.1
+csp-eventlet = 0.6.0
+elementtree = 1.2.7-20070827-preview
+erp5.conflictresolver = 0.3
+erp5.recipe.cmmiforcei686 = 0.1.1
+erp5diff = 0.8.1.3
+eventlet = 0.9.16
+feedparser = 5.0.1
+five.localsitemanager = 2.0.5
+greenlet = 0.3.1
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+ipdb = 0.4
+meld3 = 0.6.7
+mr.developer = 1.17
+ordereddict = 1.1
+paramiko = 1.7.7.1
+plone.recipe.command = 1.1
+ply = 3.4
+psutil = 0.2.1
+pycrypto = 2.3
+python-ldap = 2.4.0
+python-memcached = 1.45
+restkit = 3.2.3
+rtjp-eventlet = 0.3.2
+slapos.cookbook = 0.6
+slapos.recipe.template = 1.1
+threadframe = 0.2
+timerserver = 2.0.2
+urlnorm = 1.1.2
+uuid = 1.30
+validictory = 0.7.1
+xupdate-processor = 0.4
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# PasteScript==1.7.3
+# cloudooo==1.2.3
+PasteDeploy = 1.5.0
+
+# Required by:
+# cloudooo==1.2.3
+WSGIUtils = 0.7
+
+# Required by:
+# cloudooo==1.2.3
+# slapos.core==0.2
+argparse = 1.1
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# SOAPpy==0.12.0nxd001
+fpconst = 0.7.2
+
+# Required by:
+# ipdb==0.4
+ipython = 0.10.2
+
+# Required by:
+# slapos.cookbook==0.6
+# slapos.core==0.2
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.4
+
+# Required by:
+# cloudooo==1.2.3
+python-magic = 0.4.0.1
+
+# Required by:
+# Products.CMFActionIcons==2.1.3
+# Products.CMFCalendar==2.2.2
+# Products.CMFCore==2.2.4
+# Products.CMFDefault==2.2.2
+# Products.CMFTopic==2.2.1
+# Products.CMFUid==2.2.1
+# Products.DCWorkflow==2.2.3nxd002
+# Products.DCWorkflowGraph==0.4nxd001
+# Products.ExternalEditor==1.1.0
+# Products.GenericSetup==1.6.3
+# Products.MimetypesRegistry==2.0.2
+# Products.PluggableAuthService==1.7.5
+# Products.PluginRegistry==1.3b1
+# Products.TIDStorage==5.4.7.dev-r45842
+# Products.Zelenium==1.0.3
+# Zope2==2.12.18
+# five.localsitemanager==2.0.5
+# mr.developer==1.17
+# python-ldap==2.4.0
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zope.deprecation==3.4.0
+# zope.structuredtext==3.4.0
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.6
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.6
+xml-marshaller = 0.9.7
+
+# Added by Buildout Versions at 2011-06-14 13:55:26.560505
+slapos.cookbook = 0.7
+
+# Required by:
+# slapos.cookbook==0.7
+slapos.core = 0.3
+
+# Required by:
+# slapos.cookbook==0.7
+xml-marshaller = 0.9.7
+
+# Added by Buildout Versions at 2011-06-14 13:58:43.674882
+MySQL-python = 1.2.3
+Paste = 1.7.5.1
+PasteScript = 1.7.3
+Products.CMFActionIcons = 2.1.3
+Products.CMFCalendar = 2.2.2
+Products.CMFCore = 2.2.4
+Products.CMFDefault = 2.2.2
+Products.CMFTopic = 2.2.1
+Products.CMFUid = 2.2.1
+Products.DCWorkflowGraph = 0.4nxd001
+Products.ExternalEditor = 1.1.0
+Products.GenericSetup = 1.6.3
+Products.MimetypesRegistry = 2.0.2
+Products.PluggableAuthService = 1.7.5
+Products.PluginRegistry = 1.3b1
+Products.TIDStorage = 5.4.7.dev-r45842
+Products.Zelenium = 1.0.3
+StructuredText = 2.11.1
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+cElementTree = 1.0.5-20051216
+chardet = 1.0.1
+cloudooo = 1.2.3
+cloudooo.handler.ffmpeg = 0.1
+cloudooo.handler.imagemagick = 0.1
+cloudooo.handler.ooo = 0.2
+cloudooo.handler.pdf = 0.1
+csp-eventlet = 0.6.0
+elementtree = 1.2.7-20070827-preview
+erp5.conflictresolver = 0.3
+erp5.recipe.cmmiforcei686 = 0.1.1
+erp5diff = 0.8.1.3
+eventlet = 0.9.16
+feedparser = 5.0.1
+five.localsitemanager = 2.0.5
+greenlet = 0.3.1
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+ipdb = 0.4
+meld3 = 0.6.7
+mr.developer = 1.17
+ordereddict = 1.1
+paramiko = 1.7.7.1
+plone.recipe.command = 1.1
+ply = 3.4
+psutil = 0.2.1
+pycrypto = 2.3
+python-ldap = 2.4.0
+python-memcached = 1.45
+restkit = 3.2.3
+rtjp-eventlet = 0.3.2
+slapos.cookbook = 0.7
+slapos.recipe.template = 1.1
+threadframe = 0.2
+timerserver = 2.0.2
+urlnorm = 1.1.2
+uuid = 1.30
+validictory = 0.7.1
+xupdate-processor = 0.4
+
+# Required by:
+# slapos.core==0.3
+Flask = 0.6.1
+
+# Required by:
+# PasteScript==1.7.3
+# cloudooo==1.2.3
+PasteDeploy = 1.5.0
+
+# Required by:
+# cloudooo==1.2.3
+WSGIUtils = 0.7
+
+# Required by:
+# cloudooo==1.2.3
+# slapos.core==0.3
+argparse = 1.1
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# SOAPpy==0.12.0nxd001
+fpconst = 0.7.2
+
+# Required by:
+# ipdb==0.4
+ipython = 0.10.2
+
+# Required by:
+# slapos.cookbook==0.7
+# slapos.core==0.3
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.3
+netifaces = 0.4
+
+# Required by:
+# cloudooo==1.2.3
+python-magic = 0.4.0.1
+
+# Required by:
+# Products.CMFActionIcons==2.1.3
+# Products.CMFCalendar==2.2.2
+# Products.CMFCore==2.2.4
+# Products.CMFDefault==2.2.2
+# Products.CMFTopic==2.2.1
+# Products.CMFUid==2.2.1
+# Products.DCWorkflow==2.2.3nxd002
+# Products.DCWorkflowGraph==0.4nxd001
+# Products.ExternalEditor==1.1.0
+# Products.GenericSetup==1.6.3
+# Products.MimetypesRegistry==2.0.2
+# Products.PluggableAuthService==1.7.5
+# Products.PluginRegistry==1.3b1
+# Products.TIDStorage==5.4.7.dev-r45842
+# Products.Zelenium==1.0.3
+# Zope2==2.12.18
+# five.localsitemanager==2.0.5
+# mr.developer==1.17
+# python-ldap==2.4.0
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zope.deprecation==3.4.0
+# zope.structuredtext==3.4.0
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.7
+slapos.core = 0.3
+
+# Required by:
+# slapos.core==0.3
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.7
+xml-marshaller = 0.9.7
+
+# Added by Buildout Versions at 2011-06-14 14:01:48.220731
+MySQL-python = 1.2.3
+Paste = 1.7.5.1
+PasteScript = 1.7.3
+Products.CMFActionIcons = 2.1.3
+Products.CMFCalendar = 2.2.2
+Products.CMFCore = 2.2.4
+Products.CMFDefault = 2.2.2
+Products.CMFTopic = 2.2.1
+Products.CMFUid = 2.2.1
+Products.DCWorkflowGraph = 0.4nxd001
+Products.ExternalEditor = 1.1.0
+Products.GenericSetup = 1.6.3
+Products.MimetypesRegistry = 2.0.2
+Products.PluggableAuthService = 1.7.5
 Products.PluginRegistry = 1.3b1
 Products.TIDStorage = 5.4.7.dev-r45842
 Products.Zelenium = 1.0.3
 StructuredText = 2.11.1
+Werkzeug = 0.6.2
+buildout-versions = 1.6
 cElementTree = 1.0.5-20051216
 chardet = 1.0.1
 cloudooo = 1.2.3
@@ -97,13 +381,14 @@ elementtree = 1.2.7-20070827-preview
 erp5.conflictresolver = 0.3
 erp5.recipe.cmmiforcei686 = 0.1.1
 erp5diff = 0.8.1.3
-eventlet = 0.9.15
+eventlet = 0.9.16
 feedparser = 5.0.1
 five.localsitemanager = 2.0.5
 greenlet = 0.3.1
 hexagonit.recipe.cmmi = 1.5.0
 hexagonit.recipe.download = 1.5.0
-ipdb = 0.3
+ipdb = 0.4
+meld3 = 0.6.7
 mr.developer = 1.17
 ordereddict = 1.1
 paramiko = 1.7.7.1
@@ -111,17 +396,23 @@ plone.recipe.command = 1.1
 ply = 3.4
 psutil = 0.2.1
 pycrypto = 2.3
-python-ldap = 2.3.13
-python-memcached = 1.47
+python-ldap = 2.4.0
+python-memcached = 1.45
 restkit = 3.2.3
 rtjp-eventlet = 0.3.2
-slapos.cookbook = 0.1
+slapos.cookbook = 0.7
+slapos.recipe.template = 1.1
 threadframe = 0.2
 timerserver = 2.0.2
 urlnorm = 1.1.2
 uuid = 1.30
+validictory = 0.7.1
 xupdate-processor = 0.4
 
+# Required by:
+# slapos.core==0.3
+Flask = 0.6.1
+
 # Required by:
 # PasteScript==1.7.3
 # cloudooo==1.2.3
@@ -133,10 +424,11 @@ WSGIUtils = 0.7
 
 # Required by:
 # cloudooo==1.2.3
-argparse = 1.2.1
+# slapos.core==0.3
+argparse = 1.1
 
 # Required by:
-# slapos.cookbook==0.1
+# slapos.recipe.template==1.1
 collective.recipe.template = 1.8
 
 # Required by:
@@ -144,13 +436,18 @@ collective.recipe.template = 1.8
 fpconst = 0.7.2
 
 # Required by:
-# ipdb==0.3
+# ipdb==0.4
 ipython = 0.10.2
 
 # Required by:
-# slapos.cookbook==0.1
+# slapos.cookbook==0.7
+# slapos.core==0.3
 netaddr = 0.7.5
 
+# Required by:
+# slapos.core==0.3
+netifaces = 0.4
+
 # Required by:
 # cloudooo==1.2.3
 python-magic = 0.4.0.1
@@ -167,23 +464,27 @@ python-magic = 0.4.0.1
 # Products.ExternalEditor==1.1.0
 # Products.GenericSetup==1.6.3
 # Products.MimetypesRegistry==2.0.2
-# Products.PluggableAuthService==1.7.4
+# Products.PluggableAuthService==1.7.5
 # Products.PluginRegistry==1.3b1
 # Products.TIDStorage==5.4.7.dev-r45842
 # Products.Zelenium==1.0.3
 # Zope2==2.12.18
 # five.localsitemanager==2.0.5
 # mr.developer==1.17
-# python-ldap==2.3.13
+# python-ldap==2.4.0
 # zc.buildout==1.5.3-dev-SlapOS-001
 # zope.deprecation==3.4.0
 # zope.structuredtext==3.4.0
-setuptools = 0.6c12dev-r88795
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.7
+slapos.core = 0.3
 
 # Required by:
-# slapos.cookbook==0.1
-slapos.slap = 1.2.dev-r4679
+# slapos.core==0.3
+supervisor = 3.0a10
 
 # Required by:
-# slapos.cookbook==0.1
+# slapos.cookbook==0.7
 xml-marshaller = 0.9.7

software/erp5testnode/instance.cfg

@@ -6,7 +6,7 @@ eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 
 [testnode]
-recipe = erp5.recipe.testnode
+recipe = slapos.cookbook:erp5testnode
 
 buildbot_binary = ${buildout:bin-directory}/buildbot
 slapgrid_partition_binary = ${buildout:bin-directory}/slapgrid-cp

software/erp5testnode/software.cfg

 [buildout]
 extensions =
   slapos.rebootstrap
-  slapos.tool.networkcache
   slapos.zcbworkarounds
   mr.developer
 
@@ -11,12 +10,13 @@ find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
 
 versions = versions
 rebootstrap-section = python2.6
+
 extends =
-  profile/python-2.6.cfg
-  profile/subversion.cfg
-  profile/git.cfg
-  profile/lxml-python.cfg
-  profile/zip.cfg
+  ../../component/python-2.6/buildout.cfg
+  ../../component/subversion/buildout.cfg
+  ../../component/git/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+  ../../component/zip/buildout.cfg
 
 parts =
   template
@@ -46,12 +46,11 @@ zc.buildout = 1.5.3-dev-SlapOS-001
 recipe = zc.recipe.egg
 eggs =
   ${lxml-python:egg}
-  erp5.recipe.testnode
-  slapos.toolbox
+  slapos.core
+  slapos.cookbook
 
 [template]
 recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/testnode-instance.cfg
-md5sum = 0b44b72c9e21d760f7e27a89e9d10187
+url = ${:_profile_base_location_}/instance.cfg
 output = ${buildout:directory}/template.cfg
 mode = 0644

software/kumofs/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+kumo_gateway_binary = ${kumo:location}/bin/kumo-gateway
+kumo_manager_binary = ${kumo:location}/bin/kumo-manager
+kumo_server_binary = ${kumo:location}/bin/kumo-server
+dcrond_binary = ${dcron:location}/sbin/crond
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/kumofs/software.cfg

+[buildout]
+
+extensions =
+  slapos.zcbworkarounds
+  slapos.rebootstrap
+
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/git/buildout.cfg
+  ../../component/kumo/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts +=
+# Create instance template
+#TODO : list here all parts.
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[instance-recipe]
+egg = slapos.cookbook
+module = kumofs
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 056a4af7128fd9e31da42c85cc039420
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.4
+
+erp5.recipe.cmmiforcei686 = 0.1.1
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by slapos.cookbook==0.4
+slapos.core = 0.2
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

software/mariadb/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+dcrond_binary = ${dcron:location}/sbin/crond
+innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+mysql_binary = ${mariadb:location}/bin/mysql
+mysql_install_binary = ${mariadb:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mariadb:location}/bin/mysql_upgrade
+mysqld_binary = ${mariadb:location}/libexec/mysqld
+openssl_binary = ${openssl:location}/bin/openssl
+perl_binary = ${perl:location}/bin/perl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/mariadb/software.cfg

+[buildout]
+
+extensions =
+  slapos.zcbworkarounds
+  slapos.rebootstrap
+
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/mariadb/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/perl/buildout.cfg
+  ../../component/xtrabackup/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts +=
+# Create instance template
+#TODO : list here all parts.
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[instance-recipe]
+egg = slapos.cookbook
+module = mysql
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 69c32a67c5640d36ee042d2cfc35843d
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.8
+
+# Required by slapos.cookbook==0.7
+slapos.core = 0.3
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

software/memcached/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+dcrond_binary = ${dcron:location}/sbin/crond
+memcached_binary = ${memcached:location}/bin/memcached
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/memcached/software.cfg

+[buildout]
+
+extensions =
+  slapos.zcbworkarounds
+  slapos.rebootstrap
+
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/memcached/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts =
+# Create instance template
+#TODO : list here all parts.
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[instance-recipe]
+egg = slapos.cookbook
+module = memcached
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 837caf9897332a5f70c72438f1dc5bae
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.4
+
+# Required by slapos.cookbook==0.4
+slapos.core = 0.2
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

software/mysql-5.1/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = ${instance-recipe:egg}:${instance-recipe:module}
+dcrond_binary = ${dcron:location}/sbin/crond
+innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+mysql_binary = ${mysql-5.1:location}/bin/mysql
+mysql_install_binary = ${mysql-5.1:location}/bin/mysql_install_db
+mysql_upgrade_binary = ${mysql-5.1:location}/bin/mysql_upgrade
+mysqld_binary = ${mysql-5.1:location}/libexec/mysqld
+openssl_binary = ${openssl:location}/bin/openssl
+perl_binary = ${perl:location}/bin/perl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+stunnel_binary = ${stunnel:location}/bin/stunnel

software/mysql-5.1/software.cfg

+[buildout]
+
+extensions =
+  slapos.zcbworkarounds
+  slapos.rebootstrap
+
+find-links +=
+    http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+extends =
+  ../../component/mysql-5.1/buildout.cfg
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/stunnel/buildout.cfg
+  ../../component/python-2.7/buildout.cfg
+  ../../component/perl/buildout.cfg
+  ../../component/xtrabackup/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
+versions = versions
+
+parts +=
+#TODO : list here all parts.
+# Create instance template
+  template
+  libxslt
+  eggs
+  instance-recipe-egg
+  rdiff-backup
+
+# XXX: Workaround of SlapOS limitation
+# Unzippig of eggs is required, as SlapOS do not yet provide nicely working
+# development / fast switching environment for whole software
+unzip = true
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[instance-recipe]
+egg = slapos.cookbook
+module = mysql
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.7
+eggs = ${instance-recipe:egg}
+
+[eggs]
+recipe = zc.recipe.egg
+python = python2.7
+eggs =
+  ${lxml-python:egg}
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 2764597a6e4fe243cdf6e37b6535e767
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+slapos.cookbook = 0.8
+
+# Required by slapos.cookbook==0.7
+slapos.core = 0.3
+collective.recipe.template = 1.8
+netaddr = 0.7.5
+xml-marshaller = 0.9.7
+setuptools = 0.6c12dev-r88795
+
+hexagonit.recipe.cmmi = 1.5.0
+hexagonit.recipe.download = 1.5.0
+plone.recipe.command = 1.1
+
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

software/vifib/software.cfg

+[buildout]
+extends =
+  ../erp5/software.cfg
+
+parts +=
+  vifib
+
+[eggs]
+eggs += slapos.core
+
+[instance-recipe]
+egg = slapos.cookbook
+module = vifib
+
+[vifib]
+# Recipe zerokspot.recipe.git is disabled, as is not possible to change its
+# environment to use localy delivered git.
+# plone.recipe.command can do same job, but it is controllable which binary
+# will be used
+recipe = plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+repository = http://git.erp5.org/repos/slapos.core.git
+command = ${git:location}/bin/git clone --quiet ${:repository} ${:location}
+update-command = cd ${:location} && ${git:location}/bin/git pull --quiet
+
+[products]
+# XXX: Lack of eggification workaround
+# list of products, possible to extend, it is passed in reversed way
+# to allow overriding during extending profile
+list = ${products-deps:location} ${erp5:location}/product ${vifib:location}/master/product

software/zabbix-agent/instance.cfg

+[buildout]
+parts =
+  instance
+
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory}
+
+[instance]
+recipe = slapos.cookbook:zabbixagent
+dcrond_binary = ${dcron:location}/sbin/crond
+logrotate_binary = ${logrotate:location}/usr/sbin/logrotate
+zabbix_agentd_binary = ${zabbix-agent:location}/sbin/zabbix_agentd

software/zabbix-agent/software.cfg

+[buildout]
+extends =
+  ../../component/dcron/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/zabbix/buildout.cfg
+  ../../component/lxml-python/buildout.cfg
+
+find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
+
+versions = versions
+
+parts =
+  eggs
+  template
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+
+[eggs]
+recipe = zc.recipe.egg
+eggs =
+  ${lxml-python:egg}
+  slapos.cookbook
+
+[template]
+# Default template for the instance.
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = 98a680fe8fddce5dcee455e65c228fde
+output = ${buildout:directory}/template.cfg
+mode = 0644
+
+[versions]
+zc.buildout = 1.5.3-dev-SlapOS-001
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:01:36.219846
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.5
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:15:31.979623
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:16:55.921352
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:17:42.100375
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:19:50.709164
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:39:36.870559
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.4
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.4
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.4
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.4
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.4
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+
+# Added by Buildout Versions at 2011-06-13 10:41:41.115948
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+buildout-versions = 1.6
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+slapos.cookbook = 0.5
+slapos.recipe.template = 1.1
+
+# Required by:
+# slapos.core==0.2
+Flask = 0.6.1
+
+# Required by:
+# slapos.cookbook==0.5
+PyXML = 0.8.4
+
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+
+# Required by:
+# slapos.cookbook==0.5
+# slapos.core==0.2
+netaddr = 0.7.3
+
+# Required by:
+# slapos.core==0.2
+netifaces = 0.5
+
+# Required by:
+# slapos.cookbook==0.5
+# slapos.core==0.2
+# zc.buildout==1.5.3-dev-SlapOS-001
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c11
+
+# Required by:
+# slapos.cookbook==0.5
+slapos.core = 0.2
+
+# Required by:
+# slapos.core==0.2
+supervisor = 3.0a10
+
+# Required by:
+# slapos.cookbook==0.5
+xml-marshaller = 0.9.7
+
+# Required by:
+# slapos.cookbook==0.5
+zc.recipe.egg = 1.3.2
+
+# Required by:
+# slapos.core==0.2
+zope.interface = 3.6.3
+

stack/cloudooo.cfg

+[buildout]
+extensions =
+  slapos.tool.rebootstrap
+  slapos.zcbworkarounds
+  mr.developer
+
+find-links = http://www.nexedi.org/static/packages/source/slapos.buildout/
+    http://dist.repoze.org
+    http://www.nexedi.org/static/packages/source/
+
+extends =
+  ../component/libreoffice-bin/buildout.cfg 
+  ../component/lxml-python/buildout.cfg
+  ../component/python-2.6/buildout.cfg
+  ../component/python-2.7/buildout.cfg
+  ../component/xorg/buildout.cfg
+  ../component/fonts/buildout.cfg
+  ../component/xpdf/buildout.cfg
+  ../component/imagemagick/buildout.cfg
+  ../component/pdftk/buildout.cfg
+  ../component/ffmpeg/buildout.cfg
+  ../component/file/buildout.cfg
+
+versions = versions
+
+parts =
+  libreoffice-bin
+
+# basic Xorg
+  libXdmcp
+  libXext
+  libXau
+  libX11
+
+# fonts
+  liberation-fonts
+  ipaex-fonts
+
+# Dependencies
+  imagemagick
+  file
+  xpdf 
+  pdftk
+  ffmpeg
+
+  instance-recipe-egg
+  bootstrap2.6
+  cloudooo
+
+[instance-recipe-egg]
+recipe = zc.recipe.egg
+python = python2.6
+eggs =
+  ${lxml-python:egg}
+# instantiation egg
+  ${instance-recipe:egg}
+
+[bootstrap2.6]
+python = python2.6
+
+[rebootstrap]
+# Default first version of rebootstrapped python
+version = 2
+section = python2.7
+
+[lxml-python]
+python = python2.6
+
+[cloudooo]
+recipe = zc.recipe.egg
+python = python2.6
+eggs =
+  ${lxml-python:egg}
+  cloudooo
+  PasteScript
+scripts =
+  paster=cloudooo_paster
+
+[versions]
+# Use SlapOS patched zc.buildout
+zc.buildout = 1.5.3-dev-SlapOS-001

stack/erp5.cfg

 [buildout]
 extensions =
   slapos.rebootstrap
-  slapos.tool.networkcache
   slapos.zcbworkarounds
   mr.developer
 
@@ -10,6 +9,23 @@ find-links =
     http://dist.repoze.org
     http://www.nexedi.org/static/packages/source/
 
+# Separate from site eggs
+allowed-eggs-from-site-packages =
+include-site-packages = false
+exec-sitecustomize = false
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  peak.telecommunity.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
 extends =
 # Exact version of Zope
   http://svn.zope.org/repos/main/Zope/tags/2.12.18/versions.cfg
@@ -43,7 +59,7 @@ extends =
   ../component/w3-validator/buildout.cfg
   ../component/w3m/buildout.cfg
   ../component/xorg/buildout.cfg
-  ../component/xpdf/buildout.cfg
+  ../component/poppler/buildout.cfg
   ../component/xtrabackup/buildout.cfg
   ../component/zabbix/buildout.cfg
   ../component/sed/buildout.cfg
@@ -64,7 +80,7 @@ parts =
   varnish-2.1
   stunnel
   w3m
-  xpdf
+  poppler
   libpng12
   ghostscript
   mariadb
@@ -105,11 +121,6 @@ parts =
 # get git repositories
   erp5
 
-[products]
-# XXX: ERP5 related products are not defined as python distributions, so it is
-#      required to configure them in declarative manner
-list = ${products-deps:location} ${erp5:location}/product
-
 [bootstrap2.6]
 python = python2.6
 
@@ -118,14 +129,6 @@ python = python2.6
 version = 2
 section = python2.7
 
-[template]
-# Default template for erp5 instance.
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/instance.cfg
-md5sum = 16d09f1964101bbe128a81c7ffcf996e
-output = ${buildout:directory}/template.cfg
-mode = 0644
-
 [itools]
 pkgname = itools-0.50.8
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
@@ -286,6 +289,7 @@ eggs =
   xupdate_processor
   feedparser
   argparse
+  validictory
 
 # Zope 2.12 with patched acquisition
   ZODB3