To run tapsplit we use plone.recipe.command with both command and
update-command set to `tapsplit ...`. But tapsplit, when run, currently fully
recreates and reinitializes subtap interfaces, which leads to interfering with
running enb because subtap interfaces, that enb started to use, are removed.
This is not desirable behaviour.

What we need:

1) create subtap interfaces only once and keep them stable
2) until configuration changes which should lead to
   * subtaps recreated, and
   * enb restarted
3) if subtap interfaces disappear for any reason, recreate it

-> Rework tapsplit to keep its promise, that it "brings tap interface into state
   with several children interfaces each covering part of original interface
   address space", without recreating those children on every run and instead
   doing any action only if their state is not what is desired.

In other words those interfaces now are only created when they do not exist
before. Addresses and routes are added only if they are not there before
tapsplit is run, etc.

After the patch the first run of tapsplit to split by 2 looks like

    # ./pythonwitheggs ru/tapsplit slaptap16 2
    slaptap16: split 2401:5180:0:66:a200::/71 by 2
    preserve         2401:5180:0:66:a200::/73
    -> slaptap16-1   2401:5180:0:66:a280::/73
     # ip tuntap add dev slaptap16-1 mode tap user slapuser16
     # ip link set slaptap16-1 up
     # ip addr add 2401:5180:0:66:a280::/73 dev slaptap16-1 noprefixroute
     # ip route add 2401:5180:0:66:a280::1 dev slaptap16-1
     # ip route add 2401:5180:0:66:a280::/73 dev slaptap16-1 via 2401:5180:0:66:a280::1
    -> slaptap16-2   2401:5180:0:66:a300::/73
     # ip tuntap add dev slaptap16-2 mode tap user slapuser16
     # ip link set slaptap16-2 up
     # ip addr add 2401:5180:0:66:a300::/73 dev slaptap16-2 noprefixroute
     # ip route add 2401:5180:0:66:a300::1 dev slaptap16-2
     # ip route add 2401:5180:0:66:a300::/73 dev slaptap16-2 via 2401:5180:0:66:a300::1

The second run with the same arguments looks as

    # ./pythonwitheggs ru/tapsplit slaptap16 2
    slaptap16: split 2401:5180:0:66:a200::/71 by 2
    preserve         2401:5180:0:66:a200::/73
    -> slaptap16-1   2401:5180:0:66:a280::/73
     # slaptap16-1: already exists
     # slaptap16-1: already up
     # slaptap16-1: already has 2401:5180:0:66:a280::/73 addr
     # slaptap16-1: already has 2401:5180:0:66:a280::1 route
     # slaptap16-1: already has 2401:5180:0:66:a280::/73 route
    -> slaptap16-2   2401:5180:0:66:a300::/73
     # slaptap16-2: already exists
     # slaptap16-2: already up
     # slaptap16-2: already has 2401:5180:0:66:a300::/73 addr
     # slaptap16-2: already has 2401:5180:0:66:a300::1 route
     # slaptap16-2: already has 2401:5180:0:66:a300::/73 route

where it could be seen that no actions had been taken.

And if, for example, the user manipulates slaptap16-2 and manually sets it
down, the third run restores it to desired 'UP' state and readds the address
and routes because the kernel removed them when link went down:

    # ip -6 addr show dev slaptap16-2
    157: slaptap16-2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
        inet6 2401:5180:0:66:a300::/73 scope global tentative noprefixroute
           valid_lft forever preferred_lft forever
    # ip -6 route show dev slaptap16-2
    2401:5180:0:66:a300::1 metric 1024 linkdown pref medium
    2401:5180:0:66:a300::/73 via 2401:5180:0:66:a300::1 metric 1024 linkdown pref medium
    # ip link set slaptap16-2 down
    # ip -6 addr show dev slaptap16-2
    # ip -6 route show dev slaptap16-2
    # ./pythonwitheggs ru/tapsplit slaptap16 2
    slaptap16: split 2401:5180:0:66:a200::/71 by 2
    preserve         2401:5180:0:66:a200::/73
    -> slaptap16-1   2401:5180:0:66:a280::/73
     # slaptap16-1: already exists
     # slaptap16-1: already up
     # slaptap16-1: already has 2401:5180:0:66:a280::/73 addr
     # slaptap16-1: already has 2401:5180:0:66:a280::1 route
     # slaptap16-1: already has 2401:5180:0:66:a280::/73 route
    -> slaptap16-2   2401:5180:0:66:a300::/73
     # slaptap16-2: already exists
     # ip link set slaptap16-2 up
     # ip addr add 2401:5180:0:66:a300::/73 dev slaptap16-2 noprefixroute
     # ip route add 2401:5180:0:66:a300::1 dev slaptap16-2
     # ip route add 2401:5180:0:66:a300::/73 dev slaptap16-2 via 2401:5180:0:66:a300::1

The first version of this patch tried to solve the problem by setting
update-command to be noop instead of reworking tapsplit itself. But as Thomas
noted this does not satisfy requirement "3".

Amends 49ce8ef5 (software/ors-amarisoft: Provide dedicated TAP interface for each Radio Unit)

/helped-by @tomo
/cc @jhuge, @lu.xu, @xavier_thompson, @Daetalus

our new nexedi.org currently no longer serve static pages with links,
using absolute links should allow us to have test passing until this is
fixed.

These partition references should be kept short, they are a mechanism
to use a short path for unix sockets, because unix socket paths can not
exceed 108 characters.

When running the test in theia, this was causing errors:

   # [ALERT]    (100453) : config : parsing [/srv/slapgrid/slappart15/srv/runner/instance/slappart7/tmp/inst/with-max-rlimit-nofile6/etc/haproxy.cfg:37] : log : socket path '/srv/slapgrid/slappart15/srv/runner/instance/slappart7/tmp/inst/with-max-rlimit-nofile6/var/run/log.sock' too long (max 97

Currently, due to ensure_ascii=True default of json.dumps, we are
insisting on our JSON schemas to be ascii-only and all other characters
to be represented by \uxxxx escapes. So far this was not problematic as
all our schemas contains only ASCII characters, but upcoming
ors-amarisoft changes want to use e.g. "→" symbol:

    https://lab.nexedi.com/kirr/slapos/blob/b51f5523/software/ors-amarisoft/software.cfg.json#L15

which currently results in failure of json-schema test:

    FAIL: test_ors-amarisoft_software_cfg_json_format (slapos.test.test_json_schema.TestJSONSchemaValidation)
    ...

    First differing element 14:
    '      "title": "\\u2192  eNB/gNB | Radio Unit",'
    '      "title": "→  eNB/gNB | Radio Unit",'

And in general, in 2023 I think there is no reason to insist on our schemas to
be ASCII-only: say if one wants to describe something about "α" parameter. It
would be good to use that α character directly and seeing it in the editor,
instead of using escapes all the time.

As indicated by below stackoverflow answer "JSON spec requires UTF-8 support by
decoders": https://stackoverflow.com/a/594881/9456786 , and indeed checking
JSON specification also confirms that by default JSON decoders shall use UTF-8:

    https://datatracker.ietf.org/doc/html/rfc7159#section-8.1

This way, I think, we can switch to UTF-8 safely.

/reviewed-by @jerome, @lu.xu
/reviewed-on nexedi/slapos!1498

See merge request nexedi/slapos!1499

/reviewed-by @kirr and @jerome
/reviewed-on nexedi/slapos!1494

wendelin.core 2.0.alpha3.post9 supports golang 1.21: with this new
version we can set golang 1.21 as the new default.

/reviewed-by @kirr and @jerome
/reviewed-on nexedi/slapos!1494

Go1.21 already has the fifth minor revision (released 2023-12-05) and
should therefore already be sufficiently stable. Furthermore we need it
to fix a bug in a NEO/go dependency [1].

Please find all details in the official release note:

    https://go.dev/doc/go1.21

It was released on 2023-08-08 [2]. Due to the go promise of compatibility
most software should still compile without any problems.

In golang < 1.21 we needed to patch golang to fix
https://github.com/golang/go/issues/42525. In golang 1.21 we still need
to apply a fix, but can't apply the old patch because the code changed.
In golang > 1.21 this problem is already fixed with https://go-review.googlesource.com/c/go/+/520055.

Because of https://github.com/golang/go/commit/092671423cd95eaa6df93eb29442fef41504d097
'TestUnshareMountNameSpace' fails on golang 1.21 [3]. In golang 1.20 this test
was skipped [4]. To fix this failure the additional patch
'skip-unshare-mount-test.patch' has been added.

---

[1] nexedi/wendelin.core!22 (comment 195769)]
[2] https://go.dev/doc/devel/release
[3] --- FAIL: TestUnshareMountNameSpace (0.18s)
    exec_linux_test.go:243: unshare failed: exit status 2
        unshare: mount /tmp/TestUnshareMountNameSpace2210137852/001 failed: 0x1
[4] === RUN TestUnshareMountNameSpace exec_linux_test.go:333: kernel prohibits unshare in unprivileged process, unless using user namespace — SKIP: TestUnshareMountNameSpace (0.00s)

/reviewed-by @kirr and @jerome
/reviewed-on nexedi/slapos!1494

This version is compatible with gcc 12

using https://github.com/ilevkivskyi/com2ann

drop versions not running on debian 12 and add new versions

This was disabled to "keep compatibility with current font selection
problems", but I don't think we need to care about compatibility for
this. This was anyway causing a problem that system fontconfig will be
used if it's available, so it's better to define things explictly to
prevent falling back to system configuration.

This caused cloudooo to select different fonts, because LibreOffice-bin
comes with some Noto fonts and fontconfig now prefers Noto font

Testing conversion of HTML with font-family:"FontFamily FontVariant"
CSS rule does not really make sense. Remove a few cases for which the
behavior is not stable.

Using RegExp to validate hostnames is a bad practice, and has a lot of reasons to be wrong.
On top of that, the JSON Schema specification allows, since draft 7, to validate hostnames
against an IDN hostname, by using the `idn-hostname` format.

With these changes, IDN are now supported (.рф and .中國 for instance), and long TLD
should not be a problem anymore.

With backported fixes so that old software supports debian 12

In 9636d79c (Nextcloud Upgrade fixes, 2023-12-13) parameter changed:
 - instance.trusted-domain-* parameters are replaced by instance.trusted-domain-list
 - the frontend is part of trusted domain, so with "bypassed" frontends
from slapos proxy the backend appears twice (because the backend URL is
returned as frontend URL)

This actually updates firefox from version 68 to version 115

So that we can see when something changes.

See merge request nexedi/slapos!1486

Use runTestSuite interface to launch tests that request instances
on actual SlapOS cloud.

As described in https://github.com/msgpack/msgpack-python#major-breaking-changes-in-msgpack-10
raw is False by default for unpacker so we receive strings, not bytes

See merge request nexedi/slapos!1490

ZODB4 does not support python3

These must be installed through dependencies, but we explicitly need
scripts from supervisor because this is used by slapos-core tests

on python3 we use lzma directly