Update release candidate

component/snappy/buildout.cfg

@@ -6,8 +6,8 @@ parts =
 
 [snappy]
 recipe = slapos.recipe.cmmi
-url = https://github.com/google/snappy/archive/1.1.7.tar.gz
-md5sum = ee9086291c9ae8deb4dac5e0b85bf54a
+url = https://github.com/google/snappy/archive/1.1.8.tar.gz
+md5sum = 70e48cba7fecf289153d009791c9977f
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 configure-command = ${cmake:location}/bin/cmake
 configure-options =

component/tomcat/buildout.cfg

@@ -20,8 +20,8 @@ md5sum = 3dde098fd0b3a08d3f2867e4a95591ba
 recipe = hexagonit.recipe.download
 ignore-existing = true
 strip-top-level-dir = true
-url = http://www-us.apache.org/dist/tomcat/tomcat-7/v7.0.96/bin/apache-tomcat-7.0.96.tar.gz
-md5sum = 0669aa2996b67c61662a5a4f993767b8
+url = http://www-us.apache.org/dist/tomcat/tomcat-7/v7.0.99/bin/apache-tomcat-7.0.99.tar.gz
+md5sum = ab39c15461f2a99493528b4a5819bc56
 
 [tomcat9]
 recipe = hexagonit.recipe.download

component/xorg/buildout.cfg

@@ -563,9 +563,9 @@ url = https://www.x.org/releases/individual/app/xwd-1.0.7.tar.gz
 md5sum = 3ebd74f7a1980305e5e19ec8ff7aa794
 environment =
   PATH=${pkgconfig:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxkbfile:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig
+  PKG_CONFIG_PATH=${xorg-util-macros:location}/share/pkgconfig:${libxkbfile:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libxkbfile:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig
   CPPFLAGS=-I${libXt:location}/include
-  LDFLAGS=-L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib
+  LDFLAGS=-L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib -L${libxkbfile:location}/lib -Wl,-rpath=${libxkbfile:location}/lib
 
 [xserver]
 # Adds Xvfb functionnality

software/backupserver/test/README.md

+Tests for backupserver software release

software/backupserver/test/setup.py

+##############################################################################
+#
+# Copyright (c) 2019 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from setuptools import setup, find_packages
+
+version = '0.0.1.dev0'
+name = 'slapos.test.backupserver'
+long_description = open("README.md").read()
+
+setup(name=name,
+      version=version,
+      description="Test for SlapOS' backupserver",
+      long_description=long_description,
+      long_description_content_type='text/markdown',
+      maintainer="Nexedi",
+      maintainer_email="info@nexedi.com",
+      url="https://lab.nexedi.com/nexedi/slapos",
+      packages=find_packages(),
+      install_requires=[
+        'slapos.core',
+        'slapos.libnetworkcache',
+        'erp5.util',
+        'requests',
+        ],
+      zip_safe=True,
+      test_suite='test',
+    )

software/backupserver/test/test.py

+##############################################################################
+#
+# Copyright (c) 2019 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+
+import httplib
+import json
+import os
+import requests
+
+from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
+
+setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass(
+    os.path.abspath(
+        os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
+
+
+class TestBackupServer(InstanceTestCase):
+
+  def test(self):
+    parameter_dict = self.computer_partition.getConnectionParameterDict()
+
+    # Check that there is a RSS feed
+    self.assertTrue('rss' in parameter_dict)
+    self.assertTrue(parameter_dict['rss'].startswith(
+      'https://[%s]:9443/' % (self._ipv6_address, )
+    ))
+
+    result = requests.get(
+      parameter_dict['rss'], verify=False, allow_redirects=False)
+
+    # XXX crontab not triggered yet
+    self.assertEqual(
+      [httplib.NOT_FOUND, False],
+      [result.status_code, result.is_redirect]
+    )
+
+    # Check monitor
+    self.assertTrue('monitor-base-url' in parameter_dict)
+    self.assertTrue('monitor-setup-url' in parameter_dict)
+
+    result = requests.get(
+      parameter_dict['monitor-base-url'], verify=False, allow_redirects=False)
+    self.assertEqual(
+      [httplib.UNAUTHORIZED, False],
+      [result.status_code, result.is_redirect]
+    )

software/htmlvalidatorserver/test/README.md

+Tests for htmlvalidator software release

software/htmlvalidatorserver/test/setup.py

+##############################################################################
+#
+# Copyright (c) 2019 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from setuptools import setup, find_packages
+
+version = '0.0.1.dev0'
+name = 'slapos.test.htmlvalidatorserver'
+long_description = open("README.md").read()
+
+setup(name=name,
+      version=version,
+      description="Test for SlapOS' htmlvalidatorserver",
+      long_description=long_description,
+      long_description_content_type='text/markdown',
+      maintainer="Nexedi",
+      maintainer_email="info@nexedi.com",
+      url="https://lab.nexedi.com/nexedi/slapos",
+      packages=find_packages(),
+      install_requires=[
+        'slapos.core',
+        'slapos.libnetworkcache',
+        'erp5.util',
+        'requests',
+        ],
+      zip_safe=True,
+      test_suite='test',
+    )

software/htmlvalidatorserver/test/test.py

+##############################################################################
+#
+# Copyright (c) 2019 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+
+import httplib
+import json
+import os
+import requests
+
+from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
+
+setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass(
+    os.path.abspath(
+        os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
+
+
+class TestHtmlValidatorServer(InstanceTestCase):
+
+  def test(self):
+    parameter_dict = self.computer_partition.getConnectionParameterDict()
+
+    # Check that there is a RSS feed
+    self.assertTrue('vnu-url' in parameter_dict)
+    self.assertEqual(
+      'https://[%s]:8899/' % (self._ipv6_address, ),
+      parameter_dict['vnu-url']
+    )
+
+    result = requests.get(
+      parameter_dict['vnu-url'], verify=False, allow_redirects=False)
+
+    self.assertEqual(
+      [httplib.OK, False, 'Apache-Coyote/1.1'],
+      [result.status_code, result.is_redirect, result.headers['Server']]
+    )
+
+    # Check monitor
+    self.assertTrue('monitor-base-url' in parameter_dict)
+    self.assertTrue('monitor-setup-url' in parameter_dict)
+
+    result = requests.get(
+      parameter_dict['monitor-base-url'], verify=False, allow_redirects=False)
+    self.assertEqual(
+      [httplib.UNAUTHORIZED, False],
+      [result.status_code, result.is_redirect]
+    )

software/jstestnode/buildout.hash.cfg

@@ -27,4 +27,4 @@ md5sum = 9f22db89a2679534aa8fd37dbca86782
 
 [template-runTestSuite]
 filename = runTestSuite.in
-md5sum = b44268d46a41042a879f47babb66c922
+md5sum = 5cac160fd6f14cd69cc8d63f87cc9726

software/jstestnode/runTestSuite.in

@@ -92,7 +92,7 @@ def main():
         firefox_capabilities['marionette'] = True
         browser = webdriver.Firefox(
             capabilities=firefox_capabilities,
-            firefox_binary='${firefox-wrapper:location}',
+            firefox_binary='${firefox-wrapper-68:location}',
             executable_path='${geckodriver:location}')
       else:
         assert target == 'selenium-server', "Unsupported target {}".format(test_runner['target'])

software/jstestnode/software.cfg

@@ -18,7 +18,7 @@ parts =
   git
   eggs
   xserver
-  firefox
+  firefox-68
   xwd
   renderjs-install
   jio-install

software/seleniumserver/buildout.hash.cfg

@@ -19,4 +19,4 @@ md5sum = c4ac5de141ae6a64848309af03e51d88
 
 [template-selenium]
 filename = instance-selenium.cfg.in
-md5sum = 4f557a7b3aa9b4df1ca1fa6a754ca657
+md5sum = 1f0b67d2a542e94380c35afc9cd1946b

software/seleniumserver/instance-selenium.cfg.in

@@ -184,18 +184,23 @@ extra-args=-t dsa
 <=ssh-keygen-base
 extra-args=-t ecdsa -b 521
 
-[ssh-key-fingerprint-command]
-recipe = plone.recipe.command
-# recent openssh client display ECDSA key's fingerprint as SHA256
-command = ${openssh-output:keygen} -lf $${ssh-host-ecdsa-key:output}
-
-[ssh-key-fingerprint]
+[ssh-key-fingerprint-shelloutput]
 recipe = collective.recipe.shelloutput
-# XXX because collective.recipe.shelloutput ignore errors, we run the same
-# command in a plone.recipe.command so that if fails if something goes wrong.
+# recent openssh client display ECDSA key's fingerprint as SHA256
 commands =
-  fingerprint = $${ssh-key-fingerprint-command:command}
+  fingerprint = ${openssh-output:keygen} -lf $${ssh-host-ecdsa-key:output}
 
+[ssh-key-fingerprint]
+recipe = plone.recipe.command
+stop-on-error = true
+# XXX because collective.recipe.shelloutput ignore errors and capture output
+# "Error ...", we use a plone.recipe.command to check that this command did
+# not fail.
+# This command will always fail on first buildout run, because
+# collective.recipe.shelloutput is evaluated at buildout recipes __init__ step,
+# but the key file is created later at install step.
+command = echo "$${:fingerprint}" | ( grep ^Error || exit 0 && exit 1 )
+fingerprint = $${ssh-key-fingerprint-shelloutput:fingerprint}
 
 [sshd-config]
 recipe = slapos.recipe.template:jinja2

software/slaprunner/buildout.hash.cfg

@@ -18,7 +18,7 @@ md5sum = 8b78e32b877d591400746ec7fd68ed4c
 
 [template-runner]
 filename = instance-runner.cfg
-md5sum = 87545b1f9f3865c8cb1347edeb340678
+md5sum = 1216494c03752f0a3c1755e190eed3dc
 
 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2
@@ -26,7 +26,7 @@ md5sum = fc22e2d2f03ce58631f157a5b4943e15
 
 [instance-runner-import]
 filename = instance-runner-import.cfg.in
-md5sum = b450c474464a326f3d0b98728460ac97
+md5sum = 918fb2984cb2ed7afba9200167f98a0f
 
 [instance-runner-export]
 filename = instance-runner-export.cfg.in
@@ -50,7 +50,7 @@ md5sum = 525e37ea8b2acf6209869999b15071a6
 
 [template-slapos-cfg]
 filename = template/slapos.cfg.in
-md5sum = da113b3e3e7bac9cc215fede7c4911a5
+md5sum = e6a3ca1604ae5458248135cd6de0f3e6
 
 [template-parameters]
 filename = parameters.xml.in
@@ -82,4 +82,4 @@ md5sum = 75aab99c995ca841f93fc77fc9116c37
 
 [template-buildout-shared-part-list]
 filename = template/buildout-shared-part-list.in
-md5sum = 3203c9ad0b30d3ee39a809a067efff8d
\ No newline at end of file
+md5sum = 3203c9ad0b30d3ee39a809a067efff8d

software/slaprunner/instance-runner-import.cfg.in

@@ -14,12 +14,8 @@ parts +=
   slaprunner-promise
   slaprunner-supervisord-wrapper
   runner-sshd-add-authorized-key
-  runner-sshd-graceful
   runner-sshd-promise
-  runner-sshkeys-authority
-  runner-sshkeys-authority-service
-  runner-sshkeys-sshd
-  runner-sshkeys-sshd-service
+  runner-sshd-service
   runtestsuite
   shellinabox
   shellinabox-service

software/slaprunner/instance-runner.cfg

@@ -15,12 +15,8 @@ common-runner-parts =
   apache-httpd-promise
   slaprunner-supervisord-wrapper
   runner-sshd-add-authorized-key
-  runner-sshd-graceful
   runner-sshd-promise
-  runner-sshkeys-authority
-  runner-sshkeys-authority-service
-  runner-sshkeys-sshd
-  runner-sshkeys-sshd-service
+  runner-sshd-service
   runtestsuite
   symlinks
   shellinabox
@@ -177,9 +173,7 @@ shared_root = $${runnerdirectory:shared-root}
 buildout-shared-part-list-dump = ${template-buildout-shared-part-list:output}
 pidfile-software = $${directory:run}/slapgrid-cp.pid
 pidfile-instance = $${directory:run}/slapgrid-sr.pid
-ssh_client = ${openssh:location}/bin/ssh
-public_key = $${runner-sshd-raw-server:rsa-keyfile}.pub
-private_key = $${runner-sshd-raw-server:rsa-keyfile}
+public_key = $${runner-sshd-ssh-host-rsa-key:output}
 instance-monitor-url = https://[$${:ipv6}]:$${slap-parameter:monitor-httpd-port}
 etc_dir = $${directory:etc}
 log_dir =  $${directory:log}
@@ -256,106 +250,72 @@ ip = $${slap-network-information:global-ipv6}
 recipe = slapos.recipe.template:jinja2
 rendered = $${directory:etc}/runner-sshd.conf
 path_pid = $${directory:run}/runner-sshd.pid
-host_key = $${directory:ssh}/runner_server_key.rsa
 template = inline:
   PidFile $${:path_pid}
   Port $${runner-sshd-port:port}
   ListenAddress $${slap-network-information:global-ipv6}
   Protocol 2
   UsePrivilegeSeparation no
-  HostKey $${:host_key}
+  HostKey $${runner-sshd-ssh-host-rsa-key:output}
+  HostKey $${runner-sshd-ssh-host-ecdsa-key:output}
   PasswordAuthentication no
   PubkeyAuthentication yes
   AuthorizedKeysFile $${buildout:directory}/.ssh/authorized_keys
   ForceCommand cd $${directory:home}; if [ -z "$SSH_ORIGINAL_COMMAND" ]; then HOME=$${directory:home} $${shell-environment:shell} -l; else HOME=$${directory:home} SHELL=$${shell-environment:shell} PATH=$${shell-environment:path} eval "$SSH_ORIGINAL_COMMAND"; fi
   Subsystem sftp ${openssh:location}/libexec/sftp-server
 
-[runner-sshd-raw-server]
+[runner-sshd-service]
 recipe = slapos.cookbook:wrapper
-host = $${slap-network-information:global-ipv6}
-rsa-keyfile = $${runner-sshd-config:host_key}
-home = $${directory:ssh}
 command-line = ${openssh:location}/sbin/sshd -D -e -f $${runner-sshd-config:rendered}
-wrapper-path = $${directory:bin}/runner_raw_sshd
-
-[runner-sshd-authorized-key]
-<= runner-sshd-raw-server
-recipe = slapos.cookbook:dropbear.add_authorized_key
-key = $${slap-parameter:user-authorized-key}
-
-[runner-sshd-server]
-recipe = collective.recipe.template
-log = $${directory:log}/runner-sshd.log
-input = inline:#!/bin/sh
-    exec $${runner-sshd-raw-server:wrapper-path} >> $${:log} 2>&1
-
-output = $${directory:bin}/runner_raw_sshd_log
-mode = 700
-
-[runner-sshd-graceful]
-recipe = slapos.cookbook:wrapper
-command-line = $${directory:bin}/killpidfromfile $${runner-sshd-config:path_pid} SIGHUP
-wrapper-path = $${directory:scripts}/runner-sshd-graceful
-
-[runner-sshkeys-directory]
-recipe = slapos.cookbook:mkdirectory
-requests = $${directory:sshkeys}/runner-requests/
-keys = $${directory:sshkeys}/runner-keys/
-
-[runner-sshkeys-authority]
-recipe = slapos.cookbook:sshkeys_authority
-request-directory = $${runner-sshkeys-directory:requests}
-keys-directory = $${runner-sshkeys-directory:keys}
-wrapper = $${directory:bin}/runner_sshkeys_authority
-keygen-binary = ${openssh:location}/bin/ssh-keygen
-
-[runner-sshkeys-authority-service]
-recipe = slapos.cookbook:wrapper
-command-line = $${runner-sshkeys-authority:wrapper}
-wrapper-path = $${directory:services}/runner-sshkeys-authority
 hash-existing-files = $${buildout:directory}/software_release/buildout.cfg
-
-[runner-sshkeys-sshd]
-<= runner-sshkeys-authority
-recipe = slapos.cookbook:sshkeys_authority.request
-name = sshd
-type = rsa
-executable = $${runner-sshd-server:output}
-public-key = $${runner-sshd-raw-server:rsa-keyfile}.pub
-private-key = $${runner-sshd-raw-server:rsa-keyfile}
-wrapper = $${directory:bin}/runner-sshd
-
-[runner-sshkeys-sshd-service]
-recipe = slapos.cookbook:wrapper
-command-line = $${runner-sshkeys-sshd:wrapper}
 wrapper-path = $${directory:services}/runner-sshd
-hash-existing-files = $${buildout:directory}/software_release/buildout.cfg
 
 [runner-sshd-add-authorized-key]
 recipe = slapos.cookbook:dropbear.add_authorized_key
 home = $${buildout:directory}
 key = $${slap-parameter:user-authorized-key}
 
-[runner-sshkeys-publickey-fingerprint-cmd]
+[runner-sshd-ssh-keygen-base]
 recipe = plone.recipe.command
-command = bash -o pipefail -c "$${runner-sshkeys-authority:keygen-binary} -lf $${runner-sshkeys-sshd:public-key} | cut  -f 2 -d\ | sed 's/+/%2B/g' | sed 's/\//%2F/g' | sed 's/SHA256://'"
+output = $${directory:etc}/$${:_buildout_section_name_}
+command = ${openssh-output:keygen} -f $${:output} -N '' $${:extra-args}
 
-[runner-sshkeys-publickey-fingerprint-shelloutput]
+[runner-sshd-ssh-host-rsa-key]
+<=runner-sshd-ssh-keygen-base
+extra-args=-t rsa
+[runner-sshd-ssh-host-ecdsa-key]
+<=runner-sshd-ssh-keygen-base
+extra-args=-t ecdsa -b 521
+
+[runner-sshd-publickey-fingerprint-shelloutput]
 recipe = collective.recipe.shelloutput
 # XXX because collective.recipe.shelloutput ignore errors, we run the same
 # command in a plone.recipe.command so that if fails if something goes wrong.
 commands =
-  fingerprint = $${runner-sshkeys-publickey-fingerprint-cmd:command}
+  fingerprint = bash -o pipefail -c "${openssh-output:keygen} -lf $${runner-sshd-ssh-host-ecdsa-key:output} | cut  -f 2 -d\ | sed 's/+/%2B/g' | sed 's/\//%2F/g' | sed 's/SHA256://'"
 
-[runner-sshkeys-publickey-fingerprint]
+[runner-sshd-publickey-fingerprint]
 # fingerprint for ssh url, see
 # https://tools.ietf.org/id/draft-salowey-secsh-uri-00.html#connparam
 # https://winscp.net/eng/docs/session_url#hostkey
 
+_fingerprint = $${runner-sshd-publickey-fingerprint-shelloutput:fingerprint}
+
 # format is host-key-alg-fingerprint, but we know that
 # $${runner-sshkeys-sshd:public-key} is rsa so for host-key-alg
 # we just use use rsa.
-fingerprint = ssh-rsa-$${runner-sshkeys-publickey-fingerprint-shelloutput:fingerprint}
+fingerprint = ssh-rsa-$${:_fingerprint}
+
+# XXX because collective.recipe.shelloutput ignore errors and capture output
+# "Error ...", we use a plone.recipe.command to check that this command did
+# not fail.
+# This command will always fail on first buildout run, because
+# collective.recipe.shelloutput is evaluated at buildout recipes __init__ step,
+# but the key file is created later at install step.
+recipe = plone.recipe.command
+stop-on-error = true
+command = echo "$${:_fingerprint}" | ( grep ^Error || exit 0 && exit 1 )
+
 
 #---------------------------
 #--
@@ -640,7 +600,7 @@ backend-url = $${slaprunner:access-url}
 init-user = $${runner-htpasswd:user}
 init-password = $${runner-htpasswd:password}
 ssh-command = ssh $${user-info:pw-name}@$${slap-network-information:global-ipv6} -p $${runner-sshd-port:port}
-ssh-url = ssh://$${user-info:pw-name};fingerprint=$${runner-sshkeys-publickey-fingerprint:fingerprint}@[$${slap-network-information:global-ipv6}]:$${runner-sshd-port:port}
+ssh-url = ssh://$${user-info:pw-name};fingerprint=$${runner-sshd-publickey-fingerprint:fingerprint}@[$${slap-network-information:global-ipv6}]:$${runner-sshd-port:port}
 git-public-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git-public/
 git-private-url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:global_port}/git/
 monitor-base-url = $${monitor-publish-parameters:monitor-base-url}

software/slaprunner/template/slapos.cfg.in

@@ -58,10 +58,8 @@ host = {{ slaprunner['ipv4'] }}
 port = {{ slaprunner['proxy_port'] }}
 database_uri = {{ slaprunner['proxy_database'] }}
 
-[sshkeys_authority]
-ssh_client = {{ slaprunner['ssh_client'] }}
-public_key = {{ slaprunner['public_key'] }}
-private_key = {{ slaprunner['private_key'] }}
-
 [gitclient]
 git = {{ slaprunner['git-binary'] }}
+
+[sshkeys_authority]
+public_key = {{ slaprunner['public_key'] }}

software/slaprunner/test/test.py

@@ -246,7 +246,6 @@ class ServicesTestCase(SlaprunnerTestCase):
     ]
     expected_process_names = [
       'slaprunner-supervisord-{hash}-on-watch',
-      'runner-sshkeys-authority-{hash}-on-watch',
       'runner-sshd-{hash}-on-watch',
       'slaprunner-httpd-{hash}-on-watch',
       'gunicorn-{hash}-on-watch',

stack/erp5/buildout.cfg

@@ -503,6 +503,7 @@ eggs = ${neoppod:eggs}
   feedparser
   validictory
   erp5.util
+  z3c.etestbrowser
   huBarcode
   qrcode
   spyne
@@ -592,6 +593,7 @@ entry-points =
   runwsgi=Products.ERP5.bin.zopewsgi:runwsgi
 scripts =
   apachedex
+  performance_tester_erp5
   repozo
   runwsgi
   runzope
@@ -839,3 +841,23 @@ parso = 0.5.1
 yapf = 0.28.0
 
 typing = 3.7.4.1
+
+# Required by:
+# erp5.util==0.4.65
+z3c.etestbrowser = 3.0.1
+zope.testbrowser = 5.5.1
+
+# Required by:
+# zope.testbrowser==5.5.1
+WSGIProxy2 = 0.4.6
+WebTest = 2.0.33
+beautifulsoup4 = 4.8.2
+
+# Required by:
+# WSGIProxy2==0.4.6
+WebOb = 1.8.5
+soupsieve = 1.9.5
+
+# Required by:
+# soupsieve==1.9.5
+backports.functools-lru-cache = 1.6.1

stack/slapos.cfg

@@ -102,7 +102,7 @@ eggs =
 [versions]
 setuptools = 40.4.3
 # Use SlapOS patched zc.buildout
-zc.buildout = 2.5.2+slapos014
+zc.buildout = 2.7.1+slapos001
 # Use SlapOS patched zc.recipe.egg (zc.recipe.egg 2.x is for Buildout 2)
 zc.recipe.egg = 2.0.3+slapos003
 # Use own version of h.r.download to be able to open .xz and .lz archives
@@ -138,11 +138,11 @@ pytz = 2016.10
 requests = 2.13.0
 six = 1.12.0
 slapos.cookbook = 1.0.123
-slapos.core = 1.5.6
+slapos.core = 1.5.7
 slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
 slapos.libnetworkcache = 0.20
-slapos.rebootstrap = 4.2
+slapos.rebootstrap = 4.3
 slapos.recipe.build = 0.42
 slapos.recipe.cmmi = 0.12
 slapos.toolbox = 0.104