Merge branch 'master' into nbd

acf9038a · Łukasz Nowak · e76f29e8 · cfce5320 · acf9038a · acf9038a
Commit acf9038a authored Jul 15, 2011 by Łukasz Nowak
43 changed files
--- a/CHANGES.txt
+++ b/CHANGES.txt
-0.13 (unreleased)
+Changes
-================
+=======
- * No change yet.
+0.17 (unreleased)
+-----------------
+ * No changes yet.
+0.16 (2011-07-15)
+-----------------
+ * Improve Vifib and pure ERP5 instantiation [Rafael Monnerat]
+ * Use configurator for Vifib [Rafael Monnerat]
+0.15 (2011-07-13)
+-----------------
+ * Encrypt connection by default. [Vivien Alger]
+0.14 (2011-07-13)
+-----------------
+ * Provide new way to instantiate kvm. [Cedric de Saint Martin, Vivien Alger]
+0.13 (2011-07-13)
+-----------------
+ * Implement generic execute_wait wrapper, which allows to wait for some files
+   to appear before starting service depending on it. [Łukasz Nowak]
 0.12 (2011-07-11)
-=================
+-----------------
 * Fix slaprunner, phpmyadmin software releases, added
   wordpress software release. [Cedric de Saint Martin]
 0.11 (2011-07-07)
-=================
+-----------------
 * Enable test suite runner for vifib.
 0.10 (2011-07-01)
-=================
+-----------------
 * Add PHPMyAdmin software release used in SlapOS tutorials
   [Cedric de Saint Martin]
 * Add slaprunner software release [Cedric de Saint Martin]
 0.9 (2011-06-24)
-================
+----------------
 * mysql recipe : Changing slapos.recipe.erp5.execute to
   slapos.recipe.librecipe.execute [Cedric de Saint Martin]
 0.8 (2011-06-15)
-================
+----------------
 * Add MySQL and MariaDB standalone software release and recipe
   [Cedric de Saint Martin]
 * Fixed slapos.recipe.erp5testnode instantiation [Sebastien Robin]
 0.7 (2011-06-14)
-================
+----------------
 * Fix slapos.recipe.erp5 package by providing site.zcml in it. [Łukasz Nowak]
 * Improve slapos.recipe.erp5testnode partition instantiation error reporting
   [Sebastien Robin]
 0.6 (2011-06-13)
-================
+----------------
 * Fixed slapos.recipe.erp5 instantiation. [Łukasz Nowak]
 0.5 (2011-06-13)
-================
+----------------
 * Implement zabbix agent instantiation. [Łukasz Nowak]
 * Drop dependency on Zope2. [Łukasz Nowak]
 * Share more in slapos.recipe.librecipe module. [Łukasz Nowak]
 0.4 (2011-06-09)
-================
+----------------
 * Remove reference to slapos.tool.networkcache as it was removed from pypi. [Łukasz Nowak]
 * Add Kumofs standalone software release and recipe [Cedric de Saint Martin]
 * Add Memcached standalone software release and recipe [Cedric de Saint Martin]
 0.3 (2011-06-09)
-================
+----------------
 * Moved out template and build to separate distributions [Łukasz Nowak]
 * Depend on slapos.core instead of depracated slapos.slap [Romain Courteaud]
@@ -69,11 +94,11 @@
 * Allow to control full environment in erp5 module [Łukasz Nowak]
 0.2 (2011-05-30)
-================
+----------------
  * Allow to pass zope_environment in erp5 entry point [Łukasz Nowak]
 0.1 (2011-05-27)
-================
+----------------
  * All slapos.recipe.* became slapos.cookbook:* [Łukasz Nowak]
--- a/README.txt
+++ b/README.txt
 slapos.cookbook
 ===============
+Cookbook of SlapOS recipes.
--- a/component/curl/buildout.cfg
+++ b/component/curl/buildout.cfg
@@ -11,8 +11,8 @@ parts =
 [curl]
 recipe = hexagonit.recipe.cmmi
-url = http://curl.haxx.se/download/curl-7.21.3.tar.bz2
+url = http://curl.haxx.se/download/curl-7.21.7.tar.bz2
-md5sum = 5b57fee22090b5c43a6886fdd35af2ce
+md5sum = 5f6d50c4d4ee38c57fe37e3cff75adbd
 configure-options =
  --disable-static
  --disable-ldap

--- a/component/glib/buildout.cfg
+++ b/component/glib/buildout.cfg
@@ -5,8 +5,8 @@ extends =
 [glib]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnome.org/pub/gnome/sources/glib/2.28/glib-2.28.7.tar.bz2
+url = http://ftp.gnome.org/pub/gnome/sources/glib/2.28/glib-2.28.8.tar.bz2
-md5sum = feda1650c8646ad39c7b01d95b03766b
+md5sum = 789e7520f71c6a4bf08bc683ec764d24
 configure-options =
  --disable-static
  --disable-selinux

--- a/component/gzip/buildout.cfg
+++ b/component/gzip/buildout.cfg
+[buildout]
+parts =
+  gzip
+[gzip]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnu.org/pub/gnu/gzip/gzip-1.4.tar.gz
+md5sum = e381b8506210c794278f5527cba0e765
--- a/component/libpng/buildout.cfg
+++ b/component/libpng/buildout.cfg
@@ -3,7 +3,6 @@ extends =
  ../zlib/buildout.cfg
 parts =
-  libpng12
  libpng
 [libpng-common]
@@ -14,12 +13,7 @@ environment =
  CPPFLAGS =-I${zlib:location}/include
  LDFLAGS =-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
-[libpng12]
-<= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.2.44.tar.bz2
-md5sum = e3ac7879d62ad166a6f0c7441390d12b
 [libpng]
 <= libpng-common
-url = http://download.sourceforge.net/libpng/libpng-1.5.2.tar.bz2
+url = http://download.sourceforge.net/libpng/libpng-1.5.4.tar.bz2
-md5sum = a003b37ed9afb0d9164eb7228421057c
+md5sum = b43afe39237b69859522455b215f9e85
--- a/component/libxslt/buildout.cfg
+++ b/component/libxslt/buildout.cfg
@@ -16,6 +16,8 @@ configure-options =
  --with-libxml-prefix=${libxml2:location}
  --without-crypto
  --without-python
+  --without-debug
+  --without-debugger
 environment =
  PATH=${pkgconfig:location}/bin:%(PATH)s
  CPPFLAGS=-I${zlib:location}/include

--- a/component/logrotate/buildout.cfg
+++ b/component/logrotate/buildout.cfg
@@ -3,10 +3,20 @@ extends =
  ../popt/buildout.cfg
 parts = logrotate
+[logrotate-3.7.9-O_CLOEXEC.optional.patch]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/${:filename}
+download-only = true
+md5sum = 6beac248c978b767d4bccc1b7eebe6bd
+filename = ${:_buildout_section_name_}
 [logrotate]
 recipe = hexagonit.recipe.cmmi
 url = https://fedorahosted.org/releases/l/o/logrotate/logrotate-3.7.9.tar.gz
 md5sum = eeba9dbca62a9210236f4b83195e4ea5
+patch-options = -p1
+patches =
+  ${logrotate-3.7.9-O_CLOEXEC.optional.patch:location}/${logrotate-3.7.9-O_CLOEXEC.optional.patch:filename}
 configure-command = true
 make-options = PREFIX=${buildout:parts-directory}/${:_buildout_section_name_} 
 environment =

--- a/component/logrotate/logrotate-3.7.9-O_CLOEXEC.optional.patch
+++ b/component/logrotate/logrotate-3.7.9-O_CLOEXEC.optional.patch
+diff --git a/config.c b/config.c
+index e6d5d1d..dd004a9 100644
+--- a/config.c
+++ b/config.c
+@@ -519,7 +519,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
+        length arrays -- of course, if we aren't run setuid it doesn't
+        matter much */
+#ifdef O_CLOEXEC
+     fd = open(configFile, O_RDONLY | O_CLOEXEC);
+#else
+    fd = open(configFile, O_RDONLY);
+#endif
+     if (fd < 0) {
+ 	message(MESS_ERROR, "failed to open config file %s: %s\n",
+ 		configFile, strerror(errno));
--- a/component/maatkit/buildout.cfg
+++ b/component/maatkit/buildout.cfg
+[buildout]
+extends =
+  ../perl/buildout.cfg
+  ../perl-DBI/buildout.cfg
+  ../perl-DBD-MySQL/buildout.cfg
+parts =
+  maatkit
+[maatkit]
+recipe = hexagonit.recipe.cmmi
+depends =
+  ${perl:version}
+  ${perl-DBI:version}
+  ${perl-DBD-MySQL:version}
+url = http://maatkit.googlecode.com/files/maatkit-7540.tar.gz
+md5sum = 55457f98500b096a6bf549356d3445fe
+configure-command =
+  ${perl:location}/bin/perl Makefile.PL
--- a/component/mariadb/buildout.cfg
+++ b/component/mariadb/buildout.cfg
@@ -12,9 +12,9 @@ parts =
 [mariadb]
 recipe = hexagonit.recipe.cmmi
-version = 5.2.6
+version = 5.2.7
 url = http://www.percona.com/downloads/MariaDB/mariadb-${:version}/kvm-tarbake-jaunty-x86/mariadb-${:version}.tar.gz
-md5sum = e562aca71ae16b490196f99aa7e64b55
+md5sum = 06b9b102946a3606b38348c0ebf18367
 # compile directory is required to build mysql plugins.
 keep-compile-dir = true
 # configure: how to avoid searching for my.cnf?

--- a/component/noVNC/buildout.cfg
+++ b/component/noVNC/buildout.cfg
+[buildout]
+parts =
+  noVNC
+[noVNC]
+recipe = hexagonit.recipe.download
+url = https://github.com/kanaka/noVNC/tarball/master
+strip-top-level-dir = true
--- a/component/perl-DBD-MySQL/DBD-mysql-4.019.rpathsupport.patch
+++ b/component/perl-DBD-MySQL/DBD-mysql-4.019.rpathsupport.patch
+--- DBD-mysql-4.019.back/Makefile.PL    2011-05-09 03:12:07.000000000 +0200
+++ DBD-mysql-4.019/Makefile.PL 2011-06-22 11:44:06.478371893 +0200
+@@ -358,7 +358,14 @@  
+                      'Data::Dumper' => 0 };
+ }
+-ExtUtils::MakeMaker::WriteMakefile(%o);
+
+my %config;
+if (defined($ENV{'OTHERLDFLAGS'})) {
+    $config{dynamic_lib} = { OTHERLDFLAGS => " $ENV{'OTHERLDFLAGS'} " };
+}
+
+
+ExtUtils::MakeMaker::WriteMakefile(%o, %config);
+ exit 0;
--- a/component/perl-DBD-MySQL/buildout.cfg
+++ b/component/perl-DBD-MySQL/buildout.cfg
+[buildout]
+extends =
+  ../perl/buildout.cfg
+  ../perl-DBI/buildout.cfg
+  ../mysql-tritonn-5.0/buildout.cfg
+  ../zlib/buildout.cfg
+  ../openssl/buildout.cfg
+parts =
+  perl-DBD-MySQL
+[perl-DBD-MySQL-patch]
+recipe = hexagonit.recipe.download
+md5sum = e12e9233f20b0370cfcf5228ea767fbc
+url = ${:_profile_base_location_}/${:filename}
+filename = DBD-mysql-4.019.rpathsupport.patch
+download-only = true
+[perl-DBD-MySQL]
+recipe = hexagonit.recipe.cmmi
+version = 4.019
+depends =
+  ${perl:version}
+  ${perl-DBI:version}
+url = http://search.cpan.org/CPAN/authors/id/C/CA/CAPTTOFU/DBD-mysql-4.019.tar.gz
+md5sum = 566d98ab8ffac9626a31f6f6d455558e
+patches =
+  ${perl-DBD-MySQL-patch:location}/${perl-DBD-MySQL-patch:filename}
+patch-options = -p1
+configure-command =
+  ${perl:location}/bin/perl Makefile.PL --mysql_config=${mysql-tritonn-5.0:location}/bin/mysql_config
+environment =
+  OTHERLDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${mysql-tritonn-5.0:location}/lib/mysql -Wl,-rpath=${openssl:location}/lib
--- a/component/perl-DBI/buildout.cfg
+++ b/component/perl-DBI/buildout.cfg
+[buildout]
+extends =
+  ../perl/buildout.cfg
+parts =
+  perl-DBI
+[perl-DBI]
+recipe = hexagonit.recipe.cmmi
+version = 1.616
+depends =
+  ${perl:version}
+url = http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-1.616.tar.gz
+md5sum = 799313e54a693beb635b47918458f7c4
+configure-command =
+  ${perl:location}/bin/perl Makefile.PL
--- a/component/perl-XML-SAX/buildout.cfg
+++ b/component/perl-XML-SAX/buildout.cfg
@@ -12,7 +12,8 @@ depends =
  ${perl-XML-NamespaceSupport:location}
 url = http://search.cpan.org/CPAN/authors/id/G/GR/GRANTM/XML-SAX-0.96.tar.gz
 md5sum = bdcd4119a62505184e211e9dfaef0ab1
+# say 'y' for 'Do you want XML::SAX to alter ParserDetails.ini? [Y]' question.
 configure-command =
-  ${perl:location}/bin/perl Makefile.PL
+  echo y | ${perl:location}/bin/perl Makefile.PL
 environment =
  PERLLIB=blib/lib
--- a/component/perl/buildout.cfg
+++ b/component/perl/buildout.cfg
@@ -14,9 +14,9 @@ filename = ${:_buildout_section_name_}
 [perl]
 recipe = hexagonit.recipe.cmmi
-version = 5.14.0
+version = 5.14.1
 url = http://www.cpan.org/src/5.0/perl-${:version}.tar.bz2
-md5sum = e7457deea78330c5f8eebb2fd2a45479
+md5sum = 97cd306a2c22929cc141a09568f43bb0
 patch-options = -p1
 patches =
  ${perl-keep-linker-flags-in-ldflags.patch:location}/${perl-keep-linker-flags-in-ldflags.patch:filename}

--- a/component/readline/buildout.cfg
+++ b/component/readline/buildout.cfg
@@ -6,8 +6,8 @@ extends =
 [readline]
 recipe = hexagonit.recipe.cmmi
-url = http://ftp.gnu.org/gnu/readline/readline-6.1.tar.gz
+url = http://ftp.gnu.org/gnu/readline/readline-6.2.tar.gz
-md5sum = fc2f7e714fe792db1ce6ddc4c9fb4ef3
+md5sum = 67948acb2ca081f23359d0256e9a271c
 configure-options =
  --disable-static
  --with-ncurses=${ncurses:location}

--- a/component/slapos/buildout.cfg
+++ b/component/slapos/buildout.cfg
@@ -12,6 +12,15 @@ find-links =
 versions = versions
+allow-hosts =
+  *.googlecode.com
+  *.nexedi.org
+  *.python.org
+  alastairs-place.net
+  code.google.com
+  github.com
+  peak.telecommunity.com
 # separate from system python
 include-site-packages = false
 exec-sitecustomize = false
@@ -38,14 +47,14 @@ lxml = 2.3
 meld3 = 0.6.7
 netaddr = 0.7.5
 setuptools = 0.6c12dev-r88846
-slapos.core = 0.9
+slapos.core = 0.12
 slapos.libnetworkcache = 0.2
 xml-marshaller = 0.9.7
 z3c.recipe.scripts = 1.0.1
 zc.recipe.egg = 1.3.2
 # Required by:
-# slapos.core==0.9
+# slapos.core==0.12
 Flask = 0.7.2
 # Required by:
@@ -53,13 +62,14 @@ Flask = 0.7.2
 hexagonit.recipe.download = 1.5.0
 # Required by:
-# slapos.core==0.9
+# slapos.core==0.12
 netifaces = 0.5
 # Required by:
-# slapos.core==0.9
+# slapos.core==0.12
 supervisor = 3.0a10
 # Required by:
-# slapos.core==0.9
+# slapos.core==0.12
 zope.interface = 3.6.4
--- a/component/sqlite3/buildout.cfg
+++ b/component/sqlite3/buildout.cfg
@@ -5,8 +5,8 @@ parts =
 [sqlite3]
 recipe = hexagonit.recipe.cmmi
-url = http://www.sqlite.org/sqlite-autoconf-3070603.tar.gz
+url = http://www.sqlite.org/sqlite-autoconf-3070701.tar.gz
-md5sum = 7eb41eea5ffa5cbe359a48629084c425
+md5sum = 554026fe7fac47b1cf61c18d5fe43419
 configure-options =
  --disable-static
  --enable-readline

--- a/setup.py
+++ b/setup.py
@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 import glob
 import os
-version = '0.13dev'
+version = '0.17-dev'
 name = 'slapos.cookbook'
 long_description = open("README.txt").read() + "\n" + \
    open("CHANGES.txt").read() + "\n"

--- a/slapos/recipe/erp5/__init__.py
+++ b/slapos/recipe/erp5/__init__.py
@@ -84,6 +84,23 @@ class Recipe(BaseSlapRecipe):
         apache_login=self.installBackendApache(ip=self.getGlobalIPv6Address(),
         port=13000, backend=site_access, key=key, certificate=certificate))
+    connection_dict = dict(site_url=apache_conf['apache_login'])
+    if self.parameter_dict.get("domain_name") is not None:
+      connection_dict["backend_url"] = apache_conf['apache_login']
+      connection_dict["domain_ip"] = self.getGlobalIPv6Address()
+      # XXX Define a fake domain_name for now.
+      frontend_name = self.parameter_dict.get("domain_name")
+      frontend_key, frontend_certificate = \
+             self.requestCertificate(frontend_name)
+      connection_dict["site_url"] = self.installFrontendZopeApache(
+        ip=self.getGlobalIPv6Address(), port=13001, name=frontend_name,
+        frontend_path='/%s' % self.site_id, backend_path='/%s' % self.site_id,
+        backend_url="http://%s" % site_access, key=frontend_key,
+        certificate=frontend_certificate)
    default_bt5_list = []
    if self.parameter_dict.get("flavour", "default") == 'configurator':
      default_bt5_list = self.options.get("configurator_bt5_list", '').split()
@@ -97,13 +114,13 @@ class Recipe(BaseSlapRecipe):
    self.installTestSuiteRunner(ca_conf, mysql_conf, conversion_server_conf,
                           memcached_conf, kumo_conf)
    self.linkBinary()
-    self.setConnectionDict(dict(
+    connection_dict.update(**dict(
-      site_url=apache_conf['apache_login'],
      site_user=user,
      site_password=password,
      memcached_url=memcached_conf['memcached_url'],
      kumo_url=kumo_conf['kumo_address']
    ))
+    self.setConnectionDict(connection_dict)
    return self.path_list
  def installZopeStandalone(self):
@@ -130,14 +147,19 @@ class Recipe(BaseSlapRecipe):
    thread_amount_per_zope = int(self.options.get(
                                'cluster_zope_thread_amount', 1))
-    activity_node_amount = 2
+    activity_node_amount = int(self.options.get(
-    user_node_amount = 2
+                   "cluster_activity_node_amount", 2))
+    user_node_amount = int(self.options.get(
+                   "cluster_user_node_amount", 2))
    ip = self.getLocalIPv4Address()
    storage_dict = self._requestZeoFileStorage('Zeo Server 1', 'main')
    zeo_conf = self.installZeo(ip)
    tidstorage_config = dict(host=ip, port='6001')
+    # XXX How to define good values for this?
    mount_point = '/'
    check_path = '/erp5/account_module'
@@ -328,6 +350,12 @@ class Recipe(BaseSlapRecipe):
    # workaround wrong assumptions of ERP5Type.tests.runUnitTest about
    # directory existence
    unit_test = os.path.join(testinstance, 'unit_test')
+    connection_string_list = []
+    for test_database, test_user, test_password in \
+          mysql_conf['mysql_parallel_test_dict'][-4:]:
+      connection_string_list.append(
+          '%s@%s:%s %s %s' % (test_database, mysql_conf['ip'],
+                            mysql_conf['tcp_port'], test_user, test_password))
    if not os.path.isdir(unit_test):
      os.mkdir(unit_test)
    runUnitTest = zc.buildout.easy_install.scripts([
@@ -341,6 +369,7 @@ class Recipe(BaseSlapRecipe):
          '--erp5_sql_connection_string', '%(mysql_test_database)s@%'
          '(ip)s:%(tcp_port)s %(mysql_test_user)s '
          '%(mysql_test_password)s' % mysql_conf,
+          '--extra_sql_connection_string_list',','.join(connection_string_list),
          '--conversion_server_hostname=%(conversion_server_ip)s' % \
                                                         conversion_server_conf,
          '--conversion_server_port=%(conversion_server_port)s' % \
@@ -881,13 +910,18 @@ class Recipe(BaseSlapRecipe):
    ident = 'frontend_' + name
    apache_conf = self._getApacheConfigurationDict(ident, ip, port)
    apache_conf['server_name'] = name
+    apache_conf['frontend_path'] = frontend_path
    apache_conf['ssl_snippet'] = pkg_resources.resource_string(__name__,
        'template/apache.ssl-snippet.conf.in') % dict(
        login_certificate=certificate, login_key=key)
    rewrite_rule_template = \
        "RewriteRule ^%(path)s($|/.*) %(backend_url)s/VirtualHostBase/https/%(server_name)s:%(port)s%(backend_path)s/VirtualHostRoot/_vh_%(vhname)s$1 [L,P]\n"
-    path = pkg_resources.resource_string(__name__, 'template/apache.zope.conf.path-protected.in') % dict(path='/', access_control_string='none')
+    path = pkg_resources.resource_string(__name__,
+           'template/apache.zope.conf.path-protected.in') % \
+              dict(path='/', access_control_string='none')
    if access_control_string is None:
      path_template = pkg_resources.resource_string(__name__,
        'template/apache.zope.conf.path.in')
@@ -903,8 +937,7 @@ class Recipe(BaseSlapRecipe):
          backend_path=backend_path,
          port=apache_conf['port'],
          vhname=frontend_path.replace('/', ''),
-          server_name=name
+          server_name=name)
-    )
    rewrite_rule = rewrite_rule_template % d
    apache_conf.update(**dict(
      path_enable=path,
@@ -925,7 +958,7 @@ class Recipe(BaseSlapRecipe):
            )
          ]))
    # Note: IPv6 is assumed always
-    return 'https://[%(ip)s]:%(port)s' % apache_conf
+    return 'https://%(server_name)s:%(port)s%(frontend_path)s' % (apache_conf)
  def installBackendApache(self, ip, port, backend, key, certificate,
      suffix='', access_control_string=None):
@@ -953,7 +986,8 @@ class Recipe(BaseSlapRecipe):
  def installMysqlServer(self, ip, port, database='erp5', user='user',
      test_database='test_erp5', test_user='test_user', template_filename=None,
-      parallel_test_database_amount=100, mysql_conf=None):
+      parallel_test_database_amount=100, mysql_conf=None, with_backup=True,
+      with_maatkit=True):
    if mysql_conf is None:
      mysql_conf = {}
    backup_directory = self.createBackupDirectory('mysql')
@@ -1027,6 +1061,7 @@ class Recipe(BaseSlapRecipe):
       )]))
    self.path_list.extend([mysql_conf_path])
+    if with_backup:
      # backup configuration
      backup_directory = self.createBackupDirectory('mysql')
      full_backup = os.path.join(backup_directory, 'full')
@@ -1060,5 +1095,30 @@ class Recipe(BaseSlapRecipe):
      mysql_backup_cron = os.path.join(self.cron_d, 'mysql_backup')
      open(mysql_backup_cron, 'w').write('0 0 * * * ' + backup_controller)
      self.path_list.append(mysql_backup_cron)
+    if with_maatkit:
+      # maatkit installation
+      for mk_script_name in (
+          'mk-variable-advisor',
+          'mk-table-usage',
+          'mk-visual-explain',
+          'mk-config-diff',
+          'mk-deadlock-logger',
+          'mk-error-log',
+          'mk-index-usage',
+          'mk-query-advisor',
+          ):
+        mk_argument_list = [self.options['perl_binary'],
+            self.options['%s_binary' % mk_script_name],
+            '--defaults-file=%s' % mysql_conf_path,
+            '--socket=%s' %mysql_conf['socket'].strip(), '--user=root',
+            ]
+        environment = dict(PATH='%s' % self.bin_directory)
+        mk_exe = zc.buildout.easy_install.scripts([(
+          mk_script_name,'slapos.recipe.librecipe.execute', 'executee')],
+          self.ws, sys.executable, self.bin_directory, arguments=[
+            mk_argument_list, environment])[0]
+        self.path_list.append(mk_exe)
    # The return could be more explicit database, user ...
    return mysql_conf
--- a/slapos/recipe/kumofs/__init__.py
+++ b/slapos/recipe/kumofs/__init__.py
@@ -220,9 +220,10 @@ class Recipe(BaseSlapRecipe):
        self.substituteTemplate(template_filename,
          stunnel_conf))
    wrapper = zc.buildout.easy_install.scripts([('stunnel',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
-      self.wrapper_directory, arguments=[
+      sys.executable, self.wrapper_directory, arguments=[
-        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
      )[0]
    self.path_list.append(wrapper)

--- a/slapos/recipe/kvm/__init__.py
+++ b/slapos/recipe/kvm/__init__.py
@@ -30,113 +30,291 @@ from slapos.recipe.librecipe import BaseSlapRecipe
 import subprocess
 import binascii
 import random
+import zc.buildout
 import pkg_resources
+import ConfigParser
+import hashlib
 class Recipe(BaseSlapRecipe):
  def _install(self):
+    """
+    Set the connection dictionnary for the computer partition and create a list
+    of paths to the different wrappers
+    Parameters : none
+    Returns    : List path_list
+    """
+    self.path_list = []
+    self.requirements, self.ws           = self.egg.working_set()
+    self.cron_d                          = self.installCrond()    
+    self.ca_conf                         = self.installCertificateAuthority()
+    self.key_path, self.certificate_path = self.requestCertificate('noVNC')
+    kvm_conf = self.installKvm(vnc_ip = self.getLocalIPv4Address())
+    vnc_port = 5900 + kvm_conf['vnc_display']
+    noVNC_conf = self.installNoVnc(source_ip   = self.getGlobalIPv6Address(),
+                                   source_port = 6080,
+                                   target_ip   = kvm_conf['vnc_ip'],
+                                   target_port = vnc_port,
+                                   python_path = kvm_conf['python_path'])
+    self.linkBinary()
+    self.computer_partition.setConnectionDict(dict(
+        url = "https://[%s]:%s/vnc.html?host=[%s]&port=%s&encrypt=1" % (noVNC_conf['source_ip'],
+                                                     noVNC_conf['source_port'],
+                                                     noVNC_conf['source_ip'],
+                                                     noVNC_conf['source_port']
+                                                     ), 
+        password = kvm_conf['vnc_passwd']))
+    return self.path_list
+  def installKvm(self, vnc_ip):
+    """
+    Create kvm configuration dictionnary and instanciate a wrapper for kvm and 
+    kvm controller 
+    Parameters : IP the vnc server is listening on
+    Returns    : Dictionnary kvm_conf
+    """
+    kvm_conf = dict(vnc_ip = vnc_ip)
-    #Get the IP list
    connection_found = False
-    ip = self.getGlobalIPv6Address()
+    for tap_interface, dummy in self.parameter_dict['ip_list']:
-    for tap, dummy in self.parameter_dict['ip_list']:
      # Get an ip associated to a tap interface
-      if tap:
+      if tap_interface:
        connection_found = True
    if not connection_found:
      raise NotImplementedError("Do not support ip without tap interface")
+    kvm_conf['tap_interface'] = tap_interface
    # Disk path
-    disk_path = os.path.join(self.data_root_directory, 'virtual.qcow2')
+    kvm_conf['disk_path'] = os.path.join(self.data_root_directory,
-    socket_path = os.path.join(self.var_directory, 'qmp_socket')
+        'virtual.qcow2')
+    kvm_conf['socket_path'] = os.path.join(self.var_directory, 'qmp_socket')
    # XXX Weak password
-    vnc_passwd = binascii.hexlify(os.urandom(4))
+    ##XXX -Vivien: add an option to generate one password for all instances 
+    # and/or to input it yourself
+    kvm_conf['vnc_passwd'] = binascii.hexlify(os.urandom(4))
-    #XXX pid_file path, database_path and xml path
+    #XXX pid_file path, database_path, path to python binary and xml path
-    pid_file_path = os.path.join(self.run_directory, 'pid_file')
+    kvm_conf['pid_file_path'] = os.path.join(self.run_directory, 'pid_file')
-    database_path = os.path.join(self.data_root_directory, 'slapmonitor_database')
+    kvm_conf['database_path'] = os.path.join(self.data_root_directory,
+        'slapmonitor_database')
+    kvm_conf['python_path']   = sys.executable
+    kvm_conf['qemu_path']     = self.options['qemu_path']
    #xml_path = os.path.join(self.var_directory, 'slapreport.xml' )
    # Create disk if needed
-    if not os.path.exists(disk_path):
+    if not os.path.exists(kvm_conf['disk_path']):
      retcode = subprocess.call(["%s create -f qcow2 %s %iG" % (
-          self.options['qemu_img_path'], disk_path,
+          self.options['qemu_img_path'], kvm_conf['disk_path'],
          int(self.options['disk_size']))], shell=True)
      if retcode != 0:
        raise OSError, "Disk creation failed!"
-    # Instanciate KVM
-    kvm_config = {}
    # Options nbd_ip and nbd_port are provided by slapos master
-    kvm_config.update(self.options)
+    kvm_conf['nbd_ip']   = self.parameter_dict['nbd_ip']
-    #raise NotImplementedError("%s" % self.parameter_dict)
+    kvm_conf['nbd_port'] = self.parameter_dict['nbd_port']
-    kvm_config['vnc_ip'] = ip
-    kvm_config['tap_interface'] = tap
-    kvm_config['nbd_ip'] = self.parameter_dict['nbd_ip']
-    kvm_config['nbd_port'] = self.parameter_dict['nbd_port']
-    #XXX
-    kvm_config['pid_file'] = pid_file_path 
-    kvm_config['image'] = disk_path
    # First octet has to represent a locally administered address
    octet_list         = [254] + [random.randint(0x00, 0xff) for x in range(5)]
-    kvm_config['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
+    kvm_conf['mac_address'] = ':'.join(['%02x' % x for x in octet_list])
-    kvm_config['qmp_socket'] = socket_path
-    kvm_config['hostname'] = "slaposkvm"
-    kvm_wrapper_template_location = pkg_resources.resource_filename(
+    kvm_conf['hostname']    = "slaposkvm"
+    kvm_conf['smp_count']   = self.options['smp_count']
+    kvm_conf['ram_size']    = self.options['ram_size']
+    kvm_conf['vnc_display'] = 1
+    # Instanciate KVM
+    kvm_template_location = pkg_resources.resource_filename(          
                                             __name__, os.path.join(         
                                             'template', 'kvm_run.in'))     
    kvm_runner_path = self.createRunningWrapper("kvm",                        
-          self.substituteTemplate(kvm_wrapper_template_location, kvm_config))
+          self.substituteTemplate(kvm_template_location,
+                                  kvm_conf))
+    self.path_list.append(kvm_runner_path)
    # Instanciate KVM controller
-    controller_config = {}
+    kvm_controller_template_location = pkg_resources.resource_filename(          
-    # Options nbd_ip and nbd_port are provided by slapos master
-    controller_config.update(self.options)
-    controller_config['qmp_socket'] = socket_path
-    controller_config['vnc_passwd'] = vnc_passwd
-    controller_config['python_path'] = sys.executable
-    controller_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'kvm_controller_run.in'))
-    controller_runner_path = self.createRunningWrapper("kvm_controller",
-          self.substituteTemplate(controller_wrapper_template_location, controller_config))
-    #XXX Instanciate Slapmonitor
-    slapmonitor_config={}
-    slapmonitor_config.update(self.options)
-    slapmonitor_config['database_path'] = database_path 
-    slapmonitor_config['pid_file'] = pid_file_path
-    slapmonitor_config['python_path'] = sys.executable
-    slapmonitor_wrapper_template_location = pkg_resources.resource_filename(
                                             __name__, os.path.join(         
-                                             'template', 'slapmonitor_run.in'))
+                                             'template',
-    slapmonitor_runner_path = self.createRunningWrapper("slapmonitor",
+                                             'kvm_controller_run.in' ))     
-          self.substituteTemplate(slapmonitor_wrapper_template_location, slapmonitor_config))
+    kvm_controller_runner_path = self.createRunningWrapper("kvm_controller",                        
+          self.substituteTemplate(kvm_controller_template_location,
+                                  kvm_conf))
-    #XXX Instanciate Slapreport
+    self.path_list.append(kvm_controller_runner_path)
-    slapreport_config={}
-    slapreport_config.update(self.options)
-    slapreport_config['database_path'] = database_path 
-    slapreport_config['python_path'] = sys.executable
-    slapreport_wrapper_template_location = pkg_resources.resource_filename(
-                                             __name__, os.path.join(
-                                             'template', 'slapreport_run.in'))
-    slapreport_runner_path = self.createReportRunningWrapper(self.substituteTemplate(
-                      slapreport_wrapper_template_location, slapreport_config))
+    # Instanciate Slapmonitor
+    ##slapmonitor_runner_path = self.instanciate_wrapper("slapmonitor",
+    #    [database_path, pid_file_path, python_path])
+    # Instanciate Slapreport
+    ##slapreport_runner_path = self.instanciate_wrapper("slapreport",
+    #    [database_path, python_path])
+    return kvm_conf
+  def installNoVnc(self, source_ip, source_port, target_ip, target_port, 
+                   python_path):
+    """
+    Create noVNC configuration dictionnary and instanciate Websockify proxy
-    self.computer_partition.setConnectionDict(dict(
+    Parameters : IP of the proxy, port on which is situated the proxy,
-      vnc_connection_string="vnc://[%s]:1" % ip,
+                 IP of the vnc server, port on which is situated the vnc server,
-      vnc_password=vnc_passwd,
+                 path to python binary
-    ))
+    Returns    : noVNC configuration dictionnary
+    """
+    noVNC_conf = {}
+    noVNC_conf['source_ip']   = source_ip                                          
+    noVNC_conf['source_port'] = source_port
+    # Instanciate Websockify
+    websockify_runner_path = zc.buildout.easy_install.scripts([('websockify',
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
+      sys.executable, self.wrapper_directory, arguments=[
+        [python_path.strip(),
+         self.options['websockify_path'],
+         '--web',
+         self.options['noVNC_location'],
+         '--key=%s' % (self.key_path),
+         '--cert=%s' % (self.certificate_path),
+         '--ssl-only',
+         '%s:%s' % (source_ip, source_port),
+         '%s:%s' % (target_ip, target_port)],
+        [self.certificate_path, self.key_path]]
+       )[0]
+    self.path_list.append(websockify_runner_path)
+    return noVNC_conf
+  def linkBinary(self):
+    """Links binaries to instance's bin directory for easier exposal"""
+    for linkline in self.options.get('link_binary_list', '').splitlines():
+      if not linkline:
+        continue
+      target = linkline.split()
+      if len(target) == 1:
+        target = target[0]
+        path, linkname = os.path.split(target)
+      else:
+        linkname = target[1]
+        target = target[0]
+      link = os.path.join(self.bin_directory, linkname)
+      if os.path.lexists(link):
+        if not os.path.islink(link):
+          raise zc.buildout.UserError(
+              'Target link already %r exists but it is not link' % link)
+        os.unlink(link)
+      os.symlink(target, link)
+      self.logger.debug('Created link %r -> %r' % (link, target))
+      self.path_list.append(link)
+  def installCertificateAuthority(self, ca_country_code='XX',
+      ca_email='xx@example.com', ca_state='State', ca_city='City',
+      ca_company='Company'):
+    backup_path = self.createBackupDirectory('ca')
+    self.ca_dir = os.path.join(self.data_root_directory, 'ca')
+    self._createDirectory(self.ca_dir)
+    self.ca_request_dir = os.path.join(self.ca_dir, 'requests')
+    self._createDirectory(self.ca_request_dir)
+    config = dict(ca_dir=self.ca_dir, request_dir=self.ca_request_dir)
+    self.ca_private = os.path.join(self.ca_dir, 'private')
+    self.ca_certs = os.path.join(self.ca_dir, 'certs')
+    self.ca_crl = os.path.join(self.ca_dir, 'crl')
+    self.ca_newcerts = os.path.join(self.ca_dir, 'newcerts')
+    self.ca_key_ext = '.key'
+    self.ca_crt_ext = '.crt'
+    for d in [self.ca_private, self.ca_crl, self.ca_newcerts, self.ca_certs]:
+      self._createDirectory(d)
+    for f in ['crlnumber', 'serial']:
+      if not os.path.exists(os.path.join(self.ca_dir, f)):
+        open(os.path.join(self.ca_dir, f), 'w').write('01')
+    if not os.path.exists(os.path.join(self.ca_dir, 'index.txt')):
+      open(os.path.join(self.ca_dir, 'index.txt'), 'w').write('')
+    openssl_configuration = os.path.join(self.ca_dir, 'openssl.cnf')
+    config.update(
+        working_directory=self.ca_dir,
+        country_code=ca_country_code,
+        state=ca_state,
+        city=ca_city,
+        company=ca_company,
+        email_address=ca_email,
+    )
+    self._writeFile(openssl_configuration, pkg_resources.resource_string(
+      __name__, 'template/openssl.cnf.ca.in') % config)
+    self.path_list.extend(zc.buildout.easy_install.scripts([
+      ('certificate_authority',
+        __name__ + '.certificate_authority', 'runCertificateAuthority')],
+        self.ws, sys.executable, self.wrapper_directory, arguments=[dict(
+          openssl_configuration=openssl_configuration,
+          openssl_binary=self.options['openssl_binary'],
+          certificate=os.path.join(self.ca_dir, 'cacert.pem'),
+          key=os.path.join(self.ca_private, 'cakey.pem'),
+          crl=os.path.join(self.ca_crl),
+          request_dir=self.ca_request_dir
+          )]))
+    # configure backup
+    backup_cron = os.path.join(self.cron_d, 'ca_rdiff_backup')
+    open(backup_cron, 'w').write(
+        '''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''%dict(
+          rdiff_backup=self.options['rdiff_backup_binary'],
+          source=self.ca_dir,
+          destination=backup_path))
+    self.path_list.append(backup_cron)
+    return dict(
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
+      certificate_authority_path=config['ca_dir']
+    )
-    return [kvm_runner_path, controller_runner_path]
+  def requestCertificate(self, name):
+    hash = hashlib.sha512(name).hexdigest()
+    key = os.path.join(self.ca_private, hash + self.ca_key_ext)
+    certificate = os.path.join(self.ca_certs, hash + self.ca_crt_ext)
+    parser = ConfigParser.RawConfigParser()
+    parser.add_section('certificate')
+    parser.set('certificate', 'name', name)
+    parser.set('certificate', 'key_file', key)
+    parser.set('certificate', 'certificate_file', certificate)
+    parser.write(open(os.path.join(self.ca_request_dir, hash), 'w'))
+    return key, certificate
+  def installCrond(self):
+    timestamps = self.createDataDirectory('cronstamps')
+    cron_output = os.path.join(self.log_directory, 'cron-output')
+    self._createDirectory(cron_output)
+    catcher = zc.buildout.easy_install.scripts([('catchcron',
+      __name__ + '.catdatefile', 'catdatefile')], self.ws, sys.executable,
+      self.bin_directory, arguments=[cron_output])[0]
+    self.path_list.append(catcher)
+    cron_d = os.path.join(self.etc_directory, 'cron.d')
+    crontabs = os.path.join(self.etc_directory, 'crontabs')
+    self._createDirectory(cron_d)
+    self._createDirectory(crontabs)
+    # Use execute from erp5.
+    wrapper = zc.buildout.easy_install.scripts([('crond',
+      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      self.wrapper_directory, arguments=[
+        self.options['dcrond_binary'].strip(), '-s', cron_d, '-c', crontabs,
+        '-t', timestamps, '-f', '-l', '5', '-M', catcher]
+      )[0]
+    self.path_list.append(wrapper)
+    return cron_d
--- a/slapos/recipe/kvm/certificate_authority.py
+++ b/slapos/recipe/kvm/certificate_authority.py
+import os
+import subprocess
+import time
+import ConfigParser
+def popenCommunicate(command_list, input=None):
+  subprocess_kw = dict(stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+  if input is not None:
+    subprocess_kw.update(stdin=subprocess.PIPE)
+  popen = subprocess.Popen(command_list, **subprocess_kw)
+  result = popen.communicate(input)[0]
+  if popen.returncode is None:
+    popen.kill()
+  if popen.returncode != 0:
+    raise ValueError('Issue during calling %r, result was:\n%s' % (
+      command_list, result))
+  return result
+class CertificateAuthority:
+  def __init__(self, key, certificate, openssl_binary,
+      openssl_configuration, request_dir):
+    self.key = key
+    self.certificate = certificate
+    self.openssl_binary = openssl_binary
+    self.openssl_configuration = openssl_configuration
+    self.request_dir = request_dir
+  def checkAuthority(self):
+    file_list = [ self.key, self.certificate ]
+    ca_ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ca_ready = False
+        break
+    if ca_ready:
+      return
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    try:
+      # no CA, let us create new one
+      popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
+          self.openssl_configuration, '-new', '-x509', '-extensions',
+          'v3_ca', '-keyout', self.key, '-out', self.certificate,
+          '-days', '10950'], 'Automatic Certificate Authority\n')
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+  def _checkCertificate(self, common_name, key, certificate):
+    file_list = [key, certificate]
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        ready = False
+        break
+    if ready:
+      return False
+    for f in file_list:
+      if os.path.exists(f):
+        os.unlink(f)
+    csr = certificate + '.csr'
+    try:
+      popenCommunicate([self.openssl_binary, 'req', '-config',
+        self.openssl_configuration, '-nodes', '-new', '-keyout',
+        key, '-out', csr, '-days', '3650'],
+        common_name + '\n')
+      try:
+        popenCommunicate([self.openssl_binary, 'ca', '-batch', '-config',
+          self.openssl_configuration, '-out', certificate,
+          '-infiles', csr])
+      finally:
+        if os.path.exists(csr):
+          os.unlink(csr)
+    except:
+      try:
+        for f in file_list:
+          if os.path.exists(f):
+            os.unlink(f)
+      except:
+        # do not raise during cleanup
+        pass
+      raise
+    else:
+      return True
+  def checkRequestDir(self):
+    for request_file in os.listdir(self.request_dir):
+      parser = ConfigParser.RawConfigParser()
+      parser.readfp(open(os.path.join(self.request_dir, request_file), 'r'))
+      if self._checkCertificate(parser.get('certificate', 'name'),
+          parser.get('certificate', 'key_file'), parser.get('certificate',
+            'certificate_file')):
+        print 'Created certificate %r' % parser.get('certificate', 'name')
+def runCertificateAuthority(args):
+  ca_conf = args[0]
+  ca = CertificateAuthority(ca_conf['key'], ca_conf['certificate'],
+      ca_conf['openssl_binary'], ca_conf['openssl_configuration'],
+      ca_conf['request_dir'])
+  while True:
+    ca.checkAuthority()
+    ca.checkRequestDir()
+    time.sleep(60)
--- a/slapos/recipe/kvm/template/kvm_controller_run.in
+++ b/slapos/recipe/kvm/template/kvm_controller_run.in
@@ -11,7 +11,7 @@ so = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 connected = False
 while not connected:
  try:
-    so.connect('%(qmp_socket)s')
+    so.connect('%(socket_path)s')
  except socket.error:
    time.sleep(1)
  else:

--- a/slapos/recipe/kvm/template/kvm_run.in
+++ b/slapos/recipe/kvm/template/kvm_run.in
@@ -10,8 +10,8 @@ exec %(qemu_path)s \
  -smp %(smp_count)s \
  -m %(ram_size)s \
  -cdrom nbd:[%(nbd_ip)s]:%(nbd_port)s \
-  -drive file=%(image)s,if=virtio,boot=on \
+  -drive file=%(disk_path)s,if=virtio,boot=on \
-  -vnc [%(vnc_ip)s]:1,ipv6,tls,password \
+  -vnc %(vnc_ip)s:1,ipv4,password \
  -boot menu=on \
-  -qmp unix:%(qmp_socket)s,server \
+  -qmp unix:%(socket_path)s,server \
-  -pidfile %(pid_file)s
+  -pidfile %(pid_file_path)s
--- a/slapos/recipe/kvm/template/openssl.cnf.ca.in
+++ b/slapos/recipe/kvm/template/openssl.cnf.ca.in
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		  = $ENV::HOME/.rnd
+# Extra OBJECT IDENTIFIER info:
+#oid_file      		  = $ENV::HOME/.oid
+oid_section		    = new_oids
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions	     	= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+[ new_oids ]
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+####################################################################
+[ CA_default ]
+dir		= %(working_directory)s		# Where everything is kept
+certs		= $dir/certs			  # Where the issued certs are kept
+crl_dir		= $dir/crl			    # Where the issued crl are kept
+database	= $dir/index.txt		    # database index file.
+#unique_subject	= no			      	       # Set to 'no' to allow creation of
+		      					       	     # several ctificates with same subject.
+new_certs_dir	= $dir/newcerts	       # default place for new certs.
+certificate	= $dir/cacert.pem 	       # The CA certificate
+serial		= $dir/serial 	       	 # The current serial number
+crlnumber	= $dir/crlnumber		 # the current crl number
+				       # must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem        # The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	  # private random number file
+x509_extensions	= usr_cert		    # The extentions to add to the cert
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt      = ca_default		# Subject Name options
+cert_opt      = ca_default		  # Certificate field options
+# Extension copying option: use with caution.
+# copy_extensions = copy
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+default_days	 = 3650			# how long to certify for
+default_crl_days = 30			      # how long before next CRL
+default_md	 = default		      	# use public key default MD
+preserve	 = no				      # keep passed DN ordering
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy	       	      = policy_match
+# For the CA policy
+[ policy_match ]
+countryName	= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+####################################################################
+[ req ]
+default_bits		= 2048
+default_md		= sha1
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+#attributes		= req_attributes
+x509_extensions		= v3_ca	# The extentions to add to the self signed cert
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	    : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+# req_extensions = v3_req # The extensions to add to a certificate request
+[ req_distinguished_name ]
+countryName				= Country Name (2 letter code)
+countryName_value			= %(country_code)s
+countryName_min				= 2
+countryName_max				= 2
+stateOrProvinceName			= State or Province Name (full name)
+stateOrProvinceName_value		= %(state)s
+localityName				= Locality Name (eg, city)
+localityName_value			= %(city)s
+0.organizationName			= Organization Name (eg, company)
+0.organizationName_value		= %(company)s
+# we can do this but it is not needed normally :-)
+#1.organizationName  	= Second Organization Name (eg, company)
+#1.organizationName_default	 = World Wide Web Pty Ltd
+commonName	   = Common Name (eg, your name or your server\'s hostname)
+commonName_max	   = 64
+emailAddress	   = Email Address
+emailAddress_value = %(email_address)s
+emailAddress_max   = 64
+# SET-ex3	   = SET extension number 3
+#[ req_attributes ]
+#challengePassword	= A challenge password
+#challengePassword_min	= 4
+#challengePassword_max	= 20
+#
+#unstructuredName	= An optional company name
+[ usr_cert ]
+# These extensions are added when 'ca' signs a request.
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+basicConstraints=CA:FALSE
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+# This is OK for an SSL server.
+# nsCertType 	    = server
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+# For normal client use this is typical
+# nsCertType = client, email
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# This will be displayed in Netscape's comment listbox.
+nsComment      		 = "OpenSSL Generated Certificate"
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+# Copy subject details
+# issuerAltName=issuer:copy
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+[ v3_req ]
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+[ v3_ca ]
+# Extensions for a typical CA
+# PKIX recommendation.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+# Some might want this also
+# nsCertType = sslCA, emailCA
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+[ crl_ext ]
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+basicConstraints=CA:FALSE
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+# This is OK for an SSL server.
+# nsCertType 	    = server
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+# For normal client use this is typical
+# nsCertType = client, email
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# This will be displayed in Netscape's comment listbox.
+nsComment      		 = "OpenSSL Generated Certificate"
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+# Copy subject details
+# issuerAltName=issuer:copy
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+####################################################################
+[ tsa ]
+default_tsa = tsa_config1	# the default TSA section
+[ tsa_config1 ]
+# These are used by the TSA reply generation only.
+dir	                = /etc/pki/tls  	  # TSA root directory
+serial	                = $dir/tsaserial	  # The current serial number (mandatory)
+crypto_device           = builtin		    # OpenSSL engine to use for signing
+signer_cert             = $dir/tsacert.pem    # The TSA signing certificate
+	      		      	  # (optional)
+certs	                = $dir/cacert.pem	# Certificate chain to include in reply
+		  	      # (optional)
+signer_key              = $dir/private/tsakey.pem # The TSA private key (optional)
+default_policy          = tsa_policy1		  # Policy if request did not specify it
+					    	   # (optional)
+other_policies          = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests	                = md5, sha1  	      # Acceptable message digests (mandatory)
+accuracy                = secs:1, millisecs:500, microsecs:100	   # (optional)
+clock_precision_digits  = 0	    # number of digits after dot. (optional)
+ordering		= yes	    # Is ordering defined for timestamps?
+			  	       # (optional, default: no)
+tsa_name		= yes	    # Must the TSA name be included in the reply?
+			  	      # (optional, default: no)
+ess_cert_id_chain	= no	   # Must the ESS cert id chain be included?
+				     # (optional, default: no)
--- a/slapos/recipe/kvm/template/slapmonitor_run.in
+++ b/slapos/recipe/kvm/template/slapmonitor_run.in
 #!/bin/sh
 # BEWARE: This file is operated by slapgrid
 # BEWARE: It will be overwritten automatically
-exec %(python_path)s %(slapmonitor_path)s %(pid_file)s %(database_path)s
+exec %(python_path)s %(slapmonitor_path)s %(pid_file_path)s %(database_path)s
--- a/slapos/recipe/librecipe/execute.py
+++ b/slapos/recipe/librecipe/execute.py
@@ -10,6 +10,23 @@ def execute(args):
  # Note: Candidate for slapos.lib.recipe
  os.execv(args[0], args + sys.argv[1:])
+def execute_wait(args):
+  """Execution but after all files in args[1] exists"""
+  exec_list = list(args[0])
+  file_list = list(args[1])
+  sleep = 60
+  while True:
+    ready = True
+    for f in file_list:
+      if not os.path.exists(f):
+        print 'File %r does not exists, sleeping for %s' % (f, sleep)
+        ready = False
+    if ready:
+      break
+    time.sleep(sleep)
+  os.execv(exec_list[0], exec_list + sys.argv[1:])
 child_pg = None

--- a/slapos/recipe/memcached/__init__.py
+++ b/slapos/recipe/memcached/__init__.py
@@ -220,9 +220,10 @@ class Recipe(BaseSlapRecipe):
        self.substituteTemplate(template_filename,
          stunnel_conf))
    wrapper = zc.buildout.easy_install.scripts([('stunnel',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
-      self.wrapper_directory, arguments=[
+      sys.executable, self.wrapper_directory, arguments=[
-        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
      )[0]
    self.path_list.append(wrapper)
    return stunnel_conf

--- a/slapos/recipe/mysql/__init__.py
+++ b/slapos/recipe/mysql/__init__.py
@@ -224,9 +224,10 @@ class Recipe(BaseSlapRecipe):
        self.substituteTemplate(template_filename,
          stunnel_conf))
    wrapper = zc.buildout.easy_install.scripts([('stunnel',
-      'slapos.recipe.librecipe.execute', 'execute')], self.ws, sys.executable,
+      'slapos.recipe.librecipe.execute', 'execute_wait')], self.ws,
-      self.wrapper_directory, arguments=[
+      sys.executable, self.wrapper_directory, arguments=[
-        self.options['stunnel_binary'].strip(), stunnel_conf_path]
+        [self.options['stunnel_binary'].strip(), stunnel_conf_path],
+        [ca_certificate, key]]
      )[0]
    self.path_list.append(wrapper)
    return stunnel_conf

--- a/slapos/recipe/vifib.py
+++ b/slapos/recipe/vifib.py
@@ -31,6 +31,9 @@ import zc.buildout
 import sys
 class Recipe(slapos.recipe.erp5.Recipe):
+  default_bt5_list = []
  def installKeyAuthorisationApache(self, ip, port, backend, key, certificate,
      ca_conf, key_auth_path='/erp5/portal_slap'):
    ssl_template = """SSLEngine on
@@ -172,6 +175,12 @@ SSLCARevocationPath %(ca_crl)s"""
    self.installTidStorage(tidstorage_config['host'], tidstorage_config['port'],
        known_tid_storage_identifier_dict, 'http://'+login_haproxy)
    self.linkBinary()
+    # Connect direct to Zope to create the instance.
+    self.installERP5Site(user, password, service_url_list[-1], mysql_conf,
+             conversion_server_conf, memcached_conf, kumo_conf,
+             self.site_id, self.default_bt5_list)
    self.setConnectionDict(dict(
      front_end_url=apache_frontend_login,
      site_url=apache_login,
@@ -227,6 +236,10 @@ SSLCARevocationPath %(ca_crl)s"""
    self.installTestSuiteRunner(ca_conf, mysql_conf, conversion_server_conf,
                           memcached_conf, kumo_conf)
    self.linkBinary()
+    self.installERP5Site(user, password, zope_access, mysql_conf,
+             conversion_server_conf, memcached_conf, kumo_conf,
+             self.site_id, self.default_bt5_list)
    self.setConnectionDict(dict(
      development_zope='http://%s:%s/' % (ip, zope_port),
      site_user=user,
@@ -260,6 +273,9 @@ SSLCARevocationPath %(ca_crl)s"""
        [('killpidfromfile', 'slapos.recipe.erp5.killpidfromfile',
          'killpidfromfile')], self.ws, sys.executable, self.bin_directory)[0]
    self.path_list.append(self.killpidfromfile)
+    if self.parameter_dict.get("flavour", "default") == 'configurator':
+      self.default_bt5_list = self.options.get("configurator_bt5_list", '').split()
    if self.parameter_dict.get('development', 'false').lower() == 'true':
      return self.installDevelopment()
    if self.parameter_dict.get('production', 'false').lower() == 'true':

--- a/software/erp5/instance.cfg
+++ b/software/erp5/instance.cfg
@@ -9,6 +9,7 @@ develop-eggs-directory = ${buildout:develop-eggs-directory}
 recipe = ${instance-recipe:egg}:${instance-recipe:module}
 dcrond_binary = ${dcron:location}/sbin/crond
 haproxy_binary = ${haproxy:location}/sbin/haproxy
+gzip_binary = ${gzip:location}/bin/gzip
 httpd_binary = ${apache:location}/bin/httpd
 innobackupex_binary = ${xtrabackup:location}/bin/innobackupex
 kumo_gateway_binary = ${kumo:location}/bin/kumo-gateway
@@ -32,6 +33,14 @@ tidstorage_repozo_binary = ${buildout:bin-directory}/tidstorage_repozo
 tidstoraged_binary = ${buildout:bin-directory}/tidstoraged
 xtrabackup_binary = ${xtrabackup:location}/bin/xtrabackup_51
 zabbix_agent_binary = ${zabbix-agent:location}/sbin/zabbix_agent
+mk-variable-advisor_binary = ${perl:siteprefix}/bin/mk-variable-advisor
+mk-table-usage_binary = ${perl:siteprefix}/bin/mk-table-usage
+mk-visual-explain_binary = ${perl:siteprefix}/bin/mk-visual-explain
+mk-config-diff_binary = ${perl:siteprefix}/bin/mk-config-diff
+mk-deadlock-logger_binary = ${perl:siteprefix}/bin/mk-deadlock-logger
+mk-error-log_binary = ${perl:siteprefix}/bin/mk-error-log
+mk-index-usage_binary = ${perl:siteprefix}/bin/mk-index-usage
+mk-query-advisor_binary = ${perl:siteprefix}/bin/mk-query-advisor
 # cloudooo specific configuration
 ooo_binary_path = ${libreoffice-bin:location}/program
@@ -69,4 +78,4 @@ environment =
 bt5_repository_list = ${bt5-repository:list}
-configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catalog erp5_base erp5_workflow erp5_configurator erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung
+configurator_bt5_list = ${instance-recipe:configurator_bt5_list}
--- a/software/erp5/software.cfg
+++ b/software/erp5/software.cfg
@@ -21,11 +21,14 @@ unzip = true
 egg = slapos.cookbook
 module = erp5
+# Additional Configuration
+configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catalog erp5_base erp5_workflow erp5_configurator erp5_configurator_standard erp5_configurator_maxma_demo erp5_configurator_ung
 [template]
 # Default template for erp5 instance.
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg
-md5sum = 65d9b269e204ba49ac5ff11e891a4b84
+md5sum = cc268ff0f27fa1ed4839a3150980f4a7
 output = ${buildout:directory}/template.cfg
 mode = 0644
@@ -34,7 +37,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/configuration.json
 md5sum = cbe1d75339c6cb20e1aef818797face1 
-output = ${buildout:directory}/validator.json
+output = ${buildout:directory}/schema.json
 mode = 0644
 [versions]
@@ -89,7 +92,7 @@ python-ldap = 2.4.0
 python-memcached = 1.45
 restkit = 3.3.0
 rtjp-eventlet = 0.3.2
-slapos.cookbook = 0.9
+slapos.cookbook = 0.16
 slapos.recipe.template = 1.1
 threadframe = 0.2
 timerserver = 2.0.2
@@ -129,7 +132,7 @@ fpconst = 0.7.2
 ipython = 0.10.2
 # Required by:
-# slapos.cookbook==0.9
+# slapos.cookbook==0.16
 netaddr = 0.7.5
 # Required by:
@@ -145,7 +148,7 @@ python-magic = 0.4.0.1
 setuptools = 0.6c12dev-r88846
 # Required by:
-# slapos.cookbook==0.9
+# slapos.cookbook==0.16
 slapos.core = 0.8
 # Required by:
@@ -153,5 +156,5 @@ slapos.core = 0.8
 supervisor = 3.0a10
 # Required by:
-# slapos.cookbook==0.9
+# slapos.cookbook==0.16
 xml-marshaller = 0.9.7
--- a/software/kumofs/software.cfg
+++ b/software/kumofs/software.cfg
 [buildout]
-extensions =
-  slapos.zcbworkarounds
-  slapos.rebootstrap
 find-links +=
    http://www.nexedi.org/static/packages/source/slapos.buildout/
@@ -44,11 +39,6 @@ parts +=
 # development / fast switching environment for whole software
 unzip = true
-[rebootstrap]
-# Default first version of rebootstrapped python
-version = 2
-section = python2.7
 [instance-recipe]
 egg = slapos.cookbook
 module = kumofs
@@ -73,13 +63,13 @@ output = ${buildout:directory}/template.cfg
 mode = 0644
 [versions]
-slapos.cookbook = 0.7
+slapos.cookbook = 0.13
 erp5.recipe.cmmiforcei686 = 0.1.1
 hexagonit.recipe.cmmi = 1.5.0
 hexagonit.recipe.download = 1.5.0
-# Required by slapos.cookbook==0.7
+# Required by slapos.cookbook==0.13
 slapos.core = 0.2
 collective.recipe.template = 1.8
 netaddr = 0.7.5

--- a/software/kvm/instance.cfg
+++ b/software/kvm/instance.cfg
+[buildout]
+parts =
+  kvminstance
+eggs-directory = ${buildout:eggs-directory}
+develop-eggs-directory = ${buildout:develop-eggs-directory} 
+[kvminstance]
+recipe = slapos.cookbook:kvm
+qemu_path = ${kvm:location}/bin/qemu-system-x86_64
+qemu_img_path = ${kvm:location}/bin/qemu-img
+#slapmonitor_path = ${buildout:bin-directory}/slapmonitor
+#slapreport_path = ${buildout:bin-directory}/slapreport
+websockify_path = ${noVNC:location}/utils/wsproxy.py
+noVNC_location = ${noVNC:location}
+openssl_binary = ${openssl:location}/bin/openssl
+rdiff_backup_binary = ${buildout:bin-directory}/rdiff-backup
+dcrond_binary = ${dcron:location}/sbin/crond
+smp_count = 1
+ram_size = 1024
+disk_size = 10
--- a/software/kvm/software.cfg
+++ b/software/kvm/software.cfg
+[buildout]
+extends =
+  ../../stack/kvm.cfg
+[template]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/instance.cfg
+md5sum = d899f2111aab18ad25776f35ed49a91b
+output = ${buildout:directory}/template.cfg
+mode = 0644
+[kvmsource]
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} && cd ${:location} && ${git:location}/bin/git reset --hard 94ee45cc02e69798cac8209d2296fd1751125018) || (rm -fr ${:location} ; exit 1)
+update-command =
+[versions]
+Jinja2 = 2.5.5
+Werkzeug = 0.6.2
+hexagonit.recipe.cmmi = 1.5.0
+lxml = 2.3
+meld3 = 0.6.7
+plone.recipe.command = 1.1
+slapos.cookbook = 0.15
+slapos.recipe.template = 1.1
+z3c.recipe.scripts = 1.0.1
+# Required by:
+# slapos.core==0.9
+Flask = 0.7.2
+# Required by:
+# slapos.cookbook==0.15
+PyXML = 0.8.4
+# Required by:
+# slapos.recipe.template==1.1
+collective.recipe.template = 1.8
+# Required by:
+# hexagonit.recipe.cmmi==1.5.0
+hexagonit.recipe.download = 1.5.0
+# Required by:
+# slapos.cookbook==0.15
+netaddr = 0.7.5
+# Required by:
+# slapos.core==0.9
+netifaces = 0.5
+# Required by:
+# slapos.cookbook==0.15
+# slapos.core==0.9
+# zc.buildout==1.5.3-dev-SlapOS-005
+# zc.recipe.egg==1.3.2
+setuptools = 0.6c12dev-r88846
+# Required by:
+# slapos.cookbook==0.15
+slapos.core = 0.9
+# Required by:
+# slapos.core==0.9
+supervisor = 3.0a10
+# Required by:
+# slapos.cookbook==0.15
+xml-marshaller = 0.9.7
+# Required by:
+# slapos.cookbook==0.15
+zc.recipe.egg = 1.3.2
+# Required by:
+# slapos.core==0.9
+zope.interface = 3.6.4
--- a/software/mysql-5.1/software.cfg
+++ b/software/mysql-5.1/software.cfg
 [buildout]
-extensions =
-  slapos.zcbworkarounds
-  slapos.rebootstrap
 find-links +=
    http://www.nexedi.org/static/packages/source/slapos.buildout/
@@ -47,11 +42,6 @@ parts +=
 # development / fast switching environment for whole software
 unzip = true
-[rebootstrap]
-# Default first version of rebootstrapped python
-version = 2
-section = python2.7
 [instance-recipe]
 egg = slapos.cookbook
 module = mysql
@@ -76,9 +66,9 @@ output = ${buildout:directory}/template.cfg
 mode = 0644
 [versions]
-slapos.cookbook = 0.9
+slapos.cookbook = 0.13
-# Required by slapos.cookbook==0.9
+# Required by slapos.cookbook==0.13
 slapos.core = 0.4
 collective.recipe.template = 1.8
 netaddr = 0.7.5

--- a/software/slaprunner/software.cfg
+++ b/software/slaprunner/software.cfg
@@ -31,6 +31,7 @@ md5sum = e2cbd8fe7b8e4c7e92a19cd775de0aa6
 [eggs]
 eggs +=
+  slapos.libnetworkcache
  slapos.toolbox
  slapos.core
@@ -47,6 +48,7 @@ setuptools = 0.6c12dev-r88795
 hexagonit.recipe.cmmi = 1.5.0
 hexagonit.recipe.download = 1.5.0
 plone.recipe.command = 1.1
+slapos.libnetworkcache = 0.2
 # Use SlapOS patched zc.buildout
 zc.buildout = 1.5.3-dev-SlapOS-005
--- a/software/vifib/software.cfg
+++ b/software/vifib/software.cfg
@@ -11,19 +11,16 @@ eggs += slapos.core
 [instance-recipe]
 module = vifib
+# Additional Configuration
+configurator_bt5_list = erp5_core_proxy_field_legacy erp5_full_text_myisam_catalog erp5_base erp5_workflow erp5_configurator erp5_configurator_vifib
+[erp5_repository_list]
+repository_id_list += vifib/master
 [vifib]
-# Recipe zerokspot.recipe.git is disabled, as is not possible to change its
+<= erp5
-# environment to use localy delivered git.
-# plone.recipe.command can do same job, but it is controllable which binary
-# will be used
-recipe = plone.recipe.command
-location = ${buildout:parts-directory}/${:_buildout_section_name_}
-stop-on-error = true
 repository = http://git.erp5.org/repos/slapos.core.git
-branch = master
+revision = bfcd67dae3221612d035fa13ddc5afaec1518270
-revision = f95ca3ccda07292895939ef9b48678acb5f524ce
-command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && if [ -n ${:revision} ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
-update-command = cd ${:location} && ${git:location}/bin/git pull --quiet && if [ -n ${:revision} ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
 [local-bt5-repository]
 # XXX: workaround for zc.buildout bug, as list += ends up with adding new entry

--- a/stack/erp5.cfg
+++ b/stack/erp5.cfg
@@ -2,6 +2,7 @@
 extensions =
  slapos.rebootstrap
  slapos.zcbworkarounds
+  buildout-versions
  mr.developer
 find-links =
@@ -82,7 +83,7 @@ parts =
  stunnel
  w3m
  poppler
-  libpng12
+  libpng
  ghostscript
  mariadb
  sphinx
@@ -215,7 +216,7 @@ location = ${buildout:parts-directory}/${:_buildout_section_name_}
 stop-on-error = true
 repository = http://git.erp5.org/repos/erp5.git
 branch = master
-revision = 336a8d63bdcabd92bfe3d9466685e5cd47fad716
+revision = 5d4862dc888506fb58905ddf2ed68b5803689af3
 command = ${git:location}/bin/git clone --quiet -b ${:branch} ${:repository} ${:location} && if [ -n ${:revision} ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi
 update-command = cd ${:location} && ${git:location}/bin/git pull --quiet && if [ -n ${:revision} ]; then cd ${:location} && ${git:location}/bin/git reset --quiet --hard ${:revision} ; fi

--- a/stack/kvm.cfg
+++ b/stack/kvm.cfg
+[buildout]
+extends =
+  shacache-client.cfg
+  ../component/python-2.7/buildout.cfg
+  ../component/lxml-python/buildout.cfg
+  ../component/git/buildout.cfg
+  ../component/zlib/buildout.cfg
+  ../component/readline/buildout.cfg
+  ../component/ncurses/buildout.cfg
+  ../component/libuuid/buildout.cfg
+  ../component/noVNC/buildout.cfg
+  ../component/openssl/buildout.cfg
+  ../component/rdiff-backup/buildout.cfg
+  ../component/dcron/buildout.cfg
+  ../component/libpng/buildout.cfg
+parts =
+  template
+  gnutls
+  kvm
+  eggs
+find-links +=
+  http://www.nexedi.org/static/packages/source/slapos.buildout/
+versions = versions
+[gpg-error]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.10.tar.gz
+md5sum = 7c2710ef439f82ac429b88fec88e9a4c
+[gcrypt]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.6.tar.gz
+md5sum = bfd45922eefb8a24d598af77366220d4
+configure-options =
+  --with-gpg-error-prefix=${gpg-error:location}
+environment =
+  CPPFLAGS=-I${gpg-error:location}/include
+  LDFLAGS=-Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gpg-error:location}/lib/libgpg-error.so.0
+[gnutls]
+recipe = hexagonit.recipe.cmmi
+url = ftp://ftp.gnupg.org/gcrypt/gnutls/gnutls-2.8.6.tar.bz2
+md5sum = eb0a6d7d3cb9ac684d971c14f9f6d3ba
+configure-options =
+  --with-libgcrypt-prefix=${gcrypt:location}
+environment =
+  CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${gcrypt:location}/include -I${gpg-error:location}/include
+  LDFLAGS=-L${readline:location}/lib -L${ncurses:location}/lib -L${gcrypt:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -Wl,-rpath -Wl,${readline:location}/lib -Wl,-rpath -Wl,${ncurses:location}/lib -Wl,-rpath -Wl,${gcrypt:location}/lib -Wl,-rpath -Wl,${gpg-error:location}/lib -Wl,${gcrypt:location}/lib/libgcrypt.so.11
+  PKG_CONFIG=${zlib:location}/lib/pkgconfig
+[kvm]
+recipe = hexagonit.recipe.cmmi
+path = ${kvmsource:location}/
+configure-options =
+  --disable-sdl
+  --disable-xen
+  --enable-vnc-tls
+  --disable-vnc-sasl
+  --disable-curses
+  --disable-curl
+  --enable-kvm
+  --disable-docs
+  --enable-vnc-png
+  --disable-vnc-jpeg
+  --extra-cflags="-I${gnutls:location}/include -I${libuuid:location}/include -I${zlib:location}/include -I${libpng:location}/include"
+  --extra-ldflags="-Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath -Wl,${libpng:location}/lib -L${libpng:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lpng -lz -lgnutls"
+  --disable-werror
+environment =
+  PKG_CONFIG_PATH=${gnutls:location}/lib/pkgconfig
+[kvmsource]
+recipe=plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+#tag = slapos-v0.1
+command =
+  (${git:location}/bin/git clone --quiet http://git.erp5.org/repos/slapos.kvm.git ${:location} ) || (rm -fr ${:location} ; exit 1)
+update-command =
+ cd ${:location} && ${git:location}/bin/git pull --quiet origin master
+[eggs]
+python = python2.7
+recipe = z3c.recipe.scripts
+eggs =
+  ${lxml-python:egg}
+  slapos.cookbook
+[versions]
+zc.buildout = 1.5.3-dev-SlapOS-005