The gitclone reciped is used for babeld to get submodules added in
the latest babeld version.
gcc is forced to use `-std=gnu99` because default std has changed
in version 5.1 and we get errors when compiling babeld with older gcc.

The last state value has been reverted by mistake, put back correct one.

This also means that caddy source is fetched directly from upstream, as all
required fixes has been incorporated into the upstream.

Drop direct usage of gowork for now, in order to have caddy built using go
module, support for gowork with go modules might come later.

Follow new way of certificate managament in Caddy 1 as noted
https://github.com/mholt/caddy/issues/2588#issuecomment-505367152

It's released, let's use the newest version.

Only the webrunner should have a monitor port different from the default,
to avoid most conflicts between the webrunner and any instance built inside.

-> webrunner: 8386
-> other: 8196

The previous value, '/', caused problems: some generated urls had two
consecutive slashes, which can be misinterpreted by the waitress server.

Commit b96cdf9c didn't propagate
correctly the monitor password from the root partition to subpartitions.

This will be required for WSGI. This depends on ERP5 > 2018-04-26
(commit 6d74ba22a962d08624ef35342708f333a21ceff5)

The scripts are already provided in caucase-eggs part, there is no reason to
duplicate them here, so drop this entry.

/reviewed-on nexedi/slapos!579

Frontend operator shall have easy access to information about rejected
slaves, possibly the best in the JSON file.

Also the keys for the human readable information are slave's titles, not
references.

The information is published via hand crafted HTTPS endpoint.

Note: The SSL certificate is generated manually. Existing caucase is special
      for KeDiFa, this is another step to move all generated certificates (or
      otherwise self-signed) to internal, full automatic caucase.

/reviewed-on !580

We'll add monitoring to NEO so some parts are also moved there from ERP5.

As apache-ca-certificate field is not implemented for caddy, inform how to
obtain required functionality.

ssl_ca_crt is still supported and needed in the UI, so put it back with
DEPRECATED information.

/reviewed-by: TrustMe

  Missing update from previous commits

branch 1.0 is pinning the following repositories:
 * erp5
 * vifib
 * wendelin
 * wendelin.core
 * neoppod-repository

For resiliency, it's better to pin the repositories (we want exactly the
same software on runner0 and runner1). If people wants to develop inside
one of those repositories, they will clone it inside srv/runner/project
directory and this will be sync on runner1.

/reviewed-on !576

Rename was missing in buildout.hash.cfg

/reviewed-on nexedi/slapos!575

In "caddy-frontend: Implement KeDiFa SSL information" the certificates were
dropped from the schema, but still internally supported. This lead to missing
UI fields for still supported parameters.

Reintroduced them with OBSOLETE mark.

/reviewed-on !574

nginx-push-stream-module still it prevents from compiling nginx.

/reviewed-on !573

It is ready when all on-watch processes are not EXITED.

This reverts commit 83e9bd45

"openssl ca" is keeping track of all generated certificates in its DB.
If we try to regenerate a certificate that was already generated,
openssl ca fails with :

ERROR:There is already a certificate for /C=XX/ST=(State,)/O=Company/CN=ca-shellinabox/emailAddress=xx@example.com

Changing "unique_subject" to no removes this ERROR.

/reviewed-on !556

Before normalize_ae_gzip was 0, and better keep it this way as it is
suspected root problem of incorrectly varianted cache depending on
client Accept-Encoding.