stack/erp5,software/erp5: support python3

This brings updates of many dependencies on python3, while mostly
keeping the same versions for python2.

This enables a new `erp5-py3` test in software/slapos-sr-testing, which
should pass already, but with NEO and WCFS being marked as expected
failure or skipped for now.

This also brings pylint support on python3, which we will be able to
reuse in software/slapos-testing.
Co-authored-by: Kazuhiko SHIOZAKI <kazuhiko@nexedi.com>
Co-authored-by: Arnaud Fontaine <arnaud.fontaine@nexedi.com>
Co-authored-by: Bryton Lacquement <bryton.lacquement@nexedi.com>

component/ZEO/buildout.cfg

@@ -59,12 +59,16 @@ location = ${buildout:parts-directory}/ZEO4
 git-executable = ${git:location}/bin/git
 
 
-# ZEO5 is plain upstream egg
-[ZEO5]
+# ZEO6 and ZEO5 are plain upstream eggs
+[ZEO6]
 recipe  = zc.recipe.egg:eggs
 egg     = ZEO
 eggs    = ${:egg}
+egg-versions =
+  ZEO = 6.0.0
 
+[ZEO5]
+<= ZEO6
 egg-versions =
   ZEO = 5.4.0
   trollius = 2.2.1

component/ZODB/buildout.cfg

@@ -9,16 +9,16 @@ extends =
 parts = ZODB/scripts
 
 
-# ZODB allows to use either ZODB4, ZODB4-wc2 or ZODB5.
+# ZODB allows to use either ZODB4, ZODB4-wc2, ZODB5 or ZODB6.
 # To select which version to use users should do:
 #
 #   [ZODB]
 #   major = <ZODB-version-major>
 #
-# By default ZODB5 is used.
+# By default latest is used: ZODB6 on python3 and ZODB5 on python2
 [ZODB]
 recipe = slapos.recipe.build
-major  = 5
+major  = 6
 init =
   # link/depend ZODB -> ZODB<X>
   zodb_x = 'ZODB'+options['major']
@@ -36,13 +36,15 @@ init =
   import zc.buildout.easy_install
   zc.buildout.easy_install.default_versions(versions)
 
+[ZODB:python2]
+major = 5
 
 # ZODB/scripts installs scripts from ZODB
 [ZODB/scripts]
 recipe  = zc.recipe.egg:scripts
 eggs    = ${ZODB:egg}
 
-# ZODB4 and ZODB5 are plain upstream eggs
+# ZODB4, ZODB5 and ZODB6 are plain upstream eggs
 [_ZODB]
 recipe  = zc.recipe.egg:eggs
 egg     = ZODB
@@ -57,10 +59,21 @@ egg-versions =
 
 [ZODB5]
 <= _ZODB
+egg-versions =
+  ZODB = 5.8.1
+  transaction = 4.0.0
+
+[ZODB5:python2]
+<= _ZODB
 egg-versions =
   ZODB = 5.8.1
   transaction = 3.0.1
 
+[ZODB6]
+<= _ZODB
+egg-versions =
+  ZODB = 6.0.0
+  transaction = 4.0.0
 
 # ZODB4-wc2 is ZODB4 version with patches for wendelin.core 2 to work correctly.
 # The main change is backport of the way MVCC is handled by always calling
@@ -92,13 +105,18 @@ egg = ${:_buildout_section_name_}
 setup-eggs = ${python-cffi:egg}
 
 
-# eggs that are common to ZODB4 and ZODB5.
+# eggs that are common to ZODB4, ZODB5 and ZODB6.
 [versions]
-BTrees = 4.11.3
-persistent = 4.9.3
-zodbpickle = 2.6.0
+BTrees = 5.1.0
+persistent = 5.1.0
+zodbpickle = 3.3.0
 
 # Provide ZODB3 for those eggs that still care about ZODB3 compatibility -
 # for example wendelin.core. ZODB3 3.11 is just a dependency egg on _latest_
 # ZODB, persistent, BTrees and ZEO.
 ZODB3 = 3.11.0
+
+[versions:python2]
+BTrees = 4.11.3
+persistent = 4.9.3
+zodbpickle = 2.6.0

component/egg-patch/AccessControl/147.patch

+From 3666a7afd46ea6d069606450c520b8b7e2b5fddf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Thu, 22 Feb 2024 23:33:41 +0900
+Subject: [PATCH] Make dict views behave like their unrestricted versions
+
+unlike the restricted versions, the unrestricted versions:
+ - are not iterators, they are views
+ - have a len
+ - are false when the mapping is empty, true otherwise
+ - are instances of collections.abc.MappingView
+
+During this refactoring, also change `.items()` to validate
+ach keys and values, like `.keys()` and `.values()` do.
+---
+ CHANGES.rst                               |  7 ++++
+ src/AccessControl/ZopeGuards.py           | 50 ++++++++++++++++++-----
+ src/AccessControl/tests/actual_python.py  | 33 +++++++++++++++
+ src/AccessControl/tests/testZopeGuards.py | 34 +++++++++++----
+ 4 files changed, 104 insertions(+), 20 deletions(-)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index f35a8d2..073b791 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -8,6 +8,13 @@ For changes before version 3.0, see ``HISTORY.rst``.
+ 
+ - Nothing changed yet.
+ 
++- Make dict views (`.keys()`, `.items()` and `.values()`) behave like their
++  unrestricted versions.
++  (`#147 <https://github.com/zopefoundation/AccessControl/pull/147>`_)
++
++- Make `.items()` validate each keys and values, like `.keys()` and
++  `.values()` do.
++
+ 
+ 6.3 (2023-11-20)
+ ----------------
+diff --git a/src/AccessControl/ZopeGuards.py b/src/AccessControl/ZopeGuards.py
+index 84c2e9e..bc24941 100644
+--- a/src/AccessControl/ZopeGuards.py
++++ b/src/AccessControl/ZopeGuards.py
+@@ -12,6 +12,7 @@
+ ##############################################################################
+ 
+ 
++import collections.abc
+ import math
+ import random
+ import string
+@@ -127,13 +128,18 @@ def guarded_pop(key, default=_marker):
+     return guarded_pop
+ 
+ 
+-def get_iter(c, name):
+-    iter = getattr(c, name)
++def get_mapping_view(c, name):
+ 
+-    def guarded_iter():
+-        return SafeIter(iter(), c)
++    view_class = {
++        'keys': SafeKeysView,
++        'items': SafeItemsView,
++        'values': SafeValuesView,
++    }
+ 
+-    return guarded_iter
++    def guarded_mapping_view():
++        return view_class[name](c)
++
++    return guarded_mapping_view
+ 
+ 
+ def get_list_pop(lst, name):
+@@ -153,18 +159,15 @@ def guarded_pop(index=-1):
+     'copy': 1,
+     'fromkeys': 1,
+     'get': get_dict_get,
+-    'items': 1,
++    'items': get_mapping_view,
++    'keys': get_mapping_view,
+     'pop': get_dict_pop,
+     'popitem': 1,
+     'setdefault': 1,
+     'update': 1,
++    'values': get_mapping_view,
+ }
+ 
+-_dict_white_list.update({
+-    'keys': get_iter,
+-    'values': get_iter,
+-})
+-
+ 
+ def _check_dict_access(name, value):
+     # Check whether value is a dict method
+@@ -262,6 +265,31 @@ def __next__(self):
+     next = __next__
+ 
+ 
++class _SafeMappingView:
++    __allow_access_to_unprotected_subobjects__ = 1
++
++    def __iter__(self):
++        for e in super().__iter__():
++            guard(self._mapping, e)
++            yield e
++
++
++class SafeKeysView(_SafeMappingView, collections.abc.KeysView):
++    pass
++
++
++class SafeValuesView(_SafeMappingView, collections.abc.ValuesView):
++    pass
++
++
++class SafeItemsView(_SafeMappingView, collections.abc.ItemsView):
++    def __iter__(self):
++        for k, v in super().__iter__():
++            guard(self._mapping, k)
++            guard(self._mapping, v)
++            yield k, v
++
++
+ class NullIter(SafeIter):
+     def __init__(self, ob):
+         self._iter = ob
+diff --git a/src/AccessControl/tests/actual_python.py b/src/AccessControl/tests/actual_python.py
+index 3405b8e..866a480 100644
+--- a/src/AccessControl/tests/actual_python.py
++++ b/src/AccessControl/tests/actual_python.py
+@@ -123,6 +123,39 @@ def f7():
+         access = getattr(d, meth)
+         result = sorted(access())
+         assert result == expected[kind], (meth, kind, result, expected[kind])
++        assert len(access()) == len(expected[kind]), (meth, kind, "len")
++        iter_ = access()  # iterate twice on the same view
++        assert list(iter_) == list(iter_)
++
++        assert sorted([k for k in getattr(d, meth)()]) == expected[kind]
++        assert sorted(k for k in getattr(d, meth)()) == expected[kind]
++    assert {k: v for k, v in d.items()} == d
++
++    assert 1 in d
++    assert 1 in d.keys()
++    assert 2 in d.values()
++    assert (1, 2) in d.items()
++
++    assert d
++    assert d.keys()
++    assert d.values()
++    assert d.items()
++
++    empty_d = {}
++    assert not empty_d
++    assert not empty_d.keys()
++    assert not empty_d.values()
++    assert not empty_d.items()
++
++    smaller_d = {1: 2}
++    for m, _ in methods:
++        assert getattr(d, m)() != getattr(smaller_d, m)()
++        assert not getattr(d, m)() == getattr(smaller_d, m)()
++        if m != 'values':
++            assert getattr(d, m)() > getattr(smaller_d, m)()
++            assert getattr(d, m)() >= getattr(smaller_d, m)()
++            assert getattr(smaller_d, m)() < getattr(d, m)()
++            assert getattr(smaller_d, m)() <= getattr(d, m)()
+ 
+ 
+ f7()
+diff --git a/src/AccessControl/tests/testZopeGuards.py b/src/AccessControl/tests/testZopeGuards.py
+index 533bfa2..50eeca9 100644
+--- a/src/AccessControl/tests/testZopeGuards.py
++++ b/src/AccessControl/tests/testZopeGuards.py
+@@ -258,23 +258,40 @@ def test_pop_validates(self):
+         self.assertTrue(sm.calls)
+ 
+     def test_keys_empty(self):
+-        from AccessControl.ZopeGuards import get_iter
+-        keys = get_iter({}, 'keys')
++        from AccessControl.ZopeGuards import get_mapping_view
++        keys = get_mapping_view({}, 'keys')
+         self.assertEqual(list(keys()), [])
+ 
++    def test_kvi_len(self):
++        from AccessControl.ZopeGuards import get_mapping_view
++        for attr in ("keys", "values", "items"):
++            with self.subTest(attr):
++                view = get_mapping_view({'a': 1}, attr)
++                self.assertEqual(len(view()), 1)
++
+     def test_keys_validates(self):
+         sm = SecurityManager()
+         old = self.setSecurityManager(sm)
+         keys = guarded_getattr({GuardTestCase: 1}, 'keys')
+         try:
+-            next(keys())
++            next(iter(keys()))
+         finally:
+             self.setSecurityManager(old)
+         self.assertTrue(sm.calls)
+ 
++    def test_items_validates(self):
++        sm = SecurityManager()
++        old = self.setSecurityManager(sm)
++        items = guarded_getattr({GuardTestCase: GuardTestCase}, 'items')
++        try:
++            next(iter(items()))
++        finally:
++            self.setSecurityManager(old)
++        self.assertEqual(len(sm.calls), 2)
++
+     def test_values_empty(self):
+-        from AccessControl.ZopeGuards import get_iter
+-        values = get_iter({}, 'values')
++        from AccessControl.ZopeGuards import get_mapping_view
++        values = get_mapping_view({}, 'values')
+         self.assertEqual(list(values()), [])
+ 
+     def test_values_validates(self):
+@@ -282,18 +299,17 @@ def test_values_validates(self):
+         old = self.setSecurityManager(sm)
+         values = guarded_getattr({GuardTestCase: 1}, 'values')
+         try:
+-            next(values())
++            next(iter(values()))
+         finally:
+             self.setSecurityManager(old)
+         self.assertTrue(sm.calls)
+ 
+     def test_kvi_iteration(self):
+-        from AccessControl.ZopeGuards import SafeIter
+         d = dict(a=1, b=2)
+         for attr in ("keys", "values", "items"):
+             v = getattr(d, attr)()
+-            si = SafeIter(v)
+-            self.assertEqual(next(si), next(iter(v)))
++            si = guarded_getattr(d, attr)()
++            self.assertEqual(next(iter(si)), next(iter(v)))
+ 
+ 
+ class TestListGuards(GuardTestCase):

component/egg-patch/Pillow/0001-set-metadata-in-setup.py-for-compatibility-with-old-.patch

+From 77f86b50f097dcf364e0d140e45593bf001d46bc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Fri, 1 Mar 2024 09:49:17 +0900
+Subject: [PATCH] set metadata in setup.py for compatibility with old slapos
+ buildout
+
+---
+ setup.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/setup.py b/setup.py
+index 1bf0bcff5..a93fe7b22 100755
+--- a/setup.py
++++ b/setup.py
+@@ -987,6 +987,11 @@ ext_modules = [
+ 
+ try:
+     setup(
++        name='pillow',
++        version='10.2.0',
++        packages=["PIL"],
++        include_package_data=True,
++        package_dir={"": "src"},
+         cmdclass={"build_ext": pil_build_ext},
+         ext_modules=ext_modules,
+         zip_safe=not (debug_build() or PLATFORM_MINGW),
+-- 
+2.42.0
+

component/egg-patch/Products.CMFCore/import-from-zope.lifecycleevent.interfaces.patch

+From c233d7278ae7089ba2ad32b8a178a3793273a47d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Sat, 1 Jun 2024 14:58:23 +0900
+Subject: [PATCH] import from zope.lifecycleevent.interfaces to prevent
+ DeprecationWarnings
+
+partial backport from https://github.com/zopefoundation/Products.CMFCore/pull/125
+---
+ src/Products/CMFCore/CMFCatalogAware.py      | 4 ++--
+ src/Products/CMFCore/CachingPolicyManager.py | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/Products/CMFCore/CMFCatalogAware.py b/src/Products/CMFCore/CMFCatalogAware.py
+index a574660..502161f 100644
+--- a/src/Products/CMFCore/CMFCatalogAware.py
++++ b/src/Products/CMFCore/CMFCatalogAware.py
+@@ -25,11 +25,11 @@ from OFS.interfaces import IObjectClonedEvent
+ from OFS.interfaces import IObjectWillBeMovedEvent
+ from zope.component import queryUtility
+ from zope.component import subscribers
+-from zope.container.interfaces import IObjectAddedEvent
+-from zope.container.interfaces import IObjectMovedEvent
+ from zope.interface import implementer
++from zope.lifecycleevent.interfaces import IObjectAddedEvent
+ from zope.lifecycleevent.interfaces import IObjectCopiedEvent
+ from zope.lifecycleevent.interfaces import IObjectCreatedEvent
++from zope.lifecycleevent.interfaces import IObjectMovedEvent
+ 
+ from .interfaces import ICallableOpaqueItem
+ from .interfaces import ICatalogAware
+diff --git a/src/Products/CMFCore/CachingPolicyManager.py b/src/Products/CMFCore/CachingPolicyManager.py
+index 3722b7f..65a079d 100644
+--- a/src/Products/CMFCore/CachingPolicyManager.py
++++ b/src/Products/CMFCore/CachingPolicyManager.py
+@@ -27,9 +27,9 @@ from Persistence import PersistentMapping
+ from Products.PageTemplates.Expressions import SecureModuleImporter
+ from Products.PageTemplates.Expressions import getEngine
+ from zope.component import getUtility
+-from zope.container.interfaces import IObjectMovedEvent
+ from zope.datetime import rfc1123_date
+ from zope.interface import implementer
++from zope.lifecycleevent.interfaces import IObjectMovedEvent
+ 
+ from .Expression import Expression
+ from .interfaces import ICachingPolicy
+-- 
+2.42.0
+

component/egg-patch/Products.CMFCore/resource-registerClass.patch

+From 2a248ffc584082122776f3b51f5fdaf90c5e2905 Mon Sep 17 00:00:00 2001
+From: Maurits van Rees <maurits@vanrees.org>
+Date: Tue, 23 Apr 2024 22:22:53 +0200
+Subject: [PATCH] Use the new resources keyword of registerClass if available.
+
+This avoids a deprecation warning for using a non callable constructor in Zope higher than 5.9.
+See report in https://github.com/zopefoundation/Zope/issues/1202
+---
+ CHANGES.rst                   |  6 ++++-
+ src/Products/CMFCore/utils.py | 51 ++++++++++++++++++++++++-----------
+ 2 files changed, 40 insertions(+), 17 deletions(-)
+
+diff --git a/src/Products/CMFCore/utils.py b/src/Products/CMFCore/utils.py
+index 2f99d6d..565914d 100644
+--- a/src/Products/CMFCore/utils.py
++++ b/src/Products/CMFCore/utils.py
+@@ -599,13 +599,20 @@ def initialize(self, context):
+         # Add only one meta type to the folder add list.
+         productObject = context._ProductContext__prod
+         self.product_name = productObject.id
+-        context.registerClass(
+-            meta_type=self.meta_type,
+-            # This is a little sneaky: we add self to the
+-            # FactoryDispatcher under the name "toolinit".
+-            # manage_addTool() can then grab it.
+-            constructors=(manage_addToolForm, manage_addTool, self),
+-            icon=self.icon)
++        # We add self to the FactoryDispatcher under the name 'toolinit'.
++        # manage_addContentType() can then grab it.
++        try:
++            context.registerClass(
++                meta_type=self.meta_type,
++                constructors=(manage_addToolForm, manage_addTool),
++                resources=(self, ),
++                icon=self.icon)
++        except TypeError:
++            # The 'resources' keyword was only introduced after Zope 5.9.
++            context.registerClass(
++                meta_type=self.meta_type,
++                constructors=(manage_addToolForm, manage_addTool, self),
++                icon=self.icon)
+ 
+         if self.icon:
+             icon = os_path.split(self.icon)[1]
+@@ -680,15 +687,27 @@ def __init__(self, meta_type, content_types, permission=None,
+ 
+     def initialize(self, context):
+         # Add only one meta type to the folder add list.
+-        context.registerClass(
+-            meta_type=self.meta_type,
+-            # This is a little sneaky: we add self to the
+-            # FactoryDispatcher under the name "contentinit".
+-            # manage_addContentType() can then grab it.
+-            constructors=(manage_addContentForm, manage_addContent,
+-                          self) + self.extra_constructors,
+-            permission=self.permission,
+-            visibility=self.visibility)
++        # We add self to the FactoryDispatcher under the name 'contentinit'.
++        # manage_addContentType() can then grab it.
++        try:
++            context.registerClass(
++                meta_type=self.meta_type,
++                constructors=(
++                    manage_addContentForm,
++                    manage_addContent,
++                    ) + self.extra_constructors,
++                resources=(self, ),
++                permission=self.permission,
++                visibility=self.visibility)
++        except TypeError:
++            # The 'resources' keyword was only introduced after Zope 5.9.
++            context.registerClass(
++                meta_type=self.meta_type,
++                constructors=(
++                    manage_addContentForm, manage_addContent, self,
++                    ) + self.extra_constructors,
++                permission=self.permission,
++                visibility=self.visibility)
+ 
+         for ct in self.content_types:
+             ct.__factory_meta_type__ = self.meta_type

component/egg-patch/Products.DCWorkflow/workflow_method-3.0.0.patch

+From 3c6b815bbb2a9300984a7b50cb5ec5375bf4588e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Tue, 2 Apr 2024 21:54:07 +0900
+Subject: [PATCH] Revive TRIGGER_WORKFLOW_METHOD support, ERP5 uses it
+
+---
+ src/Products/DCWorkflow/DCWorkflow.py         | 47 +++++++++++++++++++
+ src/Products/DCWorkflow/Transitions.py        |  1 +
+ .../dtml/transition_properties.dtml           | 10 ++++
+ src/Products/DCWorkflow/dtml/transitions.dtml |  3 +-
+ src/Products/DCWorkflow/exportimport.py       |  2 +-
+ 5 files changed, 61 insertions(+), 2 deletions(-)
+
+diff --git a/src/Products/DCWorkflow/DCWorkflow.py b/src/Products/DCWorkflow/DCWorkflow.py
+index 9adf05c..d0306dc 100644
+--- a/src/Products/DCWorkflow/DCWorkflow.py
++++ b/src/Products/DCWorkflow/DCWorkflow.py
+@@ -38,6 +38,7 @@ from .Expression import createExprContext
+ from .interfaces import IDCWorkflowDefinition
+ from .Transitions import TRIGGER_AUTOMATIC
+ from .Transitions import TRIGGER_USER_ACTION
++from .Transitions import TRIGGER_WORKFLOW_METHOD
+ from .utils import Message as _
+ from .utils import modifyRolesForGroup
+ from .utils import modifyRolesForPermission
+@@ -278,6 +279,52 @@ class DCWorkflowDefinition(WorkflowUIMixin, Folder):
+             raise Unauthorized(action)
+         self._changeStateOf(ob, tdef, kw)
+ 
++    @security.private
++    def isWorkflowMethodSupported(self, ob, method_id):
++        '''
++        Returns a true value if the given workflow method
++        is supported in the current state.
++        '''
++        sdef = self._getWorkflowStateOf(ob)
++        if sdef is None:
++            return 0
++        if method_id in sdef.transitions:
++            tdef = self.transitions.get(method_id, None)
++            if (tdef is not None and
++                tdef.trigger_type == TRIGGER_WORKFLOW_METHOD and
++                self._checkTransitionGuard(tdef, ob)):
++                return 1
++        return 0
++
++    @security.private
++    def wrapWorkflowMethod(self, ob, method_id, func, args, kw):
++        '''
++        Allows the user to request a workflow action.  This method
++        must perform its own security checks.
++        '''
++        sdef = self._getWorkflowStateOf(ob)
++        if sdef is None:
++            raise WorkflowException('Object is in an undefined state')
++        if method_id not in sdef.transitions:
++            raise Unauthorized(method_id)
++        tdef = self.transitions.get(method_id, None)
++        if tdef is None or tdef.trigger_type != TRIGGER_WORKFLOW_METHOD:
++            raise WorkflowException(
++                'Transition %s is not triggered by a workflow method'
++                % method_id)
++        if not self._checkTransitionGuard(tdef, ob):
++            raise Unauthorized(method_id)
++        res = func(*args, **kw)
++        try:
++            self._changeStateOf(ob, tdef)
++        except ObjectDeleted:
++            # Re-raise with a different result.
++            raise ObjectDeleted(res)
++        except ObjectMoved as ex:
++            # Re-raise with a different result.
++            raise ObjectMoved(ex.getNewObject(), res)
++        return res
++
+     @security.private
+     def isInfoSupported(self, ob, name):
+         '''
+diff --git a/src/Products/DCWorkflow/Transitions.py b/src/Products/DCWorkflow/Transitions.py
+index a6e1e6f..b4e012c 100644
+--- a/src/Products/DCWorkflow/Transitions.py
++++ b/src/Products/DCWorkflow/Transitions.py
+@@ -31,6 +31,7 @@ from .utils import _dtmldir
+ 
+ TRIGGER_AUTOMATIC = 0
+ TRIGGER_USER_ACTION = 1
++TRIGGER_WORKFLOW_METHOD = 2
+ 
+ 
+ class TransitionDefinition(SimpleItem):
+diff --git a/src/Products/DCWorkflow/dtml/transition_properties.dtml b/src/Products/DCWorkflow/dtml/transition_properties.dtml
+index d6b8a74..6a0803e 100644
+--- a/src/Products/DCWorkflow/dtml/transition_properties.dtml
++++ b/src/Products/DCWorkflow/dtml/transition_properties.dtml
+@@ -55,6 +55,16 @@ Initiated by user action
+ </td>
+ </tr>
+ 
++<tr>
++<th></th>
++<td>
++<dtml-let checked="trigger_type==2 and 'checked' or ' '">
++<input type="radio" name="trigger_type" value="2" &dtml-checked; />
++Initiated by WorkflowMethod
++</dtml-let>
++</td>
++</tr>
++
+ <tr>
+ <th align="left">Script (before)</th>
+ <td>
+diff --git a/src/Products/DCWorkflow/dtml/transitions.dtml b/src/Products/DCWorkflow/dtml/transitions.dtml
+index 4cdd3d3..37e949c 100644
+--- a/src/Products/DCWorkflow/dtml/transitions.dtml
++++ b/src/Products/DCWorkflow/dtml/transitions.dtml
+@@ -17,7 +17,8 @@
+   <td>
+    Destination state: <code><dtml-if new_state_id>&dtml-new_state_id;<dtml-else>(Remain in state)</dtml-if></code> <br />
+    Trigger: <dtml-var expr="(trigger_type == 0 and 'Automatic') or
+-                            (trigger_type == 1 and 'User action')">
++                            (trigger_type == 1 and 'User action') or
++                            (trigger_type == 2 and 'WorkflowMethod')">
+    <br />
+    <dtml-if script_name>
+      Script (before): &dtml-script_name;
+diff --git a/src/Products/DCWorkflow/exportimport.py b/src/Products/DCWorkflow/exportimport.py
+index f17264d..2374b6e 100644
+--- a/src/Products/DCWorkflow/exportimport.py
++++ b/src/Products/DCWorkflow/exportimport.py
+@@ -37,7 +37,7 @@ from .interfaces import IDCWorkflowDefinition
+ from .utils import _xmldir
+ 
+ 
+-TRIGGER_TYPES = ('AUTOMATIC', 'USER')
++TRIGGER_TYPES = ('AUTOMATIC', 'USER', 'METHOD' )
+ _FILENAME = 'workflows.xml'
+ 
+ 
+-- 
+2.42.0
+

component/egg-patch/Products.PythonScripts/65.patch

+From a037f2a2e2090dcd63b83af9b06427dd8c7e9536 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Wed, 22 May 2024 23:58:45 +0900
+Subject: [PATCH] Show Python Script source code in tracebacks
+
+Expose a __loader__ in globals so that linecache module is able to use
+it to display the source code.
+
+This requires changing the "filename" used when compiling function,
+because linecache uses code.co_filename as a cache key, so it's
+necessary that each python script use a different filename.
+
+WIP from https://github.com/zopefoundation/Products.PythonScripts/pull/65
+
+
+---
+ CHANGES.rst                                   |  2 +
+ src/Products/PythonScripts/PythonScript.py    | 19 ++++++-
+ .../PythonScripts/tests/testPythonScript.py   | 50 ++++++++++++++++++-
+ 3 files changed, 67 insertions(+), 4 deletions(-)
+
+diff --git a/src/Products/PythonScripts/PythonScript.py b/src/Products/PythonScripts/PythonScript.py
+index fe4223a..5cb7f37 100644
+--- a/src/Products/PythonScripts/PythonScript.py
++++ b/src/Products/PythonScripts/PythonScript.py
+@@ -16,7 +16,9 @@
+ Python code.
+ """
+ 
++import importlib.abc
+ import importlib.util
++import linecache
+ import marshal
+ import os
+ import re
+@@ -56,7 +58,7 @@
+ Python_magic = importlib.util.MAGIC_NUMBER
+ 
+ # This should only be incremented to force recompilation.
+-Script_magic = 4
++Script_magic = 5
+ _log_complaint = (
+     'Some of your Scripts have stale code cached.  Since Zope cannot'
+     ' use this code, startup will be slightly slower until these Scripts'
+@@ -97,6 +99,16 @@ def manage_addPythonScript(self, id, title='', file=None, REQUEST=None,
+     return ''
+ 
+ 
++class PythonScriptLoader(importlib.abc.Loader):
++    """PEP302 loader to display source code in tracebacks
++    """
++    def __init__(self, source):
++        self._source = source
++
++    def get_source(self, name):
++        return self._source
++
++
+ class PythonScript(Script, Historical, Cacheable):
+     """Web-callable scripts written in a safe subset of Python.
+ 
+@@ -234,7 +246,7 @@ def _compile(self):
+             self._params,
+             body=self._body or 'pass',
+             name=self.id,
+-            filename=self.meta_type,
++            filename=getattr(self, '_filepath', None) or self.get_filepath(),
+             globalize=bind_names)
+ 
+         code = compile_result.code
+@@ -261,6 +273,7 @@ def _compile(self):
+                                fc.co_argcount)
+         self.Python_magic = Python_magic
+         self.Script_magic = Script_magic
++        linecache.clearcache()
+         self._v_change = 0
+ 
+     def _newfun(self, code):
+@@ -331,6 +344,8 @@ def _exec(self, bound_names, args, kw):
+             PythonScriptTracebackSupplement, self, -1)
+         safe_globals['__file__'] = getattr(
+             self, '_filepath', None) or self.get_filepath()
++        safe_globals['__loader__'] = PythonScriptLoader(self._body)
++
+         function = types.FunctionType(
+             function_code, safe_globals, None, function_argument_definitions)
+ 
+diff --git a/src/Products/PythonScripts/tests/testPythonScript.py b/src/Products/PythonScripts/tests/testPythonScript.py
+index 60ef6c3..7cd2266 100644
+--- a/src/Products/PythonScripts/tests/testPythonScript.py
++++ b/src/Products/PythonScripts/tests/testPythonScript.py
+@@ -15,6 +15,7 @@
+ import io
+ import os
+ import sys
++import traceback
+ import unittest
+ import warnings
+ from urllib.error import HTTPError
+@@ -241,7 +242,8 @@ def test_manage_DAVget(self):
+         self.assertEqual(ps.read(), ps.manage_DAVget())
+ 
+     def test_PUT_native_string(self):
+-        ps = makerequest(self._filePS('complete'))
++        container = DummyFolder('container')
++        ps = makerequest(self._filePS('complete').__of__(container))
+         self.assertEqual(ps.title, 'This is a title')
+         self.assertEqual(ps.body(), 'print(foo+bar+baz)\nreturn printed\n')
+         self.assertEqual(ps.params(), 'foo, bar, baz=1')
+@@ -265,7 +267,8 @@ def test_PUT_native_string(self):
+         self.assertEqual(ps.params(), 'oops')
+ 
+     def test_PUT_bytes(self):
+-        ps = makerequest(self._filePS('complete'))
++        container = DummyFolder('container')
++        ps = makerequest(self._filePS('complete').__of__(container))
+         self.assertEqual(ps.title, 'This is a title')
+         self.assertEqual(ps.body(), 'print(foo+bar+baz)\nreturn printed\n')
+         self.assertEqual(ps.params(), 'foo, bar, baz=1')
+@@ -588,3 +591,46 @@ def test_PythonScript_proxyroles_nonmanager(self):
+ 
+         # Cleanup
+         noSecurityManager()
++
++
++class TestTraceback(FunctionalTestCase, PythonScriptTestBase):
++
++    def _format_exception(self):
++        return "".join(traceback.format_exception(*sys.exc_info()))
++
++    def test_source_code_in_traceback(self):
++        ps = self._newPS("1 / 0")
++        try:
++            ps()
++        except ZeroDivisionError:
++            formatted_exception = self._format_exception()
++        self.assertIn("1 / 0", formatted_exception)
++
++        ps.write("2 / 0")
++        try:
++            ps()
++        except ZeroDivisionError:
++            formatted_exception = self._format_exception()
++        self.assertIn("2 / 0", formatted_exception)
++
++    def test_multiple_scripts_in_traceback(self):
++        from Products.PythonScripts.PythonScript import manage_addPythonScript
++
++        script1_body = "container.script2()"
++        manage_addPythonScript(
++            self.folder,
++            "script1",
++            file=script1_body,
++        )
++        script2_body = "1 / 0"
++        manage_addPythonScript(
++            self.folder,
++            "script2",
++            file=script2_body,
++        )
++        try:
++            self.folder.script1()
++        except ZeroDivisionError:
++            formatted_exception = self._format_exception()
++        self.assertIn(script1_body, formatted_exception)
++        self.assertIn(script2_body, formatted_exception)

component/egg-patch/SOAPpy-py3/0001-backport-changes-from-0.52.29.patch

+From 21a91db138cca3ada0e4dff475b061066362410c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Sat, 17 Feb 2024 23:25:43 +0900
+Subject: [PATCH] backport changes from 0.52.29
+
+We can not use 0.52.29 directly because it does not have a setup.py
+and our buildout / setuptools tooling is too old.
+---
+ src/SOAPpy/Client.py | 3 ++-
+ src/SOAPpy/Types.py  | 2 ++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/SOAPpy/Client.py b/src/SOAPpy/Client.py
+index e86c5ec..d2bbefb 100644
+--- a/src/SOAPpy/Client.py
++++ b/src/SOAPpy/Client.py
+@@ -45,6 +45,7 @@
+ ident = '$Id: Client.py 1496 2010-03-04 23:46:17Z pooryorick $'
+ 
+ from .version import __version__
++from io import StringIO
+ 
+ #import xml.sax
+ import urllib.request, urllib.parse, urllib.error
+@@ -152,7 +153,7 @@ class HTTP:
+             return -1, e.line, None
+ 
+         self.headers = response.msg
+-        self.file = response.fp
++        self.file = StringIO(response.fp.read().decode('utf-8'))
+         return response.status, response.reason, response.msg
+ 
+     def close(self):
+diff --git a/src/SOAPpy/Types.py b/src/SOAPpy/Types.py
+index de9dcac..cf08d17 100644
+--- a/src/SOAPpy/Types.py
++++ b/src/SOAPpy/Types.py
+@@ -1451,6 +1451,8 @@ class arrayType(collections.UserList, compoundType):
+     def __getitem__(self, item):
+         try:
+             return self.data[int(item)]
++        except TypeError:
++            return self.data[item]
+         except ValueError:
+             return getattr(self, item)
+ 
+-- 
+2.42.0
+

component/egg-patch/huBarcode/fix-loading-font-for-ean13.patch

+From c56146829ab065183c709229a9daa682cc445212 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Fri, 26 Apr 2024 15:09:39 +0900
+Subject: [PATCH] fix loading font for ean13
+
+use same technique as for code128
+---
+ hubarcode/ean13/renderer.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hubarcode/ean13/renderer.py b/hubarcode/ean13/renderer.py
+index 654501e..ff5f518 100644
+--- a/hubarcode/ean13/renderer.py
++++ b/hubarcode/ean13/renderer.py
+@@ -78,8 +78,10 @@ class EAN13Renderer:
+         # Draw the text
+         font_size = font_sizes.get(bar_width, 24)
+ 
+-        # Use relative name, PIL will do searching for us
+-        fontfile = os.path.join("fonts", "courR%02d.pil" % font_size)
++        # Locate and load the font file relative to the module
++        ean13dir, _ = os.path.split(__file__)
++        rootdir, _ = os.path.split(ean13dir)
++        fontfile = os.path.join(rootdir, "fonts", "courR%02d.pil" % font_size)
+ 
+         font = ImageFont.load_path(fontfile)
+         draw = ImageDraw.Draw(img)
+-- 
+2.42.0
+

component/pillow/buildout.cfg

@@ -34,3 +34,8 @@ rpath =
   ${libjpeg:location}/lib
   ${libtiff:location}/lib
   ${zlib:location}/lib
+Pillow-patches =  ${:_profile_base_location_}/../../component/egg-patch/Pillow/0001-set-metadata-in-setup.py-for-compatibility-with-old-.patch#0a06cc5a94d3db24688938731e4b15e2
+Pillow-patch-options = -p1
+
+[pillow-python:python2]
+Pillow-patches =

component/pylint/buildout.cfg

@@ -5,19 +5,27 @@ parts =
 extends =
   ../patch/buildout.cfg
 
-[astroid]
+[pylint]
+recipe = zc.recipe.egg
+egg = pylint
+
+[pylint:python2]
 recipe = zc.recipe.egg:custom
-egg = astroid
 patches =
-  ${:_profile_base_location_}/astroid-six_moves_import_error.patch#377beb0c50f52b9608bb6be7bf93096e
+  ${:_profile_base_location_}/pylint-super_on_old_class.patch#cb0c3f8c091bf4980be395c917edc435
+  ${:_profile_base_location_}/pylint-redefining-builtins-modules.patch#043defc6e9002ac48b40e078797d4d17
 patch-options = -p1
 patch-binary = ${patch:location}/bin/patch
 
-[pylint]
+
+[astroid]
+recipe = zc.recipe.egg
+egg = astroid
+
+[astroid:python2]
 recipe = zc.recipe.egg:custom
-egg = pylint
 patches =
-  ${:_profile_base_location_}/pylint-super_on_old_class.patch#cb0c3f8c091bf4980be395c917edc435
-  ${:_profile_base_location_}/pylint-redefining-builtins-modules.patch#043defc6e9002ac48b40e078797d4d17
+  ${:_profile_base_location_}/astroid-six_moves_import_error.patch#377beb0c50f52b9608bb6be7bf93096e
+  ${:_profile_base_location_}/fix-import-six.moves.urllib.request-on-astroid-1.3.8.patch#266139a893d0eba377ac510fb0fa75f1
 patch-options = -p1
 patch-binary = ${patch:location}/bin/patch

component/pylint/fix-import-six.moves.urllib.request-on-astroid-1.3.8.patch

+From 67abf302360eab857fb02d1e83a97aff86f31aa5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
+Date: Tue, 9 Apr 2024 11:04:38 +0900
+Subject: [PATCH] fix "import six.moves.urllib.request" on astroid 1.3.8
+
+---
+ astroid/brain/pysix_moves.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/astroid/brain/pysix_moves.py b/astroid/brain/pysix_moves.py
+index 4a82b499..9bf31146 100644
+--- a/astroid/brain/pysix_moves.py
++++ b/astroid/brain/pysix_moves.py
+@@ -164,6 +164,7 @@ if sys.version_info[0] == 2:
+ 
+     urllib_parse = UrllibParse()
+     urllib_error = UrllibError()
++    urllib_request = UrllibRequest()
+     urllib = DummyModule()
+     urllib.request = UrllibRequest()
+     urllib.parse = UrllibParse()
+-- 
+2.42.0
+

component/python-ldap-python/buildout.cfg

 [buildout]
 parts =
-  python-ldap
+  python-ldap-python
 extends =
   ../cyrus-sasl/buildout.cfg
   ../openldap/buildout.cfg
@@ -10,19 +10,25 @@ extends =
 [python-ldap-python]
 recipe = zc.recipe.egg:custom
 egg = python-ldap
-patches =
-  ${:_profile_base_location_}/python-ldap-no_default_dirs.patch#959115f13f1de5c63654c69b8dfacd69
-patch-options = -p1
-patch-binary = ${patch:location}/bin/patch
 rpath =
   ${openldap:location}/lib
   ${cyrus-sasl:location}/lib
   ${openssl:location}/lib
 include-dirs =
   ${openldap:location}/include
-  ${cyrus-sasl:location}/include/sasl
+  ${cyrus-sasl:location}/include
   ${openssl:location}/include
 library-dirs =
   ${openldap:location}/lib
   ${cyrus-sasl:location}/lib
   ${openssl:location}/lib
+
+[python-ldap-python:python2]
+patches =
+  ${:_profile_base_location_}/python-ldap-no_default_dirs.patch#959115f13f1de5c63654c69b8dfacd69
+patch-options = -p1
+patch-binary = ${patch:location}/bin/patch
+include-dirs =
+  ${openldap:location}/include
+  ${cyrus-sasl:location}/include/sasl
+  ${openssl:location}/include

component/python-pyzmq/buildout.cfg

@@ -16,3 +16,5 @@ egg = pyzmq
 environment = python-pyzmq-env
 rpath =
   ${libzmq:location}/lib
+setup-eggs =
+  packaging

component/python-xmlsec/buildout.cfg

@@ -21,9 +21,19 @@ setup-eggs =
   pkgconfig
   pathlib2
   setuptools-scm
-  toml
+  tomli
 environment = python-xmlsec-env
 
+
+[python-xmlsec:python2]
+setup-eggs =
+  ${lxml-python:egg}
+  pkgconfig
+  pathlib2
+  setuptools-scm
+  toml
+
+
 [python-xmlsec-env]
 PKG_CONFIG=${pkgconfig:location}/bin/pkg-config
 PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig:${xmlsec:location}/lib/pkgconfig

component/tempstorage/buildout.cfg

@@ -36,15 +36,19 @@ init =
   zc.buildout.easy_install.default_versions(versions)
 
 
-# tempstorage5 is plain upstream egg
-[tempstorage5]
+# tempstorage6 and tempstorage5 are plain upstream egg
+[tempstorage6]
 recipe  = zc.recipe.egg:eggs
 egg     = tempstorage
 eggs    = ${:egg}
 
 egg-versions =
-  tempstorage = 5.2
+  tempstorage = 6.0.0
 
+[tempstorage5]
+<= tempstorage6
+egg-versions =
+  tempstorage = 5.2
 
 # tempstorage4-wc2 is tempstorage 3 + backports for loadBefore fixes
 [tempstorage4-wc2]

software/erp5/software-py3.cfg

+[buildout]
+extends =
+  ../../stack/erp5/buildout.cfg
+
+[python]
+part = python3
+
+[openssl]
+<= openssl-3.0
+
+[erp5]
+repository = https://lab.nexedi.com/nexedi/erp5.git
+branch = zope4py3
+develop = true
+
+[neoppod-repository]
+# Pinned to a revision before 6ffafcbd (Fix egg dependencies, 2024-05-17) which
+# is incompatible with our versions:
+#   The requirement ('msgpack<1,>=0.5.6') is not allowed by your [versions] constraint (1.0.5)
+revision = c4443632e3541c064f5b43096099f4a8b74cbf58
+
+[template-zope]
+link-binary +=
+  ${python3:location}/bin/2to3

software/erp5/software-py3.cfg.json

+software.cfg.json
\ No newline at end of file

software/erp5/software.cfg

 [buildout]
 extends =
   ../../stack/erp5/buildout.cfg
+  ../../stack/slapos-py2.cfg
+
+[template-zope]
+link-binary +=
+  ${python2.7:location}/bin/2to3

software/erp5/test/test/__init__.py

@@ -46,10 +46,14 @@ from cryptography.x509.oid import NameOID
 from slapos.testing.testcase import ManagedResource, makeModuleSetUpAndTestCaseClass
 from slapos.testing.utils import findFreeTCPPort
 
+ERP5PY3 = os.environ['SLAPOS_SR_TEST_NAME'] == 'erp5-py3'
 
 _setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
     os.path.abspath(
-        os.path.join(os.path.dirname(__file__), '..', '..', 'software.cfg')))
+        os.path.join(os.path.dirname(__file__), '..', '..', 'software%s.cfg' % (
+          '-py3' if ERP5PY3 else ''))),
+    software_id=os.environ['SLAPOS_SR_TEST_NAME'],
+)
 
 
 setup_module_executed = False
@@ -191,7 +195,10 @@ def neo(instance_parameter_dict):
 class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
   """ERP5 base test case
   """
-  __test_matrix__ = matrix((zeo, neo))  # switch between NEO and ZEO mode
+  if ERP5PY3:
+    __test_matrix__ = matrix((zeo, ))  # TODO: NEO is not yet enabled for py3
+  else:
+    __test_matrix__ = matrix((zeo, neo))  # switch between NEO and ZEO mode
 
   @classmethod
   def isNEO(cls):

software/erp5/test/test/test_erp5.py

@@ -51,7 +51,7 @@ import urllib3
 from slapos.testing.utils import CrontabMixin
 import zc.buildout.configparser
 
-from . import CaucaseService, ERP5InstanceTestCase, default, matrix, neo, setUpModule
+from . import CaucaseService, ERP5InstanceTestCase, default, matrix, neo, setUpModule, ERP5PY3
 
 setUpModule # pyflakes
 
@@ -1302,60 +1302,80 @@ class TestNEO(ZopeSkinsMixin, CrontabMixin, ERP5InstanceTestCase):
   __partition_reference__ = 'n'
   __test_matrix__ = matrix((neo,))
 
-  def _getCrontabCommand(self, crontab_name: str) -> str:
-    """Read a crontab and return the command that is executed.
-
-    overloaded to use crontab from neo partition
-    """
-    with open(
-        os.path.join(
+  if ERP5PY3:
+    # NEO is not ready for python3 at this time, this test is here to become
+    # an unexpected success once it starts working, so that we remember to
+    # remove this and enable neo in ERP5InstanceTestCase.__test_matrix__
+    setup_failed_exception = None
+    @classmethod
+    def setUpClass(cls):
+      try:
+        super().setUpClass()
+      except BaseException as e:
+        cls.setup_failed_exception = e
+        cls.setUp = lambda self: None
+        cls.tearDownClass = classmethod(lambda cls: None)
+
+    @unittest.expectedFailure
+    def test_neo_py3(self):
+      self.assertIsNone(self.setup_failed_exception)
+
+  else:
+    def _getCrontabCommand(self, crontab_name: str) -> str:
+      """Read a crontab and return the command that is executed.
+
+      overloaded to use crontab from neo partition
+      """
+      with open(
+          os.path.join(
+              self.getComputerPartitionPath('neo-0'),
+              'etc',
+              'cron.d',
+              crontab_name,
+          )) as f:
+        crontab_spec, = f.readlines()
+      self.assertNotEqual(crontab_spec[0], '@', crontab_spec)
+      return crontab_spec.split(None, 5)[-1]
+
+    def test_log_rotation(self):
+      # first run to create state files
+      self._executeCrontabAtDate('logrotate', '2000-01-01')
+
+      def check_sqlite_log(path):
+        with self.subTest(path), contextlib.closing(sqlite3.connect(path)) as con:
+          con.execute('select * from log')
+
+      logfiles = ('neoadmin.log', 'neomaster.log', 'neostorage-0.log')
+      for f in logfiles:
+        check_sqlite_log(
+          os.path.join(
             self.getComputerPartitionPath('neo-0'),
-            'etc',
-            'cron.d',
-            crontab_name,
-        )) as f:
-      crontab_spec, = f.readlines()
-    self.assertNotEqual(crontab_spec[0], '@', crontab_spec)
-    return crontab_spec.split(None, 5)[-1]
-
-  def test_log_rotation(self):
-    # first run to create state files
-    self._executeCrontabAtDate('logrotate', '2000-01-01')
-
-    def check_sqlite_log(path):
-      with self.subTest(path), contextlib.closing(sqlite3.connect(path)) as con:
-        con.execute('select * from log')
+            'var',
+            'log',
+            f))
 
-    logfiles = ('neoadmin.log', 'neomaster.log', 'neostorage-0.log')
-    for f in logfiles:
-      check_sqlite_log(
-        os.path.join(
-          self.getComputerPartitionPath('neo-0'),
-          'var',
-          'log',
-          f))
+      self._executeCrontabAtDate('logrotate', '2050-01-01')
 
-    self._executeCrontabAtDate('logrotate', '2050-01-01')
+      for f in logfiles:
+        check_sqlite_log(
+          os.path.join(
+            self.getComputerPartitionPath('neo-0'),
+            'srv',
+            'backup',
+            'logrotate',
+            f'{f}-20500101'))
 
-    for f in logfiles:
-      check_sqlite_log(
-        os.path.join(
-          self.getComputerPartitionPath('neo-0'),
-          'srv',
-          'backup',
-          'logrotate',
-          f'{f}-20500101'))
+      self._executeCrontabAtDate('logrotate', '2050-01-02')
+      requests.get(self._getAuthenticatedZopeUrl('/'), verify=False).raise_for_status()
 
-    self._executeCrontabAtDate('logrotate', '2050-01-02')
-    requests.get(self._getAuthenticatedZopeUrl('/'), verify=False).raise_for_status()
+      for f in logfiles:
+        check_sqlite_log(
+          os.path.join(
+            self.getComputerPartitionPath('neo-0'),
+            'var',
+            'log',
+            f))
 
-    for f in logfiles:
-      check_sqlite_log(
-        os.path.join(
-          self.getComputerPartitionPath('neo-0'),
-          'var',
-          'log',
-          f))
 
 class TestPassword(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
   __partition_reference__ = 'p'

software/erp5/test/test/test_wcfs.py

@@ -23,7 +23,7 @@ import unittest
 from slapos.grid.utils import md5digest
 
 from . import ERP5InstanceTestCase
-from . import setUpModule as _setUpModule
+from . import setUpModule as _setUpModule, ERP5PY3
 from .test_erp5 import TestPublishedURLIsReachableMixin
 
 
@@ -38,6 +38,8 @@ def setUpModule():
       md5digest(cls.getSoftwareURL()),
       'bin', 'wcfs')):
     raise unittest.SkipTest("built with wendelin.core 1")
+  if ERP5PY3:
+    raise unittest.SkipTest("wendelin.core does not support python3 yet")
 
 
 class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):

software/neoppod/buildout.hash.cfg

@@ -22,7 +22,7 @@ md5sum = 102a7f1c1bc46a9b3fa5bd9b9a628e1d
 
 [instance-neo-admin]
 filename = instance-neo-admin.cfg.in
-md5sum = b6e1ccb1d90160110202e5111eec2afa
+md5sum = a0ec1dce4c7a237fbeef3f8aee62e55a
 
 [instance-neo-master]
 filename = instance-neo-master.cfg.in
@@ -34,7 +34,7 @@ md5sum = bc647a29f9d6ece2e4117ce8f04d27c5
 
 [template-neo-my-cnf]
 filename = my.cnf.in
-md5sum = 56ea8f452d9e1526157ab9d03e631e1a
+md5sum = 3ae93702f3890a504cc8a93eb5ad52bc
 
 [template-neo]
 filename = instance.cfg.in

software/neoppod/instance-neo-admin.cfg.in

@@ -45,7 +45,7 @@ ssl = {{ dumps(bool(slapparameter_dict['ssl'])) }}
 cluster = {{ dumps(slapparameter_dict['cluster']) }}
 masters = {{ dumps(slapparameter_dict['masters']) }}
 extra-options =
-{%- for k, v in monitor_dict.iteritems() %}
+{%- for k, v in six.iteritems(monitor_dict) %}
 {%-   if k == 'backup' %}
 {%-     set k = 'monitor-backup' %}
 {%-   endif %}

software/neoppod/my.cnf.in

@@ -45,7 +45,7 @@ innodb_locks_unsafe_for_binlog = 1
 {{x}}sync_frm = 0
 
 # Extra parameters.
-{%- for k, v in extra_dict.iteritems() %}
+{%- for k, v in six.iteritems(extra_dict) %}
 {%- do assert('-' not in k) %}
 {{ k }} = {{ v }}
 {%- endfor %}

software/neoppod/software-common.cfg

@@ -23,9 +23,6 @@ extends =
     ../../component/ZEO/buildout.cfg
     ../../component/zodbtools/buildout.cfg
 
-# Python2 versions for buildout (keep last)
-    ../../stack/slapos-py2.cfg
-
 parts =
 # keep neoppod first so that ZODB is built correctly,
 # before any other section that would depend on it
@@ -135,10 +132,14 @@ inline =
   exec "$basedir/bin/mysqld" --defaults-file='{{defaults_file}}' "$@"
 
 [versions]
-coverage = 5.5
+coverage = 7.5.1
 ecdsa = 0.13
-mysqlclient = 1.3.12
+mysqlclient = 2.0.1
 PyMySQL = 0.10.1
-pycrypto = 2.6.1
 cython-zstd = 0.2
 funcsigs = 1.0.2
+
+[versions:python2]
+coverage = 5.5
+mysqlclient = 1.3.12
+pycrypto = 2.6.1

software/neoppod/software.cfg

@@ -2,7 +2,7 @@
 extends =
     buildout.hash.cfg
     software-common.cfg
-
+    ../../stack/slapos-py2.cfg
 parts +=
 # NEO instanciation
     template-neo

software/slapos-sr-testing/buildout.hash.cfg

@@ -15,4 +15,4 @@
 
 [template]
 filename = instance.cfg
-md5sum = f10fbca22d1d30dd7a4f36e1cd521b97
+md5sum = 59a5b559b22ad0590e691226cea45055

software/slapos-sr-testing/instance.cfg

@@ -67,6 +67,7 @@ inline =
     command,
     cwd={{ repr(folder) }},
     summaryf=UnitTest.summary,
+    envadj={ 'SLAPOS_SR_TEST_NAME': {{ repr(name) }} },
   )
   {%-   endif %}
   {%- endfor %}

software/slapos-sr-testing/software.cfg

@@ -440,6 +440,7 @@ tests =
   dream ${slapos.test.dream-setup:setup}
   dufs ${slapos.test.dufs-setup:setup}
   erp5 ${slapos.test.erp5-setup:setup}
+  erp5-py3 ${slapos.test.erp5-setup:setup}
   erp5testnode ${slapos.test.erp5testnode-setup:setup}
   fluentd ${slapos.test.fluentd-setup:setup}
   galene ${slapos.test.galene-setup:setup}
@@ -487,7 +488,7 @@ recurls =
 slapos.core =
 
 # Various needed versions
-Pillow = 9.2.0
+Pillow = 10.2.0+SlapOSPatched001
 forcediphttpsadapter = 1.0.1
 image = 1.5.25
 plantuml = 0.3.0:whl

stack/erp5-zope2/buildout.cfg

@@ -737,7 +737,7 @@ PyPDF2 = 1.26.0+SlapOSPatched001
 ## https://lab.nexedi.com/nexedi/slapos/merge_requests/648
 pylint = 1.4.4+SlapOSPatched002
 # astroid 1.4.1 breaks testDynamicClassGeneration
-astroid = 1.3.8+SlapOSPatched001
+astroid = 1.3.8+SlapOSPatched002
 
 # use newer version than specified in ZTK
 PasteDeploy = 1.5.2

stack/erp5/buildout.hash.cfg

@@ -30,7 +30,7 @@ md5sum = 93b2277185e4949a3d17be79d3710d2d
 
 [template-kumofs]
 filename = instance-kumofs.cfg.in
-md5sum = 45cc45510b59ceb730b6e38448b5c0c3
+md5sum = 97b70cdd32616e21cbf4e2f2e6828526
 
 [template-zope-conf]
 filename = zope.conf.in
@@ -74,7 +74,7 @@ md5sum = ca0cb83950dd9079cc289891cce08e76
 
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = edce1c63c13f0d8ec477711ea646444f
+md5sum = d6f7d2fa1bde019892897c767f93e089
 
 [template-zeo]
 filename = instance-zeo.cfg.in
@@ -86,11 +86,11 @@ md5sum = 0ac4b74436f554cd677f19275d18d880
 
 [template-zope]
 filename = instance-zope.cfg.in
-md5sum = e94599e02c987ed5dfc26263a54ccc15
+md5sum = 9547bacad0635b0f64cac48f15c4e9ae
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = 727c6f045da382fe50916e6ea5ae6405
+md5sum = 48b8b8b4b87973beaa1fd6299244ebd6
 
 [template-haproxy-cfg]
 filename = haproxy.cfg.in

stack/erp5/instance-balancer.cfg.in

@@ -472,10 +472,9 @@ command = generate-apachedex-report
 recipe = slapos.recipe.template
 output = ${directory:etc}/${:_buildout_section_name_}
 inline =
-  {% for line in slapparameter_dict['apachedex-configuration'] %}
+  {% for line in slapparameter_dict['apachedex-configuration'] -%}
     {# apachedex config files use shlex.split, so we need to quote the arguments. #}
-    {# BBB: in python 3 we can use shlex.quote instead. #}
-    {{ repr(line.encode('utf-8')) }}
+    {{ six.moves.shlex_quote(line) }}
   {% endfor %}
 
 [apachedex-parameters]

stack/erp5/instance-erp5.cfg.in

@@ -200,7 +200,7 @@ config-zodb-dict = {{ dumps(zodb_dict) }}
 {% for server_type, server_dict in six.iteritems(storage_dict) -%}
 {%   if server_type == 'neo' -%}
 config-neo-cluster = ${publish-early:neo-cluster}
-config-neo-name = {{ server_dict.keys()[0] }}
+config-neo-name = {{ list(server_dict.keys())[0] }}
 config-neo-masters = ${publish-early:neo-masters}
 {%   else -%}
 config-zodb-zeo = ${request-zodb:connection-storage-dict}

stack/erp5/instance-kumofs.cfg.in

@@ -44,7 +44,7 @@ gateway-port = {{ tcpv4_port + 3 }}
 data-path = *#capsiz={{ ram_storage_size }}m
 {% else -%}
 # (with 10M buckets and HDBTLARGE option)
-data-path = ${directory:kumofs-data}/kumodb.tch#bnum=10485760#opts=l
+data-path = ${directory:kumofs-data}/${:kumodb-tch}#bnum=10485760#opts=l
 {% endif -%}
 
 # Paths: Running wrappers
@@ -63,6 +63,12 @@ kumo-manager-binary = {{ parameter_dict['kumo-location'] }}/bin/kumo-manager
 kumo-server-binary = {{ parameter_dict['kumo-location'] }}/bin/kumo-server
 shell-path = {{ parameter_dict['dash-location'] }}/bin/dash
 
+kumodb-tch = kumodb.tch
+[kumofs-instance:python3]
+# use different filename on python3, so that we don't have to deal with data
+# migration issues.
+kumodb-tch = kumodb-py3.tch
+
 [logrotate-entry-kumofs]
 < = logrotate-entry-base
 name = kumofs

stack/erp5/instance-zope.cfg.in

@@ -80,6 +80,8 @@ environment +=
   TZ={{ slapparameter_dict['timezone'] }}
   MATPLOTLIBRC={{ parameter_dict['matplotlibrc'] }}
   PYTHONUNBUFFERED=1
+  OFS_IMAGE_USE_DENYLIST=1
+  DISALLOWED_INLINE_MIMETYPES=
   INSTANCE_HOME=${:instance-home}
   FONTCONFIG_FILE=${fontconfig-conf:output}
   JUPYTER_PATH=${directory:jupyter-dir}
@@ -402,8 +404,8 @@ config-port = {{ '${' ~ zope_tunnel_section_name ~ ':ipv6-port}' }}
 promise = check_error_on_zope_longrequest_log
 name = {{'check-' ~ name ~ '-longrequest-error-log.py'}}
 config-log-file = {{ '${' ~ conf_parameter_name ~ ':longrequest-logger-file}' }}
-config-error-threshold = {{ slapparameter_dict["zope-longrequest-logger-error-threshold"] }}
-config-maximum-delay = {{ slapparameter_dict["zope-longrequest-logger-maximum-delay"] }}
+config-error-threshold = {{ dumps(slapparameter_dict["zope-longrequest-logger-error-threshold"]) }}
+config-maximum-delay = {{ dumps(slapparameter_dict["zope-longrequest-logger-maximum-delay"]) }}
 {% endif -%}
 
 [{{ section('logrotate-entry-' ~ name) }}]

stack/erp5/zope-versions.cfg

@@ -2,150 +2,91 @@
 # Version pins for required and commonly used dependencies.
 
 [versions]
-Zope = 4.8.9
+Zope = 5.10
 Zope2 = 4.0
-# AccessControl 5+ no longer supports Zope 4.
-AccessControl = 4.4
-Acquisition = 4.13
-AuthEncoding = 4.3
-BTrees = 4.11.3
-Chameleon = 3.10.2
-DateTime = 4.9
-DocumentTemplate = 4.1
-ExtensionClass = 4.9
-Missing = 4.2
-MultiMapping = 4.1
-Paste = 3.5.2
-PasteDeploy = 3.0.1
-Persistence = 3.6
-Products.BTreeFolder2 = 4.4
-# ZCatalog 6+ no longer supports Zope 4.
-Products.ZCatalog = 5.4
-Record = 3.6
-# RestrictedPython >= 6 no longer supports Zope 4
-RestrictedPython = 5.4
+AccessControl = 6.3
+Acquisition = 5.1
+AuthEncoding = 5.0
+BTrees = 5.1
+Chameleon = 4.2.0
+DateTime = 5.3
+DocumentTemplate = 4.6
+ExtensionClass = 5.1
+MultiMapping = 5.0
+Paste = 3.7.1
+PasteDeploy = 3.1.0
+Persistence = 4.1
+RestrictedPython = 7.1
+WebTest = 3.0.0
 WSGIProxy2 = 0.5.1
 WebOb = 1.8.7
-WebTest = 3.0.0
-ZConfig = 3.6.1
-ZEO = 5.3.0
-ZODB = 5.8.0
-five.globalrequest = 99.1
-five.localsitemanager = 3.4
-funcsigs = 1.0.2
-future = 0.18.2
-ipaddress = 1.0.23
-mock = 4.0.3
+ZConfig = 4.0
+ZODB = 5.8.1
+beautifulsoup4 = 4.12.2
+cffi = 1.16.0
 multipart = 0.2.4
-pbr = 5.11.0
-persistent = 4.9.3
-pytz = 2022.7
-roman = 3.3
-shutilwhich = 1.1.0
+persistent = 5.1
+pycparser = 2.21
+python-gettext = 5.0
+pytz = 2023.3.post1
 six = 1.16.0
-transaction = 3.0.1
+roman = 4.1
+soupsieve = 2.5
+transaction = 4.0
 waitress = 2.1.2
-z3c.pt = 3.3.1
-zExceptions = 4.3
-zc.lockfile = 2.0
-zdaemon = 4.4
-zodbpickle = 2.6
-zope.annotation = 4.8
-zope.browser = 2.4
-zope.browsermenu = 4.4
-zope.browserpage = 4.4.0
-zope.browserresource = 4.4
-zope.cachedescriptors = 4.4
-zope.component = 5.0.1
-zope.componentvocabulary = 2.3.0
-zope.configuration = 4.4.1
-zope.container = 5.1
-zope.contentprovider = 4.2.1
-zope.contenttype = 4.6
-zope.datetime = 4.3.0
-zope.deferredimport = 4.4
-zope.deprecation = 4.4.0
-zope.dottedname = 5.0
-zope.event = 4.6
-zope.exceptions = 4.6
-zope.filerepresentation = 5.0.0
-zope.formlib = 5.0.1
-zope.globalrequest = 1.6
-zope.hookable = 5.4
-zope.i18n = 4.9.0
-zope.i18nmessageid = 5.1.1
-zope.interface = 5.5.2
-zope.lifecycleevent = 4.4
-zope.location = 4.3
-zope.pagetemplate = 4.6.0
-zope.processlifetime = 2.4
-zope.proxy = 4.6.1
-zope.ptresource = 4.3.0
-zope.publisher = 6.1.0
-zope.ramcache = 2.4
-zope.schema = 6.2.1
-zope.security = 5.8
-zope.sendmail = 5.3
-zope.sequencesort = 4.2
-zope.site = 4.6.1
-zope.size = 4.4
-zope.structuredtext = 4.4
-zope.tal = 4.5
-zope.tales = 5.2
-zope.testbrowser = 5.6.1
-zope.testing = 4.10
-zope.testrunner = 5.6
-zope.traversing = 4.4.1
-zope.viewlet = 4.3
-
-[versions:python27]
-# Chameleon 3.10 doesn't work on Python 2.7
-Chameleon = 3.9.1
-# DocumentTemplate 4+ requires Python 3.5 or higher
-DocumentTemplate = 3.4
-# PasteDeploy >3 requires Python 3.7
-PasteDeploy = 2.1.1
-# WSGIProxy 0.5 and up requires Python 3.7 and up
-WSGIProxy2 = 0.4.6
-# WebTest 3.0 and up requires Python 3.6 and up
-WebTest = 2.0.35
-# ZServer is only available for Python 2
-ZServer = 4.0.2
-# mock 4.0 and up requires Python 3.6 or higher
-mock = 3.0.5
-# multipart 0.2 and up requires Python 3
-multipart = 0.1.1
-# waitress 2 requires Python 3.6 or higher
-waitress = 1.4.4
-# zope.dottedname >= 5 requires Python 3.6 or higher
-zope.dottedname = 4.3
-# zope.container 5.x requires Python 3.7 or higher
-zope.container = 4.10
-
-[versions:python35]
-# DocumentTemplate 4+ cannot be installed on Zope 4 for Python 3.5
-DocumentTemplate = 3.4
-# PasteDeploy >3 requires Python 3.7
-PasteDeploy = 2.1.1
-# WSGIProxy 0.5 and up requires Python 3.7 and up
-WSGIProxy2 = 0.4.6
-# WebTest 3.0 and up requires Python 3.6 and up
-WebTest = 2.0.35
-# mock 4.0 and up requires Python 3.6 or higher
-mock = 3.0.5
-# waitress 2 requires Python 3.6 or higher
-waitress = 1.4.4
-# zope.dottedname >= 5 requires Python 3.6 or higher
-zope.dottedname = 4.3
-# zope.container 5.x requires Python 3.7 or higher
-zope.container = 4.10
+z3c.pt = 4.0
+zExceptions = 5.0
+zc.lockfile = 3.0.post1
+zc.recipe.egg = 2.0.7
+zodbpickle = 3.1
+zope.annotation = 5.0
+zope.browser = 3.0
+zope.browsermenu = 5.0
+zope.browserpage = 5.0
+zope.browserresource = 5.1
+zope.cachedescriptors = 5.0
+zope.component = 6.0
+zope.configuration = 5.0
+zope.container = 5.2
+zope.contentprovider = 5.0
+zope.contenttype = 5.1
+zope.datetime = 5.0.0
+zope.deferredimport = 5.0
+zope.deprecation = 5.0
+zope.dottedname = 6.0
+zope.event = 5.0
+zope.exceptions = 5.0.1
+zope.filerepresentation = 6.0
+zope.globalrequest = 2.0
+zope.hookable = 6.0
+zope.i18n = 5.1
+zope.i18nmessageid = 6.1.0
+zope.interface = 6.3
+zope.lifecycleevent = 5.0
+zope.location = 5.0
+zope.pagetemplate = 5.0
+zope.processlifetime = 3.0
+zope.proxy = 5.1
+zope.ptresource = 5.0
+zope.publisher = 7.0
+zope.schema = 7.0.1
+zope.security = 6.2
+zope.sequencesort = 5.0
+zope.site = 5.0
+zope.size = 5.0
+zope.structuredtext = 5.0
+zope.tal = 5.0.1
+zope.tales = 6.0
+zope.testbrowser = 6.0
+zope.testing = 5.0.1
+zope.traversing = 5.0
+zope.viewlet = 5.0
 
-[versions:python36]
-# PasteDeploy >3 requires Python 3.7
-PasteDeploy = 2.1.1
-# WSGIProxy 0.5 and up requires Python 3.7 and up
-WSGIProxy2 = 0.4.6
-# waitress 2.1 requires Python 3.7 or higher
-waitress = 2.0.0
-# zope.container 5.x requires Python 3.7 or higher
-zope.container = 4.10
+##  XXX our old buildout for bootstrap does not support `python37`
+## [versions:python37]
+## # PasteDeploy 3.x works on Python 3.7 but pulls tons of dependencies
+## PasteDeploy = 2.1.1
+## # SoupSieve 2.5 and up requires Python 3.8
+## soupsieve = 2.4.1
+## # cffi 1.16.0 requires Python 3.8
+## cffi = 1.15.1

stack/slapos.cfg

@@ -394,11 +394,11 @@ ZConfig = 3.6.1
 zdaemon = 4.2.0
 zipp = 3.12.0:whl
 zodburi = 2.5.0
-zope.event = 4.6.0
-zope.exceptions = 4.6
-zope.interface = 5.4.0
-zope.testing = 4.7
-zope.testrunner = 5.2
+zope.event = 5.0
+zope.exceptions = 5.0.1
+zope.interface = 6.3
+zope.testing = 5.0.1
+zope.testrunner = 6.4
 
 [versions:sys.version_info < (3,10)]
 # keep old statsmodels by default until slapos.toolbox is updated
@@ -448,7 +448,6 @@ msgpack = 0.6.2
 nbclient = 0.5.1
 notebook = 6.1.5
 packaging = 16.8
-prompt-toolkit = 3.0.19
 psycopg2 = 2.8.6
 pycurl = 7.43.0
 pyparsing = 2.4.7
@@ -470,6 +469,11 @@ websocket-client = 0.59.0
 Werkzeug = 1.0.1
 widgetsnbextension = 2.0.0
 zipp = 1.2.0:whl
+zope.event = 4.6.0
+zope.exceptions = 4.6
+zope.interface = 5.5.2
+zope.testing = 4.10
+zope.testrunner = 5.6
 
 
 [networkcache]