slapos_cloud: XXX open order template does not exist anymore

slapos_accounting: XXX do not use open order template to create open order

slapos_accounting: XXX stop using open order template

slapos_cloud: xxx stop using hardcoded open order template

slapos_accounting: do not use template

slapos_cloud: drop open order template

slapos_accounting: rename script for hosting subscription

slapos_accounting: revert failure error

slapos_accounting: force open order line to have an Instance tree and a hosting subscription

slapos_accounting: hosting subscript will host the date info

slapos_accounting: set open order periodicity on the hosting subscription

slapos_accounting: typo

slapos_accounting: hosting subscription will contain the periodicity

slapos_accounting: create hosting subscription

slapos_accounting: fixup start/stop date confusion

slapos_accounting: fixup

slapos_cloud: add hosting subscription workflow

slapos_cloud: stop using Instance Tree as Subscription Item

slapos_accounting: move periodicity view on hosting subscription

slapos_erp5: open order line have 2 items now

slapos_cloud: open order line has 2 items now

slapos_accounting: simulation is expanded from Hosting Subscription

slapos_accounting: validate hosting subscription

slapos_accounting: check all aggregate value

slapos_accounting: revert aggregate tester

slapos_accounting: simulate from hosting subscription

slapos_accounting: constraint is on hosting subscription

slapos_accounting: interaction are on hosting subscription

slapos_subscription_request: periodicity is on hosting subscription

slapos_accounting: open order line has 2 aggregate

slapos_cloud: hosting subscription have a workflow again

slapos_cloud: add hosting subscription template

slapos_accounting: do not create open order if it was not allocated

slapos_accounting: script renamed

slapos_cloud: update HS_view

    In case the instance isn't linked to the tree properly (due Garbage Collect unlinked it), stop the instance directly anyway.

Once per day is not real time monitoring, so drop it to each 5 minutes.

On python2, warnings.warn expects the message to be passed as a str
and it will silently output nothing when the message is an unicode
that can not be converted to str using ascii encoding (cf.
https://bugs.python.org/issue34752 )

Since october update of pyupio/safety-db there is a new vulnerability
for pytest-runner, which is described as:

    "pytest-runner": [
        {
            "advisory": "Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example \u2018setup_requires\u2019 and \u2018tests_require\u2019 bypass pip --require-hashes. See also pypa/setuptools#1684.\r\nIt is recommended that you:\r\n- Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option.\r\n- Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option.\r\n- Select a tool to bootstrap and then run tests such as tox.",
            "cve": "PVE-2021-43313",
            "id": "pyup.io-43313",
            "specs": [
                ">0"
            ],
            "v": ">0"
        }
    ],

notice the quotes:

    \u2018setup_requires\u2019 and \u2018tests_require\u2019

this was sent to warnings.warn as unicode and because all our softwares
have this vulnerability (that BTW do not impact us because we run
buildout with a patch for setup_requires), we no longer saw any
warning on python2 software release tests.

pkg_resources.Environment only scans packages for the current python
version, but the checked software might be using a different python
version than the python version used to check software (the slapos
python). The checked software might also include packages for
multiples python versions.

Compute the list used python packages from the eggs directory and use
an Environment for each python version, this way we check all python
versions and also when slapos python and software python are different.

 - only consider shared parts from checked software
 - support new `.buildout-shared.json` signature files
 - unit test coverage

See merge request !361

See merge request nexedi/slapos.core!358

check_software was checking all shared parts, which was an easy
implementation but turned out to be problematic, both when running on
test nodes because if one software installs broken shared parts all
softwares being tested afterwards were failing and also during
development because we needed to prune broken shared parts when
fixing problems reported by check_software.

This inspects buildout's .installed.cfg to guess which shared parts
are used.

These are used in check software tests.

shutil.rmtree does not support files marked as read only by
slapos.recipe.build shared parts system and this test is now used
for testing of shared parts.

Since slapos.recipe.cmmi version 0.18, the signature files no longer
match the glob pattern that was used here, so check that shared
parts do not reference software parts was not effective anymore.

test detection of usage of shared library from system and of shared
parts referencing software

This reverts commit 2d50c8b8.

We are not ready for this, for example on debian 10 perl link with
libnsl.

For reference, one example test failure:
  https://erp5js.nexedi.net/#/test_result_module/20220111-190A520F2/20

We'll try to re-apply this later once no software use system libnsl

Since slapos commit 246be932e (component/libtirpc,libnsl: initial
inclusion, 2021-12-28) we have a slapos component, so no reason to
accept the system library

logrotate stack uses srv/backup/logrotate