In case of failure, it gives a change to inspect test data of the first line.

The watcher should also watch for signals like SIGTERM killing sidekiq, which
are trapped by sidekiq, with sidekiq exiting successfully (with exit code 0).

To achieve this we rework our watcher-sigkill to be a generic watcher -
that can be given a set of restart exit codes including signal names and
monitors whether child process terminated with matching for restart exit
code.

Example usage:

	watcher 0,SIGKILL prog ...

Based on patch by @iv.
Discussion: https://lab.nexedi.com/lab.nexedi.com/lab.nexedi.com/issues/25#note_22085

Also allow to change promise timeout by editing check_url_PROMISE_TIMEOUT file

An issue on Gitlab SR when pushing on protected branches occurs with git 2.11.
Gitlab issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25601

Fixes: https://lab.nexedi.com/lab.nexedi.com/lab.nexedi.com/issues/37

Getting them from the runner backup avoids to get false positive if some
of the instance's backup files were excluded using an exporter.exclude file

In prevision for gitlab-backup restore to be done in a script. In fact, it requires `sed` command to be available.
We have to add /bin to the PATH as `which sed` returns `/bin/sed`.

# Upgrade

    * GitLab Software + patches ported to GitLab 8.8.9;
    * Configs synced with upstream and SlapOS-ified;
    * Fix promises due to curl upgrade

@jerome @kazuhiko @kirr: if you have any comments, I would be glad to read them. There is a [demo instance](https://softinst69126.host.vifib.net) you can try.

Check on the demo instance for the Gitlab configuration:

- [x] migrations are all `up`, when running: `gitlab-rake db:migrate:status`
- [x] promises don't fail (including slow ones)
- [x] web UI seems fine
- [x] git clone/fetch/push works well
- [x] email notifications are sent

and Nexedi edition patches:

- [x] raw blobs download
- [x] private ones with gitlab-ci token `curl -v https://user:token@testinstance/kirr/test/raw/master/hello.txt`
- [x] applying patches in merge-request
- [x] merge as topic in merge-request
- [x] "Nexedi edition" being present on front page and on page footers with ICP
- [x] clone protocol is only HTTPS (not SSH)

No changes are made in gitlab-workhorse and gitlab-shell upstream this time, but Nexedi patches and a cherry-picked commit are applied in a merge request on gitlab-ce.

Note: in order to build the gitlab SR, you need to change gitlab-ce repository to my own, as it is not merged yet:
```
--- a/software/gitlab/software.cfg
+++ b/software/gitlab/software.cfg
@@ -115,7 +115,7 @@ git-executable = ${git:location}/bin/git
 [gitlab-repository]
 <= git-repository
 #repository = https://gitlab.com/gitlab-org/gitlab-ce.git
-repository = https://lab.nexedi.com/nexedi/gitlab-ce.git
+repository = https://lab.nexedi.com/iv/gitlab-ce.git
```

# Gitlab backup (pull automation)

The idea is to regularly do a gitlab-backup pull for now, so that later, we can add some code to configure the other gitlab instance (not in production) to pull the created backup repo.

/reviewed-on nexedi/slapos!124

  - git-clone and build git-backup sources
  - add a cron job doing `gitlab-backup-pull` every 4 hours by default
  - add instance parameter to change backup frequency
  - add xnice for using less resources while backuping
  - add lock to avoid concurrent calls of backup script
  - add a specific software type `gitlab-export` doing all this instead of in
    `default`; this can be changed in Services > parameters (kirr's changes)

`coreutils`, `grep` and `tar` components are used by `gitlab-backup-pull`
script, as it is called from a cron and the PATH has to include these
binaries paths

This is needed until the patch regarding `pidfile` in wrapper.py
(571d6514) is added to released SlapOS cookbook egg.

No need to parse. This fixes several issues:
- key comments were messing up everything
- sometimes keys were repeated
- no way to remove key

The purpose of the added script is to shorten calling neoctl by removing the
need to constantly supply things SlapOS can provide on its own like
certificates and admin address. A sample command is now as simple as:

    ~/srv/runner/instance/slappartX/bin/neoctl set cluster STARTING_BACKUP

/reviewed-on nexedi/slapos!120

As `setuptools.archive_util.unpack_archive` (or self.extract
from slapos.recipe.build) is not able to handle .tar.xz archives,
tar component is added to wkhtmltopdf build dependencies.

As wkhtmltopdf sometimes needs to get files in
current working directory ONLY, this has to be
set correctly.

E.g. `wkhtmltopdf toc --xsl-style-sheet no_absolute_path.xsl input.html output.pdf`

After some upstream refactoring, a #include is missing (at least up to 2.3.14),
but still pulled implicitely when openssl is built with engines. This commit
fixes the configure step, so that HAVE_OPENSSL_ENGINE is true as expected.

More on https://community.openvpn.net/openvpn/ticket/792