Commit 021ae883 authored by Łukasz Nowak's avatar Łukasz Nowak

Update Release Candidate

parents 03f25b19 acf93f14
......@@ -3,17 +3,9 @@
[buildout]
parts = 6tunnel
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
[6tunnel]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/wojtekka/6tunnel/releases/download/0.11rc2/6tunnel-0.11rc2.tar.gz
md5sum = 74e02d4f0704b3083a01feda66033449
pre-configure =
aclocal
autoconf
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:%(PATH)s
url = https://github.com/wojtekka/6tunnel/releases/download/0.13/6tunnel-0.13.tar.gz
md5sum = b13ba5ad8efc5d74b2dd71c2df85ef35
diff -ur autoconf-2.69/bin/Makefile.in autoconf-2.69/bin/Makefile.in
--- autoconf-2.69/bin/Makefile.in 2012-04-25 04:40:26.000000000 +0200
+++ autoconf-2.69/bin/Makefile.in 2017-04-12 16:47:38.029273723 +0200
@@ -214,7 +214,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_builddir)/bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_builddir)/bin/autom4te \
-B '$(top_builddir)'/lib -B '$(top_srcdir)'/lib # keep ` '
diff -ur autoconf-2.69/lib/autoconf/Makefile.in autoconf-2.69/lib/autoconf/Makefile.in
--- autoconf-2.69/lib/autoconf/Makefile.in 2012-04-25 04:40:26.000000000 +0200
+++ autoconf-2.69/lib/autoconf/Makefile.in 2017-04-12 16:47:38.033273747 +0200
@@ -230,7 +230,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_builddir)/bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_builddir)/bin/autom4te \
-B '$(top_builddir)'/lib -B '$(top_srcdir)'/lib # keep ` '
diff -ur autoconf-2.69/lib/autoscan/Makefile.in autoconf-2.69/lib/autoscan/Makefile.in
--- autoconf-2.69/lib/autoscan/Makefile.in 2012-04-25 04:40:26.000000000 +0200
+++ autoconf-2.69/lib/autoscan/Makefile.in 2017-04-12 16:47:38.029273723 +0200
@@ -216,7 +216,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_builddir)/bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_builddir)/bin/autom4te \
-B '$(top_builddir)'/lib -B '$(top_srcdir)'/lib # keep ` '
diff -ur autoconf-2.69/lib/autotest/Makefile.in autoconf-2.69/lib/autotest/Makefile.in
--- autoconf-2.69/lib/autotest/Makefile.in 2012-04-25 04:40:26.000000000 +0200
+++ autoconf-2.69/lib/autotest/Makefile.in 2017-04-12 16:47:38.029273723 +0200
@@ -223,7 +223,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_builddir)/bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_builddir)/bin/autom4te \
-B '$(top_builddir)'/lib -B '$(top_srcdir)'/lib # keep ` '
diff -ur autoconf-2.69/lib/m4sugar/Makefile.in autoconf-2.69/lib/m4sugar/Makefile.in
--- autoconf-2.69/lib/m4sugar/Makefile.in 2012-04-25 04:40:26.000000000 +0200
+++ autoconf-2.69/lib/m4sugar/Makefile.in 2017-04-12 16:47:38.033273747 +0200
@@ -228,7 +228,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_builddir)/bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_builddir)/bin/autom4te \
-B '$(top_builddir)'/lib -B '$(top_srcdir)'/lib # keep ` '
diff -ur autoconf-2.69/tests/Makefile.in autoconf-2.69/tests/Makefile.in
--- autoconf-2.69/tests/Makefile.in 2012-04-25 04:40:26.000000000 +0200
+++ autoconf-2.69/tests/Makefile.in 2017-04-12 16:47:38.025273698 +0200
@@ -201,7 +201,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_builddir)/bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_builddir)/bin/autom4te \
-B '$(top_builddir)'/lib -B '$(top_srcdir)'/lib # keep ` '
diff -ur autoconf-2.71.orig/lib/freeze.mk autoconf-2.71/lib/freeze.mk
--- autoconf-2.71.orig/lib/freeze.mk 2021-01-28 21:46:48.000000000 +0100
+++ autoconf-2.71/lib/freeze.mk 2021-10-25 09:21:38.519238189 +0200
@@ -31,7 +31,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_build_prefix)bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_build_prefix)bin/autom4te \
-B '$(top_build_prefix)'lib -B '$(top_srcdir)'/lib # keep ` '
# When processing the file with diversion disabled, there must be no
diff -ur autoconf-2.71.orig/Makefile.in autoconf-2.71/Makefile.in
--- autoconf-2.71.orig/Makefile.in 2021-01-28 22:06:02.000000000 +0100
+++ autoconf-2.71/Makefile.in 2021-10-25 09:22:07.231239851 +0200
@@ -577,7 +577,7 @@
# apply to us.
MY_AUTOM4TE = \
autom4te_perllibdir='$(top_srcdir)'/lib \
- AUTOM4TE_CFG='$(AUTOM4TE_CFG)' $(top_build_prefix)bin/autom4te \
+ AUTOM4TE_CFG='$(AUTOM4TE_CFG)' perl $(top_build_prefix)bin/autom4te \
-B '$(top_build_prefix)'lib -B '$(top_srcdir)'/lib # keep ` '
......@@ -10,12 +10,12 @@ parts =
[autoconf]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
md5sum = 82d05e03b93e45f5a39b828dc9c6c29b
url = http://ftp.gnu.org/gnu/autoconf/autoconf-2.71.tar.gz
md5sum = f64e38d671fdec06077a41eb4d5ee476
pre-configure = cp -f ${gnu-config:location}/config.sub ${gnu-config:location}/config.guess build-aux/
patch-options = -p1
patches =
${:_profile_base_location_}/autoconf-2.69-shebang_workaround.patch#9d286e6f9c271dff361891e381be706d
${:_profile_base_location_}/autoconf-2.71-shebang_workaround.patch#9b4e417d661101f737d588eb1401747d
environment =
M4=${m4:location}/bin/m4
PATH=${patch:location}/bin:${perl:location}/bin:%(PATH)s
......@@ -10,8 +10,8 @@ parts =
[automake]
recipe = slapos.recipe.cmmi
shared = true
md5sum = 53f38e7591fa57c3d2cee682be668e5b
url = https://ftp.gnu.org/gnu/automake/automake-1.16.1.tar.xz
md5sum = 4017e96f89fca45ca946f1c5db6be714
url = https://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.xz
patch-options = -p1
patches =
${:_profile_base_location_}/automake-1.16-shebang_workaround.patch#203f9199b0e629de3630b5959f8cf73e
......
......@@ -42,6 +42,24 @@ patches =
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-028#dd51fa67913b5dca45a702b672b3323f
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-029#0729364c977ef4271e9f8dfafadacf67
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-030#efb709fdb1368945513de23ccbfae053
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-031#236df1ac1130a033ed0dbe2d2115f28f
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-032#2360f7e79cfb28526f80021025ea5909
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-033#b551c4ee7b8713759e4143499d0bbd48
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-034#c9a56fbe0348e05a886dff97f2872b74
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-035#e564e8ab44ed1ca3a4e315a9f6cabdc9
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-036#b00ff66c41a7c0f06e191200981980b0
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-037#be2a7b05f6ae560313f3c9d5f7127bda
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-038#61e0522830b24fbe8c0d1b010f132470
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-039#a4775487abe958536751c8ce53cdf6f9
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-040#80d3587c58854e226055ef099ffeb535
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-041#20bf63eef7cb441c0b1cc49ef3191d03
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-042#70790646ae61e207c995e44931390e50
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-043#855a46955cb251534e80b4732b748e37
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-044#29623d3282fcbb37e1158136509b5bb8
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-045#4473244ca5abfd4b018ea26dc73e7412
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-046#7e5fb09991c077076b86e0e057798913
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047#8483153bad1a6f52cadc3bd9a8df7835
http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048#e9f5dc12a32b2e0d3961344e794f92b3
configure-options =
--with-curses
environment =
......
......@@ -12,8 +12,8 @@ parts =
[bison]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.gnu.org/gnu/bison/bison-3.3.2.tar.xz
md5sum = c9b552dee234b2f6b66e56b27e5234c9
url = https://ftp.gnu.org/gnu/bison/bison-3.8.2.tar.xz
md5sum = c28f119f405a2304ff0a7ccdcc629713
environment =
M4=${m4:location}/bin/m4
PATH=${autoconf:location}/bin:${automake:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
......
......@@ -13,7 +13,7 @@ repository = https://lab.nexedi.com/nexedi/caddy.git
revision = nxd-v1.0.3-1-g2c11cedc
[gowork]
golang = ${golang1.16:location}
golang = ${golang1.17:location}
install =
${caddy-get:location}:./...
......
......@@ -9,8 +9,13 @@ parts =
[cmake]
recipe = slapos.recipe.cmmi
shared = true
url = https://cmake.org/files/v3.18/cmake-3.18.4.tar.gz
md5sum = 0380beaee1c39a22455db02651abe7be
url = https://cmake.org/files/v3.21/cmake-3.21.3.tar.gz
md5sum = c0feb5855604f68b09bdb3acb623619e
environment =
CMAKE_INCLUDE_PATH=${ncurses:location}/include:${openssl:location}/include
CMAKE_LIBRARY_PATH=${ncurses:location}/lib:${openssl:location}/lib
[cmake-3.18]
<= cmake
url = https://cmake.org/files/v3.18/cmake-3.18.4.tar.gz
md5sum = 0380beaee1c39a22455db02651abe7be
......@@ -9,8 +9,8 @@ parts =
[coreutils]
recipe = slapos.recipe.cmmi
shared = true
url = https://ftp.gnu.org/gnu/coreutils/coreutils-8.31.tar.xz
md5sum = 0009a224d8e288e8ec406ef0161f9293
url = https://ftp.gnu.org/gnu/coreutils/coreutils-9.0.tar.xz
md5sum = 0d79ae8a6124546e3b94171375e5e5d0
configure-options =
--disable-libcap
--prefix=@@LOCATION@@
......
......@@ -16,8 +16,8 @@ parts =
[curl]
recipe = slapos.recipe.cmmi
shared = true
url = http://curl.haxx.se/download/curl-7.76.0.tar.xz
md5sum = 41178ceea57c863f883b6fe2c3ac276f
url = http://curl.haxx.se/download/curl-7.79.1.tar.xz
md5sum = 74d3c4ca8aaa6c0619806d6e246e65fb
configure-options =
--disable-static
--disable-ech
......@@ -45,7 +45,6 @@ configure-options =
--without-nss
--without-libpsl
--without-libgsasl
--without-libmetalink
--without-libssh2
--without-libssh
--without-librtmp
......
......@@ -7,8 +7,8 @@ parts = dash-output
[dash]
recipe = slapos.recipe.cmmi
shared = true
url = http://gondor.apana.org.au/~herbert/dash/files/dash-0.5.8.tar.gz
md5sum = 5c152209680dab3c319e8923f6c51378
url = http://gondor.apana.org.au/~herbert/dash/files/dash-0.5.11.tar.gz
md5sum = 027236e48b9202607b1418fee42c473e
configure-options =
--disable-static
--disable-fnmatch
......
......@@ -11,8 +11,8 @@ extends =
[file]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.icm.edu.pl/packages/file/file-5.39.tar.gz
md5sum = 1c450306053622803a25647d88f80f25
url = http://ftp.icm.edu.pl/packages/file/file-5.41.tar.gz
md5sum = 18233bb0a0089dfdc7dfbc93b96f231b
configure-options =
--disable-static
--disable-libseccomp
......
......@@ -7,8 +7,8 @@ parts =
[findutils]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.debian.org/debian/pool/main/f/findutils/findutils_4.6.0+git+20190510.orig.tar.xz
md5sum = 9ae8d2b323b0b12a484abcbff1d2c486
url = http://ftp.debian.org/debian/pool/main/f/findutils/findutils_4.8.0.orig.tar.xz
md5sum = eeefe2e6380931a77dfa6d9350b43186
[findutils-output]
# Shared binary location to ease migration
......
......@@ -5,9 +5,9 @@ parts =
[gdbm]
recipe = slapos.recipe.cmmi
shared = true
version = 1.19
version = 1.22
url = http://ftp.gnu.org/gnu/gdbm/gdbm-${:version}.tar.gz
md5sum = aeb29c6a90350a4c959cd1df38cd0a7e
md5sum = 0bbd38f12656e4728e2f7c4708aec014
configure-options =
--disable-static
--enable-libgdbm-compat
......@@ -18,8 +18,8 @@ parts =
[git]
recipe = slapos.recipe.cmmi
shared = true
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.33.0.tar.xz
md5sum = 0990ff97af1511be0d9f0d3223dd4359
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.33.1.tar.xz
md5sum = 3462f34d9c17288eee854b7645f6a0a1
configure-options =
--with-curl=${curl:location}
--with-openssl=${openssl:location}
......
......@@ -21,8 +21,8 @@ environment-extra =
[libgpg-error]
<= gpg-common
version = 1.27
md5sum = 5217ef3e76a7275a2a3b569a12ddc989
version = 1.42
md5sum = 133fed221ba8f63f5842858a1ff67cb3
configure-options-extra =
--disable-doc
--disable-tests
......@@ -37,15 +37,15 @@ environment-extra =
[libgcrypt]
<= with-gpg-error
version = 1.8.1
md5sum = b21817f9d850064d2177285f1073ec55
version = 1.9.4
md5sum = edc7becfe09c75d8f95ff7623e40c52e
configure-options-extra2 =
--disable-doc
[gnutls]
<= gpg-common
url = http://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.15.tar.xz
md5sum = bcdcbc65c50a7499617ad9f4d0058de9
url = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz
md5sum = 95c32a1af583ecfcb280648874c0fbd9
configure-options-extra =
--disable-doc
--disable-static
......
......@@ -7,7 +7,7 @@ parts =
[gzip]
recipe = slapos.recipe.cmmi
shared = true
url = https://ftp.gnu.org/pub/gnu/gzip/gzip-1.10.tar.xz
md5sum = 691b1221694c3394f1c537df4eee39d3
url = https://ftp.gnu.org/pub/gnu/gzip/gzip-1.11.tar.xz
md5sum = d1e93996dba00cab0caa7903cd01d454
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
[buildout]
extends =
../coreutils/buildout.cfg
../patchelf/buildout.cfg
../alsa/buildout.cfg
../libpng/buildout.cfg
../freetype/buildout.cfg
../fontconfig/buildout.cfg
../xorg/buildout.cfg
../zlib/buildout.cfg
parts =
java
......@@ -9,12 +17,12 @@ parts =
[java-re]
<= java-re-7
[java-common]
[java-sun-common]
recipe = slapos.recipe.build:download-unpacked
url = http://javadl.sun.com/webapps/download/AutoDL?BundleId=${:bundle-id}
url = https://javadl.sun.com/webapps/download/AutoDL?BundleId=${:bundle-id}
[java-re-7]
<= java-common
<= java-sun-common
# http://java.com/en/download/manual_java7.jsp
[java-re-7:linux and platform.machine() == 'i686']
......@@ -26,7 +34,7 @@ bundle-id = 97800
md5sum = 7605134662f6c87131eca5745895fe84
[java-re-8]
<= java-common
<= java-sun-common
# https://www.java.com/en/download/manual.jsp
# Update 161
......@@ -45,3 +53,25 @@ stop-on-error = true
update-command = ${:command}
command = ${coreutils-output:test} -x ${:keytool}
keytool = ${java-re-8:location}/bin/keytool
[java-re-temurin-11]
recipe = slapos.recipe.build
update =
from zc.buildout import UserError
raise UserError("unsupported platform")
[java-re-temurin-11:linux and platform.machine() == 'x86_64']
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.13%2B8/OpenJDK11U-jre_x64_linux_hotspot_11.0.13_8.tar.gz
md5sum = 1b06100bcd0923d3f3279c2f09773af0
configure-command = :
make-binary = :
post-install =
mv * %(location)s
for file in %(location)s/bin/* %(location)s/lib/*.so %(location)s/lib/*/*.so ; do
echo appending rpath to $file
${patchelf:location}/bin/patchelf --set-rpath %(rpath)s $file
done
rpath = ${alsa:location}/lib:${freetype:location}/lib:${fontconfig:location}/lib:${libpng:location}/lib:${libXrender:location}/lib:${libXtst:location}/lib:${libX11:location}/lib:${libXau:location}/lib:${libXext:location}/lib:${libXdmcp:location}/lib:${libXi:location}/lib:${libxcb:location}/lib:${zlib:location}/lib:@@LOCATION@@/lib:@@LOCATION@@/lib/server:@@LOCATION@@/lib/jli
......@@ -8,8 +8,8 @@ parts = libcap-ng
[libcap-ng]
recipe = slapos.recipe.cmmi
shared = true
url = https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.7.10.tar.gz
md5sum = 57dc267e2949cdecb651a929f9206572
url = https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-0.8.2.tar.gz
md5sum = faf1ef766cf068ad1aba4008ced665f7
location = @@LOCATION@@
configure-options =
--with-python=no
......
......@@ -10,8 +10,8 @@ parts =
[libfastjson]
recipe = slapos.recipe.cmmi
url = https://github.com/rsyslog/libfastjson/archive/v0.99.8.tar.gz
md5sum = 730713ad1d851def7ac8898f751bbfdd
url = https://github.com/rsyslog/libfastjson/archive/v0.99.9.tar.gz
md5sum = 3c45e6efc838cd364588d6d1822c4ea8
shared = true
pre-configure =
autoreconf -fvi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal -I ${automake:location}/share/aclocal
......
......@@ -2,7 +2,6 @@
extends =
../bzip2/buildout.cfg
../cmake/buildout.cfg
../patch/buildout.cfg
../perl/buildout.cfg
../popt/buildout.cfg
../zlib/buildout.cfg
......@@ -12,12 +11,9 @@ parts =
[librsync]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/librsync/librsync/archive/v2.0.0.tar.gz
md5sum = cbda9c3eba21bcf2d56a4080ba7a5dc4
url = https://github.com/librsync/librsync/archive/v2.3.2.tar.gz
md5sum = 74ba5b50de5ba3d595828e9109fa5fce
location = @@LOCATION@@
patch-options = -p1
patches =
${:_profile_base_location_}/librsync-2.0.0-issue50.patch#5bac5363646a2c2ec6d2c4b26ca4cd7f
configure-command = ${cmake:location}/bin/cmake
configure-options =
-DCMAKE_INSTALL_PREFIX=${:location}
......
--- librsync-2.0.0/src/search.c 2017-02-20 13:39:48.012922600 +0100
+++ librsync-2.0.0/src/search.c 2017-02-20 13:41:43.661880014 +0100
@@ -218,7 +218,7 @@
r = m;
}
- if (l == r) {
+ if ((l == r) && (l <= bucket->r)) {
int i = sig->targets[l].i;
rs_block_sig_t *b = &(sig->block_sigs[i]);
if (weak_sum != b->weak_sum)
......@@ -5,8 +5,8 @@ parts =
[libtasn1]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.12.tar.gz
md5sum = 5c724bd1f73aaf4a311833e1cd297b21
url = https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.17.0.tar.gz
md5sum = c46f6eb3bd1287031ae5d36465094402
configure-options =
--disable-static
--disable-gtk-doc-html
......@@ -8,30 +8,12 @@ extends =
[libuuid]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.kernel.org/pub/linux/utils/util-linux/v2.18/util-linux-ng-2.18.tar.bz2
md5sum = 2f5f71e6af969d041d73ab778c141a77
url = http://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.2.tar.xz
md5sum = d659bf7cd417d93dc609872f6334b019
configure-options =
--disable-static
--disable-all-programs
--enable-libuuid
--disable-agetty
--disable-cramfs
--disable-fallocate
--disable-fsck
--disable-libblkid
--disable-libmount
--disable-makeinstall-chown
--disable-makeinstall-setuid
--disable-mount
--disable-nls
--disable-pivot_root
--disable-rename
--disable-require-password
--disable-schedutils
--disable-switch_root
--disable-tls
--disable-unshare
--disable-uuidd
--disable-wall
--without-libiconv-prefix
--without-libintl-prefix
--without-ncurses
......@@ -40,7 +22,5 @@ configure-options =
--without-selinux
--without-audit
make-options =
-C shlibs/uuid
environment =
PATH=${perl:location}/bin:%(PATH)s
......@@ -7,6 +7,6 @@ parts =
[libyaml]
recipe = slapos.recipe.cmmi
shared = true
url = http://pyyaml.org/download/libyaml/yaml-0.1.6.tar.gz
md5sum = 5fe00cda18ca5daeb43762b80c38e06e
url = http://pyyaml.org/download/libyaml/yaml-0.2.5.tar.gz
md5sum = bb15429d8fb787e7d3f1c83ae129a999
pre-configure = cp -f ${gnu-config:location}/config.sub ${gnu-config:location}/config.guess config/
......@@ -8,8 +8,8 @@ parts = logrotate
[logrotate]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/logrotate/logrotate/releases/download/3.17.0/logrotate-3.17.0.tar.xz
md5sum = ac2a7151fc8a187201872358a20a2813
url = https://github.com/logrotate/logrotate/releases/download/3.18.1/logrotate-3.18.1.tar.xz
md5sum = 07d5aba26c350f9ab5730c25a7277751
# BBB this is only for backward-compatibility.
post-install =
ln -nsf . @@LOCATION@@/usr
......
......@@ -7,8 +7,8 @@ extends =
[nettle]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.gnu.org/gnu/nettle/nettle-3.3.tar.gz
md5sum = 10f969f78a463704ae73529978148dbe
url = https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz
md5sum = a60273d0fab9c808646fcf5e9edc2e8f
patches =
${:_profile_base_location_}/nettle-lib-location.patch#3c5f5b285ffd5bc30436ee0f4c662084
configure-option =
......
......@@ -11,8 +11,8 @@ parts = nginx-output
[nginx-common]
recipe = slapos.recipe.cmmi
shared = true
url = https://nginx.org/download/nginx-1.19.2.tar.gz
md5sum = 3dc55f6451ed6f819f1c796f4e5e9617
url = https://nginx.org/download/nginx-1.20.1.tar.gz
md5sum = 8ca6edd5076bdfad30a69c9c9b41cc68
[nginx]
<= nginx-common
......
......@@ -5,6 +5,6 @@ parts =
[noVNC]
recipe = slapos.recipe.build:download-unpacked
shared = true
url = https://github.com/novnc/noVNC/archive/refs/tags/v1.2.0.tar.gz
md5sum = 290dfabc4ecdd58d62ccb8c34a922962
url = https://github.com/novnc/noVNC/archive/refs/tags/v1.3.0.tar.gz
md5sum = 22847b4f6e9caa916aa5eceb046f27aa
strip-top-level-dir = true
......@@ -17,8 +17,8 @@ parts =
[openssl]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.openssl.org/source/openssl-1.1.1k.tar.gz
md5sum = c4e7d95f782b08116afa27b30393dd27
url = https://www.openssl.org/source/openssl-1.1.1l.tar.gz
md5sum = ac0d4387f3ba0ad741b0580dd45f6ff3
location = @@LOCATION@@
# 'prefix' option to override --openssldir/--prefix (which is useful
# when combined with DESTDIR). Used by slapos.package.git/obs
......
......@@ -10,9 +10,9 @@ extends =
[p11-kit]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/p11-glue/p11-kit/releases/download/${:version}/p11-kit-${:version}.tar.gz
version = 0.23.7
md5sum = ebbefd123210594231adb4bde21b8560
url = https://github.com/p11-glue/p11-kit/releases/download/${:version}/p11-kit-${:version}.tar.xz
version = 0.24.0
md5sum = 8ccf11c4a2e2e505b8e516d8549e64a5
configure-options =
--disable-static
--disable-doc-html
......
......@@ -7,8 +7,8 @@ parts =
[pcre]
recipe = slapos.recipe.cmmi
shared = true
url = https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.bz2
md5sum = 636222e79e392c3d95dcc545f24f98c4
url = https://ftp.pcre.org/pub/pcre/pcre-8.45.tar.bz2
md5sum = 4452288e6a0eefb2ab11d36010a1eebb
configure-options =
--disable-static
--enable-unicode-properties
......
......@@ -5,8 +5,8 @@ parts =
[popt]
recipe = slapos.recipe.cmmi
shared = true
url = ftp://anduin.linuxfromscratch.org/BLFS/svn/p/popt-1.16.tar.gz
md5sum = 3743beefa3dd6247a73f8f7a32c14c33
url = http://ftp.rpm.org/popt/releases/popt-1.x/popt-1.18.tar.gz
md5sum = 450f2f636e6a3aa527de803d0ae76c5a
configure-options =
--disable-static
......
......@@ -45,7 +45,7 @@ configure-command = true
environment =
GIT_VERSION=${:version}
PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig:${gnutls:location}/lib/pkgconfig:${libgcrypt:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
PATH=${m4:location}/bin:${libtool:location}/bin:${libgcrypt:location}/bin:${curl:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${bzip2:location}/bin:${autoconf:location}/bin:${git:location}/bin:${automake:location}/bin:${patch:location}/bin:${cmake:location}/bin:%(PATH)s
PATH=${m4:location}/bin:${libtool:location}/bin:${libgcrypt:location}/bin:${curl:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${bzip2:location}/bin:${autoconf:location}/bin:${git:location}/bin:${automake:location}/bin:${patch:location}/bin:${cmake-3.18:location}/bin:%(PATH)s
CXXFLAGS=-I${openssl:location}/include -I${gnutls:location}/include -I${zlib:location}/include
CFLAGS=-I${gnutls:location}/include
LDFLAGS=-L${openssl:location}/lib -Wl,-rpath -Wl,${gnutls:location}/lib -L${gnutls:location}/lib -Wl,-rpath=${curl:location}/lib -L${libtool:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${curl:location}/lib -L${pcre:location}/lib -L${jemalloc:location}/lib -L${libmicrohttpd:location}/lib
......
......@@ -10,8 +10,8 @@ extends =
[rsyslogd]
recipe = slapos.recipe.cmmi
url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2006.0.tar.gz
md5sum = 33de768941953ceeca9d1a437b47891b
url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2110.0.tar.gz
md5sum = 2d2b9d4a70a6e2fd4a7e806a5782c56b
shared = true
configure-options =
--disable-klog
......
......@@ -8,8 +8,8 @@ parts =
[sqlite3]
recipe = slapos.recipe.cmmi
shared = true
url = https://sqlite.org/2021/sqlite-autoconf-3350500.tar.gz
md5sum = d1d1aba394c8e0443077dc9f1a681bb8
url = https://sqlite.org/2021/sqlite-autoconf-3360000.tar.gz
md5sum = f5752052fc5b8e1b539af86a3671eac7
configure-options =
--disable-static
--enable-readline
......
......@@ -10,8 +10,8 @@ parts =
[swig]
recipe = slapos.recipe.cmmi
shared = true
url = http://prdownloads.sourceforge.net/swig/swig-3.0.10.tar.gz
md5sum = bb4ab8047159469add7d00910e203124
url = https://sourceforge.net/projects/swig/files/swig/swig-3.0.12/swig-3.0.12.tar.gz/download
md5sum = 82133dfa7bba75ff9ad98a7046be687c
configure-options =
--disable-ccache
--with-python=${buildout:executable}
......
......@@ -3,8 +3,8 @@ parts = tcl
[tcl]
recipe = slapos.recipe.cmmi
url = http://prdownloads.sourceforge.net/tcl/tcl8.5.15-src.tar.gz
md5sum = f3df162f92c69b254079c4d0af7a690f
url = http://prdownloads.sourceforge.net/tcl/tcl8.6.11-src.tar.gz
md5sum = 8a4c004f48984a03a7747e9ba06e4da4
shared = true
configure-command = ./unix/configure
configure-options =
......
......@@ -23,8 +23,8 @@ min_version = 8
[trafficserver]
recipe = slapos.recipe.cmmi
url = http://apache.claz.org/trafficserver/trafficserver-9.0.2.tar.bz2
md5sum = 4df67ada24665116bafedd71503215cb
url = http://apache.claz.org/trafficserver/trafficserver-9.1.0.tar.bz2
md5sum = 994b0aa879cbd95054048f34bf8ed954
shared = true
patch-options = -p1
configure-options =
......
# SlapOS extension that switches Wendelin.core to Wendelin.core 2 preview.
#
# Should go away once wendelin.core 2 lands to nexedi/wendelin.core@master.
# Must be extended from last, for example:
#
# [buildout]
# extends =
# .../stack/erp5/buildout.cfg
# .../component/wendelin.core/activate-WC2-preview.cfg
[wendelin.core-repository]
repository = https://lab.nexedi.com/kirr/wendelin.core.git
branch = t
revision =
# Wendelin.core 2 targets Go1.17
[gowork]
golang = ${golang1.17:location}
......@@ -50,7 +50,7 @@ CGO_LDFLAGS += -Wl,-rpath=${zlib:location}/lib
recipe = slapos.recipe.build:gitclone
repository = https://lab.nexedi.com/nexedi/wendelin.core.git
branch = master
revision = v0.13-0-gb26ba55
revision = wendelin.core-2.0.alpha1-0-g49f826b1
# dir is pretty name as top-level recipe
location = ${buildout:parts-directory}/wendelin.core
git-executable = ${git:location}/bin/git
......@@ -319,8 +319,8 @@ environment =
[pixman]
recipe = slapos.recipe.cmmi
shared = true
url = http://cairographics.org/releases/pixman-0.34.0.tar.gz
md5sum = e80ebae4da01e77f68744319f01d52a3
url = https://www.cairographics.org/releases/pixman-0.40.0.tar.gz
md5sum = 73858c0862dd9896fb5f62ae267084a4
configure-options =
--disable-static
......
......@@ -12,8 +12,8 @@ extends =
[zbar]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/mchehab/zbar/archive/0.23.1.tar.gz
md5sum = 04f1ffafd0f12473d82763931d9c7c68
url = https://github.com/mchehab/zbar/archive/0.23.90.tar.gz
md5sum = cb1667e20c1d7acf1b9911414adaeb84
pre-configure =
autoreconf -vfi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
configure-options =
......
......@@ -50,7 +50,7 @@ md5sum = 37475d79f28c5f126bc1947fdb938fdb
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 5e126be0f74d8ae390a5594e1e912a59
md5sum = d2851c7ebd2c9baa2edecb3ca3485511
[template-empty]
_update_hash_filename_ = templates/empty.in
......
......@@ -13,6 +13,8 @@ defaults
timeout client {{ configuration['request-timeout'] }}s
timeout connect {{ configuration['backend-connect-timeout'] }}s
retries {{ configuration['backend-connect-retries'] }}
{#- Allow to start with not resolved yet servers #}
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
......
......@@ -92,6 +92,12 @@ KEDIFA_PORT = '15080'
# has to be not partition one
SOURCE_IP = '127.0.0.1'
# ATS version expectation in Via string
VIA_STRING = (
r'^http\/1.1 caddy-frontend-1\[.*\] '
r'\(ApacheTrafficServer\/9\.[0-9]\.[0-9]+\)$',
)[0]
# IP on which test run, in order to mimic HTTP[s] access
TEST_IP = os.environ['SLAPOS_TEST_IPV4']
......@@ -280,7 +286,7 @@ def isHTTP2(domain):
out, err = prc.communicate()
assert prc.returncode == 0, "Problem running %r. Output:\n%s\nError:\n%s" % (
curl_command, out, err)
return 'Using HTTP2, server supports multi-use' in err
return 'Using HTTP2, server supports' in err
class TestDataMixin(object):
......@@ -1310,6 +1316,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
return {
'empty': {
},
'bad-backend': {
'url': 'http://bad.backend/',
},
'Url': {
# make URL "incorrect", with whitespace, nevertheless it shall be
# correctly handled
......@@ -3576,7 +3585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotEqual(via, None)
self.assertRegexpMatches(
via,
r'^http\/1.1 caddy-frontend-1\[.*\] \(ApacheTrafficServer\/9\.0\.[0-9]+\)$'
VIA_STRING
)
def test_enable_cache_server_alias(self):
......@@ -3618,7 +3627,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotEqual(via, None)
self.assertRegexpMatches(
via,
r'^http\/1.1 caddy-frontend-1\[.*\] \(ApacheTrafficServer\/9\.0\.[0-9]+\)$'
VIA_STRING
)
result = fakeHTTPResult(
......@@ -3735,7 +3744,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotEqual(via, None)
self.assertRegexpMatches(
via,
r'^http\/1.1 caddy-frontend-1\[.*\] \(ApacheTrafficServer\/9\.0\.[0-9]+\)$'
VIA_STRING
)
# BEGIN: Check that squid.log is correctly filled in
......@@ -3937,7 +3946,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotEqual(via, None)
self.assertRegexpMatches(
via,
r'^http\/1.1 caddy-frontend-1\[.*\] \(ApacheTrafficServer\/9\.0\.[0-9]+\)$'
VIA_STRING
)
# check stale-if-error support is really respected if not present in the
......@@ -4080,7 +4089,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotEqual(via, None)
self.assertRegexpMatches(
via,
r'^http\/1.1 caddy-frontend-1\[.*\] \(ApacheTrafficServer\/9\.0\.[0-9]+\)$'
VIA_STRING
)
try:
......@@ -4127,7 +4136,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotEqual(via, None)
self.assertRegexpMatches(
via,
r'^http\/1.1 caddy-frontend-1\[.*\] \(ApacheTrafficServer\/9\.0\.[0-9]+\)$'
VIA_STRING
)
def test_enable_http2_false(self):
......
......@@ -97,16 +97,17 @@ class WendelinTutorialTestCase(FluentdTestCase):
@classmethod
def setUpClass(cls):
fluentd_dir = os.path.join(cls.computer_partition_root_path,
'software_release', 'parts', 'fluentd')
cls._fluentd_bin = os.path.join(fluentd_dir, 'bin', 'fluentd')
cls._gem_path = os.path.join(fluentd_dir, 'lib', 'ruby', 'gems')
cls._tmp_dir = tempfile.mkdtemp()
cls._measurementList = cls.sensor_value_list()
cls._conf = cls.get_configuration()
super(FluentdTestCase, cls).setUpClass()
fluentd_dir = os.path.join(cls.computer_partition_root_path,
'software_release', 'parts', 'fluentd')
cls._fluentd_bin = os.path.join(fluentd_dir, 'bin', 'fluentd')
cls._gem_path = os.path.join(fluentd_dir, 'lib', 'ruby', 'gems')
@classmethod
def sensor_value_list(cls):
return [str(value) for value in (round(random.uniform(870, 1084), 2),
......
......@@ -19,7 +19,7 @@ md5sum = f2b0f1ed27148504f220e06eaceff935
[template-kvm]
filename = instance-kvm.cfg.jinja2
md5sum = f902dd10cb052ac262a4a96b9362b3a3
md5sum = 93cbee3403e7e23b4278143c32209ddc
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
......@@ -39,11 +39,11 @@ md5sum = cd0008f1689dfca9b77370bc4d275b70
[template-kvm-export]
filename = instance-kvm-export.cfg.jinja2
md5sum = 4c9efdc9ef35d1096173084541be712d
md5sum = 09252c282ef86f4bb3a88e91869b0f97
[template-kvm-export-script]
filename = template/kvm-export.sh.jinja2
md5sum = b617d64de73de1eed518185f310bbc82
md5sum = 64aa1ce8785f6b94aabd787fa3443082
[template-nbd]
filename = instance-nbd.cfg.jinja2
......
......@@ -24,10 +24,20 @@ rendered = ${directory:bin}/${slap-parameter:namebase}-exporter
# Resilient stack wants a "wrapper" parameter
wrapper = ${:rendered}
mode = 0700
{%- set disk_type = slapparameter_dict.get('disk-type', 'virtio') %}
{%- if disk_type == "virtio" %}
device = virtio0
{%- elif disk_type == "ide" %}
{#- Manually found device name in case of disk-type == ide #}
device = ide0-hd0
{%- else %}
# unsupported disk-type {{ disk_type }}
{%- endif %}
context =
section directory directory
section buildout buildout
key socket_path kvm-instance:socket-path
key device :device
raw gzip_binary {{ gzip_binary }}
# Extends publish section with resilient parameters
......
......@@ -1177,6 +1177,7 @@ context =
[wipe-disk-device-wrapper]
recipe = slapos.recipe.template:jinja2
template = inline:
#!/bin/sh
{%- for disk_device in disk_device_path.split() %}
dd if=/dev/zero of={{ disk_device }} bs=4096 count=500k
{%- endfor %}
......
......@@ -10,7 +10,7 @@ BACKUP_FILE=virtual.qcow2
QMP_CLIENT={{ buildout['directory'] }}/software_release/bin/qemu-qmp-client
$QMP_CLIENT --socket {{ socket_path }} --drive-backup $BACKUP_DIR/$BACKUP_FILE
$QMP_CLIENT --socket {{ socket_path }} --drive-backup $BACKUP_DIR/$BACKUP_FILE {{ device }}
# Due to the way qmp works, the VM file cannot be compressed on the fly.
# Although the compression step is optional, the importer uses the .gz file
......
......@@ -573,6 +573,25 @@ class TestInstanceResilient(InstanceTestCase, KvmMixin):
def getInstanceSoftwareType(cls):
return 'kvm-resilient'
def test_kvm_exporter(self):
exporter_partition = os.path.join(
self.slap.instance_directory,
self.__partition_reference__ + '2')
backup_path = os.path.join(
exporter_partition, 'srv', 'backup', 'kvm', 'virtual.qcow2.gz')
exporter = os.path.join(exporter_partition, 'bin', 'exporter')
if os.path.exists(backup_path):
os.unlink(backup_path)
def call_exporter():
try:
return (0, subprocess.check_output(
[exporter], stderr=subprocess.STDOUT).decode('utf-8'))
except subprocess.CalledProcessError as e:
return (e.returncode, e.output.decode('utf-8'))
status_code, status_text = call_exporter()
self.assertEqual(0, status_code, status_text)
def test(self):
connection_parameter_dict = self\
.computer_partition.getConnectionParameterDict()
......@@ -646,6 +665,15 @@ ir3:sshd-on-watch RUNNING""",
)
@skipUnlessKvm
class TestInstanceResilientDiskTypeIde(InstanceTestCase, KvmMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'disk-type': 'ide'
}
@skipUnlessKvm
class TestAccessResilientAdditional(InstanceTestCase):
__partition_reference__ = 'ara'
......
# Metabae
# Metabase
https://www.metabase.com/
## TODO:
* export backups for resilience
* security (proper passwords, verifiable certificate, study metabase encryption option)
* security (verifiable certificate, study metabase encryption option)
[instance-profile]
filename = instance.cfg.in
md5sum = 143f46b125389f39905226ec9482ce2a
md5sum = 5f2f7c4c2f793d609ad3c4fa0aa2f8a5
......@@ -7,10 +7,28 @@ eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[fontconfig-conf]
recipe = slapos.recipe.template:jinja2
template = ${template-fonts-conf:output}
rendered = $${directory:etc}/fonts.conf
context =
key cachedir directory:fontconfig-cache
key fonts :fonts
key includes :includes
fonts =
${android-fonts:location}
${dejavu-fonts:location}
${ipa-fonts:location}
${ipaex-fonts:location}
${liberation-fonts:location}
${ocrb-fonts:location}
includes =
${fontconfig:location}/etc/fonts/conf.d
[metabase-instance]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:service}/$${:_buildout_section_name_}
command-line = sh -c "cd $${directory:srv-metabase}; ${java-re-8:location}/bin/java $JAVA_ARGS -jar ${metabase.jar:location}/metabase.jar"
command-line = sh -c "cd $${directory:srv-metabase}; ${java:location}/bin/java $JAVA_ARGS -jar ${metabase.jar:location}/metabase.jar"
# https://www.metabase.com/docs/latest/operations-guide/customizing-jetty-webserver.html
# note that we set org.quartz.scheduler.instanceId through $JAVA_ARGS as a workaround for machines
# which cannot resolve their hostnames. See also https://github.com/metabase/metabase/issues/8373
......@@ -28,7 +46,8 @@ environment =
MB_DB_USER=$${postgresql:superuser}
MB_DB_PASS=$${postgresql:password}
MB_DB_HOST=$${postgresql:ipv4}
JAVA_ARGS=-Dorg.quartz.scheduler.instanceId=$${slap-connection:computer-id}.$${slap-connection:partition-id}
FONTCONFIG_FILE=$${fontconfig-conf:rendered}
JAVA_ARGS=-Dorg.quartz.scheduler.instanceId=$${slap-connection:computer-id}.$${slap-connection:partition-id} -Djava.io.tmpdir="$${directory:tmp}"
hash-existing-files =
$${buildout:directory}/software_release/buildout.cfg
......@@ -49,19 +68,56 @@ promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url= $${metabase-instance:url}/api/session/properties
[metabase-keystore-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[metabase-keystore]
recipe = plone.recipe.command
stop-on-error = true
command =
${java-re-8-output:keytool} \
-genkeypair \
-alias "metabase" \
-keyalg RSA \
-keypass "$${:password}" \
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:file}" \
-storepass "$${:password}"
if [ -f $${:file} ]
then
# XXX password used to be "insecure", but we changed to proper password.
# We try to list the store with the new password and if it fail we change
# the keystore password.
if ! ${java:location}/bin/keytool \
-list \
-keystore "$${:file}" \
-storepass "$${:password}"
then
echo "Migrating keystore password" && \
${java:location}/bin/keytool \
-storepasswd \
-keystore "$${:file}" \
-storepass insecure \
-new "$${:password}" && \
echo "Migrating certificate key password" && \
${java:location}/bin/keytool \
-keypasswd \
-alias "$${:alias}" \
-keypass insecure \
-new "$${:password}" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
else
${java:location}/bin/keytool \
-genkeypair \
-alias "$${:alias}" \
-keyalg RSA \
-keypass "$${:password}" \
-dname "CN=$${metabase-instance:ip},OU=Unit,O=Organization,L=City,S=State,C=Country" \
-keystore "$${:file}" \
-storepass "$${:password}"
fi
file = $${directory:etc}/.metabase_keystore
password = insecure
password = $${metabase-keystore-password:passwd}
alias = metabase
[postgresql-password]
recipe = slapos.cookbook:generate.password
bytes = 24
[postgresql]
recipe = slapos.cookbook:postgres
......@@ -69,7 +125,7 @@ bin = ${postgresql10:location}/bin/
services = $${directory:service}
dbname = metabase_db
superuser = metabase-psql
password = insecure
password = $${postgresql-password:passwd}
pgdata-directory = $${directory:srv}/postgresql
ipv4 = $${instance-parameter:ipv4-random}
......@@ -125,7 +181,7 @@ wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
command-line =
sh -e -c "\
echo 'This will replace current database with latest backup. Hit Ctrl+C to cancel';
sleep 5;
sleep 30;
$${postgresql:bin}/pg_restore \
--exit-on-error \
-h $${postgresql:pgdata-directory} \
......@@ -176,7 +232,7 @@ tmp = $${buildout:directory}/tmp
service = $${:etc}/service
srv-metabase = $${:srv}/metabase
srv-backup = $${:srv}/backup
fontconfig-cache = $${buildout:directory}/.fontconfig
[publish-connection-parameter]
recipe = slapos.cookbook:publish
......
[buildout]
extends =
../../component/defaults.cfg
../../component/fontconfig/buildout.cfg
../../component/fonts/buildout.cfg
../../component/java/buildout.cfg
../../component/postgresql/buildout.cfg
../../component/dcron/buildout.cfg
......@@ -15,10 +17,13 @@ parts =
[python]
part = python3
[java]
<= java-re-temurin-11
[metabase.jar]
recipe = slapos.recipe.build:download
url = https://downloads.metabase.com/v0.38.3/metabase.jar
md5sum = b91e4b9ae13c892894fec8bab2fd195f
url = https://downloads.metabase.com/v0.41.2/metabase.jar
md5sum = 630068d1ccbdc95556931fe9cfc12e61
[instance-profile]
recipe = slapos.recipe.template
......
......@@ -85,7 +85,7 @@ class TestMetabaseSetup(MetabaseTestCase):
"username": email,
"password": "wrong"
})
self.assertEqual(requests.codes.bad_request, resp.status_code)
self.assertEqual(resp.status_code, requests.codes.unauthorized)
session = requests.post(
parse.urljoin(url, '/api/session'),
......
[template]
filename = instance.cfg.in
md5sum = 56e986c74ef236f261834c57f5861ce0
md5sum = 87fd83d33ba786550a45f484b3ae2b24
[template-nginx-configuration]
filename = template-nginx.cfg.in
md5sum = 022e4b53e1b2db16c4e518fe76f638fa
md5sum = 3eb7dda365d30c3c3c2ce939bbc607d4
[buildout]
parts =
nginx-service
cron-service
cron-entry-logrotate
logrotate-entry-nginx
promises
publish-connection-information
extends = ${monitor-template:rendered}
......@@ -46,6 +49,7 @@ output = $${directory:etc}/nginx.cfg
mode = 0600
access-log = $${directory:log}/nginx-access.log
error-log = $${directory:log}/nginx-error.log
pid-file = $${directory:run}/nginx.pid
ip = $${slap-configuration:ipv6-random}
local-ip = $${slap-configuration:ipv4-random}
port = 9443
......@@ -68,6 +72,15 @@ cert-file = $${directory:ssl}/${:_buildout_section_name_}.cert
common-name = $${nginx-configuration:ip}
stop-on-error = true
[logrotate-entry-nginx]
<= logrotate-entry-base
name = nginx
log =
$${nginx-configuration:access-log}
$${nginx-configuration:error-log}
post =
test ! -s $${nginx-configuration:pid-file} || kill -USR1 $(cat "$${nginx-configuration:pid-file}")
[promises]
recipe =
promises =
......
daemon off; # run in the foreground so supervisord can look after it
worker_processes 4;
pid $${directory:run}/nginx.pid;
pid $${nginx-configuration:pid-file};
events {
worker_connections 768;
......
......@@ -25,12 +25,16 @@
#
##############################################################################
import functools
import os
import lzma
import multiprocessing
import urllib.parse
import uritemplate
import requests
from slapos.testing.utils import CrontabMixin
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
......@@ -38,7 +42,7 @@ setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
class TestNginxPushStream(SlapOSInstanceTestCase):
class TestNginxPushStream(SlapOSInstanceTestCase, CrontabMixin):
def setUp(self):
self.connection_parameters = \
self.computer_partition.getConnectionParameterDict()
......@@ -83,3 +87,55 @@ class TestNginxPushStream(SlapOSInstanceTestCase):
self.assertEqual(q.get_nowait(), b': ')
self.assertEqual(q.get_nowait(), b'data: Hello')
def test_log_rotation(self):
status_url = urllib.parse.urljoin(
self.connection_parameters['publisher-url'], '/status')
error_url = urllib.parse.urljoin(
self.connection_parameters['publisher-url'], '/..')
log_file_path = functools.partial(
os.path.join,
self.computer_partition_root_path,
'var',
'log',
)
rotated_file_path = functools.partial(
os.path.join,
self.computer_partition_root_path,
'srv',
'backup',
'logrotate',
)
requests.get(status_url, verify=False)
with open(log_file_path('nginx-access.log')) as f:
self.assertIn('GET /status HTTP', f.read())
requests.get(error_url, verify=False)
with open(log_file_path('nginx-error.log')) as f:
self.assertIn('forbidden', f.read())
# first log rotation initialize the state, but does not actually rotate
self._executeCrontabAtDate('logrotate', '2050-01-01')
self._executeCrontabAtDate('logrotate', '2050-01-02')
# today's file is not compressed
with open(rotated_file_path('nginx-access.log-20500102')) as f:
self.assertIn('GET /status HTTP', f.read())
with open(rotated_file_path('nginx-error.log-20500102')) as f:
self.assertIn('forbidden', f.read())
# after rotation, the program re-opened original log file and writes in
# expected location.
requests.get(status_url, verify=False)
with open(log_file_path('nginx-access.log')) as f:
self.assertIn('GET /status HTTP', f.read())
requests.get(error_url, verify=False)
with open(log_file_path('nginx-error.log')) as f:
self.assertIn('forbidden', f.read())
self._executeCrontabAtDate('logrotate', '2050-01-03')
# yesterday's file are compressed
with lzma.open(rotated_file_path('nginx-access.log-20500102.xz'), 'rt') as f:
self.assertIn('GET /status HTTP', f.read())
with lzma.open(rotated_file_path('nginx-error.log-20500102.xz'), 'rt') as f:
self.assertIn('forbidden', f.read())
......@@ -12,6 +12,5 @@ http://www.proftpd.org/docs/
# TODO
* log rotation
* make sure SFTPLog is useful (seems very verbose and does not contain more than stdout)
* allow configuring webhooks when new file is uploaded
......@@ -19,7 +19,7 @@ md5sum = efb4238229681447aa7fe73898dffad4
[instance-default]
filename = instance-default.cfg.in
md5sum = f6c583d24940a3a6838bd421dbb84a20
md5sum = 4df64032e14c19363ad3dfe9aecf8e0c
[proftpd-config-file]
filename = proftpd-config-file.cfg.in
......
[buildout]
parts =
promises
cron-service
cron-entry-logrotate
logrotate-entry-proftpd
publish-connection-parameter
extends = {{ template_monitor }}
......@@ -137,6 +140,15 @@ recipe =
instance-promises =
${proftpd-listen-promise:name}
[logrotate-entry-proftpd]
<= logrotate-entry-base
name = proftpd
log =
${proftpd:sftp-log}
${proftpd:xfer-log}
${proftpd:ban-log}
post =
test ! -s ${proftpd:pid-file} || kill -HUP $(cat "${proftpd:pid-file}")
[publish-connection-parameter]
recipe = slapos.cookbook:publish
......
......@@ -25,26 +25,25 @@
#
##############################################################################
import contextlib
import io
import logging
import lzma
import os
import shutil
from urllib.parse import urlparse, parse_qs
import tempfile
import io
import subprocess
import tempfile
import time
from http.server import BaseHTTPRequestHandler
import logging
from urllib.parse import parse_qs, urlparse
import pysftp
import psutil
import paramiko
from paramiko.ssh_exception import SSHException
from paramiko.ssh_exception import AuthenticationException
import psutil
import pysftp
from paramiko.ssh_exception import AuthenticationException, SSHException
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
from slapos.testing.utils import findFreeTCPPort
from slapos.testing.utils import ManagedHTTPServer
from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer,
findFreeTCPPort)
setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
os.path.abspath(
......@@ -227,8 +226,7 @@ class TestFilesAndSocketsInInstanceDir(ProFTPdTestCase):
"""
with self.slap.instance_supervisor_rpc as supervisor:
all_process_info = supervisor.getAllProcessInfo()
# there is only one process in this instance
process_info, = [p for p in all_process_info if p['name'] != 'watchdog']
process_info, = [p for p in all_process_info if 'proftpd' in p['name']]
process = psutil.Process(process_info['pid'])
self.assertEqual('proftpd', process.name()) # sanity check
self.proftpdProcess = process
......@@ -316,8 +314,7 @@ class TestSSHKey(TestSFTPOperations):
class TestAuthenticationURL(TestSFTPOperations):
class AuthenticationServer(ManagedHTTPServer):
class RequestHandler(BaseHTTPRequestHandler):
def do_POST(self):
# type: () -> None
def do_POST(self) -> None:
assert self.headers[
'Content-Type'] == 'application/x-www-form-urlencoded', self.headers[
'Content-Type']
......@@ -330,11 +327,13 @@ class TestAuthenticationURL(TestSFTPOperations):
self.send_response(200)
self.send_header("X-Proftpd-Authentication-Result", "Success")
self.end_headers()
return self.wfile.write(b"OK")
self.wfile.write(b"OK")
return
self.send_response(401)
return self.wfile.write(b"Forbidden")
self.wfile.write(b"Forbidden")
log_message = logging.getLogger(__name__ + '.AuthenticationServer').info
def log_message(self, msg, *args) -> None:
logging.getLogger(__name__ + '.AuthenticationServer').info(msg, *args)
@classmethod
def getInstanceParameterDict(cls):
......@@ -364,3 +363,119 @@ class TestAuthenticationURL(TestSFTPOperations):
parameter_dict = self.computer_partition.getConnectionParameterDict()
self.assertNotIn('username', parameter_dict)
self.assertNotIn('password', parameter_dict)
class LogRotationMixin(CrontabMixin):
"""Mixin test for log rotations.
Verifies that after `_access` the `expected_logged_text` is found in `log_filename`.
This also checks that the log files are rotated properly.
"""
log_filename: str = NotImplemented
expected_logged_text: str = NotImplemented
def _access(self) -> None:
raise NotImplementedError()
def assertFileContains(self, filename: str, text: str) -> None:
"""assert that files contain the text, waiting for file to be created and
retrying a few times to tolerate the cases where text is not yet written
to file.
"""
file_exists = False
for retry in range(10):
if os.path.exists(filename):
file_exists = True
if filename.endswith('.xz'):
f = lzma.open(filename, 'rt')
else:
f = open(filename, 'rt')
with contextlib.closing(f):
content = f.read()
if text in content:
return
time.sleep(0.1 * retry)
self.assertTrue(file_exists, f'{filename} does not exist')
self.assertIn(text, content)
def test(self) -> None:
self._access()
self.assertFileContains(
os.path.join(
self.computer_partition_root_path,
'var',
'log',
self.log_filename,
),
self.expected_logged_text,
)
# first log rotation initialize the state, but does not actually rotate
self._executeCrontabAtDate('logrotate', '2050-01-01')
self._executeCrontabAtDate('logrotate', '2050-01-02')
# today's file is not compressed
self.assertFileContains(
os.path.join(
self.computer_partition_root_path,
'srv',
'backup',
'logrotate',
f'{self.log_filename}-20500102',
),
self.expected_logged_text,
)
# after rotation, the program re-opened original log file and writes in
# expected location, so access are logged again.
self._access()
self.assertFileContains(
os.path.join(
self.computer_partition_root_path,
'var',
'log',
self.log_filename,
),
self.expected_logged_text,
)
self._executeCrontabAtDate('logrotate', '2050-01-03')
# yesterday's file is compressed
self.assertFileContains(
os.path.join(
self.computer_partition_root_path,
'srv',
'backup',
'logrotate',
f'{self.log_filename}-20500102.xz',
),
self.expected_logged_text,
)
class TestAccessLog(ProFTPdTestCase, LogRotationMixin):
log_filename = 'proftpd-sftp.log'
expected_logged_text = "user 'proftpd' authenticated via 'password' method"
def _access(self) -> None:
self._getConnection().close()
class TestXferLog(ProFTPdTestCase, LogRotationMixin):
log_filename = 'proftpd-xfer.log'
expected_logged_text = '/testfile'
def _access(self) -> None:
with self._getConnection() as sftp:
with tempfile.NamedTemporaryFile(mode='w') as f:
f.write("Hello FTP !")
f.flush()
sftp.put(f.name, remotepath='testfile')
class TestBanLog(ProFTPdTestCase, LogRotationMixin):
log_filename = 'proftpd-ban.log'
expected_logged_text = 'denied due to host ban'
def _access(self) -> None:
for _ in range(6):
with self.assertRaisesRegex(
Exception, '(Authentication failed|Connection reset by peer)'):
self._getConnection(password='wrong')
......@@ -33,6 +33,10 @@ parts =
[python]
part = python3
[gowork]
# replication-manager does not build on golang 1.17
golang = ${golang1.16:location}
[instance.cfg]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/instance.cfg
......
[buildout]
extends =
../../software/erp5/software.cfg
../../component/wendelin.core/activate-WC2-preview.cfg
buildout.hash.cfg
parts +=
......
......@@ -17,6 +17,7 @@ extra =
helloworld ${slapos.test.helloworld-setup:setup}
jupyter ${slapos.test.jupyter-setup:setup}
monitor ${slapos.test.monitor-setup:setup}
nginx-push-stream ${slapos.test.nginx-push-stream-setup:setup}
plantuml ${slapos.test.plantuml-setup:setup}
powerdns ${slapos.test.powerdns-setup:setup}
proftpd ${slapos.test.proftpd-setup:setup}
......
......@@ -237,6 +237,7 @@ extra-eggs =
${slapos.core-setup:egg}
${pillow-python:egg}
${pycurl:egg}
caucase
erp5.util
${python-pynacl:egg}
${python-cryptography:egg}
......@@ -338,7 +339,6 @@ tests =
slaprunner ${slapos.test.slaprunner-setup:setup}
theia ${slapos.test.theia-setup:setup}
metabase ${slapos.test.metabase-setup:setup}
nginx-push-stream ${slapos.test.nginx-push-stream-setup:setup}
erp5 ${slapos.test.erp5-setup:setup}
###
${:extra}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment