Update release candidate

9a30c7df · Łukasz Nowak · 2e378733 · d86b81f2 · 9a30c7df · 9a30c7df
Commit 9a30c7df authored Jan 13, 2020 by Łukasz Nowak
26 changed files
--- a/component/geoip2/buildout.cfg
+++ b/component/geoip2/buildout.cfg
@@ -17,5 +17,8 @@ rpath = ${:library-dirs}
 [geolite2-country]
 recipe = slapos.recipe.build:download-unpacked
 url = http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz#${:md5sum}
-md5sum = ff7bcb609291b9f5ab14397ccc506254
+md5sum = dc6224c648350d90f344a0c5c3ca5474
 strip-top-level-dir = true
+
+[versions]
+geoip2 = 2.9.0
--- a/component/glib/buildout.cfg
+++ b/component/glib/buildout.cfg
@@ -10,13 +10,21 @@ extends =
 parts =
  glib

+# --with-python=${buildout:executable} is simpler but we may end up with
+# scripts whose shebang exceeds the kernel limit.
+# And ${buildout:executable}/.. is not a valid $PATH part.
+[glib-python]
+recipe = collective.recipe.shelloutput
+commands =
+  bin-directory = dirname ${buildout:executable}
+
 [glib]
 recipe = slapos.recipe.cmmi
 shared = true
 url = https://ftp.gnome.org/pub/gnome/sources/glib/2.56/glib-2.56.4.tar.xz
 md5sum = 17c3dca43d99a4882384f1a7b530b80b
 configure-options =
-  --with-python=${buildout:executable}
+  --with-python=python
  --disable-libmount
  --disable-static
  --disable-selinux
@@ -24,7 +32,7 @@ configure-options =
  --disable-xattr
  --disable-man
 environment =
-  PATH=${gettext:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
+  PATH=${glib-python:bin-directory}:${gettext:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
  CPPFLAGS=-I${gettext:location}/include -I${zlib:location}/include
  LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
  LIBFFI_CFLAGS=-I${libffi:location}/include

--- a/component/pkgconfig/buildout.cfg
+++ b/component/pkgconfig/buildout.cfg
@@ -4,30 +4,12 @@
 [buildout]
 parts =
  pkgconfig
-extends =
-  ../gettext/buildout.cfg
-  ../glib/buildout.cfg
-
-[pkg-config]
-<= pkgconfig

 [pkgconfig]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.tar.gz
-md5sum = 77f27dce7ef88d0634d0d6f90e03a77f
-location = @@LOCATION@@
-# build pkg-config twice so that second configure can use pkg-config
-# to compute GLIB_CFLAGS and GLIB_LIBS.
-pre-configure =
-  ./configure --prefix=${:location} --with-installed-glib && make
+url = https://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz
+md5sum = f6e931e319531b736fadc017f470e68a
 configure-options =
-  --with-installed-glib
+  --with-internal-glib
  --disable-host-tool
-environment =
-  PATH=.:%(PATH)s
-  PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
-  CPPFLAGS=-I${glib:location}/include
-  LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib
-  GLIB_CFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include
-  GLIB_LIBS=-L${glib:location}/lib -lglib-2.0 -lintl
--- a/component/pylint/buildout.cfg
+++ b/component/pylint/buildout.cfg
+[buildout]
+parts =
+  pylint
+extends =
+  ../patch/buildout.cfg
+
+[pylint]
+recipe = zc.recipe.egg:custom
+egg = pylint
+patches =
+  ${:_profile_base_location_}/pylint-super_on_old_class.patch#cb0c3f8c091bf4980be395c917edc435
+patch-options = -p1
+patch-binary = ${patch:location}/bin/patch
--- a/component/pylint/pylint-super_on_old_class.patch
+++ b/component/pylint/pylint-super_on_old_class.patch
+commit 6cf07b3483ec0d921296aefa8a28a8491f13786e
+Author: Claudiu Popa <pcmanticore@gmail.com>
+Date:   Sun Dec 6 14:54:52 2015 +0200
+
+    Don't emit super-on-old-class on classes with unknown bases.
+    
+    
+    The change also removes the confidence handling for super-on-old-class,
+    which isn't used enough to merit its existence.
+    Closes issue #721.
+
+--- a/pylint/checkers/newstyle.py	2019-12-25 13:51:01.611586402 +0900
+++ b/pylint/checkers/newstyle.py	2019-12-25 13:50:31.861542768 +0900
+@@ -127,12 +127,9 @@
+             if isinstance(call, astroid.CallFunc) and \
+                isinstance(call.func, astroid.Name) and \
+                call.func.name == 'super':
+-                confidence = (INFERENCE if has_known_bases(klass)
+-                              else INFERENCE_FAILURE)
+-                if not klass.newstyle:
+                if not klass.newstyle and has_known_bases(klass):
+                     # super should not be used on an old style class
+-                    self.add_message('super-on-old-class', node=node,
+-                                     confidence=confidence)
+                    self.add_message('super-on-old-class', node=node)
+                 else:
+                     # super first arg should be the class
+                     if not call.args and sys.version_info[0] == 3:
+@@ -146,8 +143,7 @@
+                         continue
+ 
+                     if supcls is None:
+-                        self.add_message('missing-super-argument', node=call,
+-                                         confidence=confidence)
+                        self.add_message('missing-super-argument', node=call)
+                         continue
+ 
+                     if klass is not supcls:
+@@ -163,8 +159,7 @@
+                         if name is not None:
+                             self.add_message('bad-super-call',
+                                              node=call,
+-                                             args=(name, ),
+-                                             confidence=confidence)
+                                             args=(name, ))
+ 
+ 
+ def register(linter):
--- a/component/python-2.7/buildout.cfg
+++ b/component/python-2.7/buildout.cfg
@@ -56,6 +56,16 @@ configure-options =
 # Profiled build:
 make-binary =
 make-targets = make profile-opt && make install
+# Mangle shebang to use installed Python. This is not only a convenience:
+# when building system packages (e.g. re6st-node using OBS), some OS like
+# recent RedHat would otherwise mangle them, either failing ('python' is
+# ambiguous and 'python2' is not supported anymore) or replacing with
+# something that's really wrong (/usr/bin/python...).
+post-install = cd '${:prefix}' &&
+  find -executable -type f -print0 |
+  xargs -0 grep -I -m 1 '' |
+  sed -n 's,:#! */usr/bin/env \+python2\?$,,p' |
+  xargs -d '\n' sed -i '1s,.*,#!${:executable},'

 extra-ldflags =
 # the entry "-Wl,-rpath=${file:location}/lib" below is needed by python-magic,

--- a/component/qemu-kvm/buildout.cfg
+++ b/component/qemu-kvm/buildout.cfg
@@ -10,6 +10,8 @@ extends =
  ../pkgconfig/buildout.cfg
  ../xorg/buildout.cfg
  ../zlib/buildout.cfg
+  ../pcre/buildout.cfg
+  ../glib/buildout.cfg

 # XXX Change all reference to kvm section to qemu section, then
 # use qemu as main name section.

--- a/component/surykatka/buildout.hash.cfg
+++ b/component/surykatka/buildout.hash.cfg
@@ -14,4 +14,4 @@
 # not need these here).
 [surykatka-requirements]
 _update_hash_filename_ = requirements.txt
-md5sum = 897c9a296625b576817f2a1dc1801a90
+md5sum = 2dfe4f8b8c5b6f5d3478b70e53c49201
--- a/component/surykatka/requirements.txt
+++ b/component/surykatka/requirements.txt
@@ -7,5 +7,5 @@ idna==2.8
 miniupnpc==2.0.2
 peewee==3.13.1
 requests==2.22.0
-surykatka==0.1.1
+surykatka==0.2.0
 urllib3==1.25.7
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = c6d78b2856d9d0ec63728e668e3395d8
+md5sum = 378f6da53a02b2bfe7777a493fc95585

 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -320,32 +320,36 @@ extra-context =
 # BBB: SlapOS Master non-zero knowledge END

 [caddy-wrapper]
-recipe = slapos.cookbook:wrapper
-environment =
-  CADDYPATH=${directory:frontend_cluster}
-command-line = {{ parameter_dict['caddy'] }}
-  -conf ${dynamic-caddy-frontend-template:rendered}
-  -log ${caddy-configuration:error-log}
-  -log-roll-mb 0
+recipe = slapos.recipe.template:jinja2
+template = inline:
+  #!/bin/sh
+  export CADDYPATH=${directory:frontend_cluster}
+  ulimit -n $(ulimit -Hn)
+  exec {{ parameter_dict['caddy'] }} \
+  -conf ${dynamic-caddy-frontend-template:rendered} \
+  -log ${caddy-configuration:error-log} \
+  -log-roll-mb 0 \
 {% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
-  -http2=false
+  -http2=false \
 {% else %}
-  -http2=true
+  -http2=true \
 {% endif %}
 {% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
-  -quic
+  -quic \
 {% endif %}
-  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-  -disable-http-challenge
-  -disable-tls-alpn-challenge
-wrapper-path = ${directory:bin}/caddy-wrapper
+  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \
+  -disable-http-challenge \
+  -disable-tls-alpn-challenge \
+   "$@"
+rendered = ${directory:bin}/caddy-wrapper
+mode = 0755

 [caddy-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = ${caddy-wrapper:wrapper-path} -pidfile ${caddy-configuration:pid-file}
+command-line = ${caddy-wrapper:rendered} -pidfile ${caddy-configuration:pid-file}
 wrapper-path = ${directory:service}/frontend_caddy
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
-hash-files = ${caddy-wrapper:wrapper-path}
+hash-files = ${caddy-wrapper:rendered}

 [not-found-html]
 recipe = slapos.cookbook:symbolic.link
@@ -594,7 +598,7 @@ rendered = ${directory:bin}/frontend-caddy-validate
 mode = 0700
 last_state_file = ${directory:run}/caddy_configuration_last_state
 extra-context =
-    key wrapper caddy-wrapper:wrapper-path
+    key wrapper caddy-wrapper:rendered
    key caddy_configuration_state frontend-caddy-configuration-state-validate:rendered
    key last_state_file :last_state_file


--- a/software/caddy-frontend/software.cfg
+++ b/software/caddy-frontend/software.cfg
@@ -27,4 +27,3 @@ smmap = 0.9.0
 numpy = 1.16.4

 websockify = 0.8.0
-collective.recipe.shelloutput = 0.1
--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -534,7 +534,7 @@ class SlaveHttpFrontendTestCase(SlapOSInstanceTestCase):
      cls.startServerProcess()
    except BaseException:
      cls.logger.exception("Error during setUpClass")
-      cls._cleanup()
+      cls._cleanup('setUpClass')
      cls.setUp = lambda self: self.fail('Setup Class failed.')
      raise

@@ -559,8 +559,7 @@ class SlaveHttpFrontendTestCase(SlapOSInstanceTestCase):
      cls.waitForCaddy()
    except BaseException:
      cls.logger.exception("Error during setUpClass")
-      cls._storeSnapshot("{}.setUpClass".format(cls.__name__))
-      cls._cleanup()
+      cls._cleanup('setUpClass')
      cls.setUp = lambda self: self.fail('Setup Class failed.')
      raise

@@ -854,9 +853,9 @@ class SlaveHttpFrontendTestCase(SlapOSInstanceTestCase):
        break

  @classmethod
-  def _cleanup(cls):
+  def _cleanup(cls, snapshot_name):
    cls.stopServerProcess()
-    super(SlaveHttpFrontendTestCase, cls)._cleanup()
+    super(SlaveHttpFrontendTestCase, cls)._cleanup(snapshot_name)

  def patchRequests(self):
    HTTPResponse = requests.packages.urllib3.response.HTTPResponse

--- a/software/kvm/software.cfg
+++ b/software/kvm/software.cfg
@@ -196,7 +196,6 @@ context =
 websockify = 0.5.1

 collective.recipe.environment = 0.2.0
-collective.recipe.shelloutput = 0.1
 gitdb = 0.6.4
 pycurl = 7.43.0
 slapos.recipe.template = 4.3

--- a/software/monitor/buildout.hash.cfg
+++ b/software/monitor/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg
-md5sum = cb814297f2f76dc8e08014a7d662439f
+md5sum = d778b6f436ae6864819eb2ff2d12a86f

 [template-monitor]
 _update_hash_filename_ = instance-monitor.cfg.jinja2
@@ -30,7 +30,7 @@ md5sum = 9e237dbdda59e788202f0da194a57d41

 [template-monitor-edgebot]
 _update_hash_filename_ = instance-monitor-edgebot.cfg.jinja2
-md5sum = cd4c5d2ecf8285ea8f0905ed1150d8a0
+md5sum = 8786e4245db0d27dfa4815222d970e52

 [network-bench-cfg]
 filename = network_bench.cfg.in

--- a/software/monitor/instance-edgetest-input-schema.json
+++ b/software/monitor/instance-edgetest-input-schema.json
@@ -18,6 +18,12 @@
      "title": "Default space separated list of Frontend IPs to check",
      "description": "Default list of Frontend IPs to check, if empty no constraint is used.",
      "type": "string"
+    },
+    "check-certificate-expiration-days": {
+      "default": "15",
+      "title": "Default certificate expiration days check",
+      "description": "Default amount of days to consider certitifcate as being to-be-expired (default: 15).",
+      "type": "string"
    }
  }
 }
--- a/software/monitor/instance-edgetest-slave-input-schema.json
+++ b/software/monitor/instance-edgetest-slave-input-schema.json
@@ -17,6 +17,12 @@
      "title": "Space separated list of Frontend IPs to check",
      "description": "List of Frontend IPs to check, if empty no constraint is used (default: comes from master partition).",
      "type": "string"
+    },
+    "check-certificate-expiration-days": {
+      "default": "Master default",
+      "title": "Certificate expiration days check",
+      "description": "Default amount of days to consider certitifcate as being to-be-expired (default: comes from master partition).",
+      "type": "string"
    }
  }
 }
--- a/software/monitor/instance-monitor-edgebot.cfg.jinja2
+++ b/software/monitor/instance-monitor-edgebot.cfg.jinja2
@@ -13,6 +13,9 @@
 {%-   if 'check-status-code' not in slave %}
 {%-     do slave.__setitem__('check-status-code', CONFIGURATION['check-status-code']) %}
 {%-   endif %}
+{%-   if 'check-certificate-expiration-days' not in slave %}
+{%-     do slave.__setitem__('check-certificate-expiration-days', CONFIGURATION['check-certificate-expiration-days']) %}
+{%-   endif %}
 {%-   if 'check-frontend-ip' not in slave %}
 {%-     do slave.__setitem__('check-frontend-ip', CONFIGURATION['check-frontend-ip']) %}
 {%-   endif %}
@@ -33,6 +36,7 @@ name = {{ safe_name }}.py
 config-report = http_query
 config-url = {{ slave['url'] }}
 config-status-code = {{ slave['check-status-code'] }}
+config-certificate-expiration-days = {{ slave['check-certificate-expiration-days'] }}
 config-ip-list = {{ slave['check-frontend-ip'] }}
 config-json-file = ${surykatka-config:json}
 {% endfor %}

--- a/software/monitor/instance.cfg
+++ b/software/monitor/instance.cfg
@@ -78,6 +78,7 @@ cert = $${slap-connection:cert-file}
 configuration.check-status-code = 200
 configuration.nameserver =
 configuration.check-frontend-ip =
+configuration.check-certificate-expiration-days = 15
 # use monitor-base-port to have monitor listening on each instance
 # on different port and also on different port than other services
 # it makes it possible to instantiate it correctly on signle IP, for

--- a/software/monitor/test/test.py
+++ b/software/monitor/test/test.py
@@ -29,6 +29,7 @@ import json
 import os
 import re
 import requests
+import subprocess
 import xml.etree.ElementTree as ET
 from slapos.recipe.librecipe import generateHashFromFiles
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
@@ -225,11 +226,13 @@ class EdgeSlaveMixin(MonitorTestMixin):
  def assertSurykatkaStatusJSON(self):
    if os.path.exists(self.surykatka_json):
      os.unlink(self.surykatka_json)
-    self.assertEqual(0, os.system(self.surykatka_status_json))
+    env = os.environ.copy()
+    env.pop('PYTHONPATH', None)
+    subprocess.check_call(self.surykatka_status_json, shell=True, env=env)
    self.assertTrue(os.path.exists(self.surykatka_json))
    with open(self.surykatka_json) as fh:
      status_json = json.load(fh)
-    self.assertTrue('bot_status' in status_json)
+    self.assertIn('bot_status', status_json)

  def test(self):
    # Note: Those tests do not run surykatka and do not do real checks, as
@@ -266,6 +269,9 @@ URL =
    self.assertPromiseContent(
      'http-query-backend-300-promise.py',
      "'status-code': '300'")
+    self.assertPromiseContent(
+      'http-query-backend-300-promise.py',
+      "'certificate-expiration-days': '15'")
    self.assertPromiseContent(
      'http-query-backend-300-promise.py',
      "'url': 'https://www.erp5.org/'")
@@ -283,6 +289,9 @@ URL =
    self.assertPromiseContent(
      'http-query-backend-promise.py',
      "'status-code': '200'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'certificate-expiration-days': '15'")
    self.assertPromiseContent(
      'http-query-backend-promise.py',
      "'url': 'https://www.erp5.com/'")
@@ -331,6 +340,9 @@ URL =
    self.assertPromiseContent(
      'http-query-backend-promise.py',
      "'status-code': '200'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'certificate-expiration-days': '15'")
    self.assertPromiseContent(
      'http-query-backend-promise.py',
      "'url': 'https://www.erp5.com/'")
@@ -370,6 +382,9 @@ URL =
    self.assertPromiseContent(
      'http-query-backend-501-promise.py',
      "'status-code': '501'")
+    self.assertPromiseContent(
+      'http-query-backend-501-promise.py',
+      "'certificate-expiration-days': '15'")
    self.assertPromiseContent(
      'http-query-backend-501-promise.py',
      "'url': 'https://www.erp5.org/'")
@@ -387,6 +402,9 @@ URL =
    self.assertPromiseContent(
      'http-query-backend-promise.py',
      "'status-code': '500'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'certificate-expiration-days': '15'")
    self.assertPromiseContent(
      'http-query-backend-promise.py',
      "'url': 'https://www.erp5.com/'")
@@ -404,3 +422,71 @@ URL =
      'backend-501',
      {'url': 'https://www.erp5.org/', 'check-status-code': '501'},
    )
+
+
+class TestEdgeCheckCertificateExpirationDays(
+  EdgeSlaveMixin, SlapOSInstanceTestCase):
+  surykatka_ini = """[SURYKATKA]
+INTERVAL = 120
+SQLITE = %(partition_path)s/srv/surykatka.db
+URL =
+  https://www.erp5.com/
+  https://www.erp5.org/"""
+
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+      'check-certificate-expiration-days': '10',
+    }
+
+  def assertSurykatkaPromises(self):
+    self.assertPromiseContent(
+      'http-query-backend-20-promise.py',
+      "'ip-list': ''")
+    self.assertPromiseContent(
+      'http-query-backend-20-promise.py',
+      "'report': 'http_query'")
+    self.assertPromiseContent(
+      'http-query-backend-20-promise.py',
+      "'status-code': '200'")
+    self.assertPromiseContent(
+      'http-query-backend-20-promise.py',
+      "'certificate-expiration-days': '20'")
+    self.assertPromiseContent(
+      'http-query-backend-20-promise.py',
+      "'url': 'https://www.erp5.org/'")
+    self.assertPromiseContent(
+      'http-query-backend-20-promise.py',
+      "'json-file': '%s'" % (self.surykatka_json,)
+    )
+
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'ip-list': ''")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'report': 'http_query'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'status-code': '200'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'certificate-expiration-days': '10'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'url': 'https://www.erp5.com/'")
+    self.assertPromiseContent(
+      'http-query-backend-promise.py',
+      "'json-file': '%s'" % (self.surykatka_json,)
+    )
+
+  def requestEdgetestSlaves(self):
+    self.requestEdgetestSlave(
+      'backend',
+      {'url': 'https://www.erp5.com/'},
+    )
+    self.requestEdgetestSlave(
+      'backend-20',
+      {'url': 'https://www.erp5.org/',
+       'check-certificate-expiration-days': '20'},
+    )
--- a/software/nextcloud/buildout.hash.cfg
+++ b/software/nextcloud/buildout.hash.cfg
@@ -26,4 +26,4 @@ md5sum = fbc5eacda192cb02c8d9861cb628fe6f

 [template-nextcloud-instance]
 filename = nextcloud-instance.cfg.in
-md5sum = 426df55e81725cd7faa408d3cd93558e
+md5sum = 28f9a64176e86360a3398742d5ad8470
--- a/software/nextcloud/nextcloud-instance.cfg.in
+++ b/software/nextcloud/nextcloud-instance.cfg.in
@@ -96,6 +96,23 @@ depends =
  ${nextcloud-backup-cron:recipe}
  ${nextcloud-news-updater:recipe}
  ${nextcloud-config-update:recipe}
+  ${nextcloud-install-promise:name}
+
+[nextcloud-install-promise]
+<= monitor-promise-base
+module = check_command_execute
+name = check-nextcloud-install.py
+config-command = ${nc-install-wrapper:output}
+
+[nc-install-wrapper]
+recipe = collective.recipe.template
+input = inline:#!/bin/bash
+  if [ -f "${instance-parameter:nextcloud}/config/CAN_INSTALL" ]; then
+    echo "Nextcloud is not installed.";
+    exit 1;
+  fi
+output = ${directory:bin}/check-nc-install
+mode = 744

 [nextcloud-apache-httpd]
 recipe = slapos.recipe.template:jinja2

--- a/software/seleniumserver/software.cfg
+++ b/software/seleniumserver/software.cfg
@@ -46,5 +46,4 @@ output = ${buildout:directory}/template-selenium.cfg

 [versions]
 plone.recipe.command = 1.1
-collective.recipe.shelloutput = 0.1
 slapos.recipe.template = 4.3
--- a/software/slaprunner/software.cfg
+++ b/software/slaprunner/software.cfg
@@ -171,7 +171,6 @@ gunicorn = 19.7.1
 prettytable = 0.7.2
 pycurl = 7.43.0
 slapos.recipe.template = 4.3
-collective.recipe.shelloutput = 0.1
 collective.recipe.environment = 0.2.0
 smmap = 0.9.0
 lockfile = 0.12.2

--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -61,6 +61,7 @@ extends =
  ../../component/postfix/buildout.cfg
  ../../component/zbarlight/buildout.cfg
  ../../component/perl/buildout.cfg
+  ../../component/pylint/buildout.cfg
  ../../stack/caucase/buildout.cfg
  ../../software/jupyter/software.cfg
  ../../software/neoppod/software-common.cfg
@@ -516,7 +517,7 @@ eggs = ${neoppod:eggs}
  decorator
  networkx
 # Needed for checking ZODB Components source code
-  pylint
+  ${pylint:egg}
  jedi
  yapf
  typing
@@ -653,6 +654,8 @@ ocropy = 1.0+SlapOSPatched001
 pysvn = 1.7.10+SlapOSPatched002
 python-ldap = 2.4.32+SlapOSPatched001
 python-magic = 0.4.12+SlapOSPatched001
+## https://lab.nexedi.com/nexedi/slapos/merge_requests/648
+pylint = 1.4.4

 # use newer version than specified in ZTK
 PasteDeploy = 1.5.2
@@ -733,8 +736,6 @@ pycountry = 17.1.8
 pycrypto = 2.6.1
 pycurl = 7.43.0
 pyflakes = 1.5.0
-# pylint 1.5.1 breaks testDynamicClassGeneration
-pylint = 1.4.4
 python-memcached = 1.58
 pytracemalloc = 1.2
 qrcode = 5.3

--- a/stack/slapos.cfg
+++ b/stack/slapos.cfg
@@ -117,6 +117,7 @@ cffi = 1.9.1
 click = 6.7
 cliff = 2.4.0
 cmd2 = 0.7.0
+collective.recipe.shelloutput = 0.1
 collective.recipe.template = 2.0
 cryptography = 2.3.1
 decorator = 4.0.11
@@ -137,14 +138,14 @@ pytz = 2016.10
 requests = 2.13.0
 six = 1.12.0
 slapos.cookbook = 1.0.123
-slapos.core = 1.5.5
+slapos.core = 1.5.6
 slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
 slapos.libnetworkcache = 0.20
 slapos.rebootstrap = 4.2
 slapos.recipe.build = 0.42
 slapos.recipe.cmmi = 0.12
-slapos.toolbox = 0.101
+slapos.toolbox = 0.104
 stevedore = 1.21.0
 subprocess32 = 3.5.3
 unicodecsv = 0.14.1