testnode uses ProcessManager.killall to terminate all processes from a
path. To determine if a process is from a path, it looks at the command
line. This does not work for processes using setproctitle to change
their command line.

We can see in ps:

    $ ps -edf | grep nginx
    slapuse+ 115059  45574  0 16:14 ?        00:00:00 nginx: master process /srv/slapgrid/slappart46/t/cvt/i/0/tmp/shared/nginx/6d79cb0e7d81dce1be97eec8a5712f08/sbin/nginx -c /srv/slapgrid/slappart46/t/cvt/i/0/tmp/inst/T-0/etc/nginx-master-introspection.conf
    slapuse+ 115090 115059  0 16:14 ?        00:00:00 nginx: worker process

or by looking at cmdline, which is what psutil.Process.cmdline is using:

    $ cat /proc/115090/cmdline
    nginx: worker process

and that's why sometimes when cancelling a software release test while
it is running tests from a software using nginx, some processes are
leaked, they keep using the port and next test running on this testnode
fail.

In that case, killall is called with /srv/slapgrid/slappart46/t/cvt , we
can not find such process with cmdline, but we can extend this heuristic
to use the current working directory:

    $ ls -al /proc/115090/cwd
    lrwxrwxrwx 1 slapuser46 slapuser46 0 Oct 19 16:16 /proc/115090/cwd -> /srv/slapgrid/slappart46/t/cvt/i/0/tmp/inst/T-0

This also applies an optimization of only considering processes of the
current unix user.

Products.ERP5Types.patches.CMFCoreSkinnable: Only add portal_callables to skin selection when tool exists

Avoids a noisy log:
  WARNING Products.ERP5Type.patches.CMFCoreSkinnable Skin folder portal_callables is in selection list but does not exist.

As already documented in this code, unrestrictedTraverse provides a flat dict
as "request" argument. PAS plugins cannot work with such fake request, so
such _extractUserIds call will not succeed in authenticating the user, and instead
produces (suppressed) exceptions within PAS.
As a result, neither codepaths can be followed:
- PAS cannot find any user, hence "if len(user_list) > 0:" is false
- the "else" codepath starts with "request._auth", which obviously raises when
  request is a dict
So, reorder the code so that the nature of the request is checked before
either codepath is entered, skipping the bulk of this code and avoiding calling
into PAS.

The default soft limit of open file descriptors is usually set to 1024
in order to avoid breaking old software which still uses select. In many
projects we may need a higher limit: particularly in Wendelin based
projects we easily reach this limit. Before this patch it was therefore
necessary to either patch ERP5 in the project specific SR or to manually
increase the limit of the zope processes (or the parent supervisor) with
a tool like prlimit [1]. With this patch it becomes possible to increase the
soft limit to the hard limit with a command line argument of the zopewsgi bin.
This simplifies setting the soft limit for any Wendelin project.

[1] https://man7.org/linux/man-pages/man1/prlimit.1.html

/reviewed-by @vpelletier, @jerome
/reviewed-on nexedi/erp5!1827

test_suite and tests_require are for the deprecated `setup.py test`
command that we no longer use.

During initial install in most cases we just want to install everything,
showing the listbox to choose install options is not necessary. The
problem is that this listbox is really big when installing multiple
business templates.

This introduces a "detailed install" checkbox, that is unchecked by
default, to make it possible to show the list to choose from anyway.

so that we can view in inline with firefox for Zelenium tests

This was applied manually on http://www.erp5.org/dists/snapshot/test_bt5

See merge request nexedi/erp5!1830

See merge request nexedi/erp5!1826

- randomize flag scores and weights
- limit drone message size
- new rule: extra score point for drones that returned to base
- refactor x-y-z / lat-lon-alt method/properies to be consistent
- update api doc

A typical problem which prevents grouping is that the line is used in an
internal invoice and while all the conditions for grouping seems OK for
one side, they are not OK for the other side, because the accounts are
different from the mirror side. By showing the mirror account it should
be a bit easier for users to figure out what is wrong.

FCK Editor is old name

https://ckeditor.com/old/forums/CKEditor-3.x/Should-FCKeditor-change-its-name

This linter is too old and no longer relevant

Note that raster image to SVG conversion no longer works without potrace.

Thanks to Jérôme for digging these resources up.

The way Zope4 logs the authenticated user is radically different from
Zope2, and makes this function useless.
So, unless when running on Zope2, do nothing when this function is called.

So that msec=1 is logged as ",001" and not as ",1".

Because if we have for example a Web Site for which default language is 'fr'
it would not get gadget Web Pages for which the language is 'en'

The scope here is to match as many documents as possible

See merge request nexedi/erp5!1824

- grid of blocks
- set of block templates
- randomization conditions
- new terrarin texture
- refine enemy drone collision
- more aggressive enemies

- drop import/export json
- API for operator script
- map utils class update
- doc api update
- all visible map parameters are geo
- allow to run twice
- fix default ai drone script distance fn
- fix flag elements position (altitude)
- better error handling

- add a new operator script editor
- update finish rules and scoring system
- refactor map parameters
- map randomization is done now by new class map utils
- update init flag info msg
- import/export script feature
- update web site CSP
- ui: activate js syntax in user script editor
- ui: styles, section titles, etc - doc api update
- fixes/refactoring
-- fix default target coordinates bug
-- control empty/invalid user scripts
-- raise an error on user script syntax error
-- fix onUpdate timestamp parameter (to integer milliseconds)
-- fix drone loiter (based on nexedi/erp5!1817/)

PDF_viewPDFJSPreview/my_data
Anyway, we are in PDF context, it can work even if content_type is not set

it can happen that getEffectiveModel does not find a model, this
is currently causing activity failures in indexation of
transformations. Tolerate errors here because this is not an error
but just a sign of invalid user data.

Due to some debug code, it never checked anything.

Spin is too much and waste cpu resource.

This is a first step to stop using "unsafe" web sections.

This updates support request app to not require `script-src: unsafe-eval` and `style-src: unsafe-inline` in the CSP.
Dropping `script-src: unsafe-eval` is made possible by using domsugar instead of handlebars for dynamic content. Dropping `style-src: unsafe-inline` by using CSS files instead of inline `style` attributes in the DOM. One minor regression is that the tooltips from the graph on the front page gadget will cause warning because of `unsafe-inline` and not render the series color.

This application was also modernized a bit, it now uses the HTML viewer gadget to display post contents and supports translation.

See merge request !1821