Update Release Candidate

9ef0ad81 · Thomas Gambier · 9a301bf3 · a053cefd · 9ef0ad81 · 9ef0ad81
Commit 9ef0ad81 authored Jul 21, 2022 by Thomas Gambier 🚴🏼
24 changed files
--- a/component/macros/virtual-env.cfg
+++ b/component/macros/virtual-env.cfg
@@ -2,6 +2,8 @@
 extends =
 	../pygolang/buildout.cfg
+parts =
 [virtual-env-base]
 recipe = slapos.recipe.build
 name = ${:_buildout_section_name_}
@@ -10,64 +12,133 @@ init =
  from zc.buildout.easy_install import working_set
  import os
  name = options['name']
-  eggs = options['eggs']
+  eggs = options.get('eggs')
-  try:
+  self.message = options.get('message')
-    scripts = "scripts = " + options['scripts']
+  self.chain = options.get('chain')
-  except KeyError:
+  environment = options.get('environment')
-    scripts = ""
+  scripts = options.get('scripts')
-  self.buildout.parse("""
+  eggs_template = """
  [.%(name)s.install-eggs]
  recipe = zc.recipe.egg
-  eggs = %(eggs)s
+  eggs =
+    %(eggs)s
  %(scripts)s
  [.%(name)s.install-interpreter]
  <= python-interpreter
-  eggs += %(eggs)s
+  eggs +=
-  """ % locals())
+    %(eggs)s
+  """
+  instance_template = """
+  [.%(name)s.instance]
+  recipe = slapos.recipe.template
+  output = ${buildout:directory}/instance.cfg
+  depends = $%(cookbook)s
+  inline =
+    [buildout]
+    parts = publish
+    eggs-directory = ${buildout:eggs-directory}
+    develop-eggs-directory = ${buildout:develop-eggs-directory}
+    [publish]
+    recipe = slapos.cookbook:publish
+    activate-script = %(location)s
+  """
+  if eggs:
+    self.buildout.parse(eggs_template % {
+      "eggs": "\n  ".join(e.strip() for e in eggs.splitlines()),
+      "name": name,
+      "scripts": "scripts = " + scripts if scripts else "",
+    })
  if is_true(options.get('default-instance')):
-    cookbook = "{slapos-cookbook:recipe}"
+    self.buildout.parse(instance_template % {
-    self.buildout.parse("""
+      "cookbook": "{slapos-cookbook:recipe}",
-    [.%(name)s.instance]
+      "location": location,
-    recipe = slapos.recipe.template
+      "name": name,
-    output = ${buildout:directory}/instance.cfg
+    })
-    depends = $%(cookbook)s
-    inline =
+  env = {
-      [buildout]
+    "PATH": self.buildout['buildout']['bin-directory'] + ":\$PATH",
-      parts = publish
+    "PS1": "\"(" + self.name + ") \$PS1\"",
+  }
-      eggs-directory = ${buildout:eggs-directory}
-      develop-eggs-directory = ${buildout:develop-eggs-directory}
+  if environment:
+    for line in environment.splitlines():
-      [publish]
+      key, value = line.split("=", 1)
-      recipe = slapos.cookbook:publish
+      env[key.strip()] = value.strip()
-      activate-script = %(location)s
-    """ % locals())
+  self.env = env
 install =
+  message = ""
+  if self.message:
+    message = "echo " + "\n  echo ".join(
+      "%r" % line for line in self.message.splitlines())
+    message += "\n  echo \'\'"
+  chain = ""
+  if self.chain:
+    chain = "source " + "\n  source ".join(
+      "%r" % line for line in self.chain.splitlines())
  with open(location, "w") as f:
    f.write(options['template'] % {
-      "path" : self.buildout['buildout']['bin-directory'],
+      "env": " ".join("%s %s" % (k, v) for k, v in self.env.items()),
-      "name" : self.name,
+      "message": message,
+      "chain": chain,
    })
 # Template virtual env for bash shell in posix
 [virtual-env-base:posix]
 template =
-  deactivate () {
+  if type deactivate > /dev/null 2>&1
-    set PATH PS1
+  then
+    export _OLD_PARAM=( "$@")
+    set %(env)s
    while [ "$1" ]; do
-      eval "if [ \"\$_OLD_VENV_$1\" ]; then $1=\$_OLD_VENV_$1; else unset $1; fi; unset \$_OLD_VENV_$1"
+      if ! ( echo $_LIST_OLD_VENV | grep $1 ) > /dev/null 2>&1
+      then
+        eval "export _OLD_VENV_$1=\$$1"
+        eval "export _LIST_OLD_VENV=\"$1 \$_LIST_OLD_VENV\""
+      fi
+      eval "export $1=\"$2\""
+      shift
      shift
    done
-    unset -f deactivate
+    if [[ -n "$_OLD_PARAM" ]]; then
-  }
+      set "$${_OLD_PARAM[@]}"
+    fi
+    unset _OLD_PARAM
-  VENV_PATH=%(path)s
+    %(chain)s
-  _OLD_VENV_PATH=$PATH
+    %(message)s
-  _OLD_VENV_PS1=$PS1
+  else
-  PATH=$VENV_PATH:$PATH
+    deactivate () {
-  PS1='(%(name)s) '$PS1
+      set $_LIST_OLD_VENV
+      while [ "$1" ]; do
+        eval "if [ \"\$_OLD_VENV_$1\" ]; then $1=\$_OLD_VENV_$1; else unset $1; fi; unset \$_OLD_VENV_$1"
+        shift
+      done
+      unset -f deactivate
+      unset _LIST_OLD_VENV
+    }
+    export _OLD_PARAM=( "$@" )
+    set %(env)s
+    while [ "$1" ]; do
+      eval "_OLD_VENV_$1=\$$1"
+      eval "export $1=\"$2\""
+      eval "export _LIST_OLD_VENV=\"$1 \$_LIST_OLD_VENV\""
+      shift
+      shift
+    done
+    if [[ -n "$_OLD_PARAM" ]]; then
+      set "$${_OLD_PARAM[@]}"
+    fi
+    unset _OLD_PARAM
+    %(chain)s
+    %(message)s
+  fi
--- a/component/macros/virtual-env.rst
+++ b/component/macros/virtual-env.rst
+Virtual environment
+===================
+Introduction
+------------
+The virtual environment macro allows you to quickly create a development environment.
+Options
+-------
+Several options are available to customize your virtual environment :
+name
+~~~~
+The ``name`` option is the name that will be displayed when the environment is activated. For example::
+  name = virtual-env
+gives::
+  >> source activate
+  ( virtual-env ) >>
+**Note:** By default, ``name`` is the name of the Buildout section that uses the macro.
+location
+~~~~~~~~
+The ``location`` option is where the script to be sourced will be stored. For example::
+  location = project/activate
+gives::
+  >> source project/activate
+  ( virtual-env ) >>
+**Note:** Don't forget to add the name of the script in the path.
+eggs
+~~~~
+This option should not be used to install eggs during instantiation (in an instance file).
+It works the same way as ``zc.recipe.eggs``, you can add to the line several eggs to download for use in the virtual environment.
+A custom Python with the chosen eggs will then be generated. For example::
+  eggs = numpy
+gives::
+  ( virtual-env ) >> python
+  python
+  >>> import numpy
+scripts
+~~~~~~~
+This option should not be used to install scripts during instantiation (in an instance file).
+It works in the same way as in ``zc.recipe.eggs``, you can add to the line several scripts to generate for use in the virtual environment.For example::
+  eggs = Django
+  scripts = django-admin
+gives::
+  ( virtual-env ) >> django-admin
+**Note:** By default if the option is not used, all scripts will be installed.
+default-instance
+~~~~~~~~~~~~~~~~
+The ``default-instance`` option takes the value ``true`` or ``false``.
+If set to ``true``, it will create a minimal instance that will publish the path of the script to be sourced.
+If it is set to ``false``, you will be able to create your own custom instance.
+**Note:** If you want to use the macro in an ``instance`` file, you should set this option to ``false``.
+environment
+~~~~~~~~~~~
+The ``environment`` option allows you to choose the value of the environment variables of the virtual environment.
+They are to be written on the line in the form ``VAR = value``. For example::
+  environment = 
+    VAR1 = value1
+    VAR2 = value2
+gives::
+  ( virtual-env ) >> echo $VAR1
+  value1
+**Note:** If you want to keep the other values as well, like for PATH for example, you have to do::
+  PATH = new_val:$PATH
+message
+~~~~~~~
+The ``message`` option allows to display a message when sourcing the virtual environment.
+The message will be considered as a string. For example::
+  message =
+    You are in a virtual environment.
+gives::
+  >> source activate
+  You are in a virtual environment.
+  ( virtual-env) >> 
+chain
+~~~~~
+The ``chain`` option allows you to chain several scripts created by the macro as if it were one. This can be useful if one script is generated in a ``software`` file and another in an ``instance`` file.
+When deactivating, the state of the environment will return to the initial state.
+To use this option you just have to specify the script to source by running the script. For example::
+  chain = project/another_activate
+Deactivate
+----------
+Once you want to exit the virtual environment, you just have to run the ``deactivate`` function. Like::
+  ( virtual-env ) >> deactivate
+    >> 
--- a/component/python3/buildout.cfg
+++ b/component/python3/buildout.cfg
@@ -19,7 +19,7 @@ parts =
    python3
 [python3]
-<= python3.7
+<= python3.8
 [python3-common]
 recipe = slapos.recipe.cmmi
@@ -61,7 +61,32 @@ md5sum = 986078f11b39074be22a199e56491d98
 [python3.7]
 <= python3-common
 version = 3.7
-package_version = 3.7.7
+package_version = 3.7.9
-md5sum = 172c650156f7bea68ce31b2fd01fa766
+md5sum = 389d3ed26b4d97c741d9e5423da1f43b
+patch-options =
+patches =
+[python3.8]
+<= python3-common
+version = 3.8
+package_version = 3.8.9
+md5sum = 51b5bbf2ab447e66d15af4883db1c133
+patch-options =
+patches =
+[python3.9]
+<= python3-common
+version = 3.9
+package_version = 3.9.13
+md5sum = 5e2411217b0060828d5f923eb422a3b8
+patch-options =
+patches =
+[python3.10]
+<= python3-common
+version = 3.10
+package_version = 3.10.5
+md5sum = f05727cb3489aa93cd57eb561c16747b
 patch-options =
 patches =
--- a/component/qemu-kvm/buildout.cfg
+++ b/component/qemu-kvm/buildout.cfg
@@ -32,6 +32,7 @@ md5sum = bfb5b09a0d1f887c8c42a6d5f26971ab
 patches =
  https://gitlab.com/redhat/centos-stream/src/qemu-kvm/-/merge_requests/87.diff#ad41b138aa6f330f95811c9a83637b85
 patch-options = -p1
+patch-binary = ${patch:location}/bin/patch
 pre-configure =
  sed -i '/^libmigration\b/s/$/ dependencies: [zlib],/' meson.build
  sed -i 's/\bsnappy,/zlib, \0/' dump/meson.build
@@ -59,7 +60,7 @@ configure-options =
 environment =
  CFLAGS=-I${librbd:location}/include/ -I${gettext:location}/include -I${libaio:location}/include -I${liburing:location}/include -I${libcap-ng:location}/include
  LDFLAGS=-L${librbd:location}/lib -Wl,-rpath=${librbd:location}/lib -L${gettext:location}/lib -L${libaio:location}/lib -L${libcap-ng:location}/lib -Wl,-rpath=${libcap-ng:location}/lib -Wl,-rpath=${glib:location}/lib -Wl,-rpath=${gnutls:location}/lib -Wl,-rpath=${nettle:location}/lib -Wl,-rpath=${pixman:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${libaio:location}/lib -Wl,-rpath=${liburing:location}/lib -Wl,-rpath=${libcap-ng:location}/lib
-  PATH=${patch:location}/bin:${pkgconfig:location}/bin:${bzip2:location}/bin:%(PATH)s
+  PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:%(PATH)s
  PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gnutls:location}/lib/pkgconfig:${gnutls:pkg-config-path}:${libpng:location}/lib/pkgconfig:${liburing:location}/lib/pkgconfig:${ncurses:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${pixman:location}/lib/pkgconfig:${librbd:location}/lib/pkgconfig
 [qemu:sys.version_info < (3,6)]

--- a/component/systemd/buildout.cfg
+++ b/component/systemd/buildout.cfg
@@ -15,6 +15,11 @@ extends =
 [systemd-markupsafe-download]
 recipe = slapos.recipe.build:download
 shared = true
+url = https://files.pythonhosted.org/packages/bf/10/ff66fea6d1788c458663a84d88787bae15d45daa16f6b3ef33322a51fc7e/${:filename}
+filename = MarkupSafe-2.0.1.tar.gz
+md5sum = 892e0fefa3c488387e5cc0cad2daa523
+[systemd-markupsafe-download:sys.version_info < (3,8)]
 url = https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/${:filename}
 filename = MarkupSafe-1.0.tar.gz
 md5sum = 2fcedc9284d50e577b5192e8e3578355

--- a/software/beremiz-ide/software.cfg
+++ b/software/beremiz-ide/software.cfg
@@ -86,9 +86,9 @@ eggs +=
 [beremiz]
 recipe = slapos.recipe.build:download-unpacked
-# download beremiz at revision 8171447dc479012a58fae0f2ffd233ade7d28d6a
+# download beremiz at revision c9b7db300a25806ccaa9d5a844d1e0fd281acb4b
-url = https://github.com/beremiz/beremiz/archive/8171447dc479012a58fae0f2ffd233ade7d28d6a.tar.gz
+url = https://github.com/beremiz/beremiz/archive/c9b7db300a25806ccaa9d5a844d1e0fd281acb4b.tar.gz
-md5sum = 48070804b00b633d79dfc4bae3a73646
+md5sum = ed28b53deaaa9a10e6160b10e9dad1a8
 [beremiz-setup]
 recipe  = zc.recipe.egg:develop

--- a/software/beremiz-runtime/software.cfg
+++ b/software/beremiz-runtime/software.cfg
@@ -3,6 +3,7 @@ extends =
  buildout.hash.cfg
  ../../component/git/buildout.cfg
  ../../component/matiec/buildout.cfg
+  ../../component/open62541/buildout.cfg
  ../../stack/monitor/buildout.cfg
  ../../stack/slapos.cfg
@@ -12,11 +13,20 @@ parts =
  instance-profile
  python-interpreter
  matiec
+  open62541
+[open62541]
+# Beremiz need it to be in folder parts/open62541
+# as Beremiz search for open62541 to BEREMIZ_PATH/../open62541
+shared = false
+post-install =
+  mkdir -p @@LOCATION@@/build/bin
+  ln -sf @@LOCATION@@/lib/libopen62541.a @@LOCATION@@/build/bin/libopen62541.a
 [beremiz-source]
 recipe = slapos.recipe.build:gitclone
 repository = https://github.com/beremiz/beremiz.git
-revision = 8171447dc479012a58fae0f2ffd233ade7d28d6a
+revision = c9b7db300a25806ccaa9d5a844d1e0fd281acb4b
 git-executable = ${git:location}/bin/git
 [beremiz]

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 051ae51b86f9aba169a6777fa2239901
+md5sum = f1f04e7f27bc6e40a655dd4badb2a8af
 [profile-common]
 filename = instance-common.cfg.in
@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 [profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 1e912fb970401a4b7670b25ba8284a5b
+md5sum = 874133120f3a4eda1d0505b8608b280f
 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 57388e76c7e61b3d7213df8aac0b407d
+md5sum = 02a10d92d2b0e270454998cf865b6895
 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 964a7f673f441f3a3e90c88ab03e3351
+md5sum = 268a945e5c7a52c8766b54a817215c4c
 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
-md5sum = be54431846fe7f3cee65260eefc83d62
+md5sum = b3422f3624054f57b78d0e50a0de399a
 [profile-caddy-frontend-configuration]
 _update_hash_filename_ = templates/Caddyfile.in
@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
 [caddyprofiledeps-dummy]
 filename = caddyprofiledummy.py
-md5sum = b41b8de115ad815d0b0db306ad650365
+md5sum = 1c866272ec0ea0c161f0c0d80cb6e584
 [profile-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = b5426129668f39ace55f14012c4a2fd2
+md5sum = 2f1c9cc9a3d2f4c6ac59eba5a99d4983
 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
 [template-slave-introspection-httpd-nginx]
 _update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
-md5sum = 3067e6ba6c6901821d57d2109517d39c
+md5sum = b79addf01b6fb93c2f3d018e83eff766
 [template-expose-csr-nginx-conf]
 _update_hash_filename_ = templates/expose-csr-nginx.conf.in

--- a/software/caddy-frontend/caddyprofiledummy.py
+++ b/software/caddy-frontend/caddyprofiledummy.py
-from __future__ import print_function
 import caucase.client
 import caucase.utils
 import os
 import ssl
 import sys
-import urllib
+import urllib.request, urllib.parse, urllib.error
-import urlparse
+import urllib.parse
 from cryptography import x509
 from cryptography.hazmat.primitives import serialization
@@ -24,7 +24,7 @@ class Recipe(object):
 def validate_netloc(netloc):
  # a bit crazy way to validate that the passed parameter is haproxy
  # compatible server netloc
-  parsed = urlparse.urlparse('scheme://'+netloc)
+  parsed = urllib.parse.urlparse('scheme://'+netloc)
  if ':' in parsed.hostname:
    hostname = '[%s]' % parsed.hostname
  else:
@@ -33,7 +33,7 @@ def validate_netloc(netloc):
 def _check_certificate(url, certificate):
-  parsed = urlparse.urlparse(url)
+  parsed = urllib.parse.urlparse(url)
  got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
  if certificate.strip() != got_certificate.strip():
    raise ValueError('Certificate for %s does not match expected one' % (url,))
@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate):
  self_signed = ssl.create_default_context()
  self_signed.check_hostname = False
  self_signed.verify_mode = ssl.CERT_NONE
-  return urllib.urlopen(url, context=self_signed).read()
+  return urllib.request.urlopen(url, context=self_signed).read().decode()
 def _get_caucase_client(ca_url, ca_crt, user_key):
@@ -72,7 +72,7 @@ def _csr_match(*csr_list):
  number_list = set([])
  for csr in csr_list:
    number_list.add(
-      x509.load_pem_x509_csr(str(csr)).public_key().public_numbers())
+      x509.load_pem_x509_csr(csr.encode()).public_key().public_numbers())
  return len(number_list) == 1

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value}
 init =
  import hashlib
  import base64
-  options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])).digest())
+  options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']]).encode()).digest()).decode()
 [frontend-node-information]
 recipe = slapos.recipe.build
@@ -359,9 +359,9 @@ partition_ipv6 =  ${slap-configuration:ipv6-random}
 extra-context =
    key caddy_configuration_directory caddy-directory:slave-configuration
    key backend_client_caucase_url :backend-client-caucase-url
-    import urlparse_module urlparse
    import furl_module furl
    import urllib_module urllib
+    import operator_module operator
    key master_key_download_url :master_key_download_url
    key autocert caddy-directory:autocert
    key caddy_log_directory caddy-directory:slave-log
@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
 # BBB: SlapOS Master non-zero knowledge BEGIN
 [get-self-signed-fallback-access]
-recipe = collective.recipe.shelloutput
+recipe = slapos.recipe.build
-commands =
+certificate-file = ${self-signed-fallback-access:certificate}
-  certificate = cat ${self-signed-fallback-access:certificate}
+init =
+  import os
+  options['certificate'] = ''
+  if os.path.exists(options['certificate-file']):
+    with open(options['certificate-file'], 'r') as fh:
+      options['certificate'] = fh.read()
 [apache-certificate]
 recipe = slapos.recipe.template:jinja2
@@ -1066,7 +1071,7 @@ config-command =
  ${logrotate:wrapper-path} -d
 [configuration]
-{%- for key, value in instance_parameter_dict.iteritems() -%}
+{%- for key, value in instance_parameter_dict.items() -%}
 {%-   if key.startswith('configuration.') %}
 {{ key.replace('configuration.', '') }} = {{ dumps(value) }}
 {%-   endif -%}
@@ -1076,13 +1081,13 @@ config-command =
 {#- There are dangerous keys like recipe, etc #}
 {#- XXX: Some other approach would be useful #}
 {%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
-{%- for key, value in instance_parameter_dict.iteritems() -%}
+{%- for key, value in instance_parameter_dict.items() -%}
 {%-   if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
 {{ key }} = {{ dumps(value) }}
 {%-   endif -%}
 {%- endfor %}
 [software-parameter-section]
-{%- for key, value in software_parameter_dict.iteritems() %}
+{%- for key, value in software_parameter_dict.items() %}
 {{ key }} = {{ dumps(value) }}
 {%- endfor %}
--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -129,7 +129,7 @@ context =
 {%   set config_key = "-frontend-config-%s-" % i %}
 {%   set config_key_length = config_key | length %}
 {%   set config_dict = {} %}
-{%   for key in slapparameter_dict.keys() %}
+{%   for key in list(slapparameter_dict.keys()) %}
 {%     if key.startswith(sla_key) %}
 {%       do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
 # We check for specific configuration regarding the frontend
@@ -164,7 +164,7 @@ context =
 {% set critical_rejected_slave_dict = {} %}
 {% set warning_slave_dict = {} %}
 {% set used_host_list = [] %}
-{% for slave in sorted(instance_parameter_dict['slave-instance-list']) %}
+{% for slave in sorted(instance_parameter_dict['slave-instance-list'], key=operator_module.itemgetter('slave_reference')) %}
 {%   set slave_error_list = [] %}
 {%   set slave_critical_error_list = [] %}
 {%   set slave_warning_list = [] %}
@@ -278,7 +278,7 @@ context =
 {%     if k in slave %}
 {%       set crt = slave.get(k, '') %}
 {%       set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
-{%       do check_popen.communicate(crt) %}
+{%       do check_popen.communicate(crt.encode()) %}
 {%       if check_popen.returncode != 0 %}
 {%         do slave_error_list.append('%s is invalid' % (k,)) %}
 {%       endif %}
@@ -296,8 +296,8 @@ context =
 {%   if slave.get('ssl_key') and slave.get('ssl_crt') %}
 {%     set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
 {%     set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
-{%     set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
+{%     set key_modulus = key_popen.communicate(slave['ssl_key'].encode())[0] | trim %}
-{%     set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
+{%     set crt_modulus = crt_popen.communicate(slave['ssl_crt'].encode())[0] | trim %}
 {%     if not key_modulus or key_modulus != crt_modulus  %}
 {%       do slave_error_list.append('slave ssl_key and ssl_crt does not match')  %}
 {%     endif %}
@@ -334,7 +334,7 @@ context =
 {%     do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
 {%   endif %}
 {% endfor %}
-{% do authorized_slave_list.sort() %}
+{% do authorized_slave_list.sort(key=operator_module.itemgetter('slave_reference')) %}
 [monitor-instance-parameter]
 monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
 {%-     do base_node_configuration_dict.__setitem__(key,  slapparameter_dict[key]) %}
 {%-   endif %}
 {%- endfor %}
-{% for section, frontend_request in request_dict.iteritems() %}
+{% for section, frontend_request in request_dict.items() %}
 {%   set state = frontend_request.get('state', '') %}
 [{{section}}]
 <= replicate
@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
 {# sort_keys are important in order to avoid shuffling parameters on each run #}
 {%     do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
 {%     do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
-{%-     for config_key, config_value in node_configuration_dict.iteritems() %}
+{%-     for config_key, config_value in node_configuration_dict.items() %}
 config-{{ config_key }} = {{ dumps(config_value) }}
 {%     endfor -%}
-{%-     for config_key, config_value in base_node_configuration_dict.iteritems() %}
+{%-     for config_key, config_value in base_node_configuration_dict.items() %}
 config-{{ config_key }} = {{ dumps(config_value) }}
 {%     endfor -%}
 {%     if frontend_request.get('sla') %}
-{%       for parameter, value in frontend_request.get('sla').iteritems() %}
+{%       for parameter, value in frontend_request.get('sla').items() %}
 sla-{{ parameter }} = {{ value }}
 {%       endfor %}
 {%     endif %}
@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }}
 config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
 {% set software_url_key = "-kedifa-software-release-url" %}
-{% if slapparameter_dict.has_key(software_url_key) %}
+{% if software_url_key in slapparameter_dict %}
 software-url = {{ slapparameter_dict.pop(software_url_key) }}
 {% else %}
 software-url = ${slap-connection:software-release-url}
@@ -499,7 +499,7 @@ name = kedifa
 return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate  monitor-base-url
 {% set sla_kedifa_key = "-sla-kedifa-" %}
 {% set sla_kedifa_key_length = sla_kedifa_key | length %}
-{% for key in slapparameter_dict.keys() %}
+{% for key in list(slapparameter_dict.keys()) %}
 {%   if key.startswith(sla_kedifa_key) %}
 sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
 {%   endif %}

--- a/software/caddy-frontend/instance-kedifa.cfg.in
+++ b/software/caddy-frontend/instance-kedifa.cfg.in
@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 [expose-csr-certificate-get]
-recipe = collective.recipe.shelloutput
+recipe = slapos.recipe.build
-commands =
+certificate-file = ${expose-csr-certificate:certificate}
-  certificate = cat ${expose-csr-certificate:certificate}
+init =
+  import os
+  options['certificate'] = ''
+  if os.path.exists(options['certificate-file']):
+    with open(options['certificate-file'], 'r') as fh:
+      options['certificate'] = fh.read()
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -259,10 +264,8 @@ command =
 update-command = ${:command}
 [{{ slave_reference }}-auth-random]
-recipe = collective.recipe.shelloutput
+<= auth-random
 file = {{ '${' + slave_reference }}-auth-random-generate:file}
-commands =
-  passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
 {% endfor %}
@@ -273,11 +276,18 @@ command =
  [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
 update-command = ${:command}
+[auth-random]
+recipe = slapos.recipe.build
+init =
+  import os
+  options['passwd'] = 'NotReadyYet'
+  if os.path.exists(options['file']):
+    with open(options['file'], 'r') as fh:
+      options['passwd'] = fh.read()
 [master-auth-random]
-recipe = collective.recipe.shelloutput
+<= auth-random
 file = ${master-auth-random-generate:file}
-commands =
-  passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
 [slave-kedifa-information]
 recipe = slapos.cookbook:publish.serialised

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output
 kedifa = dynamic-profile-kedifa:output
 [software-parameter-section]
-{% for key,value in software_parameter_dict.iteritems() %}
+{% for key,value in software_parameter_dict.items() %}
 {{ key }} = {{ dumps(value) }}
 {% endfor -%}
@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg
 extra-context =
    import subprocess_module subprocess
    import functools_module functools
+    import operator_module operator
    import validators validators
    import caddyprofiledummy caddyprofiledummy
 # Must match the key id in [switch-softwaretype] which uses this section.

--- a/software/caddy-frontend/software.cfg
+++ b/software/caddy-frontend/software.cfg
@@ -22,6 +22,9 @@ parts +=
  caddyprofiledeps
  kedifa
+[python]
+part = python3
 [kedifa]
 recipe = zc.recipe.egg
 eggs =
@@ -57,7 +60,6 @@ recipe = zc.recipe.egg
 eggs =
  caddyprofiledeps
  websockify
-  collective.recipe.shelloutput
 [profile-common]
 recipe = slapos.recipe.template:jinja2

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -52,13 +52,13 @@ context =
 {#-     * setup defaults to simplify other profiles #}
 {#-     * stabilise values for backend #}
 {%-   for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
-{%-     set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
+{%-     set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
 {%-     set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
 {%-     do slave_instance.__setitem__(prefix, info_dict) %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
 {%-   for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
-{%-     set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
+{%-     set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
 {%-     set info_dict = slave_instance[prefix] %}
 {%-     do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
 {%-     do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
@@ -189,7 +189,7 @@ context =
 {%-   do furled.set(password = '${'+ slave_password_section +':passwd}') %}
 {%-   do furled.set(path = slave_reference + '/') %}
 {#-   We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
-{%-   set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
+{%-   set slave_log_access_url = urllib_module.parse.unquote(furled.tostr()) %}
 {%-   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
 {%-   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
 {%-   do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
@@ -212,7 +212,7 @@ context =
 {%-   for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
 {%-     set websocket_path = websocket_path.strip('/') %}
 {#-   Unquote the path, so %20 and similar can be represented correctly #}
-{%-     set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
+{%-     set websocket_path = urllib_module.parse.unquote(websocket_path.strip()) %}
 {%-     if websocket_path %}
 {%-       do websocket_path_list.append(websocket_path) %}
 {%-     endif %}
@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
 local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
 version-hash = {{ version_hash }}
 node-id = {{ node_id }}
-{%-   for key, value in slave_instance.iteritems() %}
+{%-   for key, value in slave_instance.items() %}
 {%-     if value is not none %}
 {{ key }} = {{ dumps(value) }}
 {%-     endif %}
@@ -383,7 +383,7 @@ config-frequency = 720
 {%-     do part_list.append(publish_section_title) %}
 [{{ publish_section_title }}]
 recipe = slapos.cookbook:publish
-{%-     for key, value in slave_publish_dict.iteritems() %}
+{%-     for key, value in slave_publish_dict.items() %}
 {{ key }} = {{ value }}
 {%-     endfor %}
 {%-   else %}
@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
 {%-   do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
 {%-   do furled.set(path = '/') %}
 {#-   We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
-{%-   set statistic_url = urlparse_module.unquote(furled.tostr()) %}
+{%-   set statistic_url = urllib_module.parse.unquote(furled.tostr()) %}
 backend-haproxy-statistic-url = {{ statistic_url }}
 {#-   sort_keys are important in order to avoid shuffling parameters on each run #}
 node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
@@ -503,7 +503,7 @@ output = ${:file}
 < = jinja2-template-base
 url = {{ template_backend_haproxy_configuration }}
 output = ${backend-haproxy-config:file}
-backend_slave_list = {{ dumps(sorted(backend_slave_list)) }}
+backend_slave_list = {{ dumps(sorted(backend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
 extra-context =
  key backend_slave_list :backend_slave_list
  section configuration backend-haproxy-config
@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 [expose-csr-certificate-get]
-recipe = collective.recipe.shelloutput
+recipe = slapos.recipe.build
-commands =
+certificate-file = ${expose-csr-certificate:certificate}
-  certificate = cat ${expose-csr-certificate:certificate}
+init =
+  import os
+  options['certificate'] = ''
+  if os.path.exists(options['certificate-file']):
+    with open(options['certificate-file'], 'r') as fh:
+      options['certificate'] = fh.read()
 [promise-logrotate-setup]
 <= monitor-promise-base

--- a/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
+++ b/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
@@ -2,7 +2,7 @@
 {% set slave_information_dict = {} %}
 # regroup slave information from all frontends
-{% for frontend, slave_list_raw in slave_information.iteritems() %}
+{% for frontend, slave_list_raw in slave_information.items() %}
 {%   if slave_list_raw %}
 {%     set slave_list = json_module.loads(slave_list_raw) %}
 {%   else %}
@@ -27,21 +27,21 @@
 {%   endfor %}
 {% endfor %}
-{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].iteritems() %}
+{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].items() %}
 {%   if slave_reference not in slave_information_dict %}
 {%     do slave_information_dict.__setitem__(slave_reference, {}) %}
 {%   endif %}
 {%   do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
 {% endfor %}
-{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].iteritems() %}
+{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].items() %}
 {%   if slave_reference not in slave_information_dict %}
 {%     do slave_information_dict.__setitem__(slave_reference, {}) %}
 {%   endif %}
 {%   do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
 {% endfor %}
-{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %}
+{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).items() %}
 {%   if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
 {%     if slave_reference not in slave_information_dict %}
 {%       do slave_information_dict.__setitem__(slave_reference, {}) %}
@@ -54,7 +54,7 @@
 # Publish information for each slave
 {% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %}
-{% for slave_reference, slave_information in slave_information_dict.iteritems() %}
+{% for slave_reference, slave_information in slave_information_dict.items() %}
 {#   Filter out destroyed, so not existing anymore, slaves #}
 {#   Note: This functionality is not yet covered by tests, please modify with care #}
 {%   if slave_reference in active_slave_instance_list %}
@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish
 {# sort_keys are important in order to avoid shuffling parameters on each run #}
 log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
 {%     endif %}
-{%     for key, value in slave_information.iteritems() %}
+{%     for key, value in slave_information.items() %}
 {{ key }} = {{ dumps(value) }}
 {%     endfor %}
 {%   endif %}
-{%   for frontend_key, frontend_value in frontend_information.iteritems() %}
+{%   for frontend_key, frontend_value in frontend_information.items() %}
 {{ frontend_key }} = {{ frontend_value }}
 {%   endfor %}
 {% endfor %}

--- a/software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
+++ b/software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
@@ -23,7 +23,7 @@ http {
    fastcgi_temp_path {{ parameter_dict['var'] }} 1 2;
    uwsgi_temp_path {{ parameter_dict['var'] }} 1 2;
    scgi_temp_path {{ parameter_dict['var'] }} 1 2;
-  {% for slave, directory in slave_log_directory.iteritems() %}
+  {% for slave, directory in slave_log_directory.items() %}
    location /{{ slave }} {
      alias {{ directory }};
      autoindex on;

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
--- a/software/django-dev/software.cfg
+++ b/software/django-dev/software.cfg
 [buildout]
 extends =
-        ../../stack/slapos.cfg
+  ../../stack/slapos.cfg
-        ../../component/macros/virtual-env.cfg
+  ../../component/macros/virtual-env.cfg
 parts =
-        django-env
+  django-env
 [django-env]
 <= virtual-env-base
@@ -15,8 +15,6 @@ eggs = Django
 part = python3
 [versions]
-Django = 3.2.12
+Django = 4.0.6
 sqlparse = 0.4.2
-pytz = 2021.3
+asgiref = 3.5.2
-asgiref = 3.3.2
-typing-extensions = 4.1.1:whl
--- a/software/slapos-sr-testing/software-py3.cfg
+++ b/software/slapos-sr-testing/software-py3.cfg
@@ -13,6 +13,7 @@ extra-eggs +=
 [template]
 extra =
 # The following list is for SR whose buildout runs only with Python 3.
+  caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
  erp5testnode ${slapos.test.erp5testnode-setup:setup}
  galene ${slapos.test.galene-setup:setup}
  headless-chromium ${slapos.test.headless-chromium-setup:setup}

--- a/software/slapos-sr-testing/software.cfg
+++ b/software/slapos-sr-testing/software.cfg
@@ -359,7 +359,6 @@ extra =
 #          You should not add more lines here.
  backupserver ${slapos.test.backupserver-setup:setup}
  beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
-  caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
  caucase ${slapos.test.caucase-setup:setup}
  cloudooo ${slapos.test.cloudooo-setup:setup}
  dream ${slapos.test.dream-setup:setup}

--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -66,7 +66,7 @@ md5sum = 0969fbb25b05c02ef3c2d437b2f4e1a0
 [template-run-zelenium]
 filename = run-zelenium-test.py.in
-md5sum = 38653020296e43f84a93b99cb35aaef6
+md5sum = b95084ae9eed95a68eada45e28ef0c04
 [template]
 filename = instance.cfg.in

--- a/stack/erp5/run-zelenium-test.py.in
+++ b/stack/erp5/run-zelenium-test.py.in
@@ -77,6 +77,23 @@ def main():
      traceback.print_exc()
    time.sleep(600)
+  # Unsubscribe activity
+  # Launch Zuite_waitForActivities with activity suscribed may create conflict
+  activity_unsubscribe_url = "%s/erp5/portal_activities/unsubscribe" \
+      "?__ac_name=%s" \
+      "&__ac_password=%s" % (parser_configuration['remote-access-url'],  {{ repr(user) }}, {{ repr(password) }})
+  print activity_unsubscribe_url
+  try:
+    response = urlopen(activity_unsubscribe_url)
+    try:
+      if response.code != 200:
+        sys.exit(-1)
+    finally:
+      response.close()
+  except Exception:
+    traceback.print_exc()
  tool = taskdistribution.TaskDistributor(portal_url=args.master_url)
  browser = webdriver.Remote(parser_configuration['server-url'] , parser_configuration['desired-capabilities'] )

--- a/stack/slapos.cfg
+++ b/stack/slapos.cfg
@@ -139,7 +139,7 @@ zc.recipe.egg = 2.0.3+slapos003
 traitlets = 4.3.3
 Jinja2 = 2.11.3
 Importing = 1.10
-MarkupSafe = 1.0
+MarkupSafe = 2.0.1
 PyYAML = 5.4.1
 Werkzeug = 2.0.2
 ZConfig = 2.9.3
@@ -195,7 +195,7 @@ setuptools-dso = 1.7
 rubygemsrecipe  = 0.4.3
 six = 1.12.0
 slapos.cookbook = 1.0.253
-slapos.core = 1.7.10
+slapos.core = 1.7.11
 slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
 slapos.libnetworkcache = 0.25
@@ -203,7 +203,7 @@ slapos.rebootstrap = 4.5
 slapos.recipe.build = 0.55
 slapos.recipe.cmmi = 0.19
 slapos.recipe.template = 5.0
-slapos.toolbox = 0.127
+slapos.toolbox = 0.128
 stevedore = 1.21.0:whl
 subprocess32 = 3.5.4
 unicodecsv = 0.14.1
@@ -262,6 +262,9 @@ click = 6.7
 distro = 1.6.0
 Werkzeug = 1.0.1
+[versions:sys.version_info < (3,8)]
+MarkupSafe = 1.0
 [networkcache]
 download-cache-url = http://shacache.nxdcdn.com