From 28516eb8c98ee5715e41b3756be964b099ac7ed6 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Fri, 24 Apr 2026 14:47:03 +0200 Subject: [PATCH 1/4] CHANGELOG.md: Formatted markdown file Signed-off-by: Lars Erik Wik --- CHANGELOG.md | 56 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3acb372309..b1ec742268 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ ## 3.24.4: + - Added dnf package module (ENT-11784) - Added workaround for set_variable_values_ini with missing sections (CFE-3866) @@ -10,6 +11,7 @@ - Made system_log_level configurable via Augments (CFE-4452) ## 3.24.3 + - Fixed cfruncommand for Windows causing "Too many arguments" error (ENT-13530) - Added dmidecode to well known paths for Red Hat (ENT-12988) - Added recommendation about nfs server and consistent use of root dot @@ -30,6 +32,7 @@ (CFE-3429) ## 3.24.2 + - Added paths for the dmsetup, fdisk, and lshw commands (ENT-12560) - Fixed issue loading images from raw.github.com in Mission Portal Build application(ENT-12531) - Fixed issue with yum package module regarding packages with epoch not @@ -38,6 +41,7 @@ (ENT-12556) ## 3.24.1 + - Added inline docs showing valid values for method (field_operation) in body edit_field quoted_var (CFE-4426) - Added support for AIX System Resource Controller services promises @@ -51,6 +55,7 @@ (CFE-4445) ## 3.24.0 + - AIX watchdog now handles stale pids (CFE-4335) - Added ability to configure Mission Portal Apache SSLCACertificateFile via Augments (ENT-11421) @@ -74,7 +79,7 @@ - Federated reporting policy now properly fixes SELinux context of the ~cftransport/.ssh directory and its contents in a single agent run. (ENT-11136) -- Fixed comparison that caused control_executor_mailfilter_*_configured to never be set +- Fixed comparison that caused `control_executor_mailfilter_*_configured` to never be set (CFE-4374) - Fixed distributed_cleanup policy for feeders and rhel-8 superhubs (ENT-10960) @@ -103,6 +108,7 @@ defaults to PRETTY_NAME from os-release as a fallback (CFE-4342) ## 3.23.0 + - Added ability to disable plain http for CFEngine Enterprise Mission Portal (ENT-10411) - Added ability to enable backup archives during policy update @@ -150,6 +156,7 @@ (ENT-10951) ## 3.22.0 + - Added inventory for policy version (ENT-9806) - Added condition to runalerts service to require stamp directory (ENT-9711) @@ -205,6 +212,7 @@ - body package_method pacman - body package_method zypper - body package_method generic + Additionally note that the package related bundles use the package_method bodies mentioned above and are similarly influenced. - bundle agent package_present(package) @@ -213,7 +221,9 @@ - bundle agent package_specific_absent(packageorfile, package_version, package_arch) - bundle agent package_specific_latest(packageorfile, package_version, package_arch), - bundle agent package_specific(package_name, desired, package_version, package_arch) + (CFE-4178) + - Prevented management of runagent socket users when no users are listed (ENT-9535) - Removed specific old CFEngine version package module handling for windows @@ -222,6 +232,7 @@ (ENT-8338) ## 3.21.0 + - Added inventory for Raspberry Pi and DeviceTree devices (ENT-8628) - Added policy to enforce proper permissions on Mission Portal ldap directory (ENT-9693) - Added check to make sure cf-execd is running after attempting self upgrade on Windows @@ -263,6 +274,7 @@ - Ensured manual edits to httpd.conf are reverted (ENT-9686) ## 3.20.0 + - Renamed bundle agent main to bundle agent mpf_main (CFE-3947) - Added prelink to paths.cf - Added Enterprise Hub postgresql.conf to files monitored for diffs by default @@ -315,6 +327,7 @@ - Now clean_when_off FR bundle is only run when needed (ENT-8294) ## 3.19.0 + - Added interpreter attribute to standalone self upgrade package_module bodies (CFE-3703, ENT-5752) - Added almalinux as a know derivative of rhel (ENT-7644) @@ -335,7 +348,7 @@ This change adds the classes services_autorun_inputs and services_autorun_bundles for independently enabling addition of .cf files in services/autorun and automatic execution of bundles tagged with autorun - respectively. (CFE-3715) + respectively. (CFE-3715) - Added support for downloading community packages on hub in preparation for binary upgrades - Added variable for excluding files from Policy Analyzer (ENT-7684) - Adjusted badges for 3.18.0 release (ENT-6713) @@ -346,11 +359,11 @@ effect of this is that agent runs that happen close together would skip running bundles run within the last minute. Now autorun bundles no longer wait for a lock to expire, they will be actuated each agent execution. Note, promises - within those bundles have their own locks which still apply. (CFE-3795) + within those bundles have their own locks which still apply. (CFE-3795) - Dropped un-necessary local variable The use of this local variable triggers a bug that prevents datastate() from printing. Since the variable is un-necessary, it's been removed and the - parameter is used directly. (CFE-3776) + parameter is used directly. (CFE-3776) - Enforced permissions for Postgres log (ENT-7961) - Fixed package module augments settings usage for pre 3.15.3 binaries (ENT-7356, ENT-7358) @@ -368,7 +381,7 @@ (ENT-7714) - Promised permissions for Mission Portal application and Apache log files This change ensures that both Mission Portal and Apache log files have - restrictive permissions. Previously this was un-managed. (ENT-7730) + restrictive permissions. Previously this was un-managed. (ENT-7730) - Reduced scope of report informing of missing systemd service (CFE-290, ENT-7360) - Removed build dir from install/dist targets (ENT-7359) @@ -382,7 +395,7 @@ permissions (600). The previous explicit permissions (755) are un-necessary as modules are not executed from within the inputs directory and have resulted in permission flip-flopping in some environments. Permissions on modules in the - modules dir (sys.workdir)/modules are still enforced. (ENT-7733) + modules dir (sys.workdir)/modules are still enforced. (ENT-7733) - Switched from using package_method generic to default package_module for windows software inventory (ENT-2589) - Improved the reliability when detecting a Red Hat system. @@ -401,6 +414,7 @@ (ENT-7967) ## 3.18.0 + - Added .ps1 to list of file patterns considered during policy update (ENT-4094) - Added ability to specify additional directories to add autorun policy from @@ -469,6 +483,7 @@ - Guard again enforcing root ownership for CFEngine files on Windows (ENT-4628) ## 3.17.0 + - Added .csv to the list of file extensions considered by default during policy update (CFE-3425) - Added ability to extend known paths without modifying vendored policy @@ -505,6 +520,7 @@ - Replaced @ignore with useful doc strings (CFE-3378) ## 3.16.0 + - /var/cfengine/bin/python symlink creation on SLES was fixed - Added `data` shortcut to cf-serverd, defaults to sys.workdir/data - Added inventory for CFEngine Enterprise License information @@ -527,17 +543,17 @@ - Changed m_inventory dumping behavior to exclude when values is null (ENT-5562) - Corrected application/logs path to outside of docroot (ENT-5255) -- Deleted deprecated __PromiseExecutionsLog from process that cleans +- Deleted deprecated `__PromiseExecutionsLog` from process that cleans log tables (ENT-5170) - Fixed dmi inventory to prefer sysfs to dmidecode for most variables for improved performance and to handle CoreOS hosts that don't - have dmidecode. (CFE-3249) + have dmidecode. (CFE-3249) - Fixed permission flipping when policy analyzer is enabled (ENT-5235) - Fixed runalerts processes promise on non-systemd systems (ENT-5432) - Fixed selection of standard_services when used from non-default namespace (ENT-5406) - Fixed system UUID inventory for certain VMWare VMs where dmidecode - gives UUID bytes in wrong order. (CFE-3249) + gives UUID bytes in wrong order. (CFE-3249) - Fixed typo preventing recommendation bundles from running (CFE-3305) - HA setups no longer have flipping permissions on /opt/cfengine/notification_scripts @@ -568,6 +584,7 @@ - apt_get package module now checks package state (CFE-3233) ## 3.15.0 + - Added package_module for snap (CFE-2811) - Fixed pkgsrc in case where multiple Prefix paths are returned for pkg_install (CFE-3152) - Fixed pkgsrc module on Solaris/NetBSD (CFE-3151) @@ -593,7 +610,7 @@ - Added brief descriptions to bodies and bundles in cfe_internal/CFE_cfengine.cf (CFE-3220) - Added support for SUSE 11, 12 in standalone self upgrade (ENT-5045, ENT-5152) -- Changed policy triggering cleanup of __lastseenhostlogs to target only +- Changed policy triggering cleanup of `__lastseenhostlogs` to target only 3.12.x, 3.13.x and 3.14.x. From 3.15.0 on the table is absent. (ENT-5052) - Fixed agent disabling on systemd systems (CFE-2429, CFE-3416) - Ensured directory for custom action scripts is present (ENT-5070) @@ -604,10 +621,11 @@ (ENT-4331, ENT-4992) - Fixed re-spawning of cf-execd or cf-monitord after remediating duplicate concurrent processes (CFE-3150) -- Replaced /var/cfengine with proper $(sys.*) vars (ENT-4800) - - Fixed selection of standard_services when used from non-default namespace (ENT-5406) +- Replaced /var/cfengine with proper `$(sys.*)` vars (ENT-4800) + - Fixed selection of standard_services when used from non-default namespace (ENT-5406) ## 3.15.0b1 + - Added continual checking for policy_server state (CFE-3073) - Added monitoring for PostgreSQL lock acquisition times (ENT-4753) - Added support for `awk` filters in the FR dump-import process (ENT-4839) @@ -631,12 +649,13 @@ - Added ssh_home_t type to cftransport .ssh dir (ENT-4906) - fix use of _stdlib_path_exists_ in FR transport_user policy bundle (ENT-4906) -- partitioned __inventory table for federated reporting (ENT-4842) +- partitioned `__inventory` table for federated reporting (ENT-4842) - psql_wrapper needed full path to psql binary (ENT-4912) - yum package_module gets updates available from online repos if local cache fails (CFE-3094) ## 3.14.0 + - Fixed isvariable syntax error in update_def.cf (CFE-2953) - Added path support for setfacl, timedatectl and journalctl (CFE-3013) - Added trailing slash to access promises expecting directories @@ -684,6 +703,7 @@ - redhat_pure is no longer defined on Fedora hosts (CFE-3022) ## 3.13.0 + - Added Debian 9 to the self upgrade package map (ENT-4255) - Added `system-uuid` to default dmidecode inventory (CFE-2925) - Added inventory of AWS EC2 linux instances (CFE-2924) @@ -744,6 +764,7 @@ (CFE-2855) ## 3.12.0b1 + - Avoid executing self upgrade policy unnecessarily (ENT-3592) - Added amazon_linux class to yum package module - Introduce ability to set policy update bundle via augments (CFE-2687) @@ -813,10 +834,11 @@ - Avoid self upgrade from triggering during bootstrap (ENT-3394) - Added json templates for rendering serial and multiline data (CFE-2713) - Removed unused libraries and controls -- Fixed an error in the file_make_mustache_*, incorrect variable name used +- Fixed an error in the `file_make_mustache_*`, incorrect variable name used (CFE-2714) ## 3.11.0 + - Renamed enable_client_initiated_reporting to client_initiated_reporting_enabled - Directories for ubuntu 16 and centos 7 should exist in master_software_updates (ENT-3136) @@ -868,6 +890,7 @@ - Ensure MP SSL Cert is readable (ENT-3050) ## 3.10.0 + - Added: Classes body tailored for use with diff - Changed: Session Cookies use HTTPOnly and secure attributes (ENT-2781) - Changed: Verify transferred files during policy update @@ -905,6 +928,7 @@ (CFE-2466) ## 3.7.0 + - Support for user specified overriding of framework defaults without modifying policy supplied by the framework itself (see example_def.json) - Support for def.json class augmentation in update policy @@ -939,13 +963,13 @@ - Move hub specific bundles from lib/VER/cfe_internal.cf into lib/VER/cfe_internal_hub.cf and load them only if policy_server policy if set. - Re-organized lib/VER/stdlib.cf from lists into classic array for use with getvalues -- inform_mode classes changed to DEBUG|DEBUG_$(this.bundle):: (Redmine: #7191) +- `inform_mode` classes changed to `DEBUG|DEBUG_$(this.bundle)::` (Redmine: #7191) - Enabled limit_robot_agents in order to work around multiple cf-execd processes after upgrade. (Redmine #7185) - Removed Diff reporting on /etc/shadow (Enterprise) - Update policy from promise.cf inputs. There is no reason to include the update policy into promises.cf, update.cf is the entry for the update policy -- _not_repaired outcome from classes_generic and scoped_classes generic (Redmine: # 7022) +- `_not_repaired` outcome from classes_generic and scoped_classes generic (Redmine: #7022) - standard_services now restarts the service if it was not already running when using service_policy => restart with chkconfig (Redmine #7258) - Fixed process_result logic to match the purpose of body process_select From f138b3e11411e3de6ba0c805d2d3435001cb61de Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Fri, 24 Apr 2026 14:47:50 +0200 Subject: [PATCH 2/4] CHANGELOG.md: updated changelog entries for 3.24.4 with changes from #3143 Signed-off-by: Lars Erik Wik --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1ec742268..74a239da4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ - Inhibit management of share config.php file when mpf_disable_mission_portal_docroot_sync_from_share_gui is defined (ENT-12658) - Made system_log_level configurable via Augments (CFE-4452) +- Fixed maximum recursion errors in modules_presence for CFEngine versions + unaffected by CFE-4623 (CFE-2852) +- Added dnf_group package module for managing DNF package groups (CFE-2852) ## 3.24.3 From 4e6f133be810ed44668a92465e126c028da67c61 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem <4048546+olehermanse@users.noreply.github.com> Date: Fri, 24 Apr 2026 18:11:12 +0200 Subject: [PATCH 3/4] Added changelog entry from core PR --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74a239da4f..e485f8a235 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,9 @@ - Fixed maximum recursion errors in modules_presence for CFEngine versions unaffected by CFE-4623 (CFE-2852) - Added dnf_group package module for managing DNF package groups (CFE-2852) +- `standard_services` bundle no longer invokes `systemctl` with `--global` + which is mutually exclusive from `--system` (CFE-4639) + ## 3.24.3 From 4d5112e3c58c0cf3cec0b10b7b0398c5ec553b25 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem <4048546+olehermanse@users.noreply.github.com> Date: Fri, 24 Apr 2026 18:11:54 +0200 Subject: [PATCH 4/4] Removed extra newline --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e485f8a235..024c296c08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,6 @@ - `standard_services` bundle no longer invokes `systemctl` with `--global` which is mutually exclusive from `--system` (CFE-4639) - ## 3.24.3 - Fixed cfruncommand for Windows causing "Too many arguments" error (ENT-13530)