- Add CFENGINE_VERSION 35
- Mark IGNORE since development has not branched yet
Add cfengine 3.5.0:
- classes promises now take an optional scope constraint.
- new built-in functions: every, none, some, nth, sublist, uniq, filter
- cf-promises flag --parse-tree is replaced by --policy-output-format=,
user to specify the output format (none, cf, json)
- cf-promises allows partial check of policy (without body common
control) without integrity check; --full-check enforces integrity check
- agent binaries support JSON input format (.json file as generated
- cf-key: new options --trust-key/-t and --print-digest/-p
- Class "failsafe_fallback" is defined in failsafe.cf when main
policy contains errors and
failsafe is run because of this
- add scope attribute for body classes (Redmine #2013)
- Better diagnostics of parsing errors
- Error messages from parser now show the context of error
- new cf-agent option: --self-diagnostics
- new output format, and --legacy-output
- warnings for cf-promises.
- Enable zeroconf-discovery of policy hubs for automatic bootstrapping
if Avahi is present
- Support for sys.cpus on more platforms than Linux & HPUX
- parser no longer allows ',' after promiser or promisee. must be
either ';' or lval
- Make parser output in GCC compatible format the only supported format
(remove --gcc-brief-format flag)
- Silence license warnings in Enterprise Free25 installations
- action_policy => "warn" causes not_kept classes to be set on
promise needing repair.
- command line option version (-V) now prints a shorter parsable
version without graphic
- implicit execution of server and common bundles taking arguments
is skipped in cf-serverd.
- WARNING: option --policy-server removed, require option to --bootstrap
- process promises don't log if processes are out of range unless you
run in verbose mode
- reports promises are now allowed in any context (Redmine #2005)
- cf-report has been removed
- cf-execd: --once implies --no-fork
- Version info removed from mail subject in the emails sent by cf-execd.
The subject will only contain "[fqname/ipaddress]" instead of
Please change your email filters accordingly if necessary.
- "outputs" promise type is retired. Their semantics was not clear,
and the functionality
is better suited for control body setting, not a promise.
- Tokyo Cabinet databases are now automatically checked for
correctness during opening. It should prevent a number of issues
with corrupted TC databases causing binaries to hang.
- Improved ACL handling on Windows, which led to some syntax changes.
We now consistently use the term "default" to describe ACLs that
can be inherited by child objects. These keywords have received new names:
acl_directory_inherit -> acl_default
specify_inherit_aces -> specify_default_aces
The old keywords are deprecated, but still valid. In addition, a new
keyword "acl_inherit" controls inheritance behavior on Windows. This
feature does not exist on Unix platforms. (Redmine #1832)
- Networking code is moved from libpromises to its own library,
libcfnet. Work has begun on making the API more sane and thread-safe.
Lots of legacy code was removed.
- Add getaddrinfo() replacement in libcompat (borrowed from PostgreSQL).
- Replace old deprecated and non thread-safe resolver calls with
getaddrinfo() and getnameinfo().
- Hostname2IPString(), IPString2Hostname() are now thread-safe, and are
returning error when resolution fails.
- Running cf-execd --once now implies --no-fork, and also does not wait
for splaytime to pass.
- execresult(), returnszero() and commands promises no longer requires
the first word
word to be an absolute path when using the shell. (Part of Redmine #2143)
- commands promises useshell attribute now accepts "noshell" and
"useshell" values. Boolean values are accepted but deprecated. (Part of
- returnszero() now correctly sets the class name in this scenario (Part of
"commandfailed" not => returnszero("/bin/nosuchcommand", "noshell");
- bundles are allowed to be empty (Redmine #2411)
- Fixed '.' and '-' not being accepted by a commands module. (Redmine #2384)
- Correct parsing of list variables by a command module. (Redmine #2239)
- Fixed issue with package management and warn. (Redmine #1831)
- Fixed JSON crash. (Redmine #2151)
- Improved error checking when using fgets(). (Redmine #2451)
- Fixed error message when deleting nonexistent files. (Redmine #2448)
- Honor warn-only when purging from local directory. (Redmine #2162)
- Make sure "restart" and "reload" are recognized keywords in
packages. (Redmine #2468)
- Allocate memory dynamically to avoid out-of-buffer or out-of-hash
- fix edit_xml update of existing attributes (Redmine #2034)
- use failsafe policy from compile-time specified workdir (Redmine #1991)
- ifvarclass checked from classes promises in common bundles
- do not wait for splaytime when executing only once
- disable xml editing functionality when libxml2 doesn't provide
necessary APIs (Redmine #1937)
- Out-of-tree builds should work again, fixed a bunch of related bugs.
- Fixed race condition in file editing. (Redmine #2545)
- Fixed memory leak in cf-serverd and others (Redmine #1758)
Approved by: cy (maintainer, implicit)