f419a7545e
- Update to version 3.21.0:
* Added cf-support utility for generating support information
(ENT-9037)
* Adjusted cf-check and package module code for empty updates list
(ENT-9050)
* '$(this.promiser)' can now be used in 'files' promise attributes
'if', 'ifvarclass' and 'unless' (CFE-2262, ENT-7008)
* Fixed storage promise for nfs on MacOS (CFE-4093)
* Fixed definition of _low_ldt class from cf-monitord (CFE-4022)
* Insertion of contents of a file with blank lines into another
file with blank lines no longer results in mixed content (ENT-8788)
* Added suggestion to use a negative lookahead when non-convergent edits
are attempted (CFE-192)
* Unresolved function calls that return scalar values are now
considered OK for constraints expecting strings during syntax
check (CFE-4094)
* cf-monitord now honors monitorfacility in body monitor control
(ENT-4492)
* cf-serverd now periodically reloads its policy if it contains
unresolved variables (e.g. $(sys.policy_hub) in 'allowconnect'). (ENT-8456)
* cf-serverd now starts in the network-online.target on systemd-based
systems (ENT-8456)
* edit_line bundles can now use the new $(edit.empty_before_use)
variable mirroring the value of edit_defaults=>empty_before_use
of the related files promise (ENT-5866)
* Package modules with unresolved variables in their names are
now skipped in package queries (ENT-9377)
* Removed unsupported name_connect capability for udp_socket class
(ENT-8824)
* 'meta' attribute can now be used in custom promises (CFE-3440)
* Custom promise modules can now support the 'action_policy'
feature allowing promises of their custom types to be used
in dry-run and simulation modes and in combination with
'action_policy => "warn"'. (CFE-3433)
* Use of custom promise modules that don't fully specify protocol
now results in warning (CFE-3433)
* Warnings are logged if levels of log messages from custom promise
modules don't match results of their related promises (CFE-3433)
* Adjusted SELinux policy for RHEL 9 (ENT-8824)
* Fixed SELinux policy to allow hub to send emails (ENT-9557, ENT-9473)
* SELinux no longer breaks SQL queries with large result sets on
RHEL 8 hubs (ENT-9496)
* Added SELinux LDAP port access for Mission Portal (ENT-9694)
* Allowed ciphers are now properly split into TLS 1.3 cipher suites
and ciphers used for TLS 1.2 and older (ENT-9018)
* Fixed git_cfbs_deploy_refspec in masterfiles_stage leaving temp dir
- Update to version 3.20.0:
* 'rxdirs' now defaults to "false". This means that the read
permission bit no longer implies execute bit for directories,
by default.
Permission bits will be exactly as specified. To restore the
old behavior you can still enable 'rxdirs' explicitly. (CFE-951)
* 'N' or 'Ns' signal specs can now be used to sleep between signals
sent by 'processes' promises (CFE-2207, ENT-5899)
* Directories named .no-distrib are no longer copied from policy
server (in bootstrap/failsafe) (ENT-8079)
* Files promises using content attribute or template method now
create files by default unless create => "false" is specified.
(CFE-3955, CFE-3916)
* template_method mustache and inline_mustache now create file
in promiser, if template rendering was successfull and file
does not exist. (ENT-4792)
* Added support for use of custom bodies in custom promise types
(CFE-3574)
* Custom promise modules now never get promise data with unresolved
variables (CFE-3434)
* Custom promises now use standard promise locking and support
ifelapsed (CFE-3434)
* Enable comment-attribute for custom promise types (CFE-3432)
* cf-secret encrypt now encrypts for localhost if no key or host is
specified (CFE-3874)
* CFEngine now builds with OpenSSL 3 (ENT-8355)
* CFEngine now requires OpenSSL 1.0.0 or newer (ENT-8355)
* Moved Skipping loading of duplicate policy file messages from
VERBOSE to DEBUG (CFE-3934)
* CFEngine processes now try to use getent if the builtin user/group
info lookup fails (CFE-3937)
* No longer possible to undefine reserved hard classes (ENT-7718)
* Unspecified 'rxdirs' now produces a warning (CFE-951)
* Fixed wrong use of log level in users promises log messages
(CFE-3906)
* Fixed default for ignore_missing_bundles and ignore_missing_inputs
The issue here was that these attributes should default to false,
but when they are assigned with an unresolved variable, they
would default to true. (ENT-8430)
* Added protocol 3 (cookie) to syntax description (ENT-8560)
* Moved errors from data_sysctlvalues from inform to verbose
(CFE-3818)
* Fixed inconsistencies with methods promises and missing bundles
OBS-URL: https://build.opensuse.org/request/show/1065676
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=197