Show posts tagged:
announcements

Change in behavior: Directories are now created with 700 instead of 755

In the upcoming release of CFEngine 3.21.0 there is a change in behavior with respect to default permissions of created directories. From 3.21.0 and later directories will be created with read, write, execute permissions only for the file owner. No permissions are granted for group or other. This change improves the default security posture to make sure that only the user executing cfengine (typically root) will have access to content in newly created directories.

Posted by Nick Anderson
December 16, 2022

CFEngine Build System version 3

Our beloved cfbs CLI tool for working with CFEngine Build is rapidly evolving. At the time of writing, we are currently at version 3.2.1. Thus I would like to take this opportunity to talk a bit about the latest and greatest features; including support for users to manipulate input parameters in modules, as well as a couple of new build steps. If you haven’t yet got a hold of the latest version of cfbs, you can update it with pip using the following command:

Posted by Lars Erik Wik
November 15, 2022

Debian 11 and Ubuntu 22 aarch64 (arm64) packages available!

As a person who tries to work with as few resources as possible, whether it’s editing everything with ed(1) or using old laptops without screens for servers or turning off computers as much as possible I am happy to announce nightly packages are available for the aarch64 (ARM 64-bit) architecture. This enables low-power, low-cost devices such as the Raspberry Pi and many others to run CFEngine Enterprise. Why run CFEngine? It is lean on resources and rich in features!

Posted by Craig Comstock
August 18, 2022

Change in behavior: multiple cf-execd processes

Recently we introduced new feature where you can trigger agent runs and report collection from the Mission Portal UI. This required our daemon cf-execd to behave a bit differently when periodic agent runs occur. Previously the daemon would create a new thread in which to run cf-agent, capture output, wait for completion and move on. We changed the behavior so that the daemon forks itself and then fork/execs cf-agent as before, with the forked cf-execd processing agent run output.

Posted by Craig Comstock
June 15, 2022

CFEngine Build System version 2

A while back we released version 2 of cfbs, and even though we release versions of this tool quite frequently, without announcing it on the blog, we thought this was a good opportunity to talk a bit about the tool, what’s new and our direction with it in the future. The reason why we called this the “2.0” release is that we are trying to follow semantic versioning, and there were some big new features in the release which could be considered breaking changes.

June 14, 2022

Change in behavior: Creating files by default

In the upcoming CFEngine 3.20 release we are making a change in the behaviour of the create attribute for the files promises that manage the entire content of a file. This includes promises with the template methods mustache, inline_mustache and cfengine; as well as promises with the content attribute. The motivation behind these new changes is two-fold; make it easier to learn CFEngine policy language and understand what policy is doing, and to prevent CFEngine from creating empty configuration files.

Posted by Lars Erik Wik
April 22, 2022

Change in behavior: Renaming bundle agent main

A recent change in the Masterfiles Policy Framework (MPF) is renaming bundle agent main to bundle agent mpf_main. This change is intended to make it easier to run individual parts of your policy leveraging the library main bundle functionality (bundle agent __main__). Library main bundles were first introduced in CFEngine 3.12.0. The functionality allows for the definition of bundle agent __main__. When this bundle definition is present in the policy entry (the first policy file that CFEngine reads) the bundle is understood to be used as the default bundlesequence.

Posted by Nick Anderson
April 11, 2022

Student competition - Build a module and win cash

The CFEngine team is pleased to announce a competition for students in Norway. We want you to write a module in Python, and submit it to CFEngine Build. Your module will be Open Source (MIT License), available for our community of users worldwide. CFEngine is a programming language, and modules can be added to do whatever the user needs, so the possibilities are endless. You can look at some examples for inspiration at the end of this blog post.

April 7, 2022

Change in behavior: Directory permissions and the execute bit

rxdirs has provided a convenient default when setting permissions recursively. When enabled (the default prior to version 3.20.0) a promise to grant read access on a directory is extended to also include execution since quite commonly if you want to read a directory you also want to be able to list the files in the directory. However, the convenience comes with the cost of complicating security reviews since the state requested on the surface is more strict than what is actually granted.

Posted by Nick Anderson
March 29, 2022
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.