cfengine format with new version

inventory/inventory-fde/inventory-fde.cf

@@ -2,6 +2,7 @@ body file control
 {
   namespace => "inventory_fde";
 }
+
 # Duplicated from the CFEngine standard library so this module can be parsed
 # and tested standalone without loading the full masterfiles.
 # _tidy: lib/files.cf body delete tidy
@@ -200,8 +201,7 @@ bundle agent main
 
       "_luks1_dump[${_dm_devices}]"
         string => execresult(
-          "${_cryptsetup} luksDump ${_dm_slave_dev[${_dm_devices}]}",
-          "noshell"
+          "${_cryptsetup} luksDump ${_dm_slave_dev[${_dm_devices}]}", "noshell"
         ),
         if => canonify("_dm_is_luks1_${_dm_devices}");
 

management/manage-fwupd/main.cf

@@ -144,16 +144,12 @@ bundle agent main
   commands:
     linux.default:have_fwupdmgr.manage_fwupd:apply_updates::
       "$(default:inventory_fwupd_main.fwupdmgr)"
-        arglist => {
-          "update", "--no-reboot-check", "$(_dev_id[$(_dev_idx)])"
-        },
+        arglist => { "update", "--no-reboot-check", "$(_dev_id[$(_dev_idx)])" },
         handle => canonify(
           "manage_fwupd_apply_device_$(_dev_idx)_$(_dev_name[$(_dev_idx)])"
         ),
         if => and("_device_allowed_$(_dev_idx)", not("_update_applied")),
-        classes => default:results(
-          "bundle", "manage_fwupd_update_$(_dev_idx)"
-        ),
+        classes => default:results("bundle", "manage_fwupd_update_$(_dev_idx)"),
         comment => "Apply firmware update to allowed device $(_dev_name[$(_dev_idx)])";
   # --- Post-update marker and reboot --------------------------------
   files:

management/package-method-winget/package-method-winget.cf

@@ -17,18 +17,22 @@ body package_method winget
   # Here we use the Get-WinGetPackage Cmdlet because it is easier to produce easily parsed information that way
   package_list_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"Get-WinGetPackage | Select Id,InstalledVersion | ConvertTo-Csv ";
   package_delete_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"Uninstall-WinGetPackage ";
+
   # Here we use winget instead of PowerShell Cmdlets because we can provide the --accept-source-agreements and --accept-package-agreements this way which gets around dialog prompts
   package_method_winget:accept_source_agreements.package_method_winget:accept_package_agreements::
     package_add_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"winget install --accept-source-agreements --accept-package-agreements ";
+
   !package_method_winget:accept_source_agreements|!package_method_winget:accept_package_agreements::
     # the package name is appended to the end of this command, so we try here to make a command which conveys information only
     package_add_command => "$(sys.winsysdir)\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"Write-Host You must set some vars for package-method-winget to work;exit 1; rem Trying to add package:";
 }
+
 # switch to module specific namespace to avoid name collisions
 body file control
 {
   namespace => "package_method_winget";
 }
+
 # package_method_winget bundle's purpose is to look at inputs/data for acceptance of source and package agreements
 # these MUST be agreed to in order for this package method to work properly.
 bundle agent package_method_winget

management/powershell-execution-policy/powershell-execution-policy.cf

@@ -21,6 +21,7 @@ bundle agent powershell_execution_policy_inventory
     windows::
       "${execution_policy_list_cache_command}" contain => powershell;
 }
+
 # see link below for valid values for scope and policy
 # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.4
 # This bundle runs a powershell command: Set-ExecutionPolicy -ExecutionPolicy <policy> -Scope <scope>

management/windows-capability/windows-capability.cf

@@ -27,6 +27,7 @@ body file control
 {
   namespace => "windows_capability";
 }
+
 # https://learn.microsoft.com/en-us/powershell/module/dism/get-windowscapability?view=windowsserver2022-ps
 # https://learn.microsoft.com/en-us/powershell/module/dism/remove-windowscapability?view=windowsserver2022-ps
 # https://learn.microsoft.com/en-us/powershell/module/dism/add-windowscapability?view=windowsserver2022-ps

promise-types/git/test.cf

@@ -2,6 +2,7 @@ body common control
 {
   version => "1.0";
 }
+
 #######################################################
 bundle agent init
 {
@@ -34,6 +35,7 @@ body delete init_delete
   dirlinks => "delete";
   rmdirs => "true";
 }
+
 #######################################################
 promise agent git
 {
@@ -58,6 +60,7 @@ bundle agent test
       expression => canonify("starter_pack_repo_updated"),
       scope => "namespace";
 }
+
 #######################################################
 bundle agent check
 {

promise-types/groups/groups.cf

@@ -9,7 +9,6 @@ promise agent groups
   path => "$(sys.workdir)/modules/promises/groups.py";
   interpreter => "/usr/bin/python3";
 }
-
 @if minimum_version(3.20)
 body members foo
 # @breif Define members for group foo using attributes `include` and
@@ -19,7 +18,6 @@ body members foo
   exclude => { "malcom" };
 }
 @else
-
 bundle common foo
 # @breif Define members using JSON string.
 {
@@ -36,15 +34,13 @@ body members bar
   only => { "alice" };
 }
 @else
-
 bundle common bar
 # @brief Define members using data container.
 {
   vars:
     "members" data => '{ "only": ["alice"] }';
 }
 @endif
-
 bundle agent example_groups
 # @breif Example groups promise statements.
 {
@@ -56,7 +52,6 @@ bundle agent example_groups
 @else
       members => "$(foo.members)";
 @endif
-
     "bar"
       # policy defaults to present
 @if minimum_version(3.20)

promise-types/json/test.cf

@@ -4,6 +4,7 @@ body common control
   version => "1.0";
   bundlesequence => { "init", "test", "check", "cleanup" };
 }
+
 #######################################################
 bundle agent init
 {
@@ -29,6 +30,7 @@ bundle agent init
 
     "$(this.promise_dirname)/tests/to_append_1.json" create => "true";
 }
+
 #######################################################
 promise agent json
 {
@@ -73,14 +75,13 @@ bundle agent test
     "$(this.promise_dirname)/tests/to_append_2.json:f" primitive => "true";
     "$(this.promise_dirname)/tests/to_append_2.json:g" primitive => "null";
 }
+
 #######################################################
 bundle agent check
 {
   vars:
     "to_overwrite_content"
-      data => readjson(
-        "$(this.promise_dirname)/tests/to_overwrite.json", 100k
-      );
+      data => readjson("$(this.promise_dirname)/tests/to_overwrite.json", 100k);
 
     "to_modify_content"
       data => readjson("$(this.promise_dirname)/tests/to_modify.json", 100k);
@@ -148,6 +149,7 @@ bundle agent check
     !ok::
       "$(this.promise_filename) FAIL";
 }
+
 # #######################################################
 bundle agent cleanup
 {

promise-types/symlinks/test.cf

@@ -4,6 +4,7 @@ body common control
   version => "1.0";
   bundlesequence => { "init", "test", "check", "cleanup" };
 }
+
 #######################################################
 bundle agent init
 {
@@ -14,6 +15,7 @@ bundle agent init
     "/tmp/replaced-link" link_from => ln_s("/tmp/other-dir");
     "/tmp/already-existing-link" link_from => ln_s("/tmp/other-dir");
 }
+
 #######################################################
 promise agent symlinks
 {
@@ -50,6 +52,7 @@ bundle agent test
       directory => "/tmp/other-dir",
       classes => outcome("didnothing");
 }
+
 #######################################################
 bundle agent check
 {
@@ -81,6 +84,7 @@ bundle agent check
     !ok::
       "$(this.promise_filename) FAIL";
 }
+
 # #######################################################
 bundle agent cleanup
 {

promise-types/systemd/test.cf

@@ -2,10 +2,12 @@ body common control
 {
   version => "1.0";
 }
+
 #######################################################
 bundle agent init
 {
 }
+
 #######################################################
 promise agent systemd
 {
@@ -35,6 +37,7 @@ bundle agent test
       expression => canonify("sample_restarted"),
       scope => "namespace";
 }
+
 #######################################################
 bundle agent check
 {
@@ -55,6 +58,7 @@ bundle agent check
     !ok::
       "$(this.promise_filename) FAIL";
 }
+
 #######################################################
 bundle agent cleanup
 {

security/dirtyfrag/dirtyfrag.cf

@@ -222,8 +222,7 @@ bundle agent main
     "inventory_dirtyfrag_rxrpc"
       string => "$(_rxrpc_status)",
       meta => {
-        "inventory",
-        "attribute_name=Dirty Frag CVE-2026-43500 (RxRPC) status",
+        "inventory", "attribute_name=Dirty Frag CVE-2026-43500 (RxRPC) status",
       },
       comment => "CVE-2026-43500 RxRPC mitigation status";
 
@@ -314,9 +313,7 @@ bundle agent main
     # admin override. Userns mitigation is handled in the
     # vulnerability condition (see dirtyfrag_esp_needs_mitigation).
     "_esp_mitigated"
-      or => {
-        "_esp_conf_exists", "_esp_kernel_patched", "_esp_admin_patched",
-      };
+      or => { "_esp_conf_exists", "_esp_kernel_patched", "_esp_admin_patched" };
 
     # RxRPC is mitigated by the modprobe blacklist, patched kernel,
     # or admin override.