Chef Infra Client 15.12.22 Released!

Hey everyone,

We have a great new Chef Infra Client 15 release packed full of platform support updates and resource improvements backported from Chef Infra Client 16.

Chef InSpec 4.20.6

Chef InSpec has been updated from 4.18.114 to This new release includes the following improvements:

  • Develop your own Chef InSpec Reporter plugins to control how Chef InSpec will report result data.
  • The inspec archive command packs your profile into a tar.gz file that includes the profile in JSON form as the inspec.json file.
  • Certain substrings within a .toml file no longer cause unexpected crashes.
  • Accurate InSpec CLI input parsing for numeric values and structured data, which were previously treated as strings. Numeric values are cast to an integer or float and YAML or JSON structures are converted to a hash or an array.
  • Suppress deprecation warnings on inspec exec with the --silence-deprecations option.

Resource Updates


The archive_file resource has been updated with two important fixes. The resource will no longer fail with uninitialized constant errors under some scenarios. Additionally, the behavior of the mode property has been improved to prevent incorrect file modes from being applied to the decompressed files. Due to how file modes and Integer values are processed in Ruby, this resource will now produce a deprecation warning if integer values are passed. Using string values lets us accurately pass values such as '644' or '0644' without ambiguity as to the user's intent. Thanks for reporting these issues @sfiggins and @hammerhead.


The cron_access resource has been updated to support Solaris and AIX systems. Thanks @aklyachkin.

msu_package resource improvements

The msu_package resource has been improved to work better with Microsoft's cumulative update packages. Newer releases of these cumulative update packages will not correctly install over the previous versions. We also extended the default timeout for installing MSU packages to 60 minutes. Thanks for reporting the timeout issue @danielfloyd.


The powershell_package resource has been updated to use TLS 1.2 when communicating with the PowerShell Gallery on Windows Server 2012-2016. Previously, this resource used the system default cipher suite which did not include TLS 1.2. The PowerShell Gallery now requires TLS 1.2 for all communication, which caused failures on Windows Server 2012-2016. Thanks for reporting this issue @Xorima.


Multiple issues with the snap_package resource have been resolved, including an infinite wait that occurred and issues with specifying the package version or channel. Thanks @jaymzh.


The zypper_repository resource has been updated to work with the newer release of GPG in openSUSE 15 and SLES 15. This prevents failures when importing GPG keys in the resource.

Knife bootstrap updates

  • Knife bootstrap will now warn when bootstrapping a system using a validation key. Users should instead use validatorless bootstrapping with knife bootstrap which generates node and client keys using the client key of the user bootstrapping the node. This method is far more secure as an org-wide validation key does not need to be distributed or rotated. Users can switch to validatorless bootstrapping by removing any validation_key entries in their config.rb (knife.rb) file.
  • Resolved an error bootstrapping Linux nodes from Windows hosts
  • Improved information messages during the bootstrap process

SSH Improvements

The net-ssh library used by the knife ssh and knife bootstrap commands has been updated bringing improvements to SSH connectivity:

  • Support for additional key exchange and transport algorithms
  • Support algorithm subtraction syntax in the ssh_config file
  • Support empty lines and comments in known_hosts file

Initial macOS Big Sur Support

Chef Infra Client now correctly detects macOS Big Sur (11.0) beta as being platform "mac_os_x". Chef Infra Client 15.12 has not been fully qualified for macOS Big Sur, but we will continue to validate against this release and provide any additional support updates.

Platform Packages

  • Debian 8 packages are no longer being produced as Debian 8 is now end-of-life.
  • We now produce Windows 8 packages

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 15.12.22

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 15.12.22

# In Windows Powershell
. { iwr -useb } | iex; install -project chef -version 15.12.22

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

  product_name: chef
  product_version: 15.12.22