Chef Infra Client 15.15.0 Released!

Chef Release Announcements
1

Hey folks,

We have a nice security and bugfix release up for Chef Infra Client 15.

What's new in 15.15

Chef InSpec 4.24.8

Chef InSpec has been updated from 4.22.22 to 4.24.8 with the following improvements:

  • An unset `HOME environment variable will not cause execution failures
  • You can use wildcards in platform-name and release in InSpec profiles
  • The support for arrays in the WMI resource, so it can return multiple objects
  • The package resource on Windows properly escapes package names
  • The grub_conf resource succeeds even if without a menuentry in the grub config
  • Loaded plugins won't try to re-load themselves
  • A new mechanism marks inputs as sensitive: true and replaces their values with ***.
  • Use the --no-diff CLI option to suppress diff output for textual tests.
  • Control the order of controls in output, but not execution order, with the --sort_results_by=none|control|file|random CLI option.
  • Disable caching of inputs with a cache_inputs: true setting.

Chef Vault 4.1

We've updated the release of chef-vault bundled with Chef Infra Client to 4.1. Chef Vault 4.1 properly handles escape strings in secrets and greatly improves performance for users with large numbers of secrets. Thanks for the performance work @Annih!

Resource Improvements

cron_d

The cron_d resource now respects the use of the sensitive property. Thanks for this fix @axl89!

homebrew_cask

The homebrew_cask resource has been updated to work with the latest command syntax requirements in the brew command. Thanks for reporting this issue @bcg62!

locale

The allowed execution time for the locale-gen command in the locale resource has been extended to 1800 seconds to make sure the Chef Infra Client run doesn't fail before the command completes on slower systems. Thanks for reporting this issue @janskarvall!

plist / macosx_service / osx_profile / macos_userdefaults

Parsing of plist files has been improved in the plist, macosx_service, osx_profile, and macos_userdefaults resources thanks to updates to the plist gem by @reitermarkus and @tboyko.

Security

  • The bundled Nokogiri Ruby gem has been updated to 1.11 resolve CVE-2020-26247.
  • openSSL has been updated to 1.0.2x to resolve CVE-2020-1971.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 15.15.0

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 15.15.0

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 15.15.0

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 15.15.0

Enjoy,
Tim

2

Unofficial 15.15.0 32-bit Arm builds with instructions are available here: 32-bit Arm Chef Infra and Cinc Client Builds for Linux