Hey folks,

We have a great new release of Chef Infra Client 15 out today with 15.4.45. This includes some bootstrap and custom resource improvements along with a pile of updates to core Chef Infra resources.

converge_if_changed Improvements

Chef Infra Client will now take into account any default values specified in custom resources when making converge determinations with the converge_if_changed helper. Previously, default values would be ignored, which caused necessary changes to be skipped. Note: This change may cause behavior changes for some users, but we believe this original behavior is an impacting bug for enough users to make it outside of a major release. Thanks @jakauppila for reporting this.

Bootstrap Improvements

Several improvements have been made to the knife bootstrap command to make it more reliable and secure:

• File creation is now wrapped in a umask to avoid potential race conditions
• NameError and RuntimeError failures during bootstrap have been resolved
• Undefined method 'empty?' for nil:NilClass during bootstrap have been resolved
• Single quotes in attributes during bootstrap no longer result in bootstrap failures
• The bootstrap command no longer appears in PS on the host while bootstrapping is running

knife supermarket list Improvements

The knife supermarket list command now includes two new options:

• --sort-by [recently_updated recently_added most_downloaded most_followed]: Sort cookbooks returned from the Supermarket API
• --owned_by: Limit returned cookbooks to a particular owner

Updated Resources

chocolatey_package

The chocolatey_package resource no longer fails when passing options with the options property. Thanks for reporting this issue @kenmacleod.

kernel_module

The kernel_module resource includes a new options property, which allows users to set module specific parameters and settings. Thanks @ramereth for this new feature.

Example of a kernel_module resource using the new options property:

  kernel_module 'loop' do
  options [ 'max_loop=4', 'max_part=8' ]
  end

remote_file

The remote_file resource has been updated to better display progress when using the show_progress resource. Thanks for reporting this issue @isuftin.

sudo

The sudo resource now runs sudo config validation against all of the sudo configuration files on the system instead of only the file being written. This allows us to detect configuration errors that occur when configs conflict with each other. Thanks for reporting this issue @drzewiec.

windows_ad_join

The windows_ad_join has a new :leave action for leaving an Active Directory domain and rejoining a workgroup. This new action also has a new workgroup_name property for specifying the workgroup to join upon leaving the domain. Thanks @jasonwbarnett for adding this new action.

Example of leaving a domain

windows_ad_join 'Leave the domain' do
  workgroup_name 'local'
  action :leave
end

windows_package

The windows_package resource no longer updates environmental variables before installing the package. This prevents potential modifications that may cause a package installation to fail. Thanks @jeremyhage for this fix.

windows_service

The windows_service resource no longer updates the service and triggers notifications if the case of the run_as_user property does not match the user set on the service. Thanks @jasonwbarnett for this fix.

windows_share

The windows_share resource is now fully idempotent by better validating the provided path property from the user. Thanks @Happycoil for this fix.

Security Updates

Ruby

Ruby has been updated from 2.6.4 to 2.6.5 in order to resolve the following CVEs:

• CVE-2019-16255: A code injection vulnerability of Shell# and Shell#test
• CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
• CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
• CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command line utility:

$ mixlib-install download chef -v 15.4.45

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 15.4.45

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 15.4.45

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 15.4.45

Enjoy,
Tim

If you're interested in 32-bit ARM builds for 15.4.45 (ie. Raspberry Pis) or want to make builds for another platform, I've got packages and instructions here: https://mattray.github.io/2019/10/18/chef-14-chef-15-on-arm.html