Chef Infra Client 16.14 Released!

Hey folks,

We have a nice release of Chef Infra Client 16.14 out today with updated InSpec, several security updates, and a ton of packaging improvements. Be sure to check it out if you're using Chef Infra Client 16.

What's New in 16.14

Bug Fixes

  • bundle install now correctly installs gems from cookbook metadata.rb files. Thanks for this fix @nvwls
  • knife bootstrap on Windows now correctly uses https://omnitruck.chef.io to download packages.

Chef InSpec 4.31

Chef InSpec has been updated from 4.31.1 to 4.38.9 with the following changes:

New Features

  • Added the new --reporter-include-source CLI option, which includes the source code of the controls in the output of the CLI reporter.
  • Added ability to pass inputs to InSpec shell using input file and CLI.
  • Added a new mongodb_conf resource.
  • Fixed the inspec shell to allow loading profiles that have their own dependent profiles.
  • Updated the inspec init plugin command with the following changes.
    • The values of flags passed to the inspec init plugin command are now wrapped in double quotes instead of single quotes.
    • Template files are now ERB files.
    • The activator flag replaces the hook flag, which is now an alias.
  • Added support for zfs_pool and zfs_dataset resources on Linux.
  • Improved port resource performance: adding more specific search while using ss command.
  • The new inspec automate command replaces the inspec compliance command, which is now deprecated.
  • Added the selinux resource which includes support for modules and booleans.
  • Added the pattern input option for DSL and metadata inputs.
  • Added the members_array property for group & groups resources.
  • Train now reads the username and port from the .ssh/config file and will use these values if present.

Bug Fixes

  • Removed the default of 3600 seconds for --command-timeout CLI option.
  • Fix SSH Timeout PTY allocation.
  • Changed the Windows local pipe server connection to retry once on EPIPE.
  • Fixed the postgres_session resource to raise an exception if there is an error in a connection or query.
  • Fixed the mysql_session resource to raise an exception if there is an error in a connection or query.
  • Removed support for Chef Compliance Server and Chef Automate 1 from the inspec automate command, as both products are EOL.
  • inspec detect --no-color returns color-free output.
  • file resource more_permissive_than matcher returns nil instead of throwing exception when file does not exist.
  • The HTTP resource response body is now coerced into UTF-8.
  • Modified the windows_feature resource to indicate if a feature is enabled rather than just available.
  • Fixed an error when using profile dependencies and require_controls.
  • Fixed the windows_firewall_rule resource when it failed to validate more than one rule.
  • Switch to GNU timeout-based implementation of SSH timeouts.
  • Fixed the group resource when a member does not exist.

Packaging

M1 macOS Monterey Packages

Chef Infra Client packages are now produced for Apple's macOS Monterey preview release. Packages for Intel-based Macs will ship at a later date.

Solaris 11.3 EOL / Solaris 11.4 Packages

Oracle Solaris 11.3 became end-of-life (EOL) in January 2021. Chef Infra Client packages are no longer produced for Solaris 11.3 and new Solaris 11.4 packages are available in their place.

PowerPC RHEL FIPS Support

We now produce FIPS capable packages for RHEL on PowerPC.

RHEL 8 Packages

We improved our RHEL 8 packages with additional RHEL 8 optimizations and EL8 in the filename.

RPM Package Digests

The file digest in Chef Infra RPM packages has been updated from MD5 to SHA256 to prevent failures installing on some FIPS-enabled systems.

Security

Ruby 2.7.4

Ruby has been updated to 2.7.4 to resolve a large number of bugs as well as the following CVEs:

Addressable

We've updated the addressable gem from 2.7 to 2.8 to resolve CVE-2021-32740.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 16.14.1

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 16.14.1
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 16.14.1

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 16.14.1

Enjoy,
Tim