Chef Infra Client 16.4.35 released!

Hey folks,

We have a great new release of Chef Infra Client out with tons of optimizations, security improvements, and critical bug fixes. Be sure to give it a try!

Important Bugfixes

  • We've resolved an issue with knife bootstrap that prevented bootstrapping Windows nodes from a non-Windows workstation
  • Resources that have ignore_failure true set will now report failures to Automate

Resource Updates

chef_client_systemd_timer

The chef_client_systemd_timer resource has been updated to prevent failures running the :remove action.

openssl resource

The various openssl_* resources were refactored to better report the changed state of the resource to Automate or other handlers.

osx_profile

The osx_profile resource has been refactored as a custom resource internally. This update also better reports the changed state of the resource to Automate or other handlers and no longer silently continues if the attempts to shellout fail.

powershell_package_source

The powershell_package_source resource no longer requires the url property to be set when using the :unregister action. Thanks for this fix @kimbernator!

powershell_script

The powershell_script resource has been refactored to better report the changed state of the resource to Automate or other handlers.

windows_feature

The windows_feature resource has been updated to allow installing features that have been removed if a source location is provided. Thanks for reporting this @stefanwb!

windows_font

The windows_font resource will no longer fail on newer releases of Windows if a font is already installed. Thanks for reporting this @bmiller08!

windows_workgroup

The windows_workgroup resource has been updated to treat the password property as a sensitive property. The value of the password property will no longer be shown in logs or handlers.

Security

CA Root Certificates

The included cacerts bundle in Chef Infra Client has been updated to the 7-22-2020 release. This new release removes 4 legacy root certificates and adds 4 additional root certificates.

Reduced Dependencies

We've audited the included dependencies that we ship with Chef Infra Client to reduce the 3rd party code we ship. We've removed many of the embedded binaries that shipped with the client in the past, but were not directly used. We've also reduced the feature set built into many of the libraries that we depend on, and removed several Ruby gem dependencies that were no longer necessary. This reduces the future potential for CVEs in the product and reduces package size at the same time.

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 16.4.35

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 16.4.35

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 16.4.35

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 16.4.35

Enjoy,
Tim