Hey folks,
We have a great new release of Chef Infra Client out with tons of optimizations, security improvements, and critical bug fixes. Be sure to give it a try!
Important Bugfixes
- We've resolved an issue with
knife bootstrap
that prevented bootstrapping Windows nodes from a non-Windows workstation - Resources that have
ignore_failure true
set will now report failures to Automate
Resource Updates
chef_client_systemd_timer
The chef_client_systemd_timer
resource has been updated to prevent failures running the :remove
action.
openssl resource
The various openssl_* resources were refactored to better report the changed state of the resource to Automate or other handlers.
osx_profile
The osx_profile
resource has been refactored as a custom resource internally. This update also better reports the changed state of the resource to Automate or other handlers and no longer silently continues if the attempts to shellout fail.
powershell_package_source
The powershell_package_source
resource no longer requires the url
property to be set when using the :unregister
action. Thanks for this fix @kimbernator!
powershell_script
The powershell_script
resource has been refactored to better report the changed state of the resource to Automate or other handlers.
windows_feature
The windows_feature
resource has been updated to allow installing features that have been removed if a source location is provided. Thanks for reporting this @stefanwb!
windows_font
The windows_font
resource will no longer fail on newer releases of Windows if a font is already installed. Thanks for reporting this @bmiller08!
windows_workgroup
The windows_workgroup
resource has been updated to treat the password
property as a sensitive property. The value of the password
property will no longer be shown in logs or handlers.
Security
CA Root Certificates
The included cacerts
bundle in Chef Infra Client has been updated to the 7-22-2020 release. This new release removes 4 legacy root certificates and adds 4 additional root certificates.
Reduced Dependencies
We've audited the included dependencies that we ship with Chef Infra Client to reduce the 3rd party code we ship. We've removed many of the embedded binaries that shipped with the client in the past, but were not directly used. We've also reduced the feature set built into many of the libraries that we depend on, and removed several Ruby gem dependencies that were no longer necessary. This reduces the future potential for CVEs in the product and reduces package size at the same time.
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install
command-line utility:
$ mixlib-install download chef -v 16.4.35
Alternatively, you can install Chef Infra Client using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 16.4.35
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 16.4.35
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml
file:
provisioner:
product_name: chef
product_version: 16.4.35
Enjoy,
Tim