Chef Infra Client 17.8.25 Released!

We are delighted to announce the availability of version 17.8.25 of Chef Infra Client.

Compliance Phase Improvements

CLI Output

Chef Infra Client will now always show the Compliance Phase output on the CLI when run.

Interval Runs

You can now run the Compliance Phase at less frequent intervals than the main Chef Infra Client Infra Phase. This is helpful if compliance scans impact the system performance and are only necessary on a less frequent cadence. To enable interval runs, set the following attributes:

  • node['audit']['interval']['enabled']: Set to true to enable interval runs.
  • node['audit']['interval']['time']: The time in minutes between Compliance Phase execution. This defaults to 1440 (once a day).

InSpec 4.50.3

Chef InSpec has been updated from 4.49.0 to 4.50.3 which adds Windows support to the http resource.

Resource Updates

All Resources

Updated the umask common property to accept both Strings and Integers, restoring pre-Chef Infra Client 17 behavior on several resources.


Updated the chef_client_launchd resource to properly handle restarting the Chef Infra Client service when a configuration change is made.


Updated the chef_gem resource with significant performance improvements, especially on Windows hosts.


The dnf_package resource now supports the allow_downgrade property. This removes the previous deprecation warning when using the allow_downgrade property with dnf_package.


The dpkg_package resource now properly compares versions with the :upgrade action to prevent package installation on each Chef Infra Client run.


Updated the macos_userdefaults resource to resolve failures from coercing certain data types in properties.


Updated the mount resource to converge idempotently on Linux with loopback mounts. Thanks for reporting this issue @Blorpy!


Refactored the powershell_package package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed.


Updated the rhsm_register resource with the following new properties for managing how a node is registered with RHSM:

  • server_url
  • base_url
  • service_level
  • release

See the rhsm_register resource documentation for more information on using these new properties.


Refactored the windows_feature_powershell package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed.


Updated the zypper_package resource to prevent failures when removing packages that do not exist on the system or in available Zypper repositories.


coreutils Dependency

Chef Infra Client RPMs now depend on coreutils. This resolves an issue where Chef Infra Client may install before coreutils when used in a kickstart script, causing the installation of the chef-client symlink to fail.

macOS 10.14 Package Removal

With the release of macOS 12, our N-2 macOS release policy now includes macOS 12, 11, and 10.15. macOS 10.14 packages will no longer be produced.


Ruby 3.0.3

Ruby has been updated from 3.0.2 to 3.0.3 to resolve the following CVEs:

  • CVE-2021-41817
  • CVE-2021-41816
  • CVE-2021-41819

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 17.8.25

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 17.8.25
# In Windows Powershell
. { iwr -useb } | iex