We just released Chef Client 12.7.2 and it is available via the downloads page. Here are some highlights of this release:
Updates to versioning specification
We recently updated the versioning specification in our release process to facilitate faster releases with lower risk between each release. Soon an automated process will begin updating the “patch” version (the third number in the version).
For consumers of Chef this means that the first future release of chef may not end in a
.0. The first
12.7 release available is the
12.7.2 release. In the future you may use version
12.8.5 without earlier versions of
12.8 having been released first. Those earlier versions may be available in the “current” channel that you can access through the install.sh and install.ps1 scripts.
Zypper Package Multipackage Support
On SuSE systems, the
package provider (aka
zypper_package provider), now accepts arrays and will install them with a single zypper command together:
package [ 'git', 'nmap' ]
Some additional code-cleanup was done to the provider and long-standing bugs may have been fixed.
There is now a
chocolatey\_package provider in core Chef. It is named
chocolatey\_package instead of
chocolatey in order to not conflict with the existing resource in the chocolatey cookbook and to comply with existing naming standards for package resources in core Chef.
The API for
chocolatey\_package conforms to the
package API in core Chef, rather than being a straight port of the cookbook version, and there are some API differences (e.g. it favors the
:remove action over the
:uninstall action since that is the API standard for core Chef package providers). The
chocolatey\_package provider also supports multipackage installations and will execute them in a single statement where possible:
chocolatey_package [ 'googlechrome', 'flashplayerplugin', '7zip', 'git' ]
choco.exe binary must be installed prior to using the resource, so the chocolatey cookbook recipe should still be used to install it.
EMEA customers in particular, and those customers who need reliable UTF-8 support, are highly encouraged to upgrade to the 12.7.0 release. The 12.4.x/12.5.x/12.6.x releases of chef-client had an extremely bad UTF-8 handling bug in them which corrupted all UTF-8 data in the node. In 12.7.0 that bug was fixed, along with another fix to make resource and audit reporting more reliable when fed non-UTF-8 (e.g. Latin-1/ISO-8859-1) characters.
We recently completed moving our internal API calls from
Chef::ServerAPI. As part of that move,
Chef::REST is no longer globally required, so if your code uses
Chef::REST, you must ensure that you require it correctly.
We strongly encourage users to move away from using
Chef::REST; if your code is run inside
chef then consider using
Chef::ServerAPI, otherwise please investigate ChefAPI.
Chef Solo -r (–recipe-url) changes
-r option to chef-client results in setting the
chef-client -r 'role[foo]'
Passing the same argument to chef-solo:
chef-solo -r 'role[foo]'
Instead invokes the
--recipe-url code, which had the side effect of running an immediate unprompted
rm -rf * in the current working directory of the user. Due to this problem and other issues around this
rm -rf * behavior it has been removed from the
--recipe-url code in chef-solo. The use of
-r in chef-solo to mean
--recipe-url has also been deprecated.
rm -rf * behavior has been moved to a
--delete-entire-chef-repo option. Users of chef-solo who want the old pre-12.7 behavior of
-r XXX should therefore use
--recipe-url XXX --delete-entire-chef-repo.
Upgrade to Net-SSH 3.0.2
We updated from the 2.9 branch of Net-SSH to consume an upstream bug fix. The biggest change here is that they dropped support for Ruby 1.9 (which Chef already dropped support for). Because this is such a low level dependency we found that many other projects had to be updated in lock-step (like Test Kitchen and Berkshelf) for the ChefDK packaging to succeed without dependency conflicts.
Upgrade to Ohai 8.10.0
This is an upgrade from version 8.8.1 which contains a handful of minor improvements and bug fixes. See the CHANGELOG for a full list of changes.
Windows Client File Permission Security Fix
chef#4500 fixes a permission issue on Windows client SKUs only that could permit local privilege escalation. Thanks to Jared Stroud of SPARSA for the report.