Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on May 4, 2013
  1. [CHEF-4160] Add retries for 502 and 504 error codes.

    authored
    The Chef server relies on the client retrying in the case of 502 and
    504s to ensure reliability. By default, the Chef::REST class handles
    these retries; however, they are disabled during cookbook uploading to
    work around poor API responses. This reimplements retries for 502s and
    504s while leaving the current no-retry behavior for other errors.
  2. @danielsdeleo

    Merge branch 'CHEF-4157'

    danielsdeleo authored
Commits on May 3, 2013
  1. @danielsdeleo
  2. @danielsdeleo

    [CHEF-4157] split Platform to prune dep graph

    danielsdeleo authored
    Many files/classes depend on Chef::Platform just to use the `windows?`
    method. The part of Chef::Platform that maps providers to platforms has
    very heavy dependencies (which may trigger circular deps when loading
    some files) which are not needed for most users of Chef::Platform.
Commits on May 1, 2013
  1. @danielsdeleo

    Merge branch 'CHEF-3615'

    danielsdeleo authored
Commits on Apr 30, 2013
  1. @danielsdeleo

    [CHEF-3615] Make encrypted data bag format configurable

    danielsdeleo authored
    * Add an option to configure the version used when encrypting data bag
      items. This allows users to opt-in to newer encrypted data bag formats
      while the default remains compatible with earlier chef versions.
    * Add an option to set a minimum valid encrypted data bag item format.
      This is useful on the client so that, for example, a MITM attacker
      cannot downgrade a v2 EDBI to v1.
  2. @danielsdeleo

    [CHEF-3615] version 2 encryptor/decryptor for EDBIs

    danielsdeleo authored
    Authenticated encryption data bag items will be version 2 of the
    encrypted data bag item format instead of tacked on to the version 1
    format.
    
    Authenticated encryption via OpenSSL cipher was considered, but older
    openssl versions do not have, e.g., aes-256-gcm, so we are implementing
    encrypt-then-mac with hmac-sha256 on top of existing aes cipher.
    
    Code passes tests but is not yet exposed in configuration. TODO:
    * Allow user to set desired version for encrypt.
    * Allow user to set minimum required version for decrypt. Without this
      change, a MITM could simply change the format version to 1 to bypass
      the hmac.
  3. @danielsdeleo

    [CHEF-3858] ensure invalid key always fails to decrypt

    danielsdeleo authored
    In Ci, we occasionally see test failures when decryption with an
    incorrect key does not raise an error, but instead returns garbage.
    
    This fixes that issue by adding an HMAC-SHA2-256 of the encrypted data
    to the version 1 format. For backwards compatibility, decryption will
    continue if the hmac is missing; therefore, this does not increase the
    security of encrypted data bag items.
  4. @danielsdeleo
Commits on Apr 27, 2013
  1. @danielsdeleo
Commits on Apr 24, 2013
  1. @danielsdeleo

    Merge branch 'CHEF-4123'

    danielsdeleo authored
  2. @danielsdeleo
  3. @lamont-granquist

    Merge pull request #721 from opscode/lcg/CHEF-1707

    lamont-granquist authored
    CHEF-1707:  fix user provider for solaris passwords
  4. @jamesc

    Merge branch 'CHEF-4118'

    jamesc authored
  5. @PrajaktaPurohit @jamesc

    Adding the run_started callback

    PrajaktaPurohit authored jamesc committed
  6. @danielsdeleo
Commits on Apr 23, 2013
  1. @danielsdeleo

    Merge branch 'CHEF-4117'

    danielsdeleo authored
  2. @danielsdeleo

    [CHEF-4117] fix resource attempting to remove constants it doesn't have

    danielsdeleo authored
    Module.const_defined?() needs to be given an optional second argument to
    disable constant lookups on ancestor classes. Otherwise LWRP creation
    may attempt to remove a constant that does not exist.
Commits on Apr 22, 2013
  1. @lamont-granquist
  2. @lamont-granquist
  3. @danielsdeleo

    Merge branch 'CHEF-3432'

    danielsdeleo authored
  4. @danielsdeleo
Commits on Apr 18, 2013
  1. @lamont-granquist
  2. @danielsdeleo
  3. @danielsdeleo
  4. @danielsdeleo
  5. @danielsdeleo

    [CHEF-3432] use shared variable to track resource subclasses

    danielsdeleo authored
    Use a class (@@var) instead of class instance variable to track
    subclasses of Chef::Resource. This ensures that subclasses of subclasses
    will be added to the list.
  6. @btm

    [CHEF-2467] Add tests and fix grammar.

    authored btm committed
  7. @btm

    [CHEF-2467] Ensure Shef loads run_context using correct run_list and …

    authored btm committed
    …environment.
    
    Currently, Shef in client-mode will not properly process attributes
    set in roles or environments since we assume an empty runlist and the
    _default environment when building the node.
  8. @btm

    Merge branch 'CHEF-3348'

    btm authored
  9. @sethvargo @btm

    better CHANGELOG markdown format

    sethvargo authored btm committed
  10. @zuazo @btm

    [CHEF-3516] force knife to exit when an Errno::EPIPE exception is rec…

    zuazo authored btm committed
    …eived
  11. @zuazo @btm

    [CHEF-3516] raise Errno::EPIPE exceptions with -VV

    zuazo authored btm committed
  12. @zuazo @btm

    [CHEF-3516] Some knife commands emit Errno::EPIPE when used in a pipe…

    zuazo authored btm committed
    …line
  13. @lamont-granquist

    fix specs

    lamont-granquist authored
Something went wrong with that request. Please try again.