Commits on May 4, 2013
  1. [CHEF-4160] Add retries for 502 and 504 error codes.

    The Chef server relies on the client retrying in the case of 502 and
    504s to ensure reliability. By default, the Chef::REST class handles
    these retries; however, they are disabled during cookbook uploading to
    work around poor API responses. This reimplements retries for 502s and
    504s while leaving the current no-retry behavior for other errors.
    committed May 2, 2013
  2. Merge branch 'CHEF-4157'

    danielsdeleo committed May 4, 2013
Commits on May 3, 2013
  1. [CHEF-4157] split Platform to prune dep graph

    Many files/classes depend on Chef::Platform just to use the `windows?`
    method. The part of Chef::Platform that maps providers to platforms has
    very heavy dependencies (which may trigger circular deps when loading
    some files) which are not needed for most users of Chef::Platform.
    danielsdeleo committed May 3, 2013
Commits on May 1, 2013
  1. Merge branch 'CHEF-3615'

    danielsdeleo committed May 1, 2013
Commits on Apr 30, 2013
  1. [CHEF-3615] Make encrypted data bag format configurable

    * Add an option to configure the version used when encrypting data bag
      items. This allows users to opt-in to newer encrypted data bag formats
      while the default remains compatible with earlier chef versions.
    * Add an option to set a minimum valid encrypted data bag item format.
      This is useful on the client so that, for example, a MITM attacker
      cannot downgrade a v2 EDBI to v1.
    danielsdeleo committed Apr 30, 2013
  2. [CHEF-3615] version 2 encryptor/decryptor for EDBIs

    Authenticated encryption data bag items will be version 2 of the
    encrypted data bag item format instead of tacked on to the version 1
    Authenticated encryption via OpenSSL cipher was considered, but older
    openssl versions do not have, e.g., aes-256-gcm, so we are implementing
    encrypt-then-mac with hmac-sha256 on top of existing aes cipher.
    Code passes tests but is not yet exposed in configuration. TODO:
    * Allow user to set desired version for encrypt.
    * Allow user to set minimum required version for decrypt. Without this
      change, a MITM could simply change the format version to 1 to bypass
      the hmac.
    danielsdeleo committed Apr 27, 2013
  3. [CHEF-3858] ensure invalid key always fails to decrypt

    In Ci, we occasionally see test failures when decryption with an
    incorrect key does not raise an error, but instead returns garbage.
    This fixes that issue by adding an HMAC-SHA2-256 of the encrypted data
    to the version 1 format. For backwards compatibility, decryption will
    continue if the hmac is missing; therefore, this does not increase the
    security of encrypted data bag items.
    danielsdeleo committed Apr 26, 2013
  4. Merge branch 'CHEF-3858-2'

    danielsdeleo committed Apr 30, 2013
Commits on Apr 27, 2013
Commits on Apr 24, 2013
  1. Merge branch 'CHEF-4123'

    danielsdeleo committed Apr 24, 2013
  2. Merge pull request #721 from opscode/lcg/CHEF-1707

    CHEF-1707:  fix user provider for solaris passwords
    lamont-granquist committed Apr 24, 2013
  3. Merge branch 'CHEF-4118'

    jamesc committed Apr 24, 2013
Commits on Apr 23, 2013
  1. Merge branch 'CHEF-4117'

    danielsdeleo committed Apr 23, 2013
  2. [CHEF-4117] fix resource attempting to remove constants it doesn't have

    Module.const_defined?() needs to be given an optional second argument to
    disable constant lookups on ancestor classes. Otherwise LWRP creation
    may attempt to remove a constant that does not exist.
    danielsdeleo committed Apr 23, 2013
Commits on Apr 22, 2013
  1. Merge branch 'CHEF-3432'

    danielsdeleo committed Apr 22, 2013
Commits on Apr 18, 2013
  1. [CHEF-3432] use shared variable to track resource subclasses

    Use a class (@@var) instead of class instance variable to track
    subclasses of Chef::Resource. This ensures that subclasses of subclasses
    will be added to the list.
    danielsdeleo committed Apr 18, 2013
  2. [CHEF-2467] Ensure Shef loads run_context using correct run_list and …

    Currently, Shef in client-mode will not properly process attributes
    set in roles or environments since we assume an empty runlist and the
    _default environment when building the node.
    committed with btm Oct 17, 2012
  3. Merge branch 'CHEF-3348'

    btm committed Apr 18, 2013
  4. better CHANGELOG markdown format

    sethvargo committed with btm Nov 14, 2012
  5. fix specs

    lamont-granquist committed Apr 17, 2013