chef 18.2.7-x64-mingw-ucrt → 18.4.2-x64-mingw-ucrt

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a313783b0386b4ed50ef119bf7b37e014adccab2341396d7d11c9bc0e5a6ce3d
-  data.tar.gz: 74be0fa290f08d00d77b0cdb68caf7dd84b929ce289fd2b80b11114a488f0597
+  metadata.gz: 23f3f81c3dc1cd6817825ebb13a87bb9c4c8e2c332d39846d0291925aff183af
+  data.tar.gz: dd5df36c878f693a329ee770bbb54a0332178e41f17f718027e860c8e289dc64
 SHA512:
-  metadata.gz: ddafcb71010f1ef7bf289d450b2d2851016d9e3cae93fb04b9fcc17255fdba206ae105eaf585f56aebce0c9e1284a7fe07da198dae33796d714b47fb1a269ad9
-  data.tar.gz: cece71ceaef6808e4c9b966d906004e8ecc5bbfc3102f4bbcf619d28e9fd27acd22799fffe34ab4c19c7e4acd74e3823333a9870df9546881316431ad98f27ad
+  metadata.gz: b9e455ca1a2f875d08dea3beba4c9bb029889aedfc3d17344caea7061cde332e3d834f8eda0edd21ee083890e720e670048bdaa62d81206ee4b1670ef577689c
+  data.tar.gz: 0b189fca63d31b90c20755137bfa2ca13c430e924f5b7e0d600fdd82ae4b77570d6f5a2fa6bfce0159404cbbe9d3d172c4f694d424ddf29d930a7437e1c9025c

data/Gemfile

@@ -7,7 +7,7 @@ gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main"
 # Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
 gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
 
-gem "ffi", ">= 1.15.5"
+gem "ffi", "~> 1.15.5"
 gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
 gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
 
@@ -24,7 +24,7 @@ gem "cheffish", ">= 17"
 group(:omnibus_package) do
   gem "appbundler"
   gem "rb-readline"
-  gem "inspec-core-bin", ">= 5" # need to provide the binaries for inspec
+  gem "inspec-core-bin", ">= 5", "< 6" # need to provide the binaries for inspec
   gem "chef-vault"
 end
 

data/chef-universal-mingw-ucrt.gemspec

@@ -15,7 +15,7 @@ gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
 gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
 gemspec.add_dependency "win32-certstore", "~> 0.6.15" # 0.5+ required for specifying user vs. system store
-gemspec.add_dependency "chef-powershell", "~> 18.0.0" # The guts of the powershell_exec code have been moved to its own gem, chef-powershell. It's part of the chef-powershell-shim repo.
+gemspec.add_dependency "chef-powershell", "~> 18.1.0" # The guts of the powershell_exec code have been moved to its own gem, chef-powershell. It's part of the chef-powershell-shim repo.
 
 gemspec.extensions << "ext/win32-eventlog/Rakefile"
 gemspec.files += Dir.glob("{distro,ext}/**/*")

data/chef.gemspec

@@ -41,9 +41,9 @@ Gem::Specification.new do |s|
   s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
   s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
   s.add_dependency "ohai", "~> 18.0"
-  s.add_dependency "inspec-core", ">= 5"
+  s.add_dependency "inspec-core", ">= 5", "< 6"
 
-  s.add_dependency "ffi", ">= 1.15.5"
+  s.add_dependency "ffi", "~> 1.15.5"
   s.add_dependency "ffi-yajl", "~> 2.2"
   s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
   s.add_dependency "net-ftp" # remote_file resource
@@ -58,7 +58,7 @@ Gem::Specification.new do |s|
   s.add_dependency "addressable"
   s.add_dependency "syslog-logger", "~> 1.6"
   s.add_dependency "uuidtools", ">= 2.1.5", "< 3.0" # osx_profile resource
-  s.add_dependency "unf_ext", ">= 0.0.8.2" # This is ruby31 compatible ucrt gem version
+  s.add_dependency "unf_ext", "~> 0.0.8.2" # older platforms
   s.add_dependency "corefoundation", "~> 0.3.4" # macos_userdefaults resource
 
   s.add_dependency "proxifier2", "~> 1.1"

data/lib/chef/application/base.rb

@@ -24,6 +24,8 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require_relative "../daemon"
 require "chef-config/mixin/dot_d"
 require "license_acceptance/cli_flags/mixlib_cli"
+require "chef/monkey_patches/net-http"
+
 module Mixlib
   autoload :Archive, "mixlib/archive"
 end

data/lib/chef/chef_fs/file_pattern.rb

@@ -238,7 +238,7 @@ class Chef
             end
           end
 
-          @regexp = Regexp.new("^#{full_regexp_parts.join(Chef::ChefFS::PathUtils.regexp_path_separator)}$")
+          @regexp = Regexp.new("^#{full_regexp_parts.join(Chef::ChefFS::PathUtils::REGEXP_PATH_SEPARATOR)}$")
           @normalized_pattern = Chef::ChefFS::PathUtils.join(*normalized_parts)
           @normalized_pattern = Chef::ChefFS::PathUtils.join("", @normalized_pattern) if @is_absolute
         end

data/lib/chef/chef_fs/path_utils.rb

@@ -40,13 +40,15 @@ class Chef
       # path to discover the Chef-FS root path) are handled in accordance to the rules
       # of the local file-system and OS.
 
+      REGEXP_PATH_SEPARATOR = ChefUtils.windows? ? "[\\/\\\\]" : "/"
+
       def self.join(*parts)
         return "" if parts.length == 0
 
         # Determine if it started with a slash
-        absolute = parts[0].length == 0 || parts[0].length > 0 && parts[0] =~ /^#{regexp_path_separator}/
+        absolute = parts[0].length == 0 || parts[0].length > 0 && parts[0] =~ /^#{REGEXP_PATH_SEPARATOR}/
         # Remove leading and trailing slashes from each part so that the join will work (and the slash at the end will go away)
-        parts = parts.map { |part| part.gsub(/^#{regexp_path_separator}+|#{regexp_path_separator}+$/, "") }
+        parts = parts.map { |part| part.gsub(/^#{REGEXP_PATH_SEPARATOR}+|#{REGEXP_PATH_SEPARATOR}+$/, "") }
         # Don't join empty bits
         result = parts.select { |part| part != "" }.join("/")
         # Put the / back on
@@ -54,16 +56,12 @@ class Chef
       end
 
       def self.split(path)
-        path.split(Regexp.new(regexp_path_separator))
-      end
-
-      def self.regexp_path_separator
-        ChefUtils.windows? ? "[\\/\\\\]" : "/"
+        path.split(Regexp.new(REGEXP_PATH_SEPARATOR))
       end
 
       # Given a server path, determines if it is absolute.
       def self.is_absolute?(path)
-        !!(path =~ /^#{regexp_path_separator}/)
+        !!(path =~ /^#{REGEXP_PATH_SEPARATOR}/)
       end
 
       # Given a path which may only be partly real (i.e. /x/y/z when only /x exists,
@@ -118,7 +116,7 @@ class Chef
 
         if ancestor.length == path.length
           ""
-        elsif /#{PathUtils.regexp_path_separator}/.match?(path[ancestor.length, 1])
+        elsif /#{PathUtils::REGEXP_PATH_SEPARATOR}/.match?(path[ancestor.length, 1])
           path[ancestor.length + 1..-1]
         else
           nil

data/lib/chef/client.rb

@@ -663,7 +663,7 @@ class Chef
           logger.trace("New client keys created in the Certificate Store - skipping registration")
         end
         events.skipping_registration(client_name, config)
-      elsif File.exists?(config[:client_key])
+      elsif File.exist?(config[:client_key])
         events.skipping_registration(client_name, config)
         logger.trace("Client key #{config[:client_key]} is present - skipping registration")
       else
@@ -1069,7 +1069,7 @@ class Chef
     end
 
     def empty_directory?(path)
-      !File.exists?(path) || (Dir.entries(path).size <= 2)
+      !File.exist?(path) || (Dir.entries(path).size <= 2)
     end
 
     def is_last_element?(index, object)

data/lib/chef/cookbook/synchronizer.rb

@@ -219,14 +219,31 @@ class Chef
 
     # remove deleted files in cookbooks that are being used on the node
     def remove_deleted_files
+      cache_file_hash = {}
+      @cookbooks_by_name.each_key do |k|
+        cache_file_hash[k] = {}
+      end
+
+      # First populate files from cache
       cache.find(File.join(%w{cookbooks ** {*,.*}})).each do |cache_file|
         md = cache_file.match(%r{^cookbooks/([^/]+)/([^/]+)/(.*)})
         next unless md
 
-        ( cookbook_name, segment, file ) = md[1..3]
+        (cookbook_name, segment, file) = md[1..3]
         if have_cookbook?(cookbook_name)
+          cache_file_hash[cookbook_name][segment] ||= {}
+          cache_file_hash[cookbook_name][segment]["#{segment}/#{file}"] = cache_file
+        end
+      end
+      # Determine which files don't match manifest
+      @cookbooks_by_name.each_key do |cookbook_name|
+        cache_file_hash[cookbook_name].each_key do |segment|
           manifest_segment = cookbook_segment(cookbook_name, segment)
-          if manifest_segment.select { |manifest_record| manifest_record["path"] == "#{segment}/#{file}" }.empty?
+          manifest_record_paths = manifest_segment.map { |manifest_record| manifest_record["path"] }
+          to_be_removed = cache_file_hash[cookbook_name][segment].keys - manifest_record_paths
+          to_be_removed.each do |path|
+            cache_file = cache_file_hash[cookbook_name][segment][path]
+
             Chef::Log.info("Removing #{cache_file} from the cache; its is no longer in the cookbook manifest.")
             cache.delete(cache_file)
             @events.removed_cookbook_file(cache_file)

data/lib/chef/cookbook_version.rb

@@ -474,7 +474,7 @@ class Chef
     end
 
     def reload_metadata!
-      if File.exists?(metadata_json_file)
+      if File.exist?(metadata_json_file)
         metadata.from_json(IO.read(metadata_json_file))
       end
     end

data/lib/chef/delayed_evaluator.rb

@@ -21,5 +21,9 @@ class Chef
       # super returns a "Proc" (which seems buggy) so re-wrap it
       self.class.new(&super) # rubocop:disable Layout/SpaceAroundKeyword
     end
+
+    def inspect
+      "lazy { (evaluates to) #{call.inspect} }"
+    end
   end
 end

data/lib/chef/file_access_control/windows.rb

@@ -324,7 +324,10 @@ class Chef
           acls += mode_ace(SID.Everyone, (mode & 07))
         end
 
-        acls.nil? ? nil : Chef::ReservedNames::Win32::Security::ACL.create(acls)
+        # 'acls.nil?' is true if uninitialized, but false if the initial empty array value.
+        # 'acls.empty?' cannot be called if acls is nil but successfully guards against using the empty array value.
+        # either case should return nil from this method.
+        (acls.nil? || acls.empty?) ? nil : Chef::ReservedNames::Win32::Security::ACL.create(acls)
       end
 
       def target_group

data/lib/chef/guard_interpreter/resource_guard_interpreter.rb

@@ -77,6 +77,8 @@ class Chef
           @resource.updated
         rescue Mixlib::ShellOut::ShellCommandFailed
           nil
+        rescue ChefPowerShell::PowerShellExceptions::PowerShellCommandFailed
+          nil
         end
       end
 

data/lib/chef/http/ssl_policies.rb

@@ -103,10 +103,10 @@ class Chef
         unless config[:ssl_client_cert] && config[:ssl_client_key]
           raise Chef::Exceptions::ConfigurationError, "You must configure ssl_client_cert and ssl_client_key together"
         end
-        unless ::File.exists?(config[:ssl_client_cert])
+        unless ::File.exist?(config[:ssl_client_cert])
           raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_cert #{config[:ssl_client_cert]} does not exist"
         end
-        unless ::File.exists?(config[:ssl_client_key])
+        unless ::File.exist?(config[:ssl_client_key])
           raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
         end
 

data/lib/chef/mixin/homebrew_user.rb

@@ -57,18 +57,28 @@ class Chef
         @homebrew_owner_username
       end
 
+      def homebrew_bin_path(brew_bin_path = nil)
+        if brew_bin_path && ::File.exist?(brew_bin_path)
+          brew_bin_path
+        else
+          [which("brew"), "/opt/homebrew/bin/brew", "/usr/local/bin/brew", "/home/linuxbrew/.linuxbrew/bin/brew"].uniq.select do |x|
+            next if x == false
+
+            ::File.exist?(x) && ::File.executable?(x)
+          end.first || nil
+        end
+      end
+
       private
 
       def calculate_owner
-        default_brew_path = "/usr/local/bin/brew"
-        if ::File.exist?(default_brew_path)
+        brew_path = homebrew_bin_path
+        if brew_path
           # By default, this follows symlinks which is what we want
-          owner = ::File.stat(default_brew_path).uid
-        elsif (brew_path = shell_out("which brew").stdout.strip) && !brew_path.empty?
           owner = ::File.stat(brew_path).uid
         else
           raise Chef::Exceptions::CannotDetermineHomebrewOwner,
-            'Could not find the "brew" executable in /usr/local/bin or anywhere on the path.'
+            'Couldn\'t find the "brew" executable anywhere on the path.'
         end
 
         Chef::Log.debug "Found Homebrew owner #{Etc.getpwuid(owner).name}; executing `brew` commands as them"

data/lib/chef/monkey_patches/net-http.rb

@@ -0,0 +1,127 @@
+if RUBY_VERSION.split(".")[0..1].join(".") == "3.1"
+  require "net/http" unless defined?(Net::HTTP)
+  # This is monkey-patch for ruby 3.1.x
+  # Due to change https://github.com/ruby/net-http/pull/10, when making net/http requests to a url which supports only IPv6 and not IPv4,
+  # ruby waits for IPv4 request to timeout first, then makes IPv6 request. This increased response time.
+  # NOTE 1: This is already reverted https://github.com/ruby/ruby/commit/f88bff770578583a708093f4a0d8b1483a1d2039 but under ruby 3.2.2
+  # NOTE 2: We are patching action `connect` from here https://github.com/ruby/ruby/blob/f88bff770578583a708093f4a0d8b1483a1d2039/lib/net/http.rb#L1000
+
+  module Net
+    class HTTP
+      def connect
+        if use_ssl?
+          # reference early to load OpenSSL before connecting,
+          # as OpenSSL may take time to load.
+          @ssl_context = OpenSSL::SSL::SSLContext.new
+        end
+
+        if proxy?
+          conn_addr = proxy_address
+          conn_port = proxy_port
+        else
+          conn_addr = conn_address
+          conn_port = port
+        end
+
+        Chef::Log.debug("opening connection to #{conn_addr}:#{conn_port}...")
+        s = Timeout.timeout(@open_timeout, Net::OpenTimeout) {
+          begin
+            TCPSocket.open(conn_addr, conn_port, @local_host, @local_port)
+          rescue => e
+            raise e, "Failed to open TCP connection to " +
+              "#{conn_addr}:#{conn_port} (#{e.message})"
+          end
+        }
+        s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+        Chef::Log.debug("opened")
+        if use_ssl?
+          if proxy?
+            plain_sock = BufferedIO.new(s, read_timeout: @read_timeout,
+                                        write_timeout: @write_timeout,
+                                        continue_timeout: @continue_timeout,
+                                        debug_output: @debug_output)
+            buf = "CONNECT #{conn_address}:#{@port} HTTP/#{HTTPVersion}\r\n"
+            buf << "Host: #{@address}:#{@port}\r\n"
+            if proxy_user
+              credential = ["#{proxy_user}:#{proxy_pass}"].pack("m0")
+              buf << "Proxy-Authorization: Basic #{credential}\r\n"
+            end
+            buf << "\r\n"
+            plain_sock.write(buf)
+            HTTPResponse.read_new(plain_sock).value
+            # assuming nothing left in buffers after successful CONNECT response
+          end
+
+          ssl_parameters = {}
+          iv_list = instance_variables
+          SSL_IVNAMES.each_with_index do |ivname, i|
+            if iv_list.include?(ivname)
+              value = instance_variable_get(ivname)
+              unless value.nil?
+                ssl_parameters[SSL_ATTRIBUTES[i]] = value
+              end
+            end
+          end
+          @ssl_context.set_params(ssl_parameters)
+          unless @ssl_context.session_cache_mode.nil? # a dummy method on JRuby
+            @ssl_context.session_cache_mode =
+                OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+                OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+          end
+          if @ssl_context.respond_to?(:session_new_cb) # not implemented under JRuby
+            @ssl_context.session_new_cb = proc { |sock, sess| @ssl_session = sess }
+          end
+
+          # Still do the post_connection_check below even if connecting
+          # to IP address
+          verify_hostname = @ssl_context.verify_hostname
+
+          # requiring 'resolv' near the top of the file causes registry.rb monkey patch to fail
+          # Windows 2012 R2 somehow fails to have Resolv defined unless we require it manually
+          require "resolv" unless defined?(Resolv)
+
+          # Server Name Indication (SNI) RFC 3546/6066
+          case @address
+          when ::Resolv::IPv4::Regex, ::Resolv::IPv6::Regex
+            # don't set SNI, as IP addresses in SNI is not valid
+            # per RFC 6066, section 3.
+
+            # Avoid openssl warning
+            @ssl_context.verify_hostname = false
+          else
+            ssl_host_address = @address
+          end
+
+          Chef::Log.debug("starting SSL for #{conn_addr}:#{conn_port}...")
+          s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
+          s.sync_close = true
+          s.hostname = ssl_host_address if s.respond_to?(:hostname=) && ssl_host_address
+
+          if @ssl_session &&
+              (Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout)
+            s.session = @ssl_session
+          end
+          ssl_socket_connect(s, @open_timeout)
+          if (@ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE) && verify_hostname
+            s.post_connection_check(@address)
+          end
+          Chef::Log.debug("SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}")
+        end
+        @socket = BufferedIO.new(s, read_timeout: @read_timeout,
+                                write_timeout: @write_timeout,
+                                continue_timeout: @continue_timeout,
+                                debug_output: @debug_output)
+        @last_communicated = nil
+        on_connect
+      rescue => exception
+        if s
+          Chef::Log.debug("Conn close because of connect error #{exception}")
+          s.close
+        end
+        raise
+      end
+    end
+  end
+else
+  warn "Not applying net/http monkey patch needed for ruby 3.1"
+end

data/lib/chef/node/attribute_collections.rb

@@ -18,6 +18,7 @@
 
 require_relative "common_api"
 require_relative "mixin/state_tracking"
+require_relative "mixin/state_tracking_array"
 require_relative "mixin/immutablize_array"
 require_relative "mixin/immutablize_hash"
 require_relative "mixin/mashy_array"
@@ -39,11 +40,19 @@ class Chef
       MUTATOR_METHODS.each do |mutator|
         define_method(mutator) do |*args, &block|
           ret = super(*args, &block)
+          # TODO: use `send_reset_cache(__path__)` for all mutator methods?
           send_reset_cache
           ret
         end
       end
 
+      def <<(obj)
+        ret = super(obj)
+        # NOTE: Expecting __path__ to be top-level attribute only
+        send_reset_cache(__path__)
+        ret
+      end
+
       def delete(key, &block)
         send_reset_cache(__path__, key)
         super
@@ -89,7 +98,7 @@ class Chef
         key
       end
 
-      prepend Chef::Node::Mixin::StateTracking
+      prepend Chef::Node::Mixin::StateTrackingArray
     end
 
     # == VividMash

data/lib/chef/node/immutable_collections.rb

@@ -17,6 +17,7 @@
 
 require_relative "common_api"
 require_relative "mixin/state_tracking"
+require_relative "mixin/state_tracking_array"
 require_relative "mixin/immutablize_array"
 require_relative "mixin/immutablize_hash"
 require_relative "../delayed_evaluator"
@@ -32,13 +33,16 @@ class Chef
       end
 
       def convert_value(value)
+        # The order in this case statement is *important*.
+        # ImmutableMash and ImmutableArray should be tested first,
+        # as this saves unnecessary creation of intermediate objects
         case value
+        when ImmutableMash, ImmutableArray
+          value
         when Hash
           ImmutableMash.new(value, __root__, __node__, __precedence__)
         when Array
           ImmutableArray.new(value, __root__, __node__, __precedence__)
-        when ImmutableMash, ImmutableArray
-          value
         else
           safe_dup(value).freeze
         end
@@ -116,7 +120,7 @@ class Chef
         value
       end
 
-      prepend Chef::Node::Mixin::StateTracking
+      prepend Chef::Node::Mixin::StateTrackingArray
       prepend Chef::Node::Mixin::ImmutablizeArray
     end
 

data/lib/chef/node/mixin/state_tracking.rb

@@ -78,7 +78,7 @@ class Chef
 
         def send_reset_cache(path = nil, key = nil)
           next_path = [ path, key ].flatten.compact
-          __root__.reset_cache(next_path.first) if !__root__.nil? && __root__.respond_to?(:reset_cache) && !next_path.nil?
+          __root__.reset_cache(next_path.first) if !__root__.nil? && __root__.respond_to?(:reset_cache)
         end
 
         def copy_state_to(ret, next_path)

data/lib/chef/node/mixin/state_tracking_array.rb

@@ -0,0 +1,41 @@
+#--
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "immutablize_array"
+require_relative "state_tracking"
+
+class Chef
+  class Node
+    module Mixin
+      module StateTrackingArray
+        include ::Chef::Node::Mixin::StateTracking
+
+        MUTATOR_METHODS = Chef::Node::Mixin::ImmutablizeArray::DISALLOWED_MUTATOR_METHODS
+
+        # For all of the methods that may mutate an Array, we override them to
+        # also track the state and trigger attribute_changed event.
+        MUTATOR_METHODS.each do |mutator|
+          define_method(mutator) do |*args, &block|
+            ret = super(*args, &block)
+            send_attribute_changed_event(__path__, self)
+            ret
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/node.rb

@@ -401,6 +401,13 @@ class Chef
       normal[:tags]
     end
 
+    # Add the list of tags to the node.
+    #
+    # === Parameters
+    # tags<Array>:: A list of tags
+    #
+    # === Returns
+    # tags<Array>:: The current list of run_context.node.tags
     def tag(*args)
       args.each do |tag|
         tags.push(tag.to_s) unless tags.include? tag.to_s
@@ -409,6 +416,21 @@ class Chef
       tags
     end
 
+    # Removes the list of tags from the node.
+    #
+    # === Parameters
+    # tags<Array>:: A list of tags
+    #
+    # === Returns
+    # tags<Array>:: The current list of run_context.node.tags
+    def untag(*args)
+      args.each do |tag|
+        tags.delete(tag.to_s)
+      end
+
+      tags
+    end
+
     # Extracts the run list from +attrs+ and applies it. Returns the remaining attributes
     def consume_run_list(attrs)
       attrs = attrs ? attrs.dup : {}

data/lib/chef/provider/launchd.rb

@@ -52,7 +52,7 @@ class Chef
       end
 
       action :delete, description: "Delete a launchd property list. This will unload a daemon or agent, if loaded." do
-        if ::File.exists?(path)
+        if ::File.exist?(path)
           manage_service(:disable)
         end
         manage_plist(:delete)

data/lib/chef/provider/mount/linux.rb

@@ -39,7 +39,7 @@ class Chef
 
         def mounted?
           mounted = false
-          real_mount_point = if ::File.exists? @new_resource.mount_point
+          real_mount_point = if ::File.exist? @new_resource.mount_point
                                ::File.realpath(@new_resource.mount_point)
                              else
                                @new_resource.mount_point

data/lib/chef/provider/mount/mount.rb

@@ -42,9 +42,9 @@ class Chef
 
         def mountable?
           # only check for existence of non-remote devices
-          if device_should_exist? && !::File.exists?(device_real)
+          if device_should_exist? && !::File.exist?(device_real)
             raise Chef::Exceptions::Mount, "Device #{@new_resource.device} does not exist"
-          elsif @new_resource.mount_point != "none" && !::File.exists?(@new_resource.mount_point)
+          elsif @new_resource.mount_point != "none" && !::File.exist?(@new_resource.mount_point)
             raise Chef::Exceptions::Mount, "Mount point #{@new_resource.mount_point} does not exist"
           end
 
@@ -81,7 +81,7 @@ class Chef
           # "mount" outputs the mount points as real paths. Convert
           # the mount_point of the resource to a real path in case it
           # contains symlinks in its parents dirs.
-          real_mount_point = if ::File.exists? @new_resource.mount_point
+          real_mount_point = if ::File.exist? @new_resource.mount_point
                                ::File.realpath(@new_resource.mount_point)
                              else
                                @new_resource.mount_point
@@ -186,7 +186,7 @@ class Chef
         def device_should_exist?
           ( @new_resource.device != "none" ) &&
             ( not network_device? ) &&
-            ( not %w{ cgroup tmpfs fuse vboxsf zfs }.include? @new_resource.fstype )
+            ( not %w{ cgroup tmpfs fuse vboxsf zfs efivarfs }.include? @new_resource.fstype )
         end
 
         private
@@ -287,4 +287,4 @@ class Chef
       end
     end
   end
-end
+end

data/lib/chef/provider/package/apt.rb

@@ -124,6 +124,11 @@ class Chef
 
         private
 
+        # @return [String] package name with or without anchors attached to it.
+        def resolve_package(pkg)
+          new_resource.anchor_package_regex ? "^#{pkg}$" : pkg
+        end
+
         # @return [String] version of apt-get which is installed
         def apt_version
           @apt_version ||= shell_out("apt-get --version").stdout.match(/^apt (\S+)/)[1]
@@ -174,10 +179,12 @@ class Chef
         end
 
         def resolve_package_versions(pkg)
+          # apt-cache considers package names as regex by default. The anchor_package_regex flag will decide whether to match name exact string or not
+          pkg_name = resolve_package(pkg)
           current_version = nil
           candidate_version = nil
           all_versions = []
-          run_noninteractive("apt-cache", default_release_options, "policy", pkg).stdout.each_line do |line|
+          run_noninteractive("apt-cache", default_release_options, "policy", pkg_name).stdout.each_line do |line|
             case line
             when /^\s{2}Installed: (.+)$/
               current_version = ( $1 != "(none)" ) ? $1 : nil
@@ -216,7 +223,9 @@ class Chef
         end
 
         def resolve_virtual_package_name(pkg)
-          showpkg = run_noninteractive("apt-cache", "showpkg", pkg).stdout
+          # apt-cache considers package names as regex by default. The anchor_package_regex flag will decide whether to match name exact string or not
+          pkg_name = resolve_package(pkg)
+          showpkg = run_noninteractive("apt-cache", "showpkg", pkg_name).stdout
           partitions = showpkg.rpartition(/Reverse Provides: ?#{$/}/)
           return nil if partitions[0] == "" && partitions[1] == "" # not found in output