2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
7 $cert_dir_le = '/srv/puppet.debian.org/from-letsencrypt'
8 $cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
10 def make_pin_macro(site)
12 pinfiles = [ "#{$cert_dir_le}/#{site}.pin",
13 "#{$cert_dir_backup}/#{site}.pin" ]
16 pin_info << File.read(fn).chomp()
21 res << "<Macro http-pkp-#{site}>"
22 if pin_info.size >= 2 then
23 pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
24 pin_info << "max-age=300"
25 pin_str = pin_info.join("; ")
26 res << " Header always set Public-Key-Pins \"#{pin_str}\""
28 res << " # mod macro does not like empty macros, so here's some content:"
29 res << " <Directory /non-existant>"
30 res << " </Directory>"
38 Dir.glob("#{$cert_dir_le}/*.pin") do |pinfile|
39 site = File.basename(pinfile, '.pin')
40 macros << make_pin_macro(site)