2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
9 $cert_dir_le = scope().call_function('hiera', ['paths.letsencrypt_dir'])
10 $cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
12 def make_pin_macro(site)
14 pinfiles = [ "#{$cert_dir_le}/#{site}.pin",
15 "#{$cert_dir_backup}/#{site}.pin" ]
18 pin_info << File.read(fn).chomp()
23 res << "<Macro http-pkp-#{site}>"
24 if pin_info.size >= 2 then
25 pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
27 pin_info << "max-age=5184000"
28 pin_str = pin_info.join("; ")
29 res << " Header always set Public-Key-Pins \"#{pin_str}\""
31 res << " # mod macro does not like empty macros, so here's some content:"
32 res << " <Directory /non-existant>"
33 res << " </Directory>"
41 Dir.glob("#{$cert_dir_le}/*.pin") do |pinfile|
42 site = File.basename(pinfile, '.pin')
43 macros << make_pin_macro(site)