-
- exec { 'modify_ca_certificates_conf':
- command => 'sed -i -e \'s#!mozilla/UTN_USERFirst_Hardware_Root_CA.crt#mozilla/UTN_USERFirst_Hardware_Root_CA.crt#\' /etc/ca-certificates.conf',
- cwd => '/etc/ssl/certs',
- onlyif => 'grep -Fqx \'!mozilla/UTN_USERFirst_Hardware_Root_CA.crt\' /etc/ca-certificates.conf',
- notify => Exec['update_ca_certificates']
- }
- exec { 'update_ca_certificates':
- command => '/usr/sbin/update-ca-certificates',
- cwd => '/etc/ssl/certs',
- refreshonly => true
+ exec { 'refresh_ca_debian_hashes':
+ command => '/usr/local/sbin/update-ca-certificates-dsa --fresh --certsconf /etc/ca-certificates-debian.conf --localcertsdir /dev/null --etccertsdir /etc/ssl/ca-debian --hooksdir /dev/null',
+ refreshonly => true,
+ require => [
+ Package['ca-certificates'],
+ File['/etc/ssl/ca-debian'],
+ File['/etc/ca-certificates-debian.conf'],
+ File['/usr/local/sbin/update-ca-certificates-dsa'],
+ ]
+ }
+ exec { 'refresh_ca_global_hashes':
+ command => '/usr/local/sbin/update-ca-certificates-dsa --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null',
+ refreshonly => true,
+ require => [
+ Package['ca-certificates'],
+ File['/etc/ssl/ca-global'],
+ File['/etc/ca-certificates-global.conf'],
+ File['/usr/local/sbin/update-ca-certificates-dsa'],
+ ]