+ file { '/etc/ca-certificates.conf':
+ source => 'puppet:///modules/ssl/ca-certificates.conf',
+ notify => Exec['refresh_normal_hashes'],
+ }
+ file { '/etc/ca-certificates-debian.conf':
+ mode => '0444',
+ source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
+ notify => Exec['refresh_ca_debian_hashes'],
+ }
+ file { '/etc/ca-certificates-global.conf':
+ source => 'puppet:///modules/ssl/ca-certificates-global.conf',
+ notify => Exec['refresh_ca_global_hashes'],
+ }
+
+ file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
+ mode => '0444',
+ source => 'puppet:///modules/ssl/local-ssl-ca-global',
+ }
+
+ file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
+ ensure => absent,
+ notify => Exec['refresh_normal_hashes'],
+ }
+ file { '/etc/ssl/private/ssl-cert-snakeoil.key':
+ ensure => absent,
+ }
+
+ file { '/etc/ssl/servicecerts':
+ ensure => link,
+ purge => true,
+ force => true,
+ target => '/usr/local/share/ca-certificates/debian.org',
+ notify => Exec['retire_debian_links'],
+ }
+
+ file { '/usr/local/share/ca-certificates/debian.org':
+ ensure => directory,
+ source => 'puppet:///modules/ssl/servicecerts/',
+ mode => '0644', # this works; otherwise all files are +x
+ purge => true,
+ recurse => true,
+ force => true,
+ notify => [ Exec['refresh_normal_hashes'], Exec['refresh_ca_global_hashes'] ],
+ }
+ file { '/etc/ssl/certs/README':
+ ensure => absent,
+ }
+ file { '/etc/ssl/ca-debian':