+ exec { 'refresh_normal_hashes':
+ # NOTE 1: always use update-ca-certificates to manage hashes in
+ # /etc/ssl/certs otherwise /etc/ssl/ca-certificates.crt will
+ # get a hash overriding the hash that would have been generated
+ # for another certificate ... which is problem, comrade
+ # NOTE 2: always ask update-ca-certificates to freshen (-f) the links
+ command => "/usr/sbin/update-ca-certificates --fresh${extra_ssl_certs_flags}",
+ refreshonly => true,
+ require => Package['ca-certificates'],
+ }
+ exec { 'refresh_ca_debian_hashes':
+ command => "${updatecacerts} --fresh --certsconf /etc/ca-certificates-debian.conf --localcertsdir /dev/null --etccertsdir /etc/ssl/ca-debian --hooksdir /dev/null",
+ refreshonly => true,
+ require => [
+ Package['ca-certificates'],
+ File['/etc/ssl/ca-debian'],
+ File['/etc/ca-certificates-debian.conf'],
+ File[$updatecacertsdsa],
+ ]
+ }
+ exec { 'refresh_ca_global_hashes':
+ command => "${updatecacerts} --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null",