projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use update-ca-certificates to update ca-global on stretch and later
[mirror/dsa-puppet.git] / modules / ssl / manifests / init.pp
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index f16e6fd..21e51e6 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -1,6 +1,4 @@
 class ssl {
-       $caconf = '/etc/ca-certificates.conf'
-
        package { 'openssl':
                ensure   => installed,
        }
@@ -29,7 +27,7 @@ class ssl {
        }
        file { '/etc/ca-certificates-debian.conf':
                mode    => '0444',
-               source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
+               source => 'puppet:///modules/ssl/ca-certificates.conf',
                notify  => Exec['refresh_ca_debian_hashes'],
        }
        file { '/etc/ca-certificates-global.conf':
@@ -39,7 +37,7 @@ class ssl {
 
        file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
                mode   => '0444',
-               source => 'puppet:///modules/ssl/local-ssl-ca-global',
+               content => template('ssl/local-ssl-ca-global.erb'),
        }
 
        file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
@@ -55,9 +53,7 @@ class ssl {
        }
 
        file { '/usr/local/share/ca-certificates/debian.org':
-               ensure   => directory,
-               source   => 'puppet:///modules/ssl/servicecerts/',
-               mode     => '0644', # this works; otherwise all files are +x
+               ensure   => absent,
                purge    => true,
                recurse  => true,
                force    => true,
Unnamed repository; edit this file 'description' to name the repository.