X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssl%2Fmanifests%2Finit.pp;h=5aedfbc9f382d9c80d9d9238adf71bd1f20983a9;hb=2fc76fdf7b368a560901ee3578bd3abf47ab2365;hp=7c9ffd67b2dc4706f76087a15fd11dffb4bed3e9;hpb=488a87f4642b85c7d465e6887521596f763dcff0;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 7c9ffd67b..5aedfbc9f 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -11,17 +11,21 @@ class ssl {
 		ensure   => installed,
 	}
 
+	file { '/etc/ssl/README':
+		mode   => '0444',
+		source => 'puppet:///modules/ssl/README',
+	}
 	file { '/etc/ca-certificates.conf':
-		content => "# This file is under puppet control\n# Only debian.org service certs are trusted, see /etc/ssl/certs/README\n",
+		source => 'puppet:///modules/ssl/ca-certificates.conf',
 		notify  => Exec['refresh_normal_hashes'],
 	}
 	file { '/etc/ca-certificates-debian.conf':
 		mode    => '0444',
-		content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\n",
+		source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
 		notify  => Exec['refresh_ca_debian_hashes'],
 	}
 	file { '/etc/ca-certificates-global.conf':
-		content => "# This file is under puppet control\n# All CAs are trusted, see /etc/ssl/ca-global/README\n",
+		source => 'puppet:///modules/ssl/ca-certificates-global.conf',
 		notify  => Exec['refresh_ca_global_hashes'],
 	}
 
@@ -56,24 +60,21 @@ class ssl {
 		notify   => Exec['refresh_normal_hashes'],
 	}
 	file { '/etc/ssl/certs/README':
-		mode   => '0444',
-		source => 'puppet:///modules/ssl/README.certs',
+		ensure => absent,
 	}
 	file { '/etc/ssl/ca-debian':
 		ensure => directory,
 		mode   => '0755',
 	}
 	file { '/etc/ssl/ca-debian/README':
-		mode   => '0444',
-		source => 'puppet:///modules/ssl/README.ca-debian',
+		ensure => absent,
 	}
 	file { '/etc/ssl/ca-global':
 		ensure => directory,
 		mode   => '0755',
 	}
 	file { '/etc/ssl/ca-global/README':
-		mode   => '0444',
-		source => 'puppet:///modules/ssl/README.ca-global',
+		ensure => absent,
 	}
 	file { '/etc/ssl/debian':
 		ensure   => directory,