X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssl%2Fmanifests%2Finit.pp;h=5aedfbc9f382d9c80d9d9238adf71bd1f20983a9;hb=ed5069b9ad32e77bcddf91220b4ffd750c80cbe0;hp=0ae64aa4ed8f9638377fb5f390fac4a5f3c090cd;hpb=b87d468a5bfc69a0e8390e7484e9bb6d225e404e;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 0ae64aa4e..5aedfbc9f 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -11,17 +11,21 @@ class ssl {
 		ensure   => installed,
 	}
 
+	file { '/etc/ssl/README':
+		mode   => '0444',
+		source => 'puppet:///modules/ssl/README',
+	}
 	file { '/etc/ca-certificates.conf':
-		content => "# This file is under puppet control\n# Only debian.org service certs are trusted, see /etc/ssl/certs/README\n",
+		source => 'puppet:///modules/ssl/ca-certificates.conf',
 		notify  => Exec['refresh_normal_hashes'],
 	}
 	file { '/etc/ca-certificates-debian.conf':
 		mode    => '0444',
-		content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\nmozilla/UTN_USERFirst_Hardware_Root_CA.crt\nspi-inc.org/spi-cacert-2008.crt\n",
+		source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
 		notify  => Exec['refresh_ca_debian_hashes'],
 	}
 	file { '/etc/ca-certificates-global.conf':
-		content => "# This file is under puppet control\n# All CAs are trusted, see /etc/ssl/ca-global/README\n",
+		source => 'puppet:///modules/ssl/ca-certificates-global.conf',
 		notify  => Exec['refresh_ca_global_hashes'],
 	}
 
@@ -56,24 +60,21 @@ class ssl {
 		notify   => Exec['refresh_normal_hashes'],
 	}
 	file { '/etc/ssl/certs/README':
-		mode   => '0444',
-		source => 'puppet:///modules/ssl/README.certs',
+		ensure => absent,
 	}
 	file { '/etc/ssl/ca-debian':
 		ensure => directory,
 		mode   => '0755',
 	}
 	file { '/etc/ssl/ca-debian/README':
-		mode   => '0444',
-		source => 'puppet:///modules/ssl/README.ca-debian',
+		ensure => absent,
 	}
 	file { '/etc/ssl/ca-global':
 		ensure => directory,
 		mode   => '0755',
 	}
 	file { '/etc/ssl/ca-global/README':
-		mode   => '0444',
-		source => 'puppet:///modules/ssl/README.ca-global',
+		ensure => absent,
 	}
 	file { '/etc/ssl/debian':
 		ensure   => directory,