X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssl%2Fmanifests%2Finit.pp;h=bc4ae9f095159068ea2cec74d1a011b367ca873e;hb=95f18880c7ec083620b8fb1653452ee79578385f;hp=c9fbbf3613cfa4f3d114a7403572c50608380566;hpb=c725fa2e2967a0df0dbb6c9299c44a9448a5a9ba;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index c9fbbf361..bc4ae9f09 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -16,7 +16,7 @@ class ssl {
 	file { '/etc/ssl/servicecerts':
 		ensure   => directory,
 		source   => 'puppet:///modules/ssl/servicecerts/',
-		mode     => '0644',
+		mode     => '0644', # this works; otherwise all files are +x
 		purge    => true,
 		recurse  => true,
 		force    => true,
@@ -25,7 +25,7 @@ class ssl {
 	file { '/etc/ssl/debian':
 		ensure   => directory,
 		source   => 'puppet:///files/empty/',
-		mode     => '0644',
+		mode     => '0644', # this works; otherwise all files are +x
 		purge    => true,
 		recurse  => true,
 		force    => true,
@@ -85,16 +85,15 @@ class ssl {
 		notify      => Exec['refresh_normal_hashes'], # see NOTE 1
 	}
 	exec { 'modify_configuration':
-		command     => "sed -i -e 's#!${cacert}#${cacert}' ${caconf}",
+		command     => "sed -i -e 's#!${cacert}#${cacert}#' ${caconf}",
 		onlyif      => "grep -Fqx '!${cacert}' ${caconf}",
 		notify      => Exec['refresh_normal_hashes'],
 		require     => Package['ca-certificates'],
 	}
 	exec { 'refresh_debian_hashes':
-		command     => '/usr/bin/c_rehash .',
-		cwd         => '/etc/ssl/debian/certs',
+		command     => 'c_rehash /etc/ssl/debian/certs',
 		refreshonly => true,
-		require     => Package['openssl']
+		require     => Package['openssl'],
 	}
 	exec { 'refresh_normal_hashes':
 		# NOTE 1: always use update-ca-certificates to manage hashes in