- }
-
- exec { 'modify_ca_certificates_conf':
- command => 'sed -i -e \'s#!mozilla/UTN_USERFirst_Hardware_Root_CA.crt#mozilla/UTN_USERFirst_Hardware_Root_CA.crt#\' /etc/ca-certificates.conf',
- cwd => '/etc/ssl/certs',
- onlyif => 'grep -Fqx \'!mozilla/UTN_USERFirst_Hardware_Root_CA.crt\' /etc/ca-certificates.conf',
- notify => Exec['update_ca_certificates']
- }
- exec { 'update_ca_certificates':
- command => '/usr/sbin/update-ca-certificates',
- cwd => '/etc/ssl/certs',
- refreshonly => true
+ require => Package['openssl']
+ }
+ exec { 'refresh_normal_hashes':
+ # NOTE 1: always use update-ca-certificates to manage hashes in
+ # /etc/ssl/certs otherwise /etc/ssl/ca-certificates.crt will
+ # get a hash overriding the hash that would have been generated
+ # for another certificate ... which is problem, comrade
+ # NOTE 2: always ask update-ca-certificates to freshen (-f) the links
+ command => '/usr/sbin/update-ca-certificates -f',
+ refreshonly => true,
+ require => Package['ca-certificates'],