file=/etc/ferm/conf.d/me.conf
file=/etc/ferm/conf.d/defs.conf
file=/etc/ferm/ferm.conf
+file=/etc/ssl/README
dir=2/etc/ssl/debian
dir=1/etc/ssl/certs
dir=1/etc/ssl/ca-debian
--- /dev/null
+/------------------------------------------------------------------------------
+| /etc/ssl/certs
+
+The purpose of this directory is to allow verification of service certificates
+for debian.org services by software that is able to properly verify service
+certificates that are available in the default certificate store.
+
+Please *use it* in preference to other certificate stores when possible.
+
+/------------------------------------------------------------------------------
+| /etc/ssl/ca-debian
+
+This directory contains the certificate(s) for the certificate authorities
+that have signed current service certificates for debian.org services.
+
+The purpose of this directory is to allow verification of service certificates
+for debian.org services by software that is unable to properly verify service
+certificates that are available in the default certificate store.
+
+Please *do not* use it for verification of debian.org service certificates
+unless the software you are using is buggy and there is no other alternative.
+Please *file bugs* on any software that you find that needs to use this
+directory and usertag those bugs using this bts command:
+
+bts user debian-admin@lists.debian.org , usertags 123456 + needed-by-DSA-Team
+
+/------------------------------------------------------------------------------
+| /etc/ssl/ca-global
+
+This directory contains all of the certificates for certificate authorities
+trusted by the ca-certificates Debian package, which is mostly a copy
+of the certificates trusted by the Mozilla certificate store.
+
+The purpose of this directory is to allow verification of certificates from
+a wide variety of external services on the global Internet that could
+change their certificate at any time and could change their certificate
+signing authority at any time.
+
+Please *do not* use it for verification of debian.org service certificates.
+
+Please *do not* use it for verification of certificates when pinning to a
+specific service certificate or certificate authority is a viable option.
+This directory *only* contains the certificate(s) for the current service
+certificates for debian.org services.
+++ /dev/null
-This directory contains the certificate(s) for the certificate authorities
-that have signed current service certificates for debian.org services.
-
-The purpose of this directory is to allow verification of service certificates
-for debian.org services by software that is unable to properly verify service
-certificates that are available in the default certificate store.
-
-Please *do not* use it for verification of debian.org service certificates
-unless the software you are using is buggy and there is no other alternative.
-Please *file bugs* on any software that you find that needs to use this
-directory and usertag those bugs using this bts command:
-
-bts user debian-admin@lists.debian.org , usertags 123456 + needed-by-DSA-Team
+++ /dev/null
-This directory contains all of the certificates for certificate authorities
-trusted by the ca-certificates Debian package, which is mostly a copy
-of the certificates trusted by the Mozilla certificate store.
-
-The purpose of this directory is to allow verification of certificates from
-a wide variety of external services on the global Internet that could
-change their certificate at any time and could change their certificate
-signing authority at any time.
-
-Please *do not* use it for verification of debian.org service certificates.
-
-Please *do not* use it for verification of certificates when pinning to a
-specific service certificate or certificate authority is a viable option.
+++ /dev/null
-This directory *only* contains the certificate(s) for the current service
-certificates for debian.org services.
-
-The purpose of this directory is to allow verification of service certificates
-for debian.org services by software that is able to properly verify service
-certificates that are available in the default certificate store.
-
-Please *use it* in preference to other certificate stores when possible.
ensure => installed,
}
+ file { '/etc/ssl/README':
+ mode => '0444',
+ source => 'puppet:///modules/ssl/README',
+ }
file { '/etc/ca-certificates.conf':
source => 'puppet:///modules/ssl/ca-certificates.conf',
notify => Exec['refresh_normal_hashes'],
notify => Exec['refresh_normal_hashes'],
}
file { '/etc/ssl/certs/README':
- mode => '0444',
- source => 'puppet:///modules/ssl/README.certs',
+ ensure => absent,
}
file { '/etc/ssl/ca-debian':
ensure => directory,
mode => '0755',
}
file { '/etc/ssl/ca-debian/README':
- mode => '0444',
- source => 'puppet:///modules/ssl/README.ca-debian',
+ ensure => absent,
}
file { '/etc/ssl/ca-global':
ensure => directory,
mode => '0755',
}
file { '/etc/ssl/ca-global/README':
- mode => '0444',
- source => 'puppet:///modules/ssl/README.ca-global',
+ ensure => absent,
}
file { '/etc/ssl/debian':
ensure => directory,
projects / mirror / dsa-puppet.git / commitdiff