Move ca-certificates configs to puppet files for maintainability.

author Paul Wise <pabs@debian.org>

Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)

committer Paul Wise <pabs@debian.org>

Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)
author Paul Wise <pabs@debian.org>
Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)
committer Paul Wise <pabs@debian.org>
Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)
diff --git a/modules/ssl/files/ca-certificates-debian.conf b/modules/ssl/files/ca-certificates-debian.conf

new file mode 100644 (file)

index 0000000..32b243c
--- /dev/null
+++ b/modules/ssl/files/ca-certificates-debian.conf
@@ -0,0 +1,5 @@
+# This file is under puppet control
+# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README
+mozilla/AddTrust_External_Root.crt
+mozilla/UTN_USERFirst_Hardware_Root_CA.crt
+spi-inc.org/spi-cacert-2008.crt
diff --git a/modules/ssl/files/ca-certificates-global.conf b/modules/ssl/files/ca-certificates-global.conf

new file mode 100644 (file)

index 0000000..684221b
--- /dev/null
+++ b/modules/ssl/files/ca-certificates-global.conf
@@ -0,0 +1,2 @@
+# This file is under puppet control
+# All CAs are trusted, see /etc/ssl/ca-global/README
diff --git a/modules/ssl/files/ca-certificates.conf b/modules/ssl/files/ca-certificates.conf

new file mode 100644 (file)

index 0000000..ffe52bb
--- /dev/null
+++ b/modules/ssl/files/ca-certificates.conf
@@ -0,0 +1,2 @@
+# This file is under puppet control
+# Only debian.org service certs are trusted, see /etc/ssl/certs/README
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp

index 0ae64aa..17d0285 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -12,16 +12,16 @@ class ssl {
         }
  
         file { '/etc/ca-certificates.conf':
-               content => "# This file is under puppet control\n# Only debian.org service certs are trusted, see /etc/ssl/certs/README\n",
+               source => 'puppet:///modules/ssl/ca-certificates.conf',
                 notify  => Exec['refresh_normal_hashes'],
         }
         file { '/etc/ca-certificates-debian.conf':
                 mode    => '0444',
-               content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\nmozilla/UTN_USERFirst_Hardware_Root_CA.crt\nspi-inc.org/spi-cacert-2008.crt\n",
+               source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
                 notify  => Exec['refresh_ca_debian_hashes'],
         }
         file { '/etc/ca-certificates-global.conf':
-               content => "# This file is under puppet control\n# All CAs are trusted, see /etc/ssl/ca-global/README\n",
+               source => 'puppet:///modules/ssl/ca-certificates-global.conf',
                 notify  => Exec['refresh_ca_global_hashes'],
         }
author	Paul Wise <pabs@debian.org>
	Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)
committer	Paul Wise <pabs@debian.org>
	Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)
modules/ssl/files/ca-certificates-debian.conf	[new file with mode: 0644]	patch \| blob
modules/ssl/files/ca-certificates-global.conf	[new file with mode: 0644]	patch \| blob
modules/ssl/files/ca-certificates.conf	[new file with mode: 0644]	patch \| blob
modules/ssl/manifests/init.pp		patch \| blob \| history