From 2b0d83fb0bc4c70ab3d6c49169e7f8c6031ee8b1 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 12 Oct 2016 15:01:57 +0200
Subject: [PATCH] LE cert for buildd

---
 modules/roles/manifests/buildd_master.pp      |   2 +-
 .../ssl/files/chains/buildd.debian.org.crt    |   1 -
 .../files/servicecerts/buildd.debian.org.crt  | 118 ------------------
 3 files changed, 1 insertion(+), 120 deletions(-)
 delete mode 120000 modules/ssl/files/chains/buildd.debian.org.crt
 delete mode 100644 modules/ssl/files/servicecerts/buildd.debian.org.crt

diff --git a/modules/roles/manifests/buildd_master.pp b/modules/roles/manifests/buildd_master.pp
index 90e3810d8..7767ed132 100644
--- a/modules/roles/manifests/buildd_master.pp
+++ b/modules/roles/manifests/buildd_master.pp
@@ -1,7 +1,7 @@
 class roles::buildd_master {
 	ssl::service { 'buildd.debian.org':
 		notify  => Exec['service apache2 reload'],
-		tlsaport => 0,
+		key => true,
 	}
 
 	file { '/etc/ssh/userkeys/wb-buildd.more':
diff --git a/modules/ssl/files/chains/buildd.debian.org.crt b/modules/ssl/files/chains/buildd.debian.org.crt
deleted file mode 120000
index 50d224a83..000000000
--- a/modules/ssl/files/chains/buildd.debian.org.crt
+++ /dev/null
@@ -1 +0,0 @@
-GANDI-2-CA
\ No newline at end of file
diff --git a/modules/ssl/files/servicecerts/buildd.debian.org.crt b/modules/ssl/files/servicecerts/buildd.debian.org.crt
deleted file mode 100644
index c689749bc..000000000
--- a/modules/ssl/files/servicecerts/buildd.debian.org.crt
+++ /dev/null
@@ -1,118 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            1c:01:54:b6:46:26:04:bf:9a:ab:be:5a:02:2e:08:0c
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Dec 11 00:00:00 2015 GMT
-            Not After : Jan 20 23:59:59 2017 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, CN=buildd.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (3072 bit)
-                Modulus:
-                    00:d4:e0:c1:e7:6f:e0:ce:ee:71:cd:7e:b3:1d:88:
-                    50:3b:4b:44:7b:04:cf:0c:9f:9e:37:31:a6:9b:45:
-                    4d:f0:c8:6b:ba:4d:99:98:e1:c1:d1:6d:3b:7b:52:
-                    76:c2:4c:20:11:3e:19:1d:29:6f:46:9b:aa:02:05:
-                    40:a2:9b:7b:4a:17:27:0d:ff:2e:d1:17:dd:b3:d2:
-                    0d:28:f4:b0:0f:2f:8b:e2:9b:94:8e:f7:42:57:4b:
-                    55:43:8a:ee:5e:bc:5e:ae:fb:d7:ef:ce:ae:c3:88:
-                    a5:2a:ec:af:95:a9:e5:e0:d7:a6:6b:31:98:36:8b:
-                    ac:da:cd:2b:10:44:bd:be:eb:55:22:83:35:98:e8:
-                    7f:f3:38:30:6e:84:0b:17:09:64:9f:09:f5:5f:c6:
-                    98:03:6d:1e:61:85:5e:bf:6f:47:be:ae:42:c6:83:
-                    6a:94:42:2f:1a:42:9e:37:5e:33:bb:14:87:20:dc:
-                    e1:eb:33:20:65:db:94:57:21:9c:17:f2:37:83:4d:
-                    6f:e0:54:c1:23:4b:56:83:4c:81:05:e9:65:ea:37:
-                    98:db:2d:c5:3a:13:c9:5d:e5:4a:99:3a:b2:2a:0b:
-                    b5:25:42:6e:9d:45:95:8f:8f:d0:86:d5:46:7f:6b:
-                    a8:04:10:5c:3a:46:96:b6:de:94:44:e1:cd:e3:92:
-                    d6:cf:fa:4e:ea:c7:da:64:25:67:92:ed:2b:5d:42:
-                    cd:3c:2c:0c:74:8d:2e:53:6a:e0:61:6c:46:fc:be:
-                    16:e4:6f:7d:e9:6a:01:10:08:6b:4b:f0:f6:e6:d1:
-                    83:72:08:9f:df:56:e1:86:ba:27:cc:e4:75:8b:2e:
-                    a7:a7:46:ad:db:25:5e:a3:35:b0:62:14:9e:10:5f:
-                    ff:da:1f:cf:f4:01:17:12:9e:ef:81:5c:9d:51:02:
-                    46:08:f2:4a:d0:4e:7e:24:ef:d4:79:97:b8:35:9e:
-                    4f:57:59:fd:3d:b3:1f:94:79:2c:d5:ee:85:4d:07:
-                    e3:84:c3:01:6a:3c:f8:17:e1:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                3A:84:A3:24:6A:49:E9:C8:E1:60:F8:13:73:06:49:2F:24:A3:C0:F6
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:buildd.debian.org, DNS:www.buildd.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         1d:0c:c7:fd:e3:28:ff:aa:85:51:4d:45:0b:e7:cb:ce:61:34:
-         fb:7a:08:00:cc:b9:c0:d2:89:88:53:c5:73:1a:be:09:27:8e:
-         d9:9f:9c:cd:63:90:fa:08:6a:1d:bc:b1:83:2c:2e:2f:42:15:
-         0c:71:a1:9c:29:cb:75:af:57:f3:b7:89:67:cf:1d:fd:a0:64:
-         d7:8f:0b:bc:ce:84:a7:c0:14:83:db:88:4f:dd:32:c6:a8:69:
-         cc:4f:12:39:b1:34:62:6e:e3:18:dc:f7:1f:66:02:b4:9f:d1:
-         aa:a9:94:5f:b8:20:4b:34:71:73:60:4c:fd:b1:69:06:3b:c5:
-         5d:cd:36:f1:a0:19:a1:5b:a5:63:41:f2:fd:e3:2c:20:82:41:
-         79:7f:7d:8a:c7:13:ee:98:d5:7f:f1:73:6b:32:bb:83:dc:a1:
-         2e:24:ca:a2:1e:8d:ca:63:ad:40:3a:df:06:c1:6e:45:75:d9:
-         d2:90:d5:c0:3c:b4:c7:e7:fb:04:5a:42:a3:36:c2:c8:50:ee:
-         56:7f:dd:d9:1f:9d:64:92:af:94:8d:f8:1e:3e:6b:ed:1f:59:
-         d9:b5:86:b8:73:6e:6a:7d:6c:9e:cb:41:c4:f5:ba:ca:ae:91:
-         ab:46:d7:63:04:c7:46:aa:3b:04:bb:37:7a:c5:6c:09:53:08:
-         da:cd:42:13
------BEGIN CERTIFICATE-----
-MIIFgjCCBGqgAwIBAgIQHAFUtkYmBL+aq75aAi4IDDANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTUxMjExMDAwMDAwWhcNMTcwMTIwMjM1OTU5WjBcMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT
-TDEaMBgGA1UEAxMRYnVpbGRkLmRlYmlhbi5vcmcwggGiMA0GCSqGSIb3DQEBAQUA
-A4IBjwAwggGKAoIBgQDU4MHnb+DO7nHNfrMdiFA7S0R7BM8Mn543MaabRU3wyGu6
-TZmY4cHRbTt7UnbCTCARPhkdKW9Gm6oCBUCim3tKFycN/y7RF92z0g0o9LAPL4vi
-m5SO90JXS1VDiu5evF6u+9fvzq7DiKUq7K+VqeXg16ZrMZg2i6zazSsQRL2+61Ui
-gzWY6H/zODBuhAsXCWSfCfVfxpgDbR5hhV6/b0e+rkLGg2qUQi8aQp43XjO7FIcg
-3OHrMyBl25RXIZwX8jeDTW/gVMEjS1aDTIEF6WXqN5jbLcU6E8ld5UqZOrIqC7Ul
-Qm6dRZWPj9CG1UZ/a6gEEFw6Rpa23pRE4c3jktbP+k7qx9pkJWeS7StdQs08LAx0
-jS5TauBhbEb8vhbkb33pagEQCGtL8Pbm0YNyCJ/fVuGGuifM5HWLLqenRq3bJV6j
-NbBiFJ4QX//aH8/0ARcSnu+BXJ1RAkYI8krQTn4k79R5l7g1nk9XWf09sx+UeSzV
-7oVNB+OEwwFqPPgX4c0CAwEAAaOCAbswggG3MB8GA1UdIwQYMBaAFLOQp9jJr07N
-YTyffK1df0H9aTDqMB0GA1UdDgQWBBQ6hKMkaknpyOFg+BNzBkkvJKPA9jAOBgNV
-HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIB
-FhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4
-MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNT
-TENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0
-LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUH
-MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wMwYDVR0RBCwwKoIRYnVpbGRk
-LmRlYmlhbi5vcmeCFXd3dy5idWlsZGQuZGViaWFuLm9yZzANBgkqhkiG9w0BAQsF
-AAOCAQEAHQzH/eMo/6qFUU1FC+fLzmE0+3oIAMy5wNKJiFPFcxq+CSeO2Z+czWOQ
-+ghqHbyxgywuL0IVDHGhnCnLda9X87eJZ88d/aBk148LvM6Ep8AUg9uIT90yxqhp
-zE8SObE0Ym7jGNz3H2YCtJ/RqqmUX7ggSzRxc2BM/bFpBjvFXc028aAZoVulY0Hy
-/eMsIIJBeX99iscT7pjVf/FzazK7g9yhLiTKoh6NymOtQDrfBsFuRXXZ0pDVwDy0
-x+f7BFpCozbCyFDuVn/d2R+dZJKvlI34Hj5r7R9Z2bWGuHNuan1snstBxPW6yq6R
-q0bXYwTHRqo7BLs3esVsCVMI2s1CEw==
------END CERTIFICATE-----
-- 
2.20.1