Use update-ca-certificates to update ca-global on stretch and later

[mirror/dsa-puppet.git] / modules / ssl / templates / local-ssl-ca-global.erb

diff --git a/modules/ssl/templates/local-ssl-ca-global.erb b/modules/ssl/templates/local-ssl-ca-global.erb
new file mode 100644 (file)
index 0000000..8d6a8f3
--- /dev/null
+++ b/modules/ssl/templates/local-ssl-ca-global.erb
@@ -0,0 +1,6 @@
+DPkg::Pre-Install-Pkgs {
+  "if grep -q '/ca-certificates_.*\.deb$' ; then touch /run/dsa-ca-certificates-global ; fi";
+};
+DPkg::Post-Invoke {
+  "if [ -e /run/dsa-ca-certificates-global ] && [ -e \"<?= @updatecacerts %>" ] ; then \"<?= @updatecacerts %>\" --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null ; rm -f /run/dsa-ca-certificates-global ; fi";
+};