We need to trust an entire CA :(

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index d540571..8779279 100644 (file)
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -53,12 +53,11 @@ class buildd ($ensure=present) {
 
        if ($::lsbmajdistrelease >= 8) {
                file { '/etc/apt/apt.conf.d/puppet-https-buildd':
-                       ensure => absent,
+                       content => "Acquire::https::buildd.debian.org::CaInfo \"/usr/share/ca-certificates/mozilla/UTN_USERFirst_Hardware_Root_CA.crt\";\n",
                }
        } else {
                file { '/etc/apt/apt.conf.d/puppet-https-buildd':
                        content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/servicecerts/buildd.debian.org.crt\";\n",
-                       #require => File['/etc/ssl/certs/buildd.debian.org.crt']
                }
        }
        site::aptrepo { 'buildd.debian.org-proposed':