Get rid of /etc/ssl/servicecerts

author Julien Cristau <jcristau@debian.org>

Fri, 13 Apr 2018 11:29:00 +0000 (13:29 +0200)

committer Julien Cristau <jcristau@debian.org>

Fri, 13 Apr 2018 11:29:00 +0000 (13:29 +0200)
author Julien Cristau <jcristau@debian.org>
Fri, 13 Apr 2018 11:29:00 +0000 (13:29 +0200)
committer Julien Cristau <jcristau@debian.org>
Fri, 13 Apr 2018 11:29:00 +0000 (13:29 +0200)
diff --git a/modules/ssl/files/servicecerts/star.alioth.debian.org.crt b/modules/ssl/files/servicecerts/star.alioth.debian.org.crt

deleted file mode 100644 (file)

index ec3f230..0000000
--- a/modules/ssl/files/servicecerts/star.alioth.debian.org.crt
+++ /dev/null
@@ -1,107 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            4e:a8:2d:0b:8c:8b:42:d1:bf:c1:06:1d:c9:72:09:82
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
-        Validity
-            Not Before: Apr 14 00:00:00 2016 GMT
-            Not After : Apr 26 23:59:59 2018 GMT
-        Subject: OU=Domain Control Validated, OU=Gandi Standard Wildcard SSL, CN=*.alioth.debian.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
-                    00:f1:86:fa:35:d6:ce:e5:de:28:89:91:5a:44:c5:
-                    cb:39:be:50:12:d0:9d:0e:64:c9:2e:d7:f7:a0:4d:
-                    b1:d5:17:41:6e:03:c5:0d:ff:fc:2d:90:b3:f4:29:
-                    ad:17:8f:06:e4:fd:6c:06:85:3e:fb:6f:33:e5:a9:
-                    b3:ed:da:f0:49:83:18:a9:74:1f:5d:97:a7:b9:63:
-                    43:61:72:8d:26:c2:78:48:b6:e7:20:4d:13:d2:d6:
-                    0e:f3:a0:12:bc:87:8d:6c:e4:c9:0a:07:01:d0:7c:
-                    65:83:36:de:cb:d9:a6:f6:3d:57:2a:dc:47:e4:46:
-                    db:00:14:e9:f9:7f:34:78:9f:fc:68:e1:e1:8b:02:
-                    c9:ef:69:c8:0b:0d:88:e1:63:72:aa:95:16:ed:27:
-                    c7:46:e8:32:47:ea:31:4a:d7:0c:91:25:29:71:f0:
-                    9b:1a:fe:e6:ef:f3:43:49:07:11:81:9e:51:f7:82:
-                    a0:3c:63:a5:de:04:bf:02:81:18:0d:a2:b7:ed:5d:
-                    93:ab:9e:27:78:9d:b2:4b:e6:d5:be:5a:c5:78:61:
-                    a0:6f:f2:9c:c2:5e:60:00:83:ef:1e:16:3c:08:3d:
-                    54:ae:af:0f:6d:77:aa:d3:d1:4e:2b:d5:99:6a:59:
-                    0b:9e:20:de:a5:d4:1f:f9:cc:3c:31:29:c5:e2:e5:
-                    06:91
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
-
-            X509v3 Subject Key Identifier: 
-                DD:63:45:F1:50:22:68:E9:D9:D3:4D:83:F7:A5:EC:02:81:53:A4:E3
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6449.1.2.2.26
-                  CPS: https://cps.usertrust.com
-                Policy: 2.23.140.1.2.1
-
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
-
-            Authority Information Access: 
-                CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
-                OCSP - URI:http://ocsp.usertrust.com
-
-            X509v3 Subject Alternative Name: 
-                DNS:*.alioth.debian.org, DNS:alioth.debian.org
-    Signature Algorithm: sha256WithRSAEncryption
-         62:5b:e6:aa:0e:3e:79:08:89:5b:13:41:19:fe:1b:c0:e4:86:
-         f7:db:fb:fe:a6:4c:c3:61:22:41:19:81:ae:a3:61:18:b4:2d:
-         e1:98:a2:3b:f7:b9:ca:7a:49:bb:8b:a8:aa:e1:51:78:96:40:
-         58:52:4c:91:de:9e:fb:0e:dc:19:84:29:e2:4b:19:36:ae:9c:
-         76:87:17:4a:57:7b:40:44:00:8d:f4:ba:42:46:f7:ec:79:de:
-         ff:f2:f8:22:fa:d2:c4:cb:3a:e9:ce:b4:7c:6c:80:15:0f:a6:
-         98:d5:84:c8:9d:f7:68:bb:01:77:5a:70:76:eb:16:33:6d:d2:
-         58:aa:b0:e8:f4:01:2b:5c:4c:26:82:bd:80:2f:26:76:4b:31:
-         5a:ef:a8:3a:1a:d3:60:d0:83:3f:83:5e:c3:00:46:1e:6c:4c:
-         f9:09:fc:7f:f8:da:47:dc:cf:7a:59:75:63:c8:13:63:2d:99:
-         9d:81:b1:b5:96:64:73:c2:fe:d3:83:dd:8a:67:59:f6:eb:0f:
-         16:4a:e7:93:56:ef:ff:68:c7:c1:2b:29:7e:51:f0:5d:a8:7c:
-         90:d8:e5:71:fe:d4:7e:ed:17:71:a5:18:64:fd:a1:d3:eb:84:
-         67:21:e1:94:b6:0a:ad:80:0c:33:6c:ce:25:ae:21:6c:bf:2b:
-         eb:4d:38:f1
------BEGIN CERTIFICATE-----
-MIIFCzCCA/OgAwIBAgIQTqgtC4yLQtG/wQYdyXIJgjANBgkqhkiG9w0BAQsFADBf
-MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
-DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
-HhcNMTYwNDE0MDAwMDAwWhcNMTgwNDI2MjM1OTU5WjBnMSEwHwYDVQQLExhEb21h
-aW4gQ29udHJvbCBWYWxpZGF0ZWQxJDAiBgNVBAsTG0dhbmRpIFN0YW5kYXJkIFdp
-bGRjYXJkIFNTTDEcMBoGA1UEAwwTKi5hbGlvdGguZGViaWFuLm9yZzCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPGG+jXWzuXeKImRWkTFyzm+UBLQnQ5k
-yS7X96BNsdUXQW4DxQ3//C2Qs/QprRePBuT9bAaFPvtvM+Wps+3a8EmDGKl0H12X
-p7ljQ2FyjSbCeEi25yBNE9LWDvOgEryHjWzkyQoHAdB8ZYM23svZpvY9VyrcR+RG
-2wAU6fl/NHif/Gjh4YsCye9pyAsNiOFjcqqVFu0nx0boMkfqMUrXDJElKXHwmxr+
-5u/zQ0kHEYGeUfeCoDxjpd4EvwKBGA2it+1dk6ueJ3idskvm1b5axXhhoG/ynMJe
-YACD7x4WPAg9VK6vD213qtPRTivVmWpZC54g3qXUH/nMPDEpxeLlBpECAwEAAaOC
-AbkwggG1MB8GA1UdIwQYMBaAFLOQp9jJr07NYTyffK1df0H9aTDqMB0GA1UdDgQW
-BBTdY0XxUCJo6dnTTYP3pewCgVOk4zAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2
-BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1
-c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnVz
-ZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEE
-ZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlT
-dGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0
-cnVzdC5jb20wMQYDVR0RBCowKIITKi5hbGlvdGguZGViaWFuLm9yZ4IRYWxpb3Ro
-LmRlYmlhbi5vcmcwDQYJKoZIhvcNAQELBQADggEBAGJb5qoOPnkIiVsTQRn+G8Dk
-hvfb+/6mTMNhIkEZga6jYRi0LeGYojv3ucp6SbuLqKrhUXiWQFhSTJHenvsO3BmE
-KeJLGTaunHaHF0pXe0BEAI30ukJG9+x53v/y+CL60sTLOunOtHxsgBUPppjVhMid
-92i7AXdacHbrFjNt0liqsOj0AStcTCaCvYAvJnZLMVrvqDoa02DQgz+DXsMARh5s
-TPkJ/H/42kfcz3pZdWPIE2MtmZ2BsbWWZHPC/tOD3YpnWfbrDxZK55NW7/9ox8Er
-KX5R8F2ofJDY5XH+1H7tF3GlGGT9odPrhGch4ZS2Cq2ADDNsziWuIWy/K+tNOPE=
------END CERTIFICATE-----
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp

index a63f8f7..f16e6fd 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -51,11 +51,7 @@ class ssl {
         }
  
         file { '/etc/ssl/servicecerts':
-               ensure   => link,
-               purge    => true,
-               force    => true,
-               target   => '/usr/local/share/ca-certificates/debian.org',
-               notify   => Exec['retire_debian_links'],
+               ensure   => absent,
         }
  
         file { '/usr/local/share/ca-certificates/debian.org':
@@ -153,12 +149,6 @@ class ssl {
                 $updatecacerts = $updatecacertsdsa
         }
  
-       exec { 'retire_debian_links':
-               command     => 'find -lname "../servicecerts/*" -exec rm {} +',
-               cwd         => '/etc/ssl/certs',
-               refreshonly => true,
-               notify      => Exec['refresh_normal_hashes'],
-       }
         exec { 'refresh_debian_hashes':
                 command     => 'c_rehash /etc/ssl/debian/certs',
                 refreshonly => true,
author	Julien Cristau <jcristau@debian.org>
	Fri, 13 Apr 2018 11:29:00 +0000 (13:29 +0200)
committer	Julien Cristau <jcristau@debian.org>
	Fri, 13 Apr 2018 11:29:00 +0000 (13:29 +0200)
modules/ssl/files/servicecerts/star.alioth.debian.org.crt	[deleted file]	patch \| blob \| history
modules/ssl/manifests/init.pp		patch \| blob \| history