From 90ed72586f37f196710c93390d6a6caac0033223 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 15 Jul 2018 10:56:30 +0200
Subject: [PATCH] and use template after setting var

---
 modules/ssl/manifests/init.pp                 | 11 ++++++-----
 modules/ssl/templates/local-ssl-ca-global.erb |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 21e51e614..ee8306772 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -35,11 +35,6 @@ class ssl {
 		notify  => Exec['refresh_ca_global_hashes'],
 	}
 
-	file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
-		mode   => '0444',
-		content => template('ssl/local-ssl-ca-global.erb'),
-	}
-
 	file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
 		ensure => absent,
 		notify => Exec['refresh_normal_hashes'],
@@ -145,6 +140,12 @@ class ssl {
 		$updatecacerts = $updatecacertsdsa
 	}
 
+	file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
+		mode   => '0444',
+		content => template('ssl/local-ssl-ca-global.erb'),
+	}
+
+
 	exec { 'refresh_debian_hashes':
 		command     => 'c_rehash /etc/ssl/debian/certs',
 		refreshonly => true,
diff --git a/modules/ssl/templates/local-ssl-ca-global.erb b/modules/ssl/templates/local-ssl-ca-global.erb
index c5a7f2c2f..9e6e45750 100644
--- a/modules/ssl/templates/local-ssl-ca-global.erb
+++ b/modules/ssl/templates/local-ssl-ca-global.erb
@@ -2,5 +2,5 @@ DPkg::Pre-Install-Pkgs {
   "if grep -q '/ca-certificates_.*\.deb$' ; then touch /run/dsa-ca-certificates-global ; fi";
 };
 DPkg::Post-Invoke {
-  "if [ -e /run/dsa-ca-certificates-global ] && [ -e \"<%= @updatecacerts %>" ] ; then \"<%= @updatecacerts %>\" --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null ; rm -f /run/dsa-ca-certificates-global ; fi";
+  "if [ -e /run/dsa-ca-certificates-global ] && [ -e \"<%= @updatecacerts %>\" ] ; then \"<%= @updatecacerts %>\" --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null ; rm -f /run/dsa-ca-certificates-global ; fi";
 };
-- 
2.20.1