+ require => Package['openssl']
+ }
+ exec { 'refresh_normal_hashes':
+ # NOTE 1: always use update-ca-certificates to manage hashes in
+ # /etc/ssl/certs otherwise /etc/ssl/ca-certificates.crt will
+ # get a hash overriding the hash that would have been generated
+ # for another certificate ... which is problem, comrade
+ # NOTE 2: always ask update-ca-certificates to freshen (-f) the links
+ command => '/usr/sbin/update-ca-certificates -f',
+ refreshonly => true,
+ require => Package['ca-certificates'],