file { '/etc/ssl/servicecerts':
ensure => directory,
source => 'puppet:///modules/ssl/servicecerts/',
- mode => '0644',
+ mode => '0644', # this works; otherwise all files are +x
purge => true,
recurse => true,
force => true,
file { '/etc/ssl/debian':
ensure => directory,
source => 'puppet:///files/empty/',
- mode => '0644',
+ mode => '0644', # this works; otherwise all files are +x
purge => true,
recurse => true,
force => true,
notify => Exec['refresh_normal_hashes'], # see NOTE 1
}
exec { 'modify_configuration':
- command => "sed -i -e 's#!${cacert}#${cacert}' ${caconf}",
+ command => "sed -i -e 's#!${cacert}#${cacert}#' ${caconf}",
onlyif => "grep -Fqx '!${cacert}' ${caconf}",
notify => Exec['refresh_normal_hashes'],
require => Package['ca-certificates'],
}
exec { 'refresh_debian_hashes':
+ command => 'c_rehash /etc/ssl/debian/certs',
refreshonly => true,
require => Package['openssl'],
}