-
-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactors (ready for review) #81
Changes from all commits
654913a
8d1312b
08e52e0
843bbeb
7a2ab4a
083b731
0049e4e
183df36
b7e15fc
77d05d0
cddd3cf
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
--- | ||
spec/spec_helper.rb: | ||
hiera_config: spec/fixtures/hiera.yaml | ||
coverage_report: true | ||
minimum_code_coverage_percentage: 100 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
ca_cert::supported: true | ||
ca_cert::trusted_cert_dir: '/var/ssl/certs' | ||
ca_cert::update_cmd: '/usr/bin/c_rehash' | ||
ca_cert::cert_dir_group: 'system' | ||
ca_cert::cert_dir_mode: '0755' | ||
ca_cert::package_name: 'ca-certificates' | ||
ca_cert::ca::ca_file_group: 'system' | ||
ca_cert::ca::ca_file_mode: '0644' | ||
ca_cert::ca::ca_file_extension: 'crt' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
ca_cert::supported: true | ||
ca_cert::trusted_cert_dir: '/etc/ca-certificates/trust-source/anchors/' | ||
ca_cert::distrusted_cert_dir: '/etc/ca-certificates/trust-source/blacklist' | ||
ca_cert::update_cmd: 'trust extract-compat' | ||
ca_cert::cert_dir_group: 'root' | ||
ca_cert::cert_dir_mode: '0755' | ||
ca_cert::package_name: 'ca-certificates' | ||
ca_cert::ca::ca_file_group: 'root' | ||
ca_cert::ca::ca_file_mode: '0644' | ||
ca_cert::ca::ca_file_extension: 'crt' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
ca_cert::supported: true | ||
ca_cert::trusted_cert_dir: '/usr/local/share/ca-certificates' | ||
ca_cert::update_cmd: 'update-ca-certificates' | ||
ca_cert::cert_dir_group: 'staff' | ||
ca_cert::cert_dir_mode: '2665' | ||
ca_cert::package_name: 'ca-certificates' | ||
ca_cert::ca::ca_file_group: 'root' | ||
ca_cert::ca::ca_file_mode: '0444' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why not 0644 as default? Fresh debian container once more:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
I'd be fine with 0644 or 0444, but I think we often use 0444 as a way to show that the files are puppet-managed and shouldn't be manually edited. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I was just referring to |
||
ca_cert::ca::ca_file_extension: 'crt' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
ca_cert::supported: true | ||
ca_cert::trusted_cert_dir: '/etc/pki/ca-trust/source/anchors' | ||
ca_cert::distrusted_cert_dir: '/etc/pki/ca-trust/source/blacklist' | ||
ca_cert::update_cmd: 'update-ca-trust extract' | ||
ca_cert::cert_dir_group: 'root' | ||
ca_cert::cert_dir_mode: '0755' | ||
ca_cert::ca::ca_file_group: 'root' | ||
ca_cert::ca::ca_file_mode: '0644' | ||
ca_cert::ca::ca_file_extension: 'crt' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
ca_cert::trusted_cert_dir: '/etc/certs/CA/' | ||
ca_cert::update_cmd: '/usr/sbin/svcadm restart /system/ca-certificates' | ||
ca_cert::cert_dir_group: 'sys' | ||
ca_cert::cert_dir_mode: '0755' | ||
ca_cert::package_name: 'ca-certificates' | ||
ca_cert::ca::ca_file_group: 'root' | ||
ca_cert::ca::ca_file_mode: '0444' | ||
ca_cert::ca::ca_file_extension: 'pem' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
ca_cert::supported: true |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
ca_cert::supported: true | ||
ca_cert::trusted_cert_dir: '/etc/pki/trust/anchors' | ||
ca_cert::distrusted_cert_dir: '/etc/pki/trust/blacklist' | ||
ca_cert::update_cmd: 'update-ca-certificates' | ||
ca_cert::cert_dir_group: 'root' | ||
ca_cert::cert_dir_mode: '0755' | ||
ca_cert::package_name: 'ca-certificates' | ||
ca_cert::ca::ca_file_group: 'root' | ||
ca_cert::ca::ca_file_mode: '0644' | ||
ca_cert::ca::ca_file_extension: 'crt' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
ca_cert::trusted_cert_dir: '/etc/ssl/certs' | ||
ca_cert::update_cmd: 'c_rehash' | ||
ca_cert::package_name: 'openssl-certs' | ||
ca_cert::ca::ca_file_extension: 'pem' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
ca_cert::trusted_cert_dir: '/etc/ssl/certs' | ||
ca_cert::update_cmd: 'c_rehash' | ||
ca_cert::package_name: 'openssl-certs' | ||
ca_cert::ca::ca_file_extension: 'pem' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
ca_cert::supported: true | ||
ca_cert::trusted_cert_dir: '/usr/local/share/ca-certificates' | ||
ca_cert::update_cmd: 'update-ca-certificates' | ||
ca_cert::cert_dir_group: 'staff' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why
|
||
ca_cert::cert_dir_mode: '0755' | ||
ca_cert::package_name: 'ca-certificates' | ||
ca_cert::ca::ca_file_group: 'root' | ||
ca_cert::ca::ca_file_mode: '0444' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same reasoning as for Debian. See no reason why this should default to 0444 .. |
||
ca_cert::ca::ca_file_extension: 'crt' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
version: 5 | ||
|
||
defaults: # Used for any hierarchy level that omits these keys. | ||
datadir: data # This path is relative to hiera.yaml's directory. | ||
data_hash: yaml_data # Use the built-in YAML backend. | ||
|
||
hierarchy: | ||
- name: "osfamily/major release" | ||
paths: | ||
# Used to distinguish between Debian and Ubuntu | ||
- "os/%{facts.os.name}/%{facts.os.release.major}.yaml" | ||
- "os/%{facts.os.family}/%{facts.os.release.major}.yaml" | ||
# Used for Solaris | ||
- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" | ||
- name: "osfamily" | ||
paths: | ||
- "os/%{facts.os.name}.yaml" | ||
- "os/%{facts.os.family}.yaml" | ||
- name: 'common' | ||
path: 'common.yaml' |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where does this default come from?
On a fresh install of ca-certificates in
amd/debian:10
,amd/debian:11
andamd/debian:12
containers the default is