summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Micah Anderson [Fri, 1 Feb 2013 16:22:36 +0000 (11:22 -0500)]
provide an owner to x509::key, defaulting to root
Micah Anderson [Thu, 31 Jan 2013 23:26:21 +0000 (18:26 -0500)]
overriding the group in a define that isn't part of a class is difficult, so
instead of requiring you to do that if you wish to have an application to have
access to the key file, you can pass an alternate to the default group =
'ssl-cert'
Micah Anderson [Thu, 31 Jan 2013 23:13:25 +0000 (18:13 -0500)]
change permissions on key directory to allow for non-root applications access to
key files, if the application is in both the 'ssl-cert' group as well as its own
group (eg. 'imapd')
In this configuration you would override the key class to change the owner of
the installed key to be the group of the service (ie. 'imapd') and then the
application can read the key file.
This adjusts this module to adhere to the changes on http://wiki.debian.org/X.509
Micah Anderson [Tue, 27 Nov 2012 16:42:07 +0000 (11:42 -0500)]
remove dependency on openssl package
Micah Anderson [Tue, 27 Nov 2012 16:40:29 +0000 (11:40 -0500)]
missed one source -> content change
Micah Anderson [Mon, 26 Nov 2012 21:01:36 +0000 (16:01 -0500)]
fix incorrectly specifed openssl package
Micah Anderson [Mon, 26 Nov 2012 20:57:26 +0000 (15:57 -0500)]
fix incorrectly specified source param, should be content
Micah Anderson [Mon, 26 Nov 2012 20:48:06 +0000 (15:48 -0500)]
fix syntax error
Micah Anderson [Thu, 22 Nov 2012 20:44:48 +0000 (15:44 -0500)]
add more flexible source/content options
this makes it so you can do one of a few things:
1. pass no $content, or $source and the default will be taken (search path checking first
for site_x509/{CAs,keys,certs}/$::fqdn/${name}.crt, secondly for
site_x509/{CAs,keys,certs}/${name}.crt
2. pass $content, allowing you to specify templates etc.
3. pass $source, allowing you to specify any source you wish
Micah Anderson [Thu, 22 Nov 2012 20:23:34 +0000 (15:23 -0500)]
fix cert variable name
Micah Anderson [Thu, 22 Nov 2012 19:32:41 +0000 (14:32 -0500)]
Initial commit