From b0a80e7f0dac8abdca32d057452ace7557c9ec67 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Thu, 31 Jan 2013 18:13:25 -0500
Subject: change permissions on key directory to allow for non-root
 applications access to key files, if the application is in both the
 'ssl-cert' group as well as its own group (eg. 'imapd')

In this configuration you would override the key class to change the owner of
the installed key to be the group of the service (ie. 'imapd') and then the
application can read the key file.

This adjusts this module to adhere to the changes on http://wiki.debian.org/X.509
---
 manifests/base.pp | 2 +-
 manifests/key.pp  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/base.pp b/manifests/base.pp
index 59d9259..b88cce6 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -20,7 +20,7 @@ class x509::base {
 
     $x509::variables::keys:
       ensure  => directory,
-      mode    => '0700',
+      mode    => '0750',
       owner   => root,
       group   => ssl-cert;
 
diff --git a/manifests/key.pp b/manifests/key.pp
index 5060793..79031f5 100644
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -7,7 +7,7 @@ define x509::key (
 
   file { "${x509::variables::keys}/${name}.key":
     ensure  => file,
-    mode    => '0600',
+    mode    => '0640',
     group   => 'ssl-cert',
     require => Package['ssl-cert']
   }
-- 
cgit v1.2.3