From 02d4a5892bb3019d448c453ad279788fcd3f1531 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 15 Jun 2016 18:08:48 +0200
Subject: certs/public: fetch each cert's pubkey (SPKI), not the cert itself.

To avoid new commits upon cert renewal.
---
 roles/MSA/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/MSA/tasks/main.yml')

diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index d9a3d47..7ae2680 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -28,7 +28,7 @@
   # Ensure we don't fetch private data
   become: False
   # `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
-  fetch_cmd: cmd="openssl x509"
+  fetch_cmd: cmd="openssl x509 -noout -pubkey"
              stdin=/etc/postfix/ssl/smtp.fripost.org.pem
              dest=certs/public/smtp.fripost.org.pem
   tags:
-- 
cgit v1.2.3