From 18fb13fb6bdbf85fddfdaf05bd5fb3ab1db3b9dd Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 31 May 2015 04:05:34 +0200
Subject: Install CAcert.org root certificates.

XXX: this is a workaround the CAcert root CAs not being present in
Jessie.  In stretch, we would merely install the 'ca-cacert' package.
---
 roles/common/tasks/main.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'roles')

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 4e85d0a..8f28b93 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -43,3 +43,26 @@
     - rsync
     - screen
     - telnet-ssl
+
+# XXX: this is a workaround the CAcert root CAs not being present in
+# Jessie.  In stretch, we would merely install the 'ca-cacert' package.
+- name: Create directory /usr/local/share/ca-certificates/CAcert
+  file: path=/usr/local/share/ca-certificates/CAcert
+        state=directory
+        owner=root group=root
+        mode=0755
+  tags:
+    - certs
+
+- name: Copy CAcert root CAs
+  copy: src=certs/CAcert/{{ item }}
+        dest=/usr/local/share/ca-certificates/CAcert/{{ item }}
+        owner=root group=root
+        mode=0644
+  with_items:
+    - root.crt
+    - class3.crt
+  tags:
+    - certs
+  notify:
+    - Update certificate
-- 
cgit v1.2.3