Skip to content

puppetlabs/puppet-ca-bundle

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Puppet is now shipping a CA cert bundle!

The "canonical", up-to-date Cert Authority bundle currently provides many root certificates. We grab the Mozilla 'certdata.txt', use the 'certdata2pem.py' script from Red Hat to split that into PEM files, and remove anything that is untrusted (i.e. with anything in the distrust= field), or doesn't explicitly list serverAuth in the openssl-trust field. The result lines up with the linked curl bundle above.

Build Instructions

  • Run make refresh-certs to download new certs, clean out those we do not want, and format them for this repo
  • Run make prepare to create the cert bundle and keystore that will be installed in puppet-runtime builds

Install Instructions

  • Run make install to copy the already prepared PEM and JKS cert bundles and set permissions on the installed files.
  • On FIPS hosts, run make install-fips instead.

Release

  • Tag the puppet-ca-bundle project with the next version number
  • Update the configs/components/puppet-ca-bundle.json file in puppet-runtime with the new version
  • An automatic tagging job will tag puppet-runtime and kickoff build pipelines

About

CA cert bundle of trusted root certificates for Puppet Products

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published