Adding hook to remove ssl-cert-snakeoil by default.
authorDaniel Baumann <mail@daniel-baumann.ch>
Wed, 5 Jun 2013 20:22:57 +0000 (22:22 +0200)
committerDaniel Baumann <mail@daniel-baumann.ch>
Wed, 19 Jun 2013 06:01:03 +0000 (08:01 +0200)
functions/defaults.sh
share/hooks/0195-remove-ssl-cert-snakeoil.chroot [new file with mode: 0755]

index d2b7105..3f88252 100755 (executable)
@@ -507,6 +507,7 @@ Set_defaults ()
                remove-openssh-server-host-keys \
                remove-python-py \
                remove-temporary-files \
+               remove-ssl-cert-snakeoil \
                remove-udev-persistent-cd-rules \
                remove-udev-persistent-net-rules \
                remove-systemd-machine-id \
diff --git a/share/hooks/0195-remove-ssl-cert-snakeoil.chroot b/share/hooks/0195-remove-ssl-cert-snakeoil.chroot
new file mode 100755 (executable)
index 0000000..cdfe39d
--- /dev/null
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+# Remove ssl-cert snakeoil
+
+if [ -e /etc/ssl/certs/ssl-cert-snakeoil.pem ]
+then
+       rm -f /etc/ssl/certs/$(openssl x509 -hash -noout -in /etc/ssl/certs/ssl-cert-snakeoil.pem)
+
+       rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem
+       rm -f /etc/ssl/private/ssl-cert-snakeoil.key
+fi