From 009a595853e2ad107fb29a5a8b7b768d601d71da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= <mail@jkroepke.de>
Date: Sat, 9 Nov 2019 12:14:34 +0100
Subject: [PATCH] Remove deprecated source_permissions

---
 manifests/ca.pp | 49 ++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 13 deletions(-)

diff --git a/manifests/ca.pp b/manifests/ca.pp
index 6d123b73..13066f9f 100644
--- a/manifests/ca.pp
+++ b/manifests/ca.pp
@@ -62,21 +62,44 @@
     mode   => '0750'
   })
 
-  file { "${etc_directory}/openvpn/${name}/easy-rsa" :
-    ensure             => directory,
-    recurse            => true,
-    links              => 'follow',
-    source_permissions => 'use',
-    group              => 0,
-    source             => "file:${openvpn::easyrsa_source}",
-    require            => File["${etc_directory}/openvpn/${name}"],
-  }
-
-  file { "${etc_directory}/openvpn/${name}/easy-rsa/revoked":
+  file { "${etc_directory}/openvpn/${name}/easy-rsa":
     ensure  => directory,
-    mode    => '0750',
     recurse => true,
-    require => File["${etc_directory}/openvpn/${name}/easy-rsa"],
+    links   => 'follow',
+    ignore  => '*.cnf',
+    owner   => 0,
+    group   => 0,
+    mode    => '0755',
+    source  => "file:${openvpn::easyrsa_source}",
+    require => File["${etc_directory}/openvpn/${name}"],
+  }
+
+  exec { "copy *.cnf files from easyrsa source to ${name}":
+    command  => "cp '${openvpn::easyrsa_source}'*.cnf .",
+    cwd      => "${etc_directory}/openvpn/${name}/easy-rsa",
+    onlyif   => "ls *.cnf",
+    provider => 'shell',
+    require  => File["${etc_directory}/openvpn/${name}/easy-rsa"];
+  }
+
+  file {
+    "${etc_directory}/openvpn/${name}/easy-rsa/.rnd":
+      ensure  => present,
+      owner   => 0,
+      group   => 0,
+      mode    => '0600',
+      require => File["${etc_directory}/openvpn/${name}/easy-rsa"];
+    "${etc_directory}/openvpn/${name}/easy-rsa/keys":
+      ensure  => directory,
+      owner   => 0,
+      group   => 0,
+      mode    => '0700',
+      require => File["${etc_directory}/openvpn/${name}/easy-rsa"];
+    "${etc_directory}/openvpn/${name}/easy-rsa/revoked":
+      ensure  => directory,
+      mode    => '0750',
+      recurse => true,
+      require => File["${etc_directory}/openvpn/${name}/easy-rsa"];
   }
 
   case $openvpn::easyrsa_version {