From 80c07158696ff95851875430b9c6ecda34b12a53 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Tue, 28 Nov 2023 04:35:57 +0000
Subject: [PATCH] chef: Remove ancient verisign 1024 root cert

---
 cookbooks/chef/recipes/default.rb                 | 14 +++-----------
 cookbooks/chef/templates/default/verisign.pem.erb | 14 --------------
 2 files changed, 3 insertions(+), 25 deletions(-)
 delete mode 100644 cookbooks/chef/templates/default/verisign.pem.erb

diff --git a/cookbooks/chef/recipes/default.rb b/cookbooks/chef/recipes/default.rb
index 91a91001c..99f665541 100644
--- a/cookbooks/chef/recipes/default.rb
+++ b/cookbooks/chef/recipes/default.rb
@@ -102,17 +102,9 @@ template "/etc/logrotate.d/chef" do
   mode "644"
 end
 
-directory "/etc/chef/trusted_certs" do
-  owner "root"
-  group "root"
-  mode "755"
-end
-
-template "/etc/chef/trusted_certs/verisign.pem" do
-  source "verisign.pem.erb"
-  owner "root"
-  group "root"
-  mode "644"
+# Remove the ancient verisign certificate workaround
+file "/etc/chef/trusted_certs/verisign.pem" do
+  action :delete
 end
 
 directory node[:ohai][:plugin_dir] do
diff --git a/cookbooks/chef/templates/default/verisign.pem.erb b/cookbooks/chef/templates/default/verisign.pem.erb
deleted file mode 100644
index d209ab6f8..000000000
--- a/cookbooks/chef/templates/default/verisign.pem.erb
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
-2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
-2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
------END CERTIFICATE-----
-- 
2.45.1