diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-07-20 23:06:29 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-07-20 23:06:29 +0200 |
commit | bd2e6204909d60ae9ea5c13794d1ad0b8edb2da6 (patch) | |
tree | 4ef212f5baaeb810ac03b74cbf8cdbc8fb3c7bb8 /roles/installer/debian/fetch/tasks | |
parent | riot is now called element (diff) | |
parent | debian installer fetch: add support for mini.iso download (diff) |
Merge branch 'topic/installer-again'
Diffstat (limited to 'roles/installer/debian/fetch/tasks')
-rw-r--r-- | roles/installer/debian/fetch/tasks/main.yml | 29 | ||||
-rw-r--r-- | roles/installer/debian/fetch/tasks/verify-debian.yml | 26 | ||||
-rw-r--r-- | roles/installer/debian/fetch/tasks/verify-ubuntu.yml | 21 |
3 files changed, 24 insertions, 52 deletions
diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml index dc87655f..0e756411 100644 --- a/roles/installer/debian/fetch/tasks/main.yml +++ b/roles/installer/debian/fetch/tasks/main.yml @@ -1,34 +1,35 @@ --- - name: prepare directories for installer files file: - name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" + name: "{{ debian_installer_target_dir }}" state: directory - name: download and verify installer files block: - - name: fetch and verify installer checksums + - name: fetch and verify installer checksum file include_tasks: "verify-{{ install_distro }}.yml" - - name: download installer kernel image - get_url: - url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}" - dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ debian_installer_variant_kernal_image_name }}" - checksum: "{{ debian_installer_kernel_checksum }}" - force: "{{ debian_installer_force_download }}" - mode: 0644 + - name: extract file hashes from SHA256SUMS + loop: "{{ debian_installer_variant_files }}" + command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ item }}$" "{{ debian_installer_target_dir }}/SHA256SUMS" + changed_when: false + register: debian_installer_sha256sums - - name: download installer initrd.gz + - name: download installer files + loop: "{{ debian_installer_sha256sums.results }}" + loop_control: + label: "{{ item.item }}" get_url: - url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/initrd.gz" - dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/initrd.gz" - checksum: "{{ debian_installer_initrd_checksum }}" + url: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}" + dest: "{{ debian_installer_target_dir }}/{{ item.item }}" + checksum: "sha256:{{ item.stdout.split(' ') | first }}" force: "{{ debian_installer_force_download }}" mode: 0644 rescue: - name: remove all downloaded files file: - name: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}" + name: "{{ debian_installer_target_dir }}" state: absent - fail: diff --git a/roles/installer/debian/fetch/tasks/verify-debian.yml b/roles/installer/debian/fetch/tasks/verify-debian.yml index cfd6e53e..9aef7962 100644 --- a/roles/installer/debian/fetch/tasks/verify-debian.yml +++ b/roles/installer/debian/fetch/tasks/verify-debian.yml @@ -5,14 +5,14 @@ - Release.gpg get_url: url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" - dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" + dest: "{{ debian_installer_target_dir }}/{{ item }}" + force: "{{ debian_installer_force_download }}" - name: verfiy signature of Release file command: >- gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/debian-{{ install_codename }}.gpg" - --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release.gpg" - "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" + --verify "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" changed_when: False register: debian_installer_gpg_result @@ -20,27 +20,13 @@ var: debian_installer_gpg_result.stderr_lines - name: extract checksum file hash from Release file - command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/Release" + command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" changed_when: false register: debian_installer_release_sha256 - name: download SHA256SUMS get_url: url: "{{ debian_installer_base_url }}/SHA256SUMS" - dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + dest: "{{ debian_installer_target_dir }}/SHA256SUMS" checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" - -- name: extract kernel image hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_kernel - -- name: extract inital ramdisk hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_initrd - -- name: set checksum variables - set_fact: - debian_installer_kernel_checksum: "sha256:{{ debian_installer_sha256sums_kernel.stdout.split(' ') | first }}" - debian_installer_initrd_checksum: "sha256:{{ debian_installer_sha256sums_initrd.stdout.split(' ') | first }}" + force: "{{ debian_installer_force_download }}" diff --git a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml index e7cff3ae..6c6500ea 100644 --- a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml +++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml @@ -5,31 +5,16 @@ - SHA256SUMS.gpg get_url: url: "{{ debian_installer_base_url }}/{{ item }}" - dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" + dest: "{{ debian_installer_target_dir }}/{{ item }}" + force: "{{ debian_installer_force_download }}" - name: verfiy signature of SHA256SUMS.gpg file command: >- gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-archive.gpg" - --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg" - "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" + --verify "{{ debian_installer_target_dir }}/SHA256SUMS.gpg" "{{ debian_installer_target_dir }}/SHA256SUMS" changed_when: False register: debian_installer_gpg_result - debug: var: debian_installer_gpg_result.stderr_lines - -- name: extract kernel image hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_kernel - -- name: extract inital ramdisk hash from SHA256SUMS - command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" - changed_when: false - register: debian_installer_sha256sums_initrd - -- name: set checksum variables - set_fact: - debian_installer_kernel_checksum: "sha256:{{ debian_installer_sha256sums_kernel.stdout.split(' ') | first }}" - debian_installer_initrd_checksum: "sha256:{{ debian_installer_sha256sums_initrd.stdout.split(' ') | first }}" |