diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2022-10-28 23:17:56 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2022-10-28 23:17:56 +0200 |
| commit | 2b01a83a3dabf649d24d34d08fc4d1db531beaab (patch) | |
| tree | 01afdae0ab8e3e4a3109c1137ff96bf35d379b81 /roles/installer | |
| parent | add support for kali linux (WIP) (diff) | |
kali has fixed this now: https://bugs.kali.org/view.php?id=8022
Diffstat (limited to 'roles/installer')
| -rw-r--r-- | roles/installer/debian/fetch/tasks/verify-kali.yml | 26 | ||||
| -rw-r--r-- | roles/installer/debian/fetch/tasks/verify-ubuntu.yml | 4 |
2 files changed, 8 insertions, 22 deletions
diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml index 6c1c41cb..d113a6cb 100644 --- a/roles/installer/debian/fetch/tasks/verify-kali.yml +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -1,33 +1,19 @@ --- -- name: download Release and Signature file +- name: download SHA256SUMS and signature file loop: - - Release - - Release.gpg + - SHA256SUMS + - SHA256SUMS.gpg get_url: - url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + url: "{{ debian_installer_base_url }}/{{ item }}" dest: "{{ debian_installer_target_dir }}/{{ item }}" force: "{{ debian_installer_force_download }}" -- name: verfiy signature of Release file +- name: verfiy signature of SHA256SUMS.gpg file command: >- gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" - "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + "{{ debian_installer_target_dir }}/SHA256SUMS.gpg" "{{ debian_installer_target_dir }}/SHA256SUMS" changed_when: False register: debian_installer_gpg_result - debug: var: debian_installer_gpg_result.stderr_lines - -### TODO: actually enable Signature verification!!! - -# - name: extract checksum file hash from Release file -# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" -# changed_when: false -# register: debian_installer_release_sha256 - -- name: download SHA256SUMS - get_url: - url: "{{ debian_installer_base_url }}/SHA256SUMS" - dest: "{{ debian_installer_target_dir }}/SHA256SUMS" -# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" - force: "{{ debian_installer_force_download }}" diff --git a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml index 669c722b..d23d50dc 100644 --- a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml +++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml @@ -1,8 +1,8 @@ --- - name: download SHA256SUMS and signature file loop: - - SHA256SUMS - - SHA256SUMS.gpg + - SHA256SUMS + - SHA256SUMS.gpg get_url: url: "{{ debian_installer_base_url }}/{{ item }}" dest: "{{ debian_installer_target_dir }}/{{ item }}" |