diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2022-03-28 22:57:54 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2022-03-28 22:57:54 +0200 |
| commit | 3353e25592248dad6a0c067ab9c00ed6c3645a47 (patch) | |
| tree | 414a519c70156807011e6971adca918dfc4f37c0 /roles/raspios/image/tasks/fetch.yml | |
| parent | add ch-epimetheus to monitoring (diff) | |
raspios/image: initial commit
Diffstat (limited to 'roles/raspios/image/tasks/fetch.yml')
| -rw-r--r-- | roles/raspios/image/tasks/fetch.yml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/roles/raspios/image/tasks/fetch.yml b/roles/raspios/image/tasks/fetch.yml new file mode 100644 index 00000000..c95f1dea --- /dev/null +++ b/roles/raspios/image/tasks/fetch.yml @@ -0,0 +1,52 @@ +--- +- name: Create download directory + file: + dest: "{{ raspios_download_dir }}" + state: directory + +- name: download the raspios image + block: + - name: download sha256sum + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sha256" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + + - name: download signature + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sig" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" + + - name: extract SHA256 hash of the image archive + command: grep '{{ raspios_download_image_base_name }}.zip' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + changed_when: False + register: sha256 + + - name: download image + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + - name: check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspios.gpg" + "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + changed_when: False + register: raspios_image_gpg_result + + - debug: + var: raspios_image_gpg_result.stderr_lines + + rescue: + - name: delete downloaded artifacts + loop: + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked |