raspios/image: initial commit

4 files changed, 123 insertions, 0 deletions

diff --git a/roles/raspios/image/defaults/main.yml b/roles/raspios/image/defaults/main.yml
new file mode 100644
index 00000000..197d1f7f
--- /dev/null
+++ b/roles/raspios/image/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+raspios_variant: lite ## (lite|desktop|full)
+# raspios_release_date:
+raspios_codename: "{{ install_codename }}"
+# raspios_arch: (arm64|armhf)
+raspios_download_dir: "{{ global_cache_dir }}/raspios"
+
+raspios_output_dir: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/raspios"
+
+raspios_keep_temporary_build_dir: False
diff --git a/roles/raspios/image/tasks/fetch.yml b/roles/raspios/image/tasks/fetch.yml
new file mode 100644
index 00000000..c95f1dea
--- /dev/null
+++ b/roles/raspios/image/tasks/fetch.yml
@@ -0,0 +1,52 @@
+---
+- name: Create download directory
+  file:
+    dest: "{{ raspios_download_dir }}"
+    state: directory
+
+- name: download the raspios image
+  block:
+  - name: download sha256sum
+    get_url:
+      url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sha256"
+      dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256"
+
+  - name: download signature
+    get_url:
+      url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sig"
+      dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig"
+
+  - name: extract SHA256 hash of the image archive
+    command: grep '{{ raspios_download_image_base_name }}.zip' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256"
+    changed_when: False
+    register: sha256
+
+  - name: download image
+    get_url:
+      url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip"
+      dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip"
+      checksum: sha256:{{ sha256.stdout.split(' ') | first }}
+
+  - name: check OpenPGP signature
+    command: >-
+      gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspios.gpg"
+          "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip"
+    changed_when: False
+    register: raspios_image_gpg_result
+
+  - debug:
+      var: raspios_image_gpg_result.stderr_lines
+
+  rescue:
+  - name: delete downloaded artifacts
+    loop:
+      - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256"
+      - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig"
+      - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip"
+    file:
+      path: "{{ item }}"
+      state: absent
+
+  - name: the download has failed...
+    fail:
+      msg: Something borked
diff --git a/roles/raspios/image/tasks/main.yml b/roles/raspios/image/tasks/main.yml
new file mode 100644
index 00000000..284b24a4
--- /dev/null
+++ b/roles/raspios/image/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+- name: fetch base image
+  run_once: true
+  import_tasks: fetch.yml
+
+- name: build the image
+  block:
+  - name: create the output directory for built images
+    file:
+      path: "{{ raspios_output_dir }}"
+      state: directory
+
+  - name: Create temporary build directory
+    tempfile:
+      state: directory
+    register: tmpdir
+
+  - name: build the raspios image
+    command: >-
+      bash -c "cp '{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip' '{{ tmpdir.path }}/output.zip'; echo 'TODO: extract image...'"
+    register: raspios_build
+
+  - name: copy newly built raspios image
+    copy:
+      src: "{{ tmpdir.path }}/output.zip"
+      dest: "{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}.zip"
+
+  - name: set output image names
+    set_fact:
+      output_images:
+      - "{{ raspios_output_dir }}/{{ raspios_output_image_base_name }}.zip"
+
+  always:
+  - name: save stdout build-log to output directory
+    when: raspios_build is defined
+    copy:
+      content: "{{ raspios_build.stdout }}\n"
+      dest: "{{ raspios_output_dir }}/build-stdout.log"
+
+  - name: save stderr build-log to output directory
+    when: raspios_build is defined
+    copy:
+      content: "{{ raspios_build.stderr }}\n"
+      dest: "{{ raspios_output_dir }}/build-stderr.log"
+
+  - name: delete the temporary build directory
+    when: not raspios_keep_temporary_build_dir
+    file:
+      path: "{{ tmpdir.path }}"
+      state: absent
+
+  - name: print temporary build directory information
+    when: raspios_keep_temporary_build_dir
+    debug:
+      msg: "The temporary build directory has not been deleted, the path to the directory is: {{ tmpdir.path }}"
diff --git a/roles/raspios/image/vars/main.yml b/roles/raspios/image/vars/main.yml
new file mode 100644
index 00000000..f04f9eba
--- /dev/null
+++ b/roles/raspios/image/vars/main.yml
@@ -0,0 +1,6 @@
+---
+raspios_download_base_path: "raspios{{ (raspios_variant == 'desktop') | ternary('', '_'+raspios_variant) }}_{{ raspios_arch }}"
+
+raspios_download_base_url: "https://downloads.raspberrypi.org/{{ raspios_download_base_path }}/images/{{ raspios_download_base_path }}-{{ raspios_release_date }}"
+raspios_download_image_base_name: "{{ raspios_release_date }}-raspios-{{ raspios_codename }}-{{ raspios_arch }}{{ (raspios_variant == 'desktop') | ternary('', '-'+raspios_variant) }}"
+raspios_output_image_base_name: "raspios-{{ raspios_codename }}-{{ raspios_arch }}{{ (raspios_variant == 'desktop') | ternary('', '-'+raspios_variant) }}"