diff options
Diffstat (limited to 'roles/installer/debian/fetch/tasks/verify-kali.yml')
-rw-r--r-- | roles/installer/debian/fetch/tasks/verify-kali.yml | 26 |
1 files changed, 6 insertions, 20 deletions
diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml index 6c1c41cb..d113a6cb 100644 --- a/roles/installer/debian/fetch/tasks/verify-kali.yml +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -1,33 +1,19 @@ --- -- name: download Release and Signature file +- name: download SHA256SUMS and signature file loop: - - Release - - Release.gpg + - SHA256SUMS + - SHA256SUMS.gpg get_url: - url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + url: "{{ debian_installer_base_url }}/{{ item }}" dest: "{{ debian_installer_target_dir }}/{{ item }}" force: "{{ debian_installer_force_download }}" -- name: verfiy signature of Release file +- name: verfiy signature of SHA256SUMS.gpg file command: >- gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" - "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + "{{ debian_installer_target_dir }}/SHA256SUMS.gpg" "{{ debian_installer_target_dir }}/SHA256SUMS" changed_when: False register: debian_installer_gpg_result - debug: var: debian_installer_gpg_result.stderr_lines - -### TODO: actually enable Signature verification!!! - -# - name: extract checksum file hash from Release file -# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" -# changed_when: false -# register: debian_installer_release_sha256 - -- name: download SHA256SUMS - get_url: - url: "{{ debian_installer_base_url }}/SHA256SUMS" - dest: "{{ debian_installer_target_dir }}/SHA256SUMS" -# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" - force: "{{ debian_installer_force_download }}" |