summaryrefslogtreecommitdiff
path: root/roles/installer/debian/fetch/tasks/verify-kali.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/installer/debian/fetch/tasks/verify-kali.yml')
-rw-r--r--roles/installer/debian/fetch/tasks/verify-kali.yml33
1 files changed, 33 insertions, 0 deletions
diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml
new file mode 100644
index 00000000..6c1c41cb
--- /dev/null
+++ b/roles/installer/debian/fetch/tasks/verify-kali.yml
@@ -0,0 +1,33 @@
+---
+- name: download Release and Signature file
+ loop:
+ - Release
+ - Release.gpg
+ get_url:
+ url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
+ dest: "{{ debian_installer_target_dir }}/{{ item }}"
+ force: "{{ debian_installer_force_download }}"
+
+- name: verfiy signature of Release file
+ command: >-
+ gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg"
+ "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release"
+ changed_when: False
+ register: debian_installer_gpg_result
+
+- debug:
+ var: debian_installer_gpg_result.stderr_lines
+
+### TODO: actually enable Signature verification!!!
+
+# - name: extract checksum file hash from Release file
+# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release"
+# changed_when: false
+# register: debian_installer_release_sha256
+
+- name: download SHA256SUMS
+ get_url:
+ url: "{{ debian_installer_base_url }}/SHA256SUMS"
+ dest: "{{ debian_installer_target_dir }}/SHA256SUMS"
+# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}"
+ force: "{{ debian_installer_force_download }}"
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 13:10:24 +0000