diff options
Diffstat (limited to 'roles/installer/debian/fetch/tasks')
-rw-r--r-- | roles/installer/debian/fetch/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/installer/debian/fetch/tasks/verify-kali.yml | 33 |
2 files changed, 39 insertions, 0 deletions
diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml index b0dd59a5..433f2631 100644 --- a/roles/installer/debian/fetch/tasks/main.yml +++ b/roles/installer/debian/fetch/tasks/main.yml @@ -15,6 +15,12 @@ changed_when: false register: debian_installer_sha256sums + - loop: "{{ debian_installer_sha256sums.results }}" + loop_control: + label: "{{ item.item }}" + debug: + msg: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}" + - name: download installer files loop: "{{ debian_installer_sha256sums.results }}" loop_control: diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml new file mode 100644 index 00000000..6c1c41cb --- /dev/null +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -0,0 +1,33 @@ +--- +- name: download Release and Signature file + loop: + - Release + - Release.gpg + get_url: + url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + dest: "{{ debian_installer_target_dir }}/{{ item }}" + force: "{{ debian_installer_force_download }}" + +- name: verfiy signature of Release file + command: >- + gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" + "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + changed_when: False + register: debian_installer_gpg_result + +- debug: + var: debian_installer_gpg_result.stderr_lines + +### TODO: actually enable Signature verification!!! + +# - name: extract checksum file hash from Release file +# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" +# changed_when: false +# register: debian_installer_release_sha256 + +- name: download SHA256SUMS + get_url: + url: "{{ debian_installer_base_url }}/SHA256SUMS" + dest: "{{ debian_installer_target_dir }}/SHA256SUMS" +# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" + force: "{{ debian_installer_force_download }}" |