diff options
Diffstat (limited to 'roles/installer/debian/fetch')
| -rw-r--r-- | roles/installer/debian/fetch/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/installer/debian/fetch/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/installer/debian/fetch/tasks/verify-kali.yml | 33 | ||||
| -rw-r--r-- | roles/installer/debian/fetch/vars/main.yml | 12 |
4 files changed, 46 insertions, 6 deletions
diff --git a/roles/installer/debian/fetch/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml index 1b9f8206..d42ee361 100644 --- a/roles/installer/debian/fetch/defaults/main.yml +++ b/roles/installer/debian/fetch/defaults/main.yml @@ -8,3 +8,4 @@ debian_installer_force_download: no debian_installer_url: debian: "http://{{ apt_repo_providers[apt_repo_provider].debian.host }}{{ apt_repo_providers[apt_repo_provider].debian.path }}" ubuntu: "http://{{ apt_repo_providers[apt_repo_provider].ubuntu.host }}{{ apt_repo_providers[apt_repo_provider].ubuntu.path }}" + kali: "http://{{ apt_repo_providers[apt_repo_provider].kali.host }}{{ apt_repo_providers[apt_repo_provider].kali.path }}" diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml index b0dd59a5..433f2631 100644 --- a/roles/installer/debian/fetch/tasks/main.yml +++ b/roles/installer/debian/fetch/tasks/main.yml @@ -15,6 +15,12 @@ changed_when: false register: debian_installer_sha256sums + - loop: "{{ debian_installer_sha256sums.results }}" + loop_control: + label: "{{ item.item }}" + debug: + msg: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}" + - name: download installer files loop: "{{ debian_installer_sha256sums.results }}" loop_control: diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml new file mode 100644 index 00000000..6c1c41cb --- /dev/null +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -0,0 +1,33 @@ +--- +- name: download Release and Signature file + loop: + - Release + - Release.gpg + get_url: + url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + dest: "{{ debian_installer_target_dir }}/{{ item }}" + force: "{{ debian_installer_force_download }}" + +- name: verfiy signature of Release file + command: >- + gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" + "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + changed_when: False + register: debian_installer_gpg_result + +- debug: + var: debian_installer_gpg_result.stderr_lines + +### TODO: actually enable Signature verification!!! + +# - name: extract checksum file hash from Release file +# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" +# changed_when: false +# register: debian_installer_release_sha256 + +- name: download SHA256SUMS + get_url: + url: "{{ debian_installer_base_url }}/SHA256SUMS" + dest: "{{ debian_installer_target_dir }}/SHA256SUMS" +# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" + force: "{{ debian_installer_force_download }}" diff --git a/roles/installer/debian/fetch/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml index 989fc305..af02ac4b 100644 --- a/roles/installer/debian/fetch/vars/main.yml +++ b/roles/installer/debian/fetch/vars/main.yml @@ -2,19 +2,19 @@ debian_installer_base_url: "{{ debian_installer_url[debian_installer_distro] }}/dists/{{ [debian_installer_distro, debian_installer_codename] | di_dists_path }}/main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}" _debian_installer_variant_path_: - netboot: "netboot/{{ debian_installer_distro }}-installer/{{ debian_installer_arch }}" + netboot: "netboot/{{ (debian_installer_distro == 'ubuntu') | ternary('ubuntu', 'debian') }}-installer/{{ debian_installer_arch }}" hd-media: "hd-media" mini-iso: "netboot" _debian_installer_variant_files_: netboot: - - linux - - initrd.gz + - linux + - initrd.gz hd-media: - - vmlinuz - - initrd.gz + - vmlinuz + - initrd.gz mini-iso: - - mini.iso + - mini.iso debian_installer_variant_path: "{{ _debian_installer_variant_path_[debian_installer_variant] }}" debian_installer_variant_files: "{{ _debian_installer_variant_files_[debian_installer_variant] }}" |