From 9519c960415e6af12ed5fe875ede74366515d5de Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 25 Oct 2022 00:09:19 +0200
Subject: add support for kali linux (WIP)

---
 roles/installer/debian/fetch/tasks/main.yml        |  6 ++++
 roles/installer/debian/fetch/tasks/verify-kali.yml | 33 ++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 roles/installer/debian/fetch/tasks/verify-kali.yml

(limited to 'roles/installer/debian/fetch/tasks')

diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml
index b0dd59a5..433f2631 100644
--- a/roles/installer/debian/fetch/tasks/main.yml
+++ b/roles/installer/debian/fetch/tasks/main.yml
@@ -15,6 +15,12 @@
     changed_when: false
     register: debian_installer_sha256sums
 
+  - loop: "{{ debian_installer_sha256sums.results }}"
+    loop_control:
+      label: "{{ item.item }}"
+    debug:
+      msg: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}"
+
   - name: download installer files
     loop: "{{ debian_installer_sha256sums.results }}"
     loop_control:
diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml
new file mode 100644
index 00000000..6c1c41cb
--- /dev/null
+++ b/roles/installer/debian/fetch/tasks/verify-kali.yml
@@ -0,0 +1,33 @@
+---
+- name: download Release and Signature file
+  loop:
+  - Release
+  - Release.gpg
+  get_url:
+    url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
+    dest: "{{ debian_installer_target_dir }}/{{ item }}"
+    force: "{{ debian_installer_force_download }}"
+
+- name: verfiy signature of Release file
+  command: >-
+    gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg"
+        "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release"
+  changed_when: False
+  register: debian_installer_gpg_result
+
+- debug:
+    var: debian_installer_gpg_result.stderr_lines
+
+### TODO: actually enable Signature verification!!!
+
+# - name: extract checksum file hash from Release file
+#   command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release"
+#   changed_when: false
+#   register: debian_installer_release_sha256
+
+- name: download SHA256SUMS
+  get_url:
+    url: "{{ debian_installer_base_url }}/SHA256SUMS"
+    dest: "{{ debian_installer_target_dir }}/SHA256SUMS"
+#    checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}"
+    force: "{{ debian_installer_force_download }}"
-- 
cgit v1.2.3