From 9519c960415e6af12ed5fe875ede74366515d5de Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 25 Oct 2022 00:09:19 +0200 Subject: add support for kali linux (WIP) --- roles/installer/debian/fetch/defaults/main.yml | 1 + roles/installer/debian/fetch/tasks/main.yml | 6 ++++ roles/installer/debian/fetch/tasks/verify-kali.yml | 33 ++++++++++++++++++++++ roles/installer/debian/fetch/vars/main.yml | 12 ++++---- 4 files changed, 46 insertions(+), 6 deletions(-) create mode 100644 roles/installer/debian/fetch/tasks/verify-kali.yml (limited to 'roles/installer/debian/fetch') diff --git a/roles/installer/debian/fetch/defaults/main.yml b/roles/installer/debian/fetch/defaults/main.yml index 1b9f8206..d42ee361 100644 --- a/roles/installer/debian/fetch/defaults/main.yml +++ b/roles/installer/debian/fetch/defaults/main.yml @@ -8,3 +8,4 @@ debian_installer_force_download: no debian_installer_url: debian: "http://{{ apt_repo_providers[apt_repo_provider].debian.host }}{{ apt_repo_providers[apt_repo_provider].debian.path }}" ubuntu: "http://{{ apt_repo_providers[apt_repo_provider].ubuntu.host }}{{ apt_repo_providers[apt_repo_provider].ubuntu.path }}" + kali: "http://{{ apt_repo_providers[apt_repo_provider].kali.host }}{{ apt_repo_providers[apt_repo_provider].kali.path }}" diff --git a/roles/installer/debian/fetch/tasks/main.yml b/roles/installer/debian/fetch/tasks/main.yml index b0dd59a5..433f2631 100644 --- a/roles/installer/debian/fetch/tasks/main.yml +++ b/roles/installer/debian/fetch/tasks/main.yml @@ -15,6 +15,12 @@ changed_when: false register: debian_installer_sha256sums + - loop: "{{ debian_installer_sha256sums.results }}" + loop_control: + label: "{{ item.item }}" + debug: + msg: "{{ debian_installer_base_url }}/{{ debian_installer_variant_path }}/{{ item.item }}" + - name: download installer files loop: "{{ debian_installer_sha256sums.results }}" loop_control: diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml new file mode 100644 index 00000000..6c1c41cb --- /dev/null +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -0,0 +1,33 @@ +--- +- name: download Release and Signature file + loop: + - Release + - Release.gpg + get_url: + url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + dest: "{{ debian_installer_target_dir }}/{{ item }}" + force: "{{ debian_installer_force_download }}" + +- name: verfiy signature of Release file + command: >- + gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" + "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + changed_when: False + register: debian_installer_gpg_result + +- debug: + var: debian_installer_gpg_result.stderr_lines + +### TODO: actually enable Signature verification!!! + +# - name: extract checksum file hash from Release file +# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" +# changed_when: false +# register: debian_installer_release_sha256 + +- name: download SHA256SUMS + get_url: + url: "{{ debian_installer_base_url }}/SHA256SUMS" + dest: "{{ debian_installer_target_dir }}/SHA256SUMS" +# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" + force: "{{ debian_installer_force_download }}" diff --git a/roles/installer/debian/fetch/vars/main.yml b/roles/installer/debian/fetch/vars/main.yml index 989fc305..af02ac4b 100644 --- a/roles/installer/debian/fetch/vars/main.yml +++ b/roles/installer/debian/fetch/vars/main.yml @@ -2,19 +2,19 @@ debian_installer_base_url: "{{ debian_installer_url[debian_installer_distro] }}/dists/{{ [debian_installer_distro, debian_installer_codename] | di_dists_path }}/main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}" _debian_installer_variant_path_: - netboot: "netboot/{{ debian_installer_distro }}-installer/{{ debian_installer_arch }}" + netboot: "netboot/{{ (debian_installer_distro == 'ubuntu') | ternary('ubuntu', 'debian') }}-installer/{{ debian_installer_arch }}" hd-media: "hd-media" mini-iso: "netboot" _debian_installer_variant_files_: netboot: - - linux - - initrd.gz + - linux + - initrd.gz hd-media: - - vmlinuz - - initrd.gz + - vmlinuz + - initrd.gz mini-iso: - - mini.iso + - mini.iso debian_installer_variant_path: "{{ _debian_installer_variant_path_[debian_installer_variant] }}" debian_installer_variant_files: "{{ _debian_installer_variant_files_[debian_installer_variant] }}" -- cgit v1.2.3 From 2b01a83a3dabf649d24d34d08fc4d1db531beaab Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 28 Oct 2022 23:17:56 +0200 Subject: kali has fixed this now: https://bugs.kali.org/view.php?id=8022 --- roles/installer/debian/fetch/tasks/verify-kali.yml | 26 +++++----------------- .../installer/debian/fetch/tasks/verify-ubuntu.yml | 4 ++-- 2 files changed, 8 insertions(+), 22 deletions(-) (limited to 'roles/installer/debian/fetch') diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml index 6c1c41cb..d113a6cb 100644 --- a/roles/installer/debian/fetch/tasks/verify-kali.yml +++ b/roles/installer/debian/fetch/tasks/verify-kali.yml @@ -1,33 +1,19 @@ --- -- name: download Release and Signature file +- name: download SHA256SUMS and signature file loop: - - Release - - Release.gpg + - SHA256SUMS + - SHA256SUMS.gpg get_url: - url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}" + url: "{{ debian_installer_base_url }}/{{ item }}" dest: "{{ debian_installer_target_dir }}/{{ item }}" force: "{{ debian_installer_force_download }}" -- name: verfiy signature of Release file +- name: verfiy signature of SHA256SUMS.gpg file command: >- gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg" - "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release" + "{{ debian_installer_target_dir }}/SHA256SUMS.gpg" "{{ debian_installer_target_dir }}/SHA256SUMS" changed_when: False register: debian_installer_gpg_result - debug: var: debian_installer_gpg_result.stderr_lines - -### TODO: actually enable Signature verification!!! - -# - name: extract checksum file hash from Release file -# command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release" -# changed_when: false -# register: debian_installer_release_sha256 - -- name: download SHA256SUMS - get_url: - url: "{{ debian_installer_base_url }}/SHA256SUMS" - dest: "{{ debian_installer_target_dir }}/SHA256SUMS" -# checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}" - force: "{{ debian_installer_force_download }}" diff --git a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml index 669c722b..d23d50dc 100644 --- a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml +++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml @@ -1,8 +1,8 @@ --- - name: download SHA256SUMS and signature file loop: - - SHA256SUMS - - SHA256SUMS.gpg + - SHA256SUMS + - SHA256SUMS.gpg get_url: url: "{{ debian_installer_base_url }}/{{ item }}" dest: "{{ debian_installer_target_dir }}/{{ item }}" -- cgit v1.2.3