From 2b01a83a3dabf649d24d34d08fc4d1db531beaab Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 28 Oct 2022 23:17:56 +0200
Subject: kali has fixed this now: https://bugs.kali.org/view.php?id=8022

---
 roles/installer/debian/fetch/tasks/verify-kali.yml | 26 +++++-----------------
 .../installer/debian/fetch/tasks/verify-ubuntu.yml |  4 ++--
 2 files changed, 8 insertions(+), 22 deletions(-)

(limited to 'roles/installer')

diff --git a/roles/installer/debian/fetch/tasks/verify-kali.yml b/roles/installer/debian/fetch/tasks/verify-kali.yml
index 6c1c41cb..d113a6cb 100644
--- a/roles/installer/debian/fetch/tasks/verify-kali.yml
+++ b/roles/installer/debian/fetch/tasks/verify-kali.yml
@@ -1,33 +1,19 @@
 ---
-- name: download Release and Signature file
+- name: download SHA256SUMS and signature file
   loop:
-  - Release
-  - Release.gpg
+  - SHA256SUMS
+  - SHA256SUMS.gpg
   get_url:
-    url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
+    url: "{{ debian_installer_base_url }}/{{ item }}"
     dest: "{{ debian_installer_target_dir }}/{{ item }}"
     force: "{{ debian_installer_force_download }}"
 
-- name: verfiy signature of Release file
+- name: verfiy signature of SHA256SUMS.gpg file
   command: >-
     gpgv --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/kali-archive.gpg"
-        "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release"
+        "{{ debian_installer_target_dir }}/SHA256SUMS.gpg" "{{ debian_installer_target_dir }}/SHA256SUMS"
   changed_when: False
   register: debian_installer_gpg_result
 
 - debug:
     var: debian_installer_gpg_result.stderr_lines
-
-### TODO: actually enable Signature verification!!!
-
-# - name: extract checksum file hash from Release file
-#   command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release"
-#   changed_when: false
-#   register: debian_installer_release_sha256
-
-- name: download SHA256SUMS
-  get_url:
-    url: "{{ debian_installer_base_url }}/SHA256SUMS"
-    dest: "{{ debian_installer_target_dir }}/SHA256SUMS"
-#    checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}"
-    force: "{{ debian_installer_force_download }}"
diff --git a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
index 669c722b..d23d50dc 100644
--- a/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
+++ b/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
@@ -1,8 +1,8 @@
 ---
 - name: download SHA256SUMS and signature file
   loop:
-    - SHA256SUMS
-    - SHA256SUMS.gpg
+  - SHA256SUMS
+  - SHA256SUMS.gpg
   get_url:
     url: "{{ debian_installer_base_url }}/{{ item }}"
     dest: "{{ debian_installer_target_dir }}/{{ item }}"
-- 
cgit v1.2.3