From 3353e25592248dad6a0c067ab9c00ed6c3645a47 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 28 Mar 2022 22:57:54 +0200 Subject: raspios/image: initial commit --- roles/raspios/image/tasks/fetch.yml | 52 +++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 roles/raspios/image/tasks/fetch.yml (limited to 'roles/raspios/image/tasks/fetch.yml') diff --git a/roles/raspios/image/tasks/fetch.yml b/roles/raspios/image/tasks/fetch.yml new file mode 100644 index 00000000..c95f1dea --- /dev/null +++ b/roles/raspios/image/tasks/fetch.yml @@ -0,0 +1,52 @@ +--- +- name: Create download directory + file: + dest: "{{ raspios_download_dir }}" + state: directory + +- name: download the raspios image + block: + - name: download sha256sum + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sha256" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + + - name: download signature + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip.sig" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" + + - name: extract SHA256 hash of the image archive + command: grep '{{ raspios_download_image_base_name }}.zip' "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + changed_when: False + register: sha256 + + - name: download image + get_url: + url: "{{ raspios_download_base_url }}/{{ raspios_download_image_base_name }}.zip" + dest: "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} + + - name: check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/raspios.gpg" + "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + changed_when: False + register: raspios_image_gpg_result + + - debug: + var: raspios_image_gpg_result.stderr_lines + + rescue: + - name: delete downloaded artifacts + loop: + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sha256" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip.sig" + - "{{ raspios_download_dir }}/{{ raspios_download_image_base_name }}.zip" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked -- cgit v1.2.3