--- - name: download SHA256SUMS and signature file loop: - SHA256SUMS - SHA256SUMS.gpg get_url: url: "{{ debian_installer_base_url }}/{{ item }}" dest: "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}" - name: verfiy signature of SHA256SUMS.gpg file command: >- gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null --keyring "{{ global_files_dir }}/common/keyrings/ubuntu-archive.gpg" --verify "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: False register: debian_installer_gpg_result - debug: var: debian_installer_gpg_result.stderr_lines - name: extract kernel image hash from SHA256SUMS command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: false register: debian_installer_sha256sums_kernel - name: extract inital ramdisk hash from SHA256SUMS command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS" changed_when: false register: debian_installer_sha256sums_initrd - name: set checksum variables set_fact: debian_installer_kernel_checksum: "sha256:{{ debian_installer_sha256sums_kernel.stdout.split(' ') | first }}" debian_installer_initrd_checksum: "sha256:{{ debian_installer_sha256sums_initrd.stdout.split(' ') | first }}"