---
- name: install genisoimage and openbsd signify
  apt:
    name:
    - genisoimage
    - signify-openbsd
    state: present

- name: prepare directories for installer iso files
  loop: "{{ openbsd_versions | subelements('arch') }}"
  loop_control:
    label: "openbsd-{{ item.0.version }} {{ item.1 }}"
  file:
    name: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}"
    state: directory

- name: download installer iso files
  loop: "{{ openbsd_versions | subelements('arch') }}"
  loop_control:
    label: "openbsd-{{ item.0.version }} {{ item.1 }}"
  get_url:
    url: "{{ openbsd_installer_url }}/{{ item.0.version }}/{{ item.1 }}/install{{ item.0.version | replace('.', '') }}.iso"
    dest: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}/install{{ item.0.version | replace('.', '') }}.iso"
    mode: 0644
    force: "{{ openbsd_installer_force_download }}"

- name: download signed sha256 files
  loop: "{{ openbsd_versions | subelements('arch') }}"
  loop_control:
    label: "openbsd-{{ item.0.version }} {{ item.1 }}"
  get_url:
    url: "{{ openbsd_installer_url }}/{{ item.0.version }}/{{ item.1 }}/SHA256.sig"
    dest: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}/SHA256.sig"
    mode: 0644
    force: "{{ openbsd_installer_force_download }}"

- name: create signing key files
  loop: "{{ openbsd_versions }}"
  loop_control:
    label: "openbsd-{{ item.version }}"
  copy:
    content: "{{ openbsd_signing_keys[item.version] }}"
    dest: "{{ installer_path }}/openbsd-{{ item.version }}/openbsd-{{ item.version | replace('.', '') }}-base.pub"

- name: verfiy downloaded iso files
  loop: "{{ openbsd_versions | subelements('arch') }}"
  loop_control:
    label: "openbsd-{{ item.0.version }} {{ item.1 }}"
  command: "signify-openbsd -Cp ../openbsd-{{ item.0.version | replace('.', '') }}-base.pub -x SHA256.sig install{{ item.0.version | replace('.', '') }}.iso"
  args:
    chdir: "{{ installer_path }}/openbsd-{{ item.0.version }}/{{ item.1 }}"
  changed_when: false