blob: 9aef7962ad6463dba3af2109020f98fb89957a85 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
---
- name: download Release and Signature file
loop:
- Release
- Release.gpg
get_url:
url: "{{ debian_installer_base_url | dirname | dirname | dirname | dirname }}/{{ item }}"
dest: "{{ debian_installer_target_dir }}/{{ item }}"
force: "{{ debian_installer_force_download }}"
- name: verfiy signature of Release file
command: >-
gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null
--keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/debian-{{ install_codename }}.gpg"
--verify "{{ debian_installer_target_dir }}/Release.gpg" "{{ debian_installer_target_dir }}/Release"
changed_when: False
register: debian_installer_gpg_result
- debug:
var: debian_installer_gpg_result.stderr_lines
- name: extract checksum file hash from Release file
command: grep -E "^ [0-9a-z]{64} .* main/installer-{{ debian_installer_arch }}/current/{{ [debian_installer_distro, debian_installer_codename] | di_images_path }}/SHA256SUMS$" "{{ debian_installer_target_dir }}/Release"
changed_when: false
register: debian_installer_release_sha256
- name: download SHA256SUMS
get_url:
url: "{{ debian_installer_base_url }}/SHA256SUMS"
dest: "{{ debian_installer_target_dir }}/SHA256SUMS"
checksum: "sha256:{{ (debian_installer_release_sha256.stdout | trim).split(' ') | first }}"
force: "{{ debian_installer_force_download }}"
|