roles/installer/debian/fetch/tasks/verify-ubuntu.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

---
- name: download SHA256SUMS and signature file
  loop:
    - SHA256SUMS
    - SHA256SUMS.gpg
  get_url:
    url: "{{ debian_installer_base_url }}/{{ item }}"
    dest: "{{ debian_installer_target_dir }}/{{ item }}"
    force: "{{ debian_installer_force_download }}"

- name: verfiy signature of SHA256SUMS.gpg file
  command: >-
    gpg --no-options --trust-model always --no-default-keyring  --secret-keyring /dev/null
        --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-archive.gpg"
        --verify "{{ debian_installer_target_dir }}/SHA256SUMS.gpg" "{{ debian_installer_target_dir }}/SHA256SUMS"
  changed_when: False
  register: debian_installer_gpg_result

- debug:
    var: debian_installer_gpg_result.stderr_lines