summaryrefslogtreecommitdiff
path: root/roles/installer/debian/fetch/tasks/verify-ubuntu.yml
blob: e7cff3aedc8c5a1b837defa3beeed597094ef886 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
- name: download SHA256SUMS and signature file
  loop:
    - SHA256SUMS
    - SHA256SUMS.gpg
  get_url:
    url: "{{ debian_installer_base_url }}/{{ item }}"
    dest: "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/{{ item }}"

- name: verfiy signature of SHA256SUMS.gpg file
  command: >-
    gpg --no-options --trust-model always --no-default-keyring  --secret-keyring /dev/null
        --keyring "{{ installer_keyrings_path | default(installer_base_path+'/keyrings') }}/ubuntu-archive.gpg"
        --verify "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS.gpg"
        "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
  changed_when: False
  register: debian_installer_gpg_result

- debug:
    var: debian_installer_gpg_result.stderr_lines

- name: extract kernel image hash from SHA256SUMS
  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/{{ debian_installer_variant_kernal_image_name }}$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
  changed_when: false
  register: debian_installer_sha256sums_kernel

- name: extract inital ramdisk hash from SHA256SUMS
  command: grep -E "^[0-9a-z]{64}\s+(./)?{{ debian_installer_variant_path }}/initrd.gz$" "{{ installer_base_path }}/{{ debian_installer_distro }}-{{ debian_installer_codename }}/{{ debian_installer_arch }}-{{ debian_installer_variant }}/SHA256SUMS"
  changed_when: false
  register: debian_installer_sha256sums_initrd

- name: set checksum variables
  set_fact:
    debian_installer_kernel_checksum: "sha256:{{ debian_installer_sha256sums_kernel.stdout.split(' ') | first }}"
    debian_installer_initrd_checksum: "sha256:{{ debian_installer_sha256sums_initrd.stdout.split(' ') | first }}"