Переглянути джерело

added SHA check for tarsnap

Paul DeBruicker 11 роки тому
джерело
коміт
9493ebd9a5

+ 32
- 2
roles/tarsnap/tasks/tarsnap.yml Переглянути файл

@@ -5,9 +5,39 @@
5 5
     - zlib1g-dev
6 6
     - e2fslibs-dev
7 7
 
8
+- name: Download the current tarsnap code signing key
9
+  get_url:
10
+    url=https://www.tarsnap.com/tarsnap-signing-key.asc
11
+    dest=/root/tarsnap-signing-key.asc
12
+
13
+- name: Add the tarsnap code signing key to your list of keys
14
+  command:
15
+    gpg --import tarsnap-signing-key.asc
16
+    chdir=/root/
17
+    
18
+- name: Download tarsnap SHA file
19
+  get_url:
20
+    url="https://www.tarsnap.com/download/tarsnap-sigs-{{tarsnap_version}}.asc"
21
+    dest="/root/tarsnap-sigs-{{tarsnap_version}}.asc"
22
+    
23
+- name: Make the command that gets the current sha
24
+  template:
25
+    src=getSha.sh
26
+    dest=/root/getSha.sh
27
+    mode=0755
28
+    
29
+- name: get the SHA256sum for this tarsnap release
30
+  command:
31
+    ./getSha.sh
32
+    chdir=/root
33
+  register: tarsnap_sha
34
+  
8 35
 - name: Download Tarsnap source
9
-  get_url: url=https://www.tarsnap.com/download/tarsnap-autoconf-${tarsnap_version}.tgz dest=/root/tarsnap-autoconf-${tarsnap_version}.tgz
10
-  #sha256sum=14c0172afac47f5f7cbc58e6442a27a0755685711f9d1cec4195c4f457053811
36
+  get_url:
37
+    url="https://www.tarsnap.com/download/tarsnap-autoconf-{{tarsnap_version}}.tgz"
38
+    dest="/root/tarsnap-autoconf-{{tarsnap_version}}.tgz"
39
+    sha256sum={{tarsnap_sha.stdout_lines[0]}}
40
+    
11 41
 
12 42
 - name: Decompress Tarsnap source
13 43
   command: tar xzf /root/tarsnap-autoconf-${tarsnap_version}.tgz chdir=/root creates=/root/tarsnap-autoconf-${tarsnap_version}/COPYING

+ 5
- 0
roles/tarsnap/templates/getSha.sh Переглянути файл

@@ -0,0 +1,5 @@
1
+#!/bin/bash
2
+gpgResult=`gpg --decrypt tarsnap-sigs-{{tarsnap_version}}.asc`
3
+sha=${gpgResult#*=}
4
+echo $sha > /root/tarsnapSha
5
+echo $sha

Завантаження…
Відмінити
Зберегти