flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Move gpg verification to handlers

Browse source
This commit is contained in:
flyingscorpio@clevo 2022-04-09 11:04:23 +02:00
parent 42d3c7eb40
commit 7441940baa
2 changed files with 21 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
roles/gitea/handlers/main.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Verify downloaded binary - Receive gitea pgp key
command: gpg --keyserver hkps://keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
register: result
changed_when: '"not changed" not in result.stderr'
- name: Verify downloaded binary - Download asc file
get_url:
url: "https://dl.gitea.io/gitea/{{ gitea_binary.json.latest.version }}/gitea-{{ gitea_binary.json.latest.version }}-linux-{{ gitea_binary_arch }}.asc"
dest: "/tmp/gitea-{{ gitea_binary.json.latest.version }}.asc"
- name: Verify downloaded binary - Verify with gpg
command: "gpg --verify /tmp/gitea-{{ gitea_binary.json.latest.version }}.asc /home/git/gitea-{{ gitea_binary.json.latest.version }}"
register: result
failed_when: '"Good signature from" not in result.stderr'

20
roles/gitea/tasks/main.yml
View file

@ -95,21 +95,13 @@
owner: git
group: git
mode: 0664
notify:
- Verify downloaded binary - Receive gitea pgp key
- Verify downloaded binary - Download asc file
- Verify downloaded binary - Verify with gpg
- name: Verify downloaded binary - download asc file
get_url:
url: "https://dl.gitea.io/gitea/{{ gitea_binary.json.latest.version }}/gitea-{{ gitea_binary.json.latest.version }}-linux-{{ gitea_binary_arch }}.asc"
dest: "/tmp/gitea-{{ gitea_binary.json.latest.version }}.asc"
- name: Verify downloaded binary - recv pgp key
command: gpg --keyserver hkps://keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
register: result
changed_when: '"not changed" not in result.stderr'
- name: Verify downloaded binary - verify with gpg
command: "gpg --verify /tmp/gitea-{{ gitea_binary.json.latest.version }}.asc /home/git/gitea-{{ gitea_binary.json.latest.version }}"
register: result
failed_when: '"Good signature from" not in result.stderr'
- name: Verify downloaded binary
meta: flush_handlers
- name: Copy gitea binary to global location
become: true