Skip to content
This repository has been archived by the owner on Feb 28, 2023. It is now read-only.

Commit

Permalink
Improve signature verification in case of missing file
Browse files Browse the repository at this point in the history
  • Loading branch information
@JGoutin
JGoutin committed Jun 30, 2021
1 parent 56684ea commit b5683b8
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 15 deletions.
11 changes: 5 additions & 6 deletions tasks/aws.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,18 +21,18 @@
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- xrt_package_sig.state is defined

- name: Verify XRT AWS package signature
command: "gpg --verify {{ aws_package }}.sig {{ aws_package }}"
args:
chdir: "{{ xrt_tmp.path }}"
changed_when: false
failed_when: _aws_sig.rc != 0 and "could not be verified." not in _aws_sig.stderr
register: _aws_sig
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- aws_package_sig.changed
- aws_package_sig.state is defined

- name: Download XRT AWS package checksum
get_url:
Expand All @@ -43,19 +43,18 @@
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- not aws_package_sig.changed
- aws_package_sig.state is not defined
- xrt_package_digests.state is defined

- name: Verify XRT AWS package checksum
command: sha512sum -c {{ xrt_package }}.digests
args:
chdir: "{{ xrt_tmp.path }}"
changed_when: false
failed_when: _aws_sum.rc != 0 and "Failed to get nevra" not in _aws_sum.stdout
register: _aws_sum
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- aws_package_digests.changed
- aws_package_digests.state is defined

- name: Ensure AWS XRT DEB package is installed
package:
Expand Down
15 changes: 6 additions & 9 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- xrt_package_sig.changed
- xrt_package_sig.state is defined

- name: Download Xilinx master signing key
get_url:
Expand All @@ -72,26 +72,25 @@
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- xrt_package_sig.changed
- xrt_package_sig.state is defined

- name: Ensure Xilinx master signing key is imported in GPG
command: "gpg --import {{ xrt_tmp.path }}/xilinx-master-signing-key.asc"
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- xrt_package_sig.changed
- xrt_package_sig.state is defined

- name: Verify XRT package signature
command: "gpg --verify {{ xrt_package }}.sig {{ xrt_package }}"
args:
chdir: "{{ xrt_tmp.path }}"
changed_when: false
failed_when: _xrt_sig.rc != 0 and "could not be verified." not in _xrt_sig.stderr
register: _xrt_sig
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- xrt_package_sig.changed
- xrt_package_sig.state is defined

- name: Download XRT package checksum
get_url:
Expand All @@ -102,19 +101,17 @@
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- not xrt_package_sig.changed
- xrt_package_sig.state is not defined

- name: Verify XRT package checksum
command: sha512sum -c {{ xrt_package }}.digests
args:
chdir: "{{ xrt_tmp.path }}"
changed_when: false
failed_when: _xrt_sum.rc != 0 and "Failed to get nevra" not in _xrt_sum.stdout
register: _xrt_sum
when:
- xilinx_xrt_install | bool
- not xbutil.stat.exists
- xrt_package_digests.changed
- xrt_package_digests.state is defined

- name: Ensure EPEL repository is installed
yum:
Expand Down

0 comments on commit b5683b8

Please sign in to comment.