add verification
This commit is contained in:
parent
41c60409e5
commit
0dcbc32512
@ -54,7 +54,11 @@
|
|||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
|
|
||||||
# TODO verify checksum with cosign (need to be installed (dependency))
|
- name: Verify Certificate
|
||||||
|
command: "COSIGN_EXPERIMENTAL=1 cosign verify-blob --certificate /tmp/caddy_{{ caddy_version }}_checksums.txt.pem --signature /tmp/caddy_{{ caddy_version }}_checksums.txt.sig /tmp/caddy_{{ caddy_version }}_checksums.txt"
|
||||||
|
register: _caddy_cosign_key_status
|
||||||
|
changed_when: false
|
||||||
|
failed_when: _caddy_cosign_key_status.rc not in (0, 2)
|
||||||
|
|
||||||
- name: Unpack caddy binary
|
- name: Unpack caddy binary
|
||||||
unarchive:
|
unarchive:
|
||||||
|
Loading…
Reference in New Issue
Block a user