add verification

This commit is contained in:
Lennard Brinkhaus 2022-12-11 02:11:46 +01:00
parent 41c60409e5
commit 0dcbc32512
Signed by: lennard.brinkhaus
GPG Key ID: 286421EC53998B22

View File

@ -54,7 +54,11 @@
retries: 5
delay: 2
# TODO verify checksum with cosign (need to be installed (dependency))
- name: Verify Certificate
command: "COSIGN_EXPERIMENTAL=1 cosign verify-blob --certificate /tmp/caddy_{{ caddy_version }}_checksums.txt.pem --signature /tmp/caddy_{{ caddy_version }}_checksums.txt.sig /tmp/caddy_{{ caddy_version }}_checksums.txt"
register: _caddy_cosign_key_status
changed_when: false
failed_when: _caddy_cosign_key_status.rc not in (0, 2)
- name: Unpack caddy binary
unarchive: