add verification
This commit is contained in:
parent
41c60409e5
commit
0dcbc32512
@ -54,7 +54,11 @@
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
# TODO verify checksum with cosign (need to be installed (dependency))
|
||||
- name: Verify Certificate
|
||||
command: "COSIGN_EXPERIMENTAL=1 cosign verify-blob --certificate /tmp/caddy_{{ caddy_version }}_checksums.txt.pem --signature /tmp/caddy_{{ caddy_version }}_checksums.txt.sig /tmp/caddy_{{ caddy_version }}_checksums.txt"
|
||||
register: _caddy_cosign_key_status
|
||||
changed_when: false
|
||||
failed_when: _caddy_cosign_key_status.rc not in (0, 2)
|
||||
|
||||
- name: Unpack caddy binary
|
||||
unarchive:
|
||||
|
Loading…
Reference in New Issue
Block a user