159 lines
5.0 KiB
YAML
159 lines
5.0 KiB
YAML
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
|
# localhost
|
|
---
|
|
- name: "DEBUG: ansible-gentoo_install tarball"
|
|
debug:
|
|
verbosity: 1
|
|
msg: "DEBUG: ansible-gentoo_install tarball"
|
|
|
|
- name: test we are NOT in the chroot
|
|
shell: |
|
|
[ -n "{{AGI_NBD_MP}}" ] || exit 2
|
|
[ -d "{{AGI_NBD_MP}}" ] || exit 3
|
|
check_mode: false
|
|
|
|
- name: check files dir
|
|
environment: "{{shell_env}}"
|
|
shell: |
|
|
AGI_NBD_FILES="{{AGI_NBD_FILES}}"
|
|
[ -n "$AGI_NBD_FILES" ] || exit 1
|
|
[ -d "$AGI_NBD_FILES" ] || exit 2
|
|
|
|
- name: determine latest stage tarball
|
|
environment: "{{proxy_env}}"
|
|
uri:
|
|
url: "{{ AGI_install_baseurl }}{{ AGI_install_latest_stage_pointer }}"
|
|
return_content: yes
|
|
dest: "{{AGI_NBD_FILES}}/latest-stage3-amd64-openrc.txt"
|
|
creates: "{{AGI_NBD_FILES}}/latest-stage3-amd64-openrc.txt"
|
|
register: latest_stage
|
|
|
|
- name: read tarball
|
|
environment: "{{shell_env}}"
|
|
shell: |
|
|
AGI_NBD_FILES="{{AGI_NBD_FILES}}"
|
|
filename=$(grep ^stage "$AGI_NBD_FILES/latest-stage3-amd64-openrc.txt" | \
|
|
sed -e 's/ .*//' ) ;
|
|
suffix=$(echo $filename | sed -e 's/.*\././' );
|
|
prefix=$(echo $filename | sed -e "s/$suffix//" );
|
|
echo $filename
|
|
register: tarball_out
|
|
|
|
- set_fact:
|
|
latest_stage_tarball_url_suffix: "{{ ( latest_stage.content.splitlines() | reject('match', '#') | first ).split(' ')[0] }}"
|
|
latest_stage_tarball: "{{ ( latest_stage.content.splitlines() | reject('match', '#') | first ).split(' ')[0].split('/')[1] }}"
|
|
when:
|
|
- not ansible_check_mode
|
|
- false
|
|
|
|
- set_fact:
|
|
latest_stage_tarball_url_suffix: "{{tarball_out.stdout}}"
|
|
# there's not directory now
|
|
latest_stage_tarball: "{{tarball_out.stdout}}"
|
|
latest_portage_tarball: portage-20231223.tar.xz
|
|
when:
|
|
- not ansible_check_mode
|
|
- tarball_out.rc|default(1) == 0
|
|
|
|
- name: fetch latest stage tarball
|
|
environment: "{{proxy_env}}"
|
|
delegate_to: localhost
|
|
uri:
|
|
url: "{{ item.url }}"
|
|
dest: "{{ item.dest }}"
|
|
creates: "{{ item.creates }}"
|
|
with_items:
|
|
-
|
|
url: "{{ AGI_install_baseurl }}{{ latest_stage_tarball_url_suffix }}"
|
|
dest: "{{AGI_NBD_FILES}}/{{ latest_stage_tarball }}"
|
|
creates: "{{AGI_NBD_FILES}}/{{ latest_stage_tarball }}"
|
|
-
|
|
url: "{{ AGI_install_baseurl }}{{ latest_stage_tarball_url_suffix }}.sha256"
|
|
dest: "{{AGI_NBD_FILES}}/{{ latest_stage_tarball }}.sha256"
|
|
creates: "{{AGI_NBD_FILES}}/{{ latest_stage_tarball }}.sha256"
|
|
when:
|
|
- not ansible_check_mode
|
|
|
|
- name: check stage tarball
|
|
environment: "{{shell_env}}"
|
|
shell: |
|
|
cd "{{AGI_NBD_FILES}}" || exit 1
|
|
sha256sum "{{ latest_stage_tarball }}.sha256"
|
|
when:
|
|
- not ansible_check_mode
|
|
|
|
- name: extract stage tarball
|
|
unarchive:
|
|
src: "{{AGI_NBD_FILES}}/{{ latest_stage_tarball }}"
|
|
dest: "{{AGI_NBD_MP}}"
|
|
remote_src: no
|
|
creates: "{{AGI_NBD_MP}}/var"
|
|
|
|
- name: fetch latest portage tarball
|
|
environment: "{{proxy_env}}"
|
|
delegate_to: localhost
|
|
uri:
|
|
url: "{{ AGI_install_baseurl }}{{ latest_portage_tarball }}"
|
|
dest: "{{AGI_NBD_FILES}}/{{ latest_portage_tarball }}"
|
|
creates: "{{AGI_NBD_FILES}}/{{ latest_portage_tarball }}"
|
|
|
|
|
|
- name: test portage tarball
|
|
environment: "{{shell_env}}"
|
|
shell: |
|
|
cd "{{AGI_NBD_FILES}}"
|
|
md5sum -c "{{ latest_portage_tarball }}.md5sum"
|
|
|
|
- name: test gpg not GENTOO
|
|
environment: "{{shell_env}}"
|
|
shell: |
|
|
# E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
|
|
[ -f /usr/local/share/openpgp-keys/gentoo-release.asc ] || exit 1
|
|
gpg --list-keys | grep E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 || \
|
|
gpg --import /usr/local/share/openpgp-keys/gentoo-release.asc || exit 2
|
|
when:
|
|
- "ansible_distribution != 'Gentoo'"
|
|
|
|
- name: test gpg GENTOO
|
|
shell: |
|
|
# E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
|
|
[ -f /usr/share/openpgp-keys/gentoo-release.asc ] || \
|
|
box_gentoo_emerge.bash sec-keys/openpgp-keys-gentoo-release || exit 1
|
|
gpg --list-keys | grep E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 || \
|
|
gpg --import /usr/share/openpgp-keys/gentoo-release.asc || exit 2
|
|
when:
|
|
- "ansible_distribution == 'Gentoo'"
|
|
|
|
- name: gpg keys system
|
|
# Option --keyserver must be used to
|
|
environment: "{{proxy_env}}"
|
|
shell: |
|
|
/usr/bin/gpg --list-keys | grep "{{ item.uid }}" || \
|
|
/usr/bin/gpg --recv-keys \
|
|
--keyserver "{{ AGI_GPG_SERVER }}" "{{ item.uid }}"
|
|
with_items: "{{ agi_gpg_keys_system }}"
|
|
when:
|
|
- agi_gpg_keys_system|length > 0
|
|
- BASE_ARE_CONNECTED|default('') != ''
|
|
# FixMe:
|
|
ignore_errors: true
|
|
|
|
- name: test portage tarball gpg our copy
|
|
environment: "{{shell_env}}"
|
|
shell: |
|
|
# E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
|
|
gpg --list-keys | grep E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 || exit 2
|
|
gpg --verify "{{AGI_NBD_FILES}}/{{ latest_portage_tarball }}.gpgsig" \
|
|
"{{AGI_NBD_FILES}}/{{ latest_portage_tarball }}" || exit 3$?
|
|
# FixMe:
|
|
ignore_errors: true
|
|
|
|
- name: extract portage tarball
|
|
unarchive:
|
|
src: "{{AGI_NBD_FILES}}/{{ latest_portage_tarball }}"
|
|
dest: "{{AGI_NBD_MP}}/usr"
|
|
remote_src: no
|
|
creates: "{{AGI_NBD_MP}}/usr/portage"
|
|
|
|
|