Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content
Snippets Groups Projects
Commit f1c29d1b authored by Jean-François HOVINNE's avatar Jean-François HOVINNE
Browse files

feat: Verify task binary integrity (fixes #11)

parent 1531302e
No related branches found
No related tags found
1 merge request!12feat: Verify task binary integrity (fixes #11)
# Releases
## 1.7.x
- Task binary integrity is also verified (in addition to the downloaded archive).
## 1.6.x
- Task v3.x updates.
......
---
task_version: 3.15.2
task_download_url: "https://github.com/go-task/task/releases/download/v{{ task_version }}/task_linux_amd64.tar.gz"
task_checksum: "sha256:9358ee7a8dfe63f6ec9f06d26a0ca97ff13bc8d18a983367cdd0ab9bd2611bd4"
task_archive_checksum: "sha256:9358ee7a8dfe63f6ec9f06d26a0ca97ff13bc8d18a983367cdd0ab9bd2611bd4"
task_binary_checksum: "091087a5fba168fc17be12f7f623a46296f2bd74c2ff424bbbabb34534c18598"
task_install_basedir: "/opt/task"
task_install_path: "{{ task_install_basedir }}/{{ task_version }}"
task_bin: "/usr/local/bin/task"
......@@ -13,7 +13,7 @@
url: "{{ task_download_url }}"
dest: /tmp/task.tar.gz
mode: 0655
checksum: "{{ task_checksum }}"
checksum: "{{ task_archive_checksum }}"
changed_when: false
- name: Extract task archive
......@@ -41,3 +41,14 @@
state: link
force: true
become: true
- name: Stat task binary checksum
ansible.builtin.stat:
path: "{{ task_install_path }}/task"
checksum_algorithm: sha256
register: st
- name: Verify task binary checksum
ansible.builtin.fail:
msg: "Checksum verification failed, was the Task binary modified?"
when: st.stat.checksum != task_binary_checksum
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment