This addresses a security issue where an attacker with a key that GnuPG
considers valid (but doesn't claim to be LEDE's) can get their signature
accepted on malicious files.
This should also solve the issue equinox had with key validity.
dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
- name: Check OpenPGP signature
dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
- name: Check OpenPGP signature
- command: gpg --verify "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
+ command: >-
+ gpg2 --no-options --no-default-keyring --secret-keyring /dev/null
+ --verify --keyring "{{ role_path }}/openwrt-keyring.gpg"
+ --trust-model always
+ "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
changed_when: False
- name: Extract SHA256 hash of the imagebuilder archive
changed_when: False
- name: Extract SHA256 hash of the imagebuilder archive