moved cmd to vars/

signature 0644
lucab85 · Dec 23, 2021 · a1d3ce9 · a1d3ce9
1 parent bbc0f59
commit a1d3ce9
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 14 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -7,6 +7,7 @@ detector_path: "/var/"
 detector_dir: "/tmp/cve-2021-44228/"
 detector_run_dir: 'tmp'
 detector_options: '-n -d --no-progress --scan {{ detector_path }}'
+gpg_keyid: '7514F77D8366B0D9'
 clean_run_before: true
 delete_after: true
 verify_gpg: true
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -14,16 +14,22 @@
     state: directory
     mode: '0644'
 
-- name: download detector file(s)
+- name: download detector file
   ansible.builtin.get_url:
-    url: "{{ detector_baseurl }}{{ item }}"
-    dest: "{{ detector_dir }}{{ item }}"
+    url: "{{ detector_baseurl }}{{ sh_detector }}"
+    dest: "{{ detector_dir }}{{ sh_detector }}"
     mode: '0755'
     owner: root
     group: root
-  with_items:
-    - '{{ sh_detector }}'
-    - '{{ sh_signature }}'
+
+- name: download detector signature
+  ansible.builtin.get_url:
+    url: "{{ detector_baseurl }}{{ sh_signature }}"
+    dest: "{{ detector_dir }}{{ sh_signature }}"
+    mode: '0644'
+    owner: root
+    group: root
+  when: verify_gpg
 
 - name: gpg public key
   ansible.builtin.command: '{{ gpg_public_key }}'
@@ -32,9 +38,7 @@
     - molecule-idempotence-notest
 
 - name: gpg verify detector
-  ansible.builtin.command: >
-    'gpg --verify {{ detector_dir }}{{ sh_signature }}
-    {{ detector_dir }}{{ sh_detector }}'
+  ansible.builtin.command: '{{ gpg_verify }}'
   when: verify_gpg
   tags:
     - molecule-idempotence-notest
@@ -52,9 +56,7 @@
     mode: '0644'
 
 - name: run detector/scanner
-  ansible.builtin.command: >
-    '{{ detector_dir }}{{ sh_detector }} {{ detector_options }}
-    --tmp {{ detector_dir }}{{ detector_run_dir }}'
+  ansible.builtin.command: '{{ detector_cmd }}'
   tags:
     - molecule-idempotence-notest
 

diff --git a/vars/main.yml b/vars/main.yml
@@ -1,4 +1,8 @@
 ---
-gpg_keyid: '7514F77D8366B0D9'
 gpg_public_key: 'gpg --keyserver pgp.mit.edu --recv {{ gpg_keyid }}'
-gpg_verify: 'gpg --verify {{ detector_dir }}{{ sh_signature }} {{ detector_dir }}{{ sh_detector }}'
+gpg_verify: >
+  'gpg --verify {{ detector_dir }}{{ sh_signature }}
+  {{ detector_dir }}{{ sh_detector }}'
+detector_cmd: >
+  '{{ detector_dir }}{{ sh_detector }} {{ detector_options }}
+  --tmp {{ detector_dir }}{{ detector_run_dir }}'