--- - name: Download NginX become: true ansible.builtin.get_url: url: "{{ nginx_download }}" dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz" owner: root group: root mode: 0644 - name: Download NginX signature become: true ansible.builtin.get_url: url: "{{ nginx_download }}.asc" dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc" owner: root group: root mode: 0644 - name: Download NginX GPG Key become: true ansible.builtin.get_url: url: "{{ nginx_gpg_key }}" dest: "/srv/checkout/nginx_{{ nginx_version }}_signing.key" owner: root group: root mode: 0644 - name: Download NginX GPG Key 2 become: true ansible.builtin.get_url: url: "{{ nginx_gpg_key2 }}" dest: "/srv/checkout/nginx_{{ nginx_version }}_2_signing.key" owner: root group: root mode: 0644 - name: Install gpg2 become: true ansible.builtin.package: name: - gnupg2 state: present - name: Import GPG key 2 ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_2_signing.key" register: import_key ignore_errors: true - name: Import GPG key ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_signing.key" register: import_key ignore_errors: true - name: Verify GPG signature ansible.builtin.command: "gpg2 --verify /srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc /srv/checkout/nginx_{{ nginx_version }}.tar.gz" register: verify_gpg failed_when: verify_gpg.rc not in [0, 1] - name: Create compile folder become: true ansible.builtin.file: owner: root group: root state: directory path: "/srv/checkout/nginx_{{ nginx_version }}/" mode: 0755 - name: Extract tar.gz file become: true ansible.builtin.unarchive: src: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz" dest: "/srv/checkout/nginx_{{ nginx_version }}/" remote_src: true extra_opts: ['--strip-components=1'] owner: root group: root mode: 'u=rwX,g=rX,o=' when: verify_gpg.rc == 0 - name: Verify failed notification ansible.builtin.fail: msg: 'GPG Verification failed' when: verify_gpg.rc == 1