---
- name: download latest
  ansible.builtin.get_url:
    url: "{{ base_url }}/latest-{{ tarball_variant }}.txt"
    dest: "/mnt/gentoo/tmp/latest-{{ tarball_variant }}.txt" # required for if-modified
  register: res_latest
  tags: 
    - rootfs

- name: verify latest
  ansible.builtin.command:
    cmd: "gpg --verify /mnt/gentoo/tmp/latest-{{ tarball_variant }}.txt"
  tags: 
    - rootfs
    - download

- name: set tarball fact
  ansible.builtin.shell: |
    sed '/^---.*BEGIN.*SIGNATURE/,/^---.END.*SIGNATURE/d; /^#\|^$/d; s, .*,,g; 3,$p' -n /mnt/gentoo/tmp/latest-{{ tarball_variant }}.txt
  register: tarball_rel_url
  tags: 
    - rootfs

- name: download sha256
  ansible.builtin.get_url:
    url: "{{ base_url }}/{{ item.rel_url }}"
    dest: "/mnt/gentoo/tmp/{{ item.rel_url | basename }}" # required for if-modified
  when: res_latest.changed
  tags: 
    - rootfs
    - download
  loop:
    - rel_url: "{{ tarball_rel_url.stdout }}.sha256"

- name: verify sha256
  ansible.builtin.command:
    cmd: "gpg --verify /mnt/gentoo/tmp/{{ tarball_rel_url.stdout | basename }}.sha256"
  tags: 
    - rootfs
    - download

- name: download tarball
  ansible.builtin.get_url:
    url: "{{ base_url }}/{{ item.rel_url }}"
    dest: "/mnt/gentoo/tmp/{{ item.rel_url | basename }}" # required for if-modified
  when: res_latest.changed
  tags: 
    - rootfs
    - download
  loop:
    - rel_url: "{{ tarball_rel_url.stdout }}"
      checksum: "sha256:/mnt/gentoo/tmp/{{ tarball_rel_url.stdout }}.sha256"

- name: unpack
  ansible.builtin.command: "tar xpf /mnt/gentoo/tmp/{{ tarball_rel_url.stdout | basename }} --xattrs-include='*.*' --numeric-owner -C /mnt/gentoo"
  when: res_latest.changed
  tags: 
    - rootfs
    - unpack