Add option to not overwrite existing images to `download` subcommand

[napaalm]

Feature Request

Desired Feature

When running CoreOS as a VM on QEMU, I might want to automatically download the latest version of the system image before provisioning it. The problem is that I don't want an existing image to be overwritten if I already have the latest version, because another (running) VM might be using it as a backing_store.

Other Information

I'm currently writing an automated script to deploy Fedora CoreOS virtual machines on RHEL 9.3 using (among other tools) coreos-installer 0.17.0.

[napaalm]

I guess enabling this option could still verify the signature to ensure the existing file is correct.

[jlebon]

coreos-installer download already knows to not re-download an image if it already exists and in that case goes straight to signature verification.

However, that logic does not work if the image has already been decompressed (either manually or via the -d option) because signature verification is against the compressed artifact. So it redownloads, reverifies and redecompresses, happily clobbering any existing file.

We have access to the expected checksum so we could instead checksum the existing file, but our metadata isn't currently signed. We could add a e.g. --no-clobber flag though it'd be awkward that it only applies to the decompressed case. I think the proper fix is to just sign our metadata (which we should do anyway).

For now though, if you're scripting this anyway, you could also query the stream metadata and compare the filename or version yourself.