feat: Backport to v1.7.12: Implement CRI image verification plugin system

Protobuild.toml

@@ -19,6 +19,7 @@ prefixes = [
     "github.com/containerd/containerd/runtime/v1/shim/v1",
     "github.com/containerd/containerd/api/runtime/task/v2",
     "github.com/containerd/containerd/api/runtime/sandbox/v1",
+    "github.com/containerd/containerd/pkg/cri/server/imageverifier/v1",
 ]
 generators = ["go", "go-ttrpc"]
 

docs/cri/config.md

@@ -436,6 +436,16 @@ version = 2
     # * Containerd imgcrypt: https://github.com/containerd/imgcrypt
     key_model = "node"
 
+  # 'plugins."io.containerd.grpc.v1.cri".image_verification' contains config related
+  # to handling runtime verification of container images.
+  [plugins."io.containerd.grpc.v1.cri".image_verification]
+    # address specifies address of the TTRPC plugin handing image verification
+    # requests.
+    #
+    # Omission of this field defaults to the empty string "", which disables
+    # image verification.
+    address = ""
+
   # 'plugins."io.containerd.grpc.v1.cri".registry' contains config related to
   # the registry
   [plugins."io.containerd.grpc.v1.cri".registry]

pkg/cri/config/config.go

@@ -268,6 +268,17 @@ type ImageDecryption struct {
 	KeyModel string `toml:"key_model" json:"keyModel"`
 }
 
+// ImageVerification contains configuration related to runtime verification of
+// container images.
+type ImageVerification struct {
+	// Address specifies address of the TTRPC plugin handing image verification
+	// requests.
+	//
+	// Details of field usage can be found in:
+	// https://github.com/containerd/containerd/tree/main/docs/cri/config.md
+	Address string `toml:"address" json:"address"`
+}
+
 // PluginConfig contains toml config related to CRI plugin,
 // it is a subset of Config.
 type PluginConfig struct {
@@ -279,6 +290,8 @@ type PluginConfig struct {
 	Registry Registry `toml:"registry" json:"registry"`
 	// ImageDecryption contains config related to handling decryption of encrypted container images
 	ImageDecryption `toml:"image_decryption" json:"imageDecryption"`
+	// ImageVerification contains config related to runtime verification of container images
+	ImageVerification `toml:"image_verification" json:"imageVerification"`
 	// DisableTCPService disables serving CRI on the TCP server.
 	DisableTCPService bool `toml:"disable_tcp_service" json:"disableTCPService"`
 	// StreamServerAddress is the ip address streaming server is listening on.

pkg/cri/server/image_pull.go

@@ -46,11 +46,14 @@ import (
 	"github.com/containerd/containerd/pkg/cri/annotations"
 	criconfig "github.com/containerd/containerd/pkg/cri/config"
 	crilabels "github.com/containerd/containerd/pkg/cri/labels"
+	"github.com/containerd/containerd/pkg/cri/server/imageverifier/v1"
+	"github.com/containerd/containerd/pkg/dialer"
 	snpkg "github.com/containerd/containerd/pkg/snapshotters"
 	distribution "github.com/containerd/containerd/reference/docker"
 	"github.com/containerd/containerd/remotes/docker"
 	"github.com/containerd/containerd/remotes/docker/config"
 	"github.com/containerd/containerd/tracing"
+	"github.com/containerd/ttrpc"
 )
 
 // For image management:
@@ -156,6 +159,18 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest)
 		tracing.Attribute("snapshotter.name", snapshotter),
 	)
 
+	if vAddr := c.config.ImageVerification.Address; vAddr != "" {
+		vctx, vcancel := context.WithTimeout(ctx, 1*time.Second)
+		defer vcancel()
+		conn, err := dialer.ContextDialer(vctx, "unix://"+vAddr)
+		if err != nil {
+			return nil, fmt.Errorf("failed to connect to image verification plugin: %w", err)
+		}
+		defer conn.Close()
+		client := imageverifier.NewImageVerifierClient(ttrpc.NewClient(conn))
+		resolver = NewVerifyingResolver(resolver, client)
+	}
+
 	labels := c.getLabels(ctx, ref)
 
 	pullOpts := []containerd.RemoteOpt{

pkg/cri/server/image_verifier.go

@@ -0,0 +1,85 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/containerd/containerd/log"
+	"github.com/containerd/containerd/pkg/cri/server/imageverifier/v1"
+	"github.com/containerd/containerd/remotes"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/sirupsen/logrus"
+)
+
+type verifyingResolver struct {
+	wrapped  remotes.Resolver
+	verifier imageverifier.ImageVerifierService
+}
+
+func NewVerifyingResolver(wrapped remotes.Resolver, verifier imageverifier.ImageVerifierService) remotes.Resolver {
+	return &verifyingResolver{
+		wrapped:  wrapped,
+		verifier: verifier,
+	}
+}
+
+func (r *verifyingResolver) Resolve(ctx context.Context, ref string) (name string, desc ocispec.Descriptor, err error) {
+	name, desc, err = r.wrapped.Resolve(ctx, ref)
+	if err != nil {
+		return "", ocispec.Descriptor{}, err
+	}
+
+	digest := desc.Digest.String()
+
+	rlog := log.G(ctx).WithFields(logrus.Fields{
+		"req.name":   name,
+		"req.digest": digest,
+	})
+	rlog.Info("Verifying image ref")
+
+	resp, err := r.verifier.VerifyImage(ctx, &imageverifier.VerifyImageRequest{
+		ImageName:   name,
+		ImageDigest: digest,
+	})
+	if err != nil {
+		rlog.WithError(err).Error("Failed to verify image, blocking pull")
+		return "", ocispec.Descriptor{}, fmt.Errorf("VerifyImage RPC failed: %w", err)
+	}
+
+	rlog = rlog.WithFields(logrus.Fields{
+		"resp.ok":     resp.Ok,
+		"resp.reason": resp.Reason,
+	})
+
+	if !resp.Ok {
+		rlog.Warn("Image verifier blocked pull")
+		return "", ocispec.Descriptor{}, fmt.Errorf("image verifier blocked pull of %v with digest %v for reason: %v", ref, digest, resp.Reason)
+	}
+
+	rlog.Info("Image verifier allowed pull")
+	return name, desc, err
+}
+
+func (r *verifyingResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) {
+	return r.wrapped.Fetcher(ctx, ref)
+}
+
+func (r *verifyingResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher, error) {
+	return r.wrapped.Pusher(ctx, ref)
+}

pkg/cri/server/imageverifier/v1/doc.go

@@ -0,0 +1,17 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package imageverifier