From e90ad8614be27f37409c20b36216d18f0f98fe24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 18 Jul 2023 20:22:22 +0200 Subject: [PATCH 1/3] Use globalOptions.getPolicyContext instead of an image-targeted SystemContext MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This automatically the global --policy-path and --insecure-policy options, which don't affect h.sysctx. Signed-off-by: Miloslav Trmač --- cmd/skopeo/proxy.go | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/cmd/skopeo/proxy.go b/cmd/skopeo/proxy.go index caf40265..6c2b1235 100644 --- a/cmd/skopeo/proxy.go +++ b/cmd/skopeo/proxy.go @@ -75,7 +75,6 @@ import ( "github.com/containers/image/v5/manifest" ocilayout "github.com/containers/image/v5/oci/layout" "github.com/containers/image/v5/pkg/blobinfocache" - "github.com/containers/image/v5/signature" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" @@ -268,15 +267,11 @@ func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (replyBuf, return ret, err } + policyContext, err := h.opts.global.getPolicyContext() + if err != nil { + return ret, err + } unparsedTopLevel := image.UnparsedInstance(imgsrc, nil) - policy, err := signature.DefaultPolicy(h.sysctx) - if err != nil { - return ret, err - } - policyContext, err := signature.NewPolicyContext(policy) - if err != nil { - return ret, err - } allowed, err := policyContext.IsRunningImageAllowed(context.Background(), unparsedTopLevel) if !allowed || err != nil { return ret, err From c40f1485b0b5cb0b0238b4bd665b6918f4929b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 18 Jul 2023 20:24:57 +0200 Subject: [PATCH 2/3] Close the PolicyContext, as required by the API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- cmd/skopeo/proxy.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cmd/skopeo/proxy.go b/cmd/skopeo/proxy.go index 6c2b1235..a8948c05 100644 --- a/cmd/skopeo/proxy.go +++ b/cmd/skopeo/proxy.go @@ -238,7 +238,7 @@ func isNotFoundImageError(err error) bool { errors.Is(err, ocilayout.ImageNotFoundError{}) } -func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (replyBuf, error) { +func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (retReplyBuf replyBuf, retErr error) { h.lock.Lock() defer h.lock.Unlock() var ret replyBuf @@ -271,6 +271,12 @@ func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (replyBuf, if err != nil { return ret, err } + defer func() { + if err := policyContext.Destroy(); err != nil { + retErr = noteCloseFailure(retErr, "tearing down policy context", err) + } + }() + unparsedTopLevel := image.UnparsedInstance(imgsrc, nil) allowed, err := policyContext.IsRunningImageAllowed(context.Background(), unparsedTopLevel) if !allowed || err != nil { From f236b5efdc09a57c23a8eb329352daee47dcded6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 18 Jul 2023 20:27:27 +0200 Subject: [PATCH 3/3] Fix handling the unexpected return value combination from IsRunningImageAllowed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- cmd/skopeo/proxy.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/skopeo/proxy.go b/cmd/skopeo/proxy.go index a8948c05..aab85365 100644 --- a/cmd/skopeo/proxy.go +++ b/cmd/skopeo/proxy.go @@ -279,11 +279,11 @@ func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (retReplyBu unparsedTopLevel := image.UnparsedInstance(imgsrc, nil) allowed, err := policyContext.IsRunningImageAllowed(context.Background(), unparsedTopLevel) - if !allowed || err != nil { + if err != nil { return ret, err } - if !allowed && err == nil { - return ret, fmt.Errorf("policy verification failed unexpectedly") + if !allowed { + return ret, fmt.Errorf("internal inconsistency: policy verification failed without returning an error") } // Note that we never return zero as an imageid; this code doesn't yet