Skip to content

Commit

Permalink
fix: skip status response verification for containerd v2
Browse files Browse the repository at this point in the history 
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
  • Loading branch information
@jfroy
jfroy committed Oct 7, 2024
1 parent a589594 commit e2ccf67
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixed

- [#581](https://github.com/spegel-org/spegel/pull/581) Skip status response verification for containerd v2

### Security

## v0.0.24
Expand Down
25 changes: 23 additions & 2 deletions pkg/oci/containerd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"path/filepath"
"strings"

semver "github.com/Masterminds/semver/v3"
"github.com/containerd/containerd"
eventtypes "github.com/containerd/containerd/api/events"
"github.com/containerd/containerd/content"
Expand Down Expand Up @@ -79,6 +80,7 @@ func (c *Containerd) Name() string {
}

func (c *Containerd) Verify(ctx context.Context) error {
log := logr.FromContextOrDiscard(ctx)

Check warning on line 83 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L83 

Added line #L83 was not covered by tests
client, err := c.Client()
if err != nil {
return err
Expand All @@ -90,11 +92,30 @@ func (c *Containerd) Verify(ctx context.Context) error {
if !ok {
return errors.New("could not reach Containerd service")
}
resp, err := runtimeapi.NewRuntimeServiceClient(client.Conn()).Status(ctx, &runtimeapi.StatusRequest{Verbose: true})
srv := runtimeapi.NewRuntimeServiceClient(client.Conn())

Check warning on line 95 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L95 

Added line #L95 was not covered by tests

versionResp, err := srv.Version(ctx, &runtimeapi.VersionRequest{})
if err != nil {
return err

Check warning on line 99 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L97-L99 

Added lines #L97 - L99 were not covered by tests
}
version, err := semver.NewVersion(versionResp.GetRuntimeVersion())
if err != nil {
return err

Check warning on line 103 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L101-L103 

Added lines #L101 - L103 were not covered by tests
}
constraint, err := semver.NewConstraint(">1-0")
if err != nil {
return err

Check warning on line 107 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L105-L107 

Added lines #L105 - L107 were not covered by tests
}
if constraint.Check(version) {
log.Info("unable to verify status response", "runtime_version", version.String())
return nil

Check warning on line 111 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L109-L111 

Added lines #L109 - L111 were not covered by tests
}

statusResp, err := srv.Status(ctx, &runtimeapi.StatusRequest{Verbose: true})

Check warning on line 114 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L114 

Added line #L114 was not covered by tests
if err != nil {
return err
}
err = verifyStatusResponse(resp, c.registryConfigPath)
err = verifyStatusResponse(statusResp, c.registryConfigPath)

Check warning on line 118 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L118 

Added line #L118 was not covered by tests
if err != nil {
return err
}
Expand Down

0 comments on commit e2ccf67

Please sign in to comment.