From e2ccf67aaf17d33fb2b6d2aeb1736b6932c1dc51 Mon Sep 17 00:00:00 2001
From: Jean-Francois Roy <jf@devklog.net>
Date: Tue, 10 Sep 2024 10:14:12 -0700
Subject: [PATCH] fix: skip status response verification for containerd v2

Signed-off-by: Jean-Francois Roy <jf@devklog.net>
---
 CHANGELOG.md          |  2 ++
 pkg/oci/containerd.go | 25 +++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c8390111..5ce42473 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+- [#581](https://github.com/spegel-org/spegel/pull/581) Skip status response verification for containerd v2
+
 ### Security
 
 ## v0.0.24
diff --git a/pkg/oci/containerd.go b/pkg/oci/containerd.go
index fb32a95a..76885fed 100644
--- a/pkg/oci/containerd.go
+++ b/pkg/oci/containerd.go
@@ -12,6 +12,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	semver "github.com/Masterminds/semver/v3"
 	"github.com/containerd/containerd"
 	eventtypes "github.com/containerd/containerd/api/events"
 	"github.com/containerd/containerd/content"
@@ -79,6 +80,7 @@ func (c *Containerd) Name() string {
 }
 
 func (c *Containerd) Verify(ctx context.Context) error {
+	log := logr.FromContextOrDiscard(ctx)
 	client, err := c.Client()
 	if err != nil {
 		return err
@@ -90,11 +92,30 @@ func (c *Containerd) Verify(ctx context.Context) error {
 	if !ok {
 		return errors.New("could not reach Containerd service")
 	}
-	resp, err := runtimeapi.NewRuntimeServiceClient(client.Conn()).Status(ctx, &runtimeapi.StatusRequest{Verbose: true})
+	srv := runtimeapi.NewRuntimeServiceClient(client.Conn())
+
+	versionResp, err := srv.Version(ctx, &runtimeapi.VersionRequest{})
+	if err != nil {
+		return err
+	}
+	version, err := semver.NewVersion(versionResp.GetRuntimeVersion())
+	if err != nil {
+		return err
+	}
+	constraint, err := semver.NewConstraint(">1-0")
+	if err != nil {
+		return err
+	}
+	if constraint.Check(version) {
+		log.Info("unable to verify status response", "runtime_version", version.String())
+		return nil
+	}
+
+	statusResp, err := srv.Status(ctx, &runtimeapi.StatusRequest{Verbose: true})
 	if err != nil {
 		return err
 	}
-	err = verifyStatusResponse(resp, c.registryConfigPath)
+	err = verifyStatusResponse(statusResp, c.registryConfigPath)
 	if err != nil {
 		return err
 	}