// IsRunningImageAllowed returns true iff the policy allows running the image. // If it returns false, err must be non-nil, and should be an PolicyRequirementError if evaluation // succeeded but the result was rejection. // WARNING: This validates signatures and the manifest, but does not download or validate the // layers. Users must validate that the layers match their expected digests. func (pc *PolicyContext) IsRunningImageAllowed(image types.UnparsedImage) (res bool, finalErr error) { if err := pc.changeState(pcReady, pcInUse); err != nil { return false, err } defer func() { if err := pc.changeState(pcInUse, pcReady); err != nil { res = false finalErr = err } }() logrus.Debugf("IsRunningImageAllowed for image %s", policyIdentityLogName(image.Reference())) reqs := pc.requirementsForImageRef(image.Reference()) if len(reqs) == 0 { return false, PolicyRequirementError("List of verification policy requirements must not be empty") } for reqNumber, req := range reqs { // FIXME: supply state allowed, err := req.isRunningImageAllowed(image) if !allowed { logrus.Debugf("Requirement %d: denied, done", reqNumber) return false, err } logrus.Debugf(" Requirement %d: allowed", reqNumber) } // We have tested that len(reqs) != 0, so at least one req must have explicitly allowed this image. logrus.Debugf("Overall: allowed") return true, nil }
func (pr *prSignedBy) isRunningImageAllowed(image types.UnparsedImage) (bool, error) { sigs, err := image.Signatures() if err != nil { return false, err } var rejections []error for _, s := range sigs { var reason error switch res, _, err := pr.isSignatureAuthorAccepted(image, s); res { case sarAccepted: // One accepted signature is enough. return true, nil case sarRejected: reason = err case sarUnknown: // Huh?! This should not happen at all; treat it as any other invalid value. fallthrough default: reason = errors.Errorf(`Internal error: Unexpected signature verification result "%s"`, string(res)) } rejections = append(rejections, reason) } var summary error switch len(rejections) { case 0: summary = PolicyRequirementError("A signature was required, but no signature exists") case 1: summary = rejections[0] default: var msgs []string for _, e := range rejections { msgs = append(msgs, e.Error()) } summary = PolicyRequirementError(fmt.Sprintf("None of the signatures were accepted, reasons: %s", strings.Join(msgs, "; "))) } return false, summary }
// GetSignaturesWithAcceptedAuthor returns those signatures from an image // for which the policy accepts the author (and which have been successfully // verified). // NOTE: This may legitimately return an empty list and no error, if the image // has no signatures or only invalid signatures. // WARNING: This makes the signature contents acceptable for futher processing, // but it does not necessarily mean that the contents of the signature are // consistent with local policy. // For example: // - Do not use a an existence of an accepted signature to determine whether to run // a container based on this image; use IsRunningImageAllowed instead. // - Just because a signature is accepted does not automatically mean the contents of the // signature are authorized to run code as root, or to affect system or cluster configuration. func (pc *PolicyContext) GetSignaturesWithAcceptedAuthor(image types.UnparsedImage) (sigs []*Signature, finalErr error) { if err := pc.changeState(pcReady, pcInUse); err != nil { return nil, err } defer func() { if err := pc.changeState(pcInUse, pcReady); err != nil { sigs = nil finalErr = err } }() logrus.Debugf("GetSignaturesWithAcceptedAuthor for image %s", policyIdentityLogName(image.Reference())) reqs := pc.requirementsForImageRef(image.Reference()) // FIXME: rename Signatures to UnverifiedSignatures unverifiedSignatures, err := image.Signatures() if err != nil { return nil, err } res := make([]*Signature, 0, len(unverifiedSignatures)) for sigNumber, sig := range unverifiedSignatures { var acceptedSig *Signature // non-nil if accepted rejected := false // FIXME? Say more about the contents of the signature, i.e. parse it even before verification?! logrus.Debugf("Evaluating signature %d:", sigNumber) interpretingReqs: for reqNumber, req := range reqs { // FIXME: Log the requirement itself? For now, we use just the number. // FIXME: supply state switch res, as, err := req.isSignatureAuthorAccepted(image, sig); res { case sarAccepted: if as == nil { // Coverage: this should never happen logrus.Debugf(" Requirement %d: internal inconsistency: sarAccepted but no parsed contents", reqNumber) rejected = true break interpretingReqs } logrus.Debugf(" Requirement %d: signature accepted", reqNumber) if acceptedSig == nil { acceptedSig = as } else if *as != *acceptedSig { // Coverage: this should never happen // Huh?! Two ways of verifying the same signature blob resulted in two different parses of its already accepted contents? logrus.Debugf(" Requirement %d: internal inconsistency: sarAccepted but different parsed contents", reqNumber) rejected = true acceptedSig = nil break interpretingReqs } case sarRejected: logrus.Debugf(" Requirement %d: signature rejected: %s", reqNumber, err.Error()) rejected = true break interpretingReqs case sarUnknown: if err != nil { // Coverage: this should never happen logrus.Debugf(" Requirement %d: internal inconsistency: sarUnknown but an error message %s", reqNumber, err.Error()) rejected = true break interpretingReqs } logrus.Debugf(" Requirement %d: signature state unknown, continuing", reqNumber) default: // Coverage: this should never happen logrus.Debugf(" Requirement %d: internal inconsistency: unknown result %#v", reqNumber, string(res)) rejected = true break interpretingReqs } } // This also handles the (invalid) case of empty reqs, by rejecting the signature. if acceptedSig != nil && !rejected { logrus.Debugf(" Overall: OK, signature accepted") res = append(res, acceptedSig) } else { logrus.Debugf(" Overall: Signature not accepted") } } return res, nil }
func (pr *prReject) isRunningImageAllowed(image types.UnparsedImage) (bool, error) { return false, PolicyRequirementError(fmt.Sprintf("Running image %s is rejected by policy.", transports.ImageName(image.Reference()))) }
func (pr *prReject) isSignatureAuthorAccepted(image types.UnparsedImage, sig []byte) (signatureAcceptanceResult, *Signature, error) { return sarRejected, nil, PolicyRequirementError(fmt.Sprintf("Any signatures for image %s are rejected by policy.", transports.ImageName(image.Reference()))) }
func (pr *prSignedBy) isSignatureAuthorAccepted(image types.UnparsedImage, sig []byte) (signatureAcceptanceResult, *Signature, error) { switch pr.KeyType { case SBKeyTypeGPGKeys: case SBKeyTypeSignedByGPGKeys, SBKeyTypeX509Certificates, SBKeyTypeSignedByX509CAs: // FIXME? Reject this at policy parsing time already? return sarRejected, nil, errors.Errorf(`"Unimplemented "keyType" value "%s"`, string(pr.KeyType)) default: // This should never happen, newPRSignedBy ensures KeyType.IsValid() return sarRejected, nil, errors.Errorf(`"Unknown "keyType" value "%s"`, string(pr.KeyType)) } if pr.KeyPath != "" && pr.KeyData != nil { return sarRejected, nil, errors.New(`Internal inconsistency: both "keyPath" and "keyData" specified`) } // FIXME: move this to per-context initialization var data []byte if pr.KeyData != nil { data = pr.KeyData } else { d, err := ioutil.ReadFile(pr.KeyPath) if err != nil { return sarRejected, nil, err } data = d } // FIXME: move this to per-context initialization dir, err := ioutil.TempDir("", "skopeo-signedBy-") if err != nil { return sarRejected, nil, err } defer os.RemoveAll(dir) mech, err := newGPGSigningMechanismInDirectory(dir) if err != nil { return sarRejected, nil, err } trustedIdentities, err := mech.ImportKeysFromBytes(data) if err != nil { return sarRejected, nil, err } if len(trustedIdentities) == 0 { return sarRejected, nil, PolicyRequirementError("No public keys imported") } signature, err := verifyAndExtractSignature(mech, sig, signatureAcceptanceRules{ validateKeyIdentity: func(keyIdentity string) error { for _, trustedIdentity := range trustedIdentities { if keyIdentity == trustedIdentity { return nil } } // Coverage: We use a private GPG home directory and only import trusted keys, so this should // not be reachable. return PolicyRequirementError(fmt.Sprintf("Signature by key %s is not accepted", keyIdentity)) }, validateSignedDockerReference: func(ref string) error { if !pr.SignedIdentity.matchesDockerReference(image, ref) { return PolicyRequirementError(fmt.Sprintf("Signature for identity %s is not accepted", ref)) } return nil }, validateSignedDockerManifestDigest: func(digest digest.Digest) error { m, _, err := image.Manifest() if err != nil { return err } digestMatches, err := manifest.MatchesDigest(m, digest) if err != nil { return err } if !digestMatches { return PolicyRequirementError(fmt.Sprintf("Signature for digest %s does not match", digest)) } return nil }, }) if err != nil { return sarRejected, nil, err } return sarAccepted, signature, nil }