Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid potential connectivity related layer corruption in userspace convertor #289

Merged

Conversation

estebanreyl
Copy link
Member

@estebanreyl estebanreyl commented Jun 14, 2024

Avoid potential connectivity related layer corruption in userspace convertor

Add additional checks to prevent deduplicated layer commit files from having partial downloads leading to corrupted images.
Signed-off-by: Esteban [email protected]

What this PR does / why we need it:
This PR aims to remove an issue with the user space convertor accepting partial deduplicated commit files in the event that the puller suffers from connectivity issues. I encountered this situation specifically with a custom resolver, fetcher, etc but it should repro with the docker ones, either way this hardens that path and prevents any such issues from happening. The main goal is to verify the deduplicated commit layer before upload. Note that such failures would not necessarily lead to a corrupted image in the past, this would only happen if the layer in question is not required in a later commit step, if it is this would lead to an issue being thrown in a subsequent overlaybd-apply. This PR adds recoverability from that situation or allows for explicit failure avoiding corruption in case of running into the issue. The PR also adds general digest verification checks for the layer downloads.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Please check the following list:

  • Does the affected code have corresponding tests, e.g. unit test, E2E test?
  • Does this change require a documentation update?
  • Does this introduce breaking changes that would require an announcement or bumping the major version?
  • Do all new files have an appropriate license header?

@yuchen0cc yuchen0cc added the ok-to-test Pull request is ok to run ci test label Jun 14, 2024
@WaberZhuang
Copy link
Contributor

WaberZhuang commented Jun 14, 2024

Thanks for the pr, it's true that we need to do this because the fetcher is not responsible for validation.

I suggest to validate the layer (deduplicated or not) after the download, or is there something wrong with this way?

@estebanreyl
Copy link
Member Author

Thanks for the pr, it's true that we need to do this because the fetcher is not responsible for validation.

I suggest to validate the layer (deduplicated or not) after the download, or is there something wrong with this way?

This is a great suggestion; at the moment I only validate the dedup layer on the upload since failures on the other scenario led to a complete failure but as you mention the fetcher is not technically responsible for verification so its probably best to guard for the regular layer case too. I'll add a digest validation check on downloadLayer which will account for that additional check.

@estebanreyl estebanreyl force-pushed the esrey/incomplete-deduplication-bugfix branch from a42c320 to a2d15a0 Compare June 17, 2024 21:10
…nvertor

Add additional checks to prevent deduplicated layer commit files from having partial
downloads leading to corrupted images.
Signed-off-by: Esteban <[email protected]>
@estebanreyl estebanreyl force-pushed the esrey/incomplete-deduplication-bugfix branch from a2d15a0 to 8dcd7a0 Compare June 17, 2024 21:12
Copy link
Contributor

@WaberZhuang WaberZhuang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yuchen0cc yuchen0cc merged commit a4b1b4a into containerd:main Jun 27, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ok-to-test Pull request is ok to run ci test
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants