When a registry returns a blob or manifest, verify its contents by default

[smarterclayton]

This guarantees integrity in scenarios where the registry is untrusted.

While not strictly necessary in all cases, it's better to verify rather than
allow someone to assume the server is trusted. Add a flag to Context to
allow disabling this behavior.

Tested before and after performance and didn't notice anything specific.

[soltysh]

lgtm

[dmage]

/retest

[dmage]

lgtm

[adambkaplan]

nits on godoc.

Per slack @dmage also thinks we should remove https://github.com/openshift/origin/blame/e004e6513ec755a7a106dc97516703847e470d0b/pkg/image/importer/image.go#L61-L62

[adambkaplan]

/s/identifievwd/identified/

/s/guaranteezvs/guarantees/

[smarterclayton]

oc image info registry.svc.ci.openshift.org/ocp/4.1-art-latest:cli
error: unable to read image registry.svc.ci.openshift.org/ocp/4.1-art-latest:cli: content integrity error: the manifest retrieved with digest sha256:65a5f1e0e9df1d29b778e325f73c7ca38d197c05455556ab39050fb9ce819ccf does not match the digest calculated from the content sha256:010af02040618c98474d73512091d673fc57ccca4eaabafdca10011726cc2677

I need to look into this

[smarterclayton]

Ok, so the registry on pullthrough of a schema1 tag is continually recreating the manifest. Hit this testing against quay. That happens because we generate a unique key each time on each different registry.

[smarterclayton]

I'm not sure there's any value in us not having a stable key. since schema1 signatures are going away, if we have to generate them it'd be better to do it with a hardcoded key checked into our code. it's not like we can trust the key, nor does it have any verifying power.

[smarterclayton]

So we have a couple of options

1. we can provide a consistent and static private key in the registry and in image tools for pull through (so it's locally stable when we convert)
2. we can not verify schema1 at all (which kind of sucks)
3. we add flags to a lot of cli tools to skip verify (which we can do)

[smarterclayton]

I'm concerned that we can't strictly parse manifests from schema1 without regressing customers. So we can't verify it on import from v1, only warn, and we don't have a channel for that.

[smarterclayton]

Re static key openshift/image-registry#174 is at least what it would look like. No one can use the keys we generate today and they are dead and deprecated. Anyone trusting our signature is no worse off today (since we don't publish those keys).

[smarterclayton]

Ok, I had a mistake in the verification process for schema1 manifests (I need to generate digest from the canonical manifest).

On top of the verification changes in the manifest, do the following:

1. unify all the flags to image commands so that we can have a global "DisableContentVerification" flag that they all use
2. have the image and release commands perform extra verification that the content hash matches the manifest so we can display accurate errors, and if anything goes wrong print an error
3. fix a bug reported by sttts while I'm in there about only using the home dir to look up auth config

[smarterclayton]

Removed the static private key changes, they aren't necessary

[smarterclayton]

once this merges we'll need to copy the registry client changes to image-registry.

[dmage]

Why do we need Verifier? Can we just return the error?

if dgst != contentDigest {
    err := fmt.Errorf("the base image failed content verification and may have been tampered with")
    if !o.SecurityOptions.SkipVerification {
        return err
    }
    fmt.Fprintf(o.ErrOut, "warning: %v\n", err) // klog?
}

[smarterclayton]

For many of these they can run in parallel, I'd rather use common code. I think over time I might move the logic and message into verifier but it's not clear today it cleans up the code enough. I don't want to have different checks everywhere.

We don't use klog for human facing messages in cli commands (since it prints output not geared for humans)

[adambkaplan]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, dmage, smarterclayton, soltysh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• contrib/completions/OWNERS [smarterclayton,soltysh]
• pkg/image/OWNERS [adambkaplan,smarterclayton,soltysh]
• pkg/oc/OWNERS [smarterclayton,soltysh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

New changes are detected. LGTM label has been removed.

[smarterclayton]

rebased