mirror of
https://github.com/mudler/LocalAI.git
synced 2026-07-05 05:47:50 -04:00
* feat(gallery): verify backend OCI images with keyless cosign Close a trust gap where a registry compromise or MITM could silently replace a backend image: the gallery YAML tells LocalAI which image to pull, but until now nothing verified the bytes came from our CI. Consumer (pkg/oci/cosignverify): - New package using sigstore-go to verify keyless-cosign signatures. - OCI 1.1 referrers API + new bundle format (no legacy :tag.sig). - Policy fields: Issuer / IssuerRegex / Identity / IdentityRegex / NotBefore. NotBefore is the revocation lever — keyless Fulcio certs are ephemeral so revocation is policy-side; advancing not_before in the gallery YAML invalidates every signature predating the cutoff. - TUF trusted root cached process-wide so N backends from one gallery do 1 fetch, not N. Plumbing: - pkg/downloader: ImageVerifier interface + WithImageVerifier option threaded through DownloadFileWithContext. Verification runs between oci.GetImage and oci.ExtractOCIImage, with digest pinning via pinnedImageRef to close the TOCTOU window. Skips the verifier's HEAD when the ref is already digest-pinned. - core/config: Gallery.Verification YAML block. - core/gallery: backendDownloadOptions builds the verifier from the policy; applied on initial URI, mirrors, and tag fallbacks. - core/gallery/upgrade: the upgrade path now routes through the same options builder. A regression Ginkgo spec pins this contract — without it, UpgradeBackend silently bypassed verification. - core/cli: --require-backend-integrity (LOCALAI_REQUIRE_BACKEND_INTEGRITY) escalates missing policy / empty SHA256 from warn to hard-fail. Producer (.github/workflows/backend_merge.yml): - id-token: write at job scope (PR-fork-safe via existing event gate). - sigstore/cosign-installer@v3 pinned to v2.4.1. - After each docker buildx imagetools create, resolve the manifest list digest and run cosign sign --recursive --new-bundle-format --registry-referrers-mode=oci-1-1 against repo@digest. --recursive signs the index and every per-arch entry, matching how the consumer resolves a tag to a platform-specific manifest before verifying. Rollout: backend/index.yaml has no `verification:` block yet, so this PR is backward-compatible — installs proceed with a warning until the gallery is populated. Strict mode is opt-in. Assisted-by: claude-code:claude-opus-4-7 [Bash] [Edit] [Read] [Write] [WebSearch] [WebFetch] Signed-off-by: Richard Palethorpe <io@richiejp.com> * refactor(gallery): plumb RequireBackendIntegrity through config instead of env The previous implementation re-exported the --require-backend-integrity CLI flag into LOCALAI_REQUIRE_BACKEND_INTEGRITY via os.Setenv, then re-read it in core/gallery via os.Getenv. This leaked process state into the gallery package and made the flag impossible to override per-call or test without touching the env. Add RequireBackendIntegrity to ApplicationConfig (with a matching WithRequireBackendIntegrity AppOption) and thread the bool through every install/upgrade path: InstallBackend, InstallBackendFromGallery, UpgradeBackend, InstallModelFromGallery, InstallExternalBackend, ApplyGalleryFromString/File, startup.InstallModels. Worker subcommands gain the same env-bound flag on WorkerFlags so distributed-worker installs honor it consistently with the worker daemon path. Add a forbidigo lint rule against os.Getenv / os.LookupEnv / os.Environ to keep the env-leak pattern from creeping back. Existing offenders (p2p, config loaders, etc.) are baseline-grandfathered by the existing new-from-merge-base: origin/master setting; targeted path exclusions cover the legitimate cases — kong CLI entry points, backend subprocesses, system capability probes, gRPC AUTH_TOKEN inheritance, test gating env vars. Assisted-by: claude-code:claude-opus-4-7 Signed-off-by: Richard Palethorpe <io@richiejp.com> --------- Signed-off-by: Richard Palethorpe <io@richiejp.com>
200 lines
5.2 KiB
Go
200 lines
5.2 KiB
Go
package galleryop_test
|
|
|
|
import (
|
|
"context"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/mudler/LocalAI/core/config"
|
|
"github.com/mudler/LocalAI/core/services/galleryop"
|
|
"github.com/mudler/LocalAI/pkg/model"
|
|
"github.com/mudler/LocalAI/pkg/system"
|
|
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
"gopkg.in/yaml.v3"
|
|
)
|
|
|
|
var _ = Describe("InstallExternalBackend", func() {
|
|
var (
|
|
tempDir string
|
|
galleries []config.Gallery
|
|
ml *model.ModelLoader
|
|
systemState *system.SystemState
|
|
)
|
|
|
|
BeforeEach(func() {
|
|
var err error
|
|
tempDir, err = os.MkdirTemp("", "backends-service-test-*")
|
|
Expect(err).NotTo(HaveOccurred())
|
|
|
|
systemState, err = system.GetSystemState(system.WithBackendPath(tempDir))
|
|
Expect(err).NotTo(HaveOccurred())
|
|
ml = model.NewModelLoader(systemState)
|
|
|
|
// Setup test gallery
|
|
galleries = []config.Gallery{
|
|
{
|
|
Name: "test-gallery",
|
|
URL: "file://" + filepath.Join(tempDir, "test-gallery.yaml"),
|
|
},
|
|
}
|
|
})
|
|
|
|
AfterEach(func() {
|
|
os.RemoveAll(tempDir)
|
|
})
|
|
|
|
Context("with gallery backend name", func() {
|
|
BeforeEach(func() {
|
|
// Create a test gallery file with a test backend
|
|
testBackend := []map[string]any{
|
|
{
|
|
"name": "test-backend",
|
|
"uri": "https://gist.githubusercontent.com/mudler/71d5376bc2aa168873fa519fa9f4bd56/raw/testbackend/run.sh",
|
|
},
|
|
}
|
|
data, err := yaml.Marshal(testBackend)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
err = os.WriteFile(filepath.Join(tempDir, "test-gallery.yaml"), data, 0644)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
})
|
|
|
|
It("should fail when name or alias is provided for gallery backend", func() {
|
|
err := galleryop.InstallExternalBackend(
|
|
context.Background(),
|
|
galleries,
|
|
systemState,
|
|
ml,
|
|
nil,
|
|
"test-backend", // gallery name
|
|
"custom-name", // name should not be allowed
|
|
"",
|
|
false,
|
|
)
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("specifying a name or alias is not supported for gallery backends"))
|
|
})
|
|
|
|
It("should fail when backend is not found in gallery", func() {
|
|
err := galleryop.InstallExternalBackend(
|
|
context.Background(),
|
|
galleries,
|
|
systemState,
|
|
ml,
|
|
nil,
|
|
"non-existent-backend",
|
|
"",
|
|
"",
|
|
false,
|
|
)
|
|
Expect(err).To(HaveOccurred())
|
|
})
|
|
})
|
|
|
|
Context("with OCI image", func() {
|
|
It("should fail when name is not provided for OCI image", func() {
|
|
err := galleryop.InstallExternalBackend(
|
|
context.Background(),
|
|
galleries,
|
|
systemState,
|
|
ml,
|
|
nil,
|
|
"oci://quay.io/mudler/tests:localai-backend-test",
|
|
"", // name is required for OCI images
|
|
"",
|
|
false,
|
|
)
|
|
Expect(err).To(HaveOccurred())
|
|
Expect(err.Error()).To(ContainSubstring("specifying a name is required for OCI images"))
|
|
})
|
|
})
|
|
|
|
Context("with directory path", func() {
|
|
var testBackendPath string
|
|
|
|
BeforeEach(func() {
|
|
// Create a test backend directory with required files
|
|
testBackendPath = filepath.Join(tempDir, "source-backend")
|
|
err := os.MkdirAll(testBackendPath, 0750)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
|
|
// Create run.sh
|
|
err = os.WriteFile(filepath.Join(testBackendPath, "run.sh"), []byte("#!/bin/bash\necho test"), 0755)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
})
|
|
|
|
It("should infer name from directory path when name is not provided", func() {
|
|
// This test verifies that the function attempts to install using the directory name
|
|
// The actual installation may fail due to test environment limitations
|
|
err := galleryop.InstallExternalBackend(
|
|
context.Background(),
|
|
galleries,
|
|
systemState,
|
|
ml,
|
|
nil,
|
|
testBackendPath,
|
|
"", // name should be inferred as "source-backend"
|
|
"",
|
|
false,
|
|
)
|
|
// The function should at least attempt to install with the inferred name
|
|
// Even if it fails for other reasons, it shouldn't fail due to missing name
|
|
if err != nil {
|
|
Expect(err.Error()).NotTo(ContainSubstring("name is required"))
|
|
}
|
|
})
|
|
|
|
It("should use provided name when specified", func() {
|
|
err := galleryop.InstallExternalBackend(
|
|
context.Background(),
|
|
galleries,
|
|
systemState,
|
|
ml,
|
|
nil,
|
|
testBackendPath,
|
|
"custom-backend-name",
|
|
"",
|
|
false,
|
|
)
|
|
// The function should use the provided name
|
|
if err != nil {
|
|
Expect(err.Error()).NotTo(ContainSubstring("name is required"))
|
|
}
|
|
})
|
|
|
|
It("should support alias when provided", func() {
|
|
err := galleryop.InstallExternalBackend(
|
|
context.Background(),
|
|
galleries,
|
|
systemState,
|
|
ml,
|
|
nil,
|
|
testBackendPath,
|
|
"custom-backend-name",
|
|
"custom-alias",
|
|
false,
|
|
)
|
|
// The function should accept alias for directory paths
|
|
if err != nil {
|
|
Expect(err.Error()).NotTo(ContainSubstring("alias is not supported"))
|
|
}
|
|
})
|
|
})
|
|
})
|
|
|
|
var _ = Describe("ManagementOp with External Backend", func() {
|
|
It("should have external backend fields in ManagementOp", func() {
|
|
// Test that the ManagementOp struct has the new external backend fields
|
|
op := galleryop.ManagementOp[string, string]{
|
|
ExternalURI: "oci://example.com/backend:latest",
|
|
ExternalName: "test-backend",
|
|
ExternalAlias: "test-alias",
|
|
}
|
|
|
|
Expect(op.ExternalURI).To(Equal("oci://example.com/backend:latest"))
|
|
Expect(op.ExternalName).To(Equal("test-backend"))
|
|
Expect(op.ExternalAlias).To(Equal("test-alias"))
|
|
})
|
|
})
|