Add image verifier transfer service plugin system based on a binary directory

Signed-off-by: Ethan Lowman <ethan.lowman@datadoghq.com>

pkg/transfer/local/transfer.go

@@ -29,15 +29,17 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/leases"
+	"github.com/containerd/containerd/pkg/imageverifier"
 	"github.com/containerd/containerd/pkg/kmutex"
 	"github.com/containerd/containerd/pkg/transfer"
 	"github.com/containerd/containerd/pkg/unpack"
 )
 
 type localTransferService struct {
-	leases  leases.Manager
-	content content.Store
-	images  images.Store
+	leases    leases.Manager
+	content   content.Store
+	images    images.Store
+	verifiers map[string]imageverifier.ImageVerifier
 	// limiter for upload
 	limiterU *semaphore.Weighted
 	// limiter for download operation
@@ -45,12 +47,13 @@ type localTransferService struct {
 	config   TransferConfig
 }
 
-func NewTransferService(lm leases.Manager, cs content.Store, is images.Store, tc *TransferConfig) transfer.Transferrer {
+func NewTransferService(lm leases.Manager, cs content.Store, is images.Store, vfs map[string]imageverifier.ImageVerifier, tc *TransferConfig) transfer.Transferrer {
 	ts := &localTransferService{
-		leases:  lm,
-		content: cs,
-		images:  is,
-		config:  *tc,
+		leases:    lm,
+		content:   cs,
+		images:    is,
+		verifiers: vfs,
+		config:    *tc,
 	}
 	if tc.MaxConcurrentUploadedLayers > 0 {
 		ts.limiterU = semaphore.NewWeighted(int64(tc.MaxConcurrentUploadedLayers))
@@ -88,6 +91,7 @@ func (ts *localTransferService) Transfer(ctx context.Context, src interface{}, d
 		case transfer.ImageExportStreamer:
 			return ts.echo(ctx, s, d, topts)
 		case transfer.ImageStorer:
+			// TODO: verify imports with ImageVerifiers?
 			return ts.importStream(ctx, s, d, topts)
 		}
 	}