search

falcosecurity / rules

Falco rule repository
https://falcosecurity.github.io/rules/
Apache License 2.0
93 stars 68 forks source link

Incorrect repository in signature information for index file #172

Closed LucaGuerra closed 1 year ago

LucaGuerra commented 1 year ago

Describe the bug

In the generated index,

https://github.com/falcosecurity/falcoctl/blob/gh-pages/index.yaml#L123

The repository should read rules instead of plugins!

This only affects falcoctl 0.6.x

How to reproduce it

falcoctl artifact install --rulesfiles-dir=/tmp falco-rules:1

error:

 INFO  Resolving dependencies ...
 INFO  Installing the following artifacts: [ghcr.io/falcosecurity/rules/falco-rules:1]
 INFO  Preparing to pull "ghcr.io/falcosecurity/rules/falco-rules:1"
 INFO  Pulling f6bc614bb812: ############################################# 100% 
 INFO  Pulling 0780f3585aae: ############################################# 100% 
 INFO  Pulling 1b155a3d8df8: ############################################# 100% 
 INFO  Verifying signature for ghcr.io/falcosecurity/rules/falco-rules@sha256:1b155a3d8df89493f38c7b13ef8d411c9b87b562ef99dd2731f45aa000e0f60d
 ERRO  error while verifying signature for ghcr.io/falcosecurity/rules/falco-rules@sha256:1b155a3d8df89493f38c7b13ef8d411c9b87b562ef99dd2731f45aa000e0f60d: no matching signatures: none of the expected identities matched what was in the certificate, got subjects [https://github.com/falcosecurity/rules/.github/workflows/release.yaml@refs/tags/falco-rules-1.0.2] with issuer https://token.actions.githubusercontent.com

Expected behaviour

Signature should successfully verify

AlexandreGCastor commented 1 year ago

Hi,

I have installed Falco using the helm chart.

This is quite blocking as with falcoctl side car for install and follow, the Falco daemonset cannot restart without this issue fixed. I have restarted it in order to add some memory so I crash all. Even with the clusterautoscaler some would have been deleted and other created with same problem.

Thanks for your resolution.

Alexandre Gué, Lead DevOps, Castordoc

LucaGuerra commented 1 year ago

The metadata has been corrected and the file has been redeployed. Now it validates properly for me.

LucaGuerra commented 1 year ago

This issue has been fixed, so I'm closing. @AlexandreGCastor I really hope that was it. if you keep experiencing issues please open another one with the description of what you are seeing. Thanks for using Falco!