Error in updating to TUF remote mirror

Question

Error in updating to TUF remote mirror

Closed this issue 2 months ago · 6 comments

What happened:
when deploying falco with falcoctl, its init container fails to install artifacts

$ klf falco-zbm59 -c falcoctl-artifact-install
INFO: Installing the following artifacts: [ghcr.io/falcosecurity/rules/falco-rules:2]
INFO: Preparing to pull "ghcr.io/falcosecurity/rules/falco-rules:2"
INFO: Pulling 5edca1a8eea6
INFO: Pulling 48b6c5ae7a61
INFO: Pulling 8ac74658d3a4
INFO: Verifying signature for ghcr.io/falcosecurity/rules/falco-rules@sha256:8ac74658d3a4b3d4db6228db23b5706c1cf5e25f33c8eb33881e28f660a43828
ERRO: error while verifying signature for ghcr.io/falcosecurity/rules/falco-rules@sha256:8ac74658d3a4b3d4db6228db23b5706c1cf5e25f33c8eb33881e28f660a43828: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: tuf: failed to download 8.root.json: GET "https://tuf-repo-cdn.sigstore.dev/8.root.json": unexpected HTTP status 403
remote status:{
	"mirror": "https://tuf-repo-cdn.sigstore.dev",
	"metadata": {}
}

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

helm install falco -f values.yaml .

Anything else we need to know?:
I've build the falcoctl binary from source and then execute it outside the container, the artifacts downloaded successfully.

Answer 1 · 2024-02-06T14:26:48.000Z

Hi @Miladbr, is this issue still relevant?

Answer 2 · 2024-02-26T14:35:14.000Z

@alacuku it is relevant, having the exact issue with default values.yaml.

Answer 3 · 2024-05-26T15:53:13.000Z

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

Answer 4 · 2024-06-25T15:54:06.000Z

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

Answer 5 · 2024-07-25T16:09:04.000Z

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

Answer 6 · 2024-07-25T16:09:08.000Z

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.