"Unable to pull artifact" . Reason: could not verify signature... no matching signatures

[q2dg]

What happened:
I've started falco-modern-bpf.service, so falcoctl-artifact-follow.service is started too. But I get this error:

What you expected to happen:
I'd expect to download new ruleset

How to reproduce it (as minimally and precisely as possible):
I'm running falcoctl v0.7.2 shipped with falco v.0.37.1 and installed through Falco's Ubuntu apt repository on a Ubuntu 22.04.4

Thanks!

Edit: I had to create "/usr/share/falcoctl" folder manually (sudo mkdir /usr/share/falcoctl) in order to be able to start "falcoctl-artifact-follow" service

[alacuku]

Hi @q2dg, falco-rules:0 does not have a signature that's the reason why it's failing. I would suggest you use the latest rules version. Or add the following flag to falcoctl --no-verify.

[q2dg]

Thanks. I've added the --no-verify argument to ExecStart= line in "falcoctl-artifact.follow.service" file and it works.
But it's a hack.

I've installed Falco by adding its repo (in a Ubuntu system and in a Fedora system too) and then using apt/dnf install command. Nothing strange nor out of regular instructions. So I expected the automatic ruleset update should just work without needing to tweak anything..So I suspect something is wrong, so I maintain open this issue, if you don't mind.

[alacuku]

I opened a PR that bumps the version of the rulesfiles followed by falcoctl: https://github.com/falcosecurity/falco/pull/3128/files.

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale