Bug 2184354

Summary: Podman fails to build an image with Error:: Source image rejected: None of the signatures were accepted, reasons: Invalid GPG signature:
Product: Red Hat Enterprise Linux 9 Reporter: libhe
Component: podmanAssignee: Aditya R <arajan>
Status: CLOSED DUPLICATE QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.3CC: ajia, arajan, bbaude, dwalsh, jnovy, linl, lsm5, mboddu, mheon, mitr, pthomas, tsweeney, umohnani, xiliang, ymao
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-07 15:21:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2182485    

Description libhe 2023-04-04 11:49:36 UTC 
Description of problem:
Podman fails to build an image with Error: creating build container: copying system image from manifest list: Source image rejected: None of the signatures were accepted, reasons: Invalid GPG signature:

Version-Release number of selected components (if applicable):
5.14.0-293.el9.x86_64
podman-4.4.1-3.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Launch an aws instance with the latest RHEL-9.3 AMI(ami-05f53ae0afea4aa60)
2.Create Dockerfile including RUN
  $ cat Dockerfile
   FROM registry.access.redhat.com/ubi8/ubi
   RUN touch /tmp/test.txt
3.Execute build with '--network container' in rootless mode or root mode
  $ podman build -f Dockerfile --network container -t build_test

   
Actual results:
Failed with the following errors:
STEP 1/2: FROM registry.access.redhat.com/ubi8/ubi
Trying to pull registry.access.redhat.com/ubi8/ubi:latest...
Error: creating build container: copying system image from manifest list: Source image rejected: None of the signatures were accepted, reasons: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.March, 22, 19, 39, 2, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.March, 22, 19, 39, 2, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.March, 22, 19, 39, 3, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.March, 22, 19, 39, 5, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.March, 22, 19, 39, 5, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.March, 22, 19, 39, 5, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}

Expected results:
Build is successful.

Additional info:
1.No such issue in RHEL-9.2
2.No such issue in the last RHEL 9.3 AMI (ami-0a38322e4ba9b0cbb, 5.14.0-289.el9.x86_64)
Comment 1 Tom Sweeney 2023-04-04 22:14:39 UTC 
I'm thinking this is an RHEL-9.3 AMI gpg key issue somewhere.  @arajan can you take a look please?  It would probably be good to try this just on RHEL or Fedora and see if you can duplicate the issue there.  If not, it's likely something with the AMI and we'll have to point this BZ elsewhere.
Comment 2 Alex Jia 2023-04-06 02:47:18 UTC 
I also can meet this issue w/ different operation for newest podman-4.4.1-8.el9 on RHEL 9.3.

[test@kvm-01-guest18 ~]$ podman --cgroup-manager=cgroupfs run -it --rm --net=slirp4netns:cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf
Trying to pull registry.access.redhat.com/ubi8:latest...
Error: copying system image from manifest list: Source image rejected: None of the signatures were accepted, reasons: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 15, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 15, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 16, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 17, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 18, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 18, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}
Comment 5 libhe 2023-04-07 06:37:04 UTC 
From the https://bugzilla.redhat.com/show_bug.cgi?id=2070722#c18, it seems that this is introduced by Bug 2070722. Now, the change has been removed and it works fine from the build after 2023-04-06.
Comment 6 Tom Sweeney 2023-04-07 15:21:25 UTC 
Based on the prior comment, I'm going to close this as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2070722.  If you disagree, please reopen or create a new BZ.

*** This bug has been marked as a duplicate of bug 2070722 ***