Fixed with https://github.com/containers/podman/pull/17963 upstream. Setting to Post and assigning to @jnovy for any further BZ or packaging needs.
This bug is blocked by bug 2184354. [test@kvm-01-guest18 ~]$ cat /etc/redhat-release Red Hat Enterprise Linux release 9.3 Beta (Plow) [test@kvm-01-guest18 ~]$ rpm -q podman crun runc systemd kernel podman-4.4.1-8.el9.x86_64 crun-1.8.3-1.el9.x86_64 runc-1.1.4-1.el9_1.x86_64 systemd-252-13.el9_2.x86_64 kernel-5.14.0-295.el9.x86_64 [test@kvm-01-guest18 ~]$ podman unshare cat /proc/self/uid_map 0 1000 1 1 100000 65536 1. crun runtime [test@kvm-01-guest18 ~]$ podman --cgroup-manager=cgroupfs run -it --rm --net=slirp4netns:allow_host_loopback=true,cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --userns keep-id --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf Trying to pull registry.access.redhat.com/ubi8:latest... Error: copying system image from manifest list: Source image rejected: None of the signatures were accepted, reasons: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 15, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 15, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 16, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 17, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 18, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 18, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8} 2. runc runtime [test@kvm-01-guest18 ~]$ podman --cgroup-manager=cgroupfs run -it --runtime=runc --rm --net=slirp4netns:allow_host_loopback=true,cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --userns keep-id --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf Trying to pull registry.access.redhat.com/ubi8:latest... Error: copying system image from manifest list: Source image rejected: None of the signatures were accepted, reasons: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 15, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 15, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 16, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 17, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 18, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}; Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"199E2F91FD431D51", Status:gpgme.Error{err:0x9}, Timestamp:time.Date(2023, time.April, 4, 8, 35, 18, 0, time.Local), ExpTimestamp:time.Date(1969, time.December, 31, 19, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8} [test@kvm-01-guest18 ~]$ podman unshare cat /proc/self/uid_map
This bug has been verified on podman-4.4.1-10.el9 and podman-4.5.0-1.el9. [test@kvm-02-guest23 ~]$ cat /etc/redhat-release Red Hat Enterprise Linux release 9.3 Beta (Plow) 1. podman-4.4.1-10.el9 [test@kvm-02-guest23 ~]$ rpm -q podman crun runc systemd kernel podman-4.4.1-10.el9.x86_64 crun-1.8.3-1.el9.x86_64 runc-1.1.7-1.el9.x86_64 systemd-252-13.el9_2.x86_64 kernel-5.14.0-311.el9.x86_64 [test@kvm-02-guest23 ~]$ podman unshare cat /proc/self/uid_map 0 1000 1 1 100000 65536 [test@kvm-02-guest23 ~]$ podman --cgroup-manager=cgroupfs run -it --rm --net=slirp4netns:allow_host_loopback=true,cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --userns keep-id --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf Trying to pull registry.access.redhat.com/ubi8:latest... Getting image source signatures Checking if image destination supports signatures Copying blob 6208c5a2e205 done Copying config 768688a189 done Writing manifest to image destination Storing signatures search lab.eng.rdu2.redhat.com nameserver 192.168.0.3 nameserver 10.11.5.160 nameserver 10.2.70.215 [test@kvm-02-guest23 ~]$ podman --cgroup-manager=cgroupfs run -it --runtime=runc --rm --net=slirp4netns:allow_host_loopback=true,cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --userns keep-id --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf search lab.eng.rdu2.redhat.com nameserver 192.168.0.3 nameserver 10.11.5.160 nameserver 10.2.70.215 2. podman-4.5.0-1.el9 [test@kvm-02-guest23 ~]$ rpm -q podman crun runc systemd kernel podman-4.5.0-1.el9.x86_64 crun-1.8.3-1.el9.x86_64 runc-1.1.7-1.el9.x86_64 systemd-252-13.el9_2.x86_64 kernel-5.14.0-311.el9.x86_64 [test@kvm-02-guest23 ~]$ podman --cgroup-manager=cgroupfs run -it --rm --net=slirp4netns:allow_host_loopback=true,cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --userns keep-id --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf search lab.eng.rdu2.redhat.com nameserver 192.168.0.3 nameserver 10.11.5.160 nameserver 10.2.70.215 [test@kvm-02-guest23 ~]$ podman --cgroup-manager=cgroupfs run -it --runtime=runc --rm --net=slirp4netns:allow_host_loopback=true,cidr=192.168.0.0/24 --add-host=localhost.containers.internal:192.168.0.2 --userns keep-id --entrypoint /bin/cat registry.access.redhat.com/ubi8:latest /etc/resolv.conf search lab.eng.rdu2.redhat.com nameserver 192.168.0.3 nameserver 10.11.5.160 nameserver 10.2.70.215
This bug is also verified on podman-4.5.1-2.el9 and podman-4.5.1-4.el9.