[2198770529] Upstream Reporter: Sebastian Noel Lübke
Upstream issue status: Open
Upstream description:

Issue Description

I'm playing around with podman-py and noticed that the /images/pull API endpoint doesn't return a 404 Not Found if I try to pull a non-existing image.

Steps to reproduce the issue

Steps to reproduce the issue

1. Try to pull a non-existing image via the API.
2. See response 200.

Python:

from podman import PodmanClient

uri = "http+unix:///run/user/1000/podman/podman.sock"

with PodmanClient(base_url=uri) as client:
    image = client.images.pull("docker.io/thisimage/doesnot:exist")
    print(image)

Describe the results you received

<Image: ''>

Dumping the requests shows me:

Status-Code: 200
{"stream":"Trying to pull docker.io/libarasd/lego:latest...n"}
{"error":"initializing source docker://libarasd/lego:latest: reading manifest latest in docker.io/libarasd/lego: requested access to the resource is denied"}

Describe the results you expected

If the image is not found the api should return a 404

podman info output

host:   arch: amd64
  buildahVersion: 1.33.5
  cgroupControllers:   - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:     package: conmon-2.1.10-1.fc39.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:     idlePercent: 82.57
    systemPercent: 4.32
    userPercent: 13.1
  cpus: 16
  databaseBackend: boltdb
  distribution:     distribution: fedora
    variant: silverblue
    version: "39"
  eventLogger: journald
  freeLocks: 1880
  hostname: sebastian-fedora
  idMappings:     gidmap:     - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
    uidmap:     - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
  kernel: 6.7.7-200.fc39.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 17831145472
  memTotal: 66951012352
  networkBackend: netavark
  networkBackendInfo:     backend: netavark
    dns:       package: aardvark-dns-1.10.0-1.fc39.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-1.fc39.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:     name: crun
    package: crun-1.14.3-1.fc39.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.3
      commit: 1961d211ba98f532ea52d2e80f4c20359f241a98
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:     executable: /usr/bin/pasta
    package: passt-0^20240220.g1e6f92b-1.fc39.x86_64
    version: |
      pasta 0^20240220.g1e6f92b-1.fc39.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:     exists: true
    path: /run/user/1000/podman/podman.sock
  security:     apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:     executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 8589930496
  swapTotal: 8589930496
  uptime: 7h 20m 0.00s (Approximately 0.29 days)
  variant: ""
plugins:   authorization: null
  log:   - k8s-file
  - none
  - passthrough
  - journald
  network:   - bridge
  - macvlan
  - ipvlan
  volume:   - local
registries:   search:   - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:   configFile: /var/home/sebastian/.config/containers/storage.conf
  containerStore:     number: 108
    paused: 0
    running: 1
    stopped: 107
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/sebastian/.local/share/containers/storage
  graphRootAllocated: 1998678130688
  graphRootUsed: 1939371663360
  graphStatus:     Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:     number: 134
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /var/home/sebastian/.local/share/containers/storage/volumes
version:   APIVersion: 4.9.3
  Built: 1708357294
  BuiltTime: Mon Feb 19 16:41:34 2024
  GitCommit: ""
  GoVersion: go1.21.7
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.3

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting