Undefined [4016624590] Upstream Reporter: Robert Sturla
Upstream issue status: Open
Upstream description:
Issue Description
When transferring an image to and from rootful containers-storage, the manifest type changes from OCI to Docker, which causes some tools (i.e. Bootc) to break.
This also causes the digests to differ.
? podman pull quay.io/fedora/fedora:43 Trying to pull quay.io/fedora/fedora:43... Getting image source signatures Copying blob de6be2cc5821 done | Copying config 14e8744f2b done | Writing manifest to image destination 14e8744f2b4d0d6688e2f0601ce503343cb642bb9a1c6f7ef5f8179876e1693a ? podman inspect quay.io/fedora/fedora:43 --format '{{.ManifestType}}' application/vnd.oci.image.manifest.v1+json ? podman image scp quay.io/fedora/fedora:43 root@localhost:: Copying blob c5e1252e4cab done | Copying config 14e8744f2b done | Writing manifest to image destination [sudo] password for admin: Getting image source signatures Copying blob c5e1252e4cab done | Copying config 14e8744f2b done | Writing manifest to image destination Loaded image: quay.io/fedora/fedora:43 ? sudo podman inspect quay.io/fedora/fedora:43 --format '{{.ManifestType}}' application/vnd.docker.distribution.manifest.v2+jsonSteps to reproduce the issue
Describe the results you received
Transferring an image with an OCI manifest to rootful storage changes to a docker manifest.
Describe the results you expected
The manifest type should remain the same. Or alternatively this limitation should be documented in the docs.
podman info output
host: arch: amd64 buildahVersion: 1.42.2 cgroupControllers: - cpu - io - memory - pids cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon-2.1.13-2.fc43.x86_64 path: /usr/bin/conmon version: 'conmon version 2.1.13, commit: ' cpuUtilization: idlePercent: 95.98 systemPercent: 0.99 userPercent: 3.04 cpus: 24 databaseBackend: sqlite distribution: distribution: fedora variant: silverblue version: "43" emulatedArchitectures: - linux/arm64 - linux/arm64be eventLogger: journald freeLocks: 2044 hostname: UNKNOWN idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 524288 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 524288 size: 65536 kernel: 6.18.13-200.fc43.x86_64 linkmode: dynamic logDriver: journald memFree: 3402346496 memTotal: 33358143488 networkBackend: netavark networkBackendInfo: backend: netavark dns: package: aardvark-dns-1.17.0-1.fc43.x86_64 path: /usr/libexec/podman/aardvark-dns version: aardvark-dns 1.17.0 package: netavark-1.17.2-1.fc43.x86_64 path: /usr/libexec/podman/netavark version: netavark 1.17.2 ociRuntime: name: crun package: crun-1.25.1-1.fc43.x86_64 path: /usr/bin/crun version: |- crun version 1.25.1 commit: 156ae065d4a322d149c7307034f98d9637aa92a2 rundir: /run/user/1000/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL os: linux pasta: executable: /usr/bin/pasta package: passt-0^20260120.g386b5f5-1.fc43.x86_64 version: | pasta 0^20260120.g386b5f5-1.fc43.x86_64 Copyright Red Hat GNU General Public License, version 2 or later <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. remoteSocket: exists: true path: /run/user/1000/podman/podman.sock rootlessNetworkCmd: pasta security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.3.1-3.fc43.x86_64 version: |- slirp4netns version 1.3.1 commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236 libslirp: 4.9.1 SLIRP_CONFIG_VERSION_MAX: 6 libseccomp: 2.6.0 swapFree: 8528347136 swapTotal: 8589930496 uptime: 4h 19m 28.00s (Approximately 0.17 days) variant: "" plugins: authorization: null log: - k8s-file - none - passthrough - journald network: - bridge - macvlan - ipvlan volume: - local registries: ghcr.io/rsturla: Blocked: false Insecure: false Location: ghcr.io/rsturla MirrorByDigestOnly: false Mirrors: - Insecure: true Location: localhost:5000/rsturla PullFromMirror: "" Prefix: ghcr.io/rsturla PullFromMirror: "" localhost:5000: Blocked: false Insecure: true Location: localhost:5000 MirrorByDigestOnly: false Mirrors: null Prefix: localhost:5000 PullFromMirror: "" search: - registry.fedoraproject.org - registry.access.redhat.com - docker.io store: configFile: /var/home/admin/.config/containers/storage.conf containerStore: number: 1 paused: 0 running: 0 stopped: 1 graphDriverName: overlay graphOptions: {} graphRoot: /var/home/admin/.local/share/containers/storage graphRootAllocated: 1998678130688 graphRootUsed: 1069208944640 graphStatus: Backing Filesystem: btrfs Native Overlay Diff: "false" Supports d_type: "true" Supports shifting: "true" Supports volatile: "true" Using metacopy: "false" imageCopyTmpDir: /var/tmp imageStore: number: 1632 runRoot: /run/user/1000/containers transientStore: false volumePath: /var/home/admin/.local/share/containers/storage/volumes version: APIVersion: 5.7.1 BuildOrigin: Fedora Project Built: 1765324800 BuiltTime: Wed Dec 10 00:00:00 2025 GitCommit: f845d14e941889ba4c071f35233d09b29d363c75 GoVersion: go1.25.4 X:nodwarf5 Os: linux OsArch: linux/amd64 Version: 5.7.1Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
Upstream URL: https://github.com/containers/podman/issues/28183
- links to
