podman save unreproducible #27676
Description
Issue Description
It is expected that podman save will use the creation time of the OCI image or SOURCE_DATE_EPOCH when it is executed, but in reality, podman save always uses the current system time!
Steps to reproduce the issue
Steps to reproduce the issue:
$ podman pull docker.io/library/alpine:3.23
$ podman image inspect containers-storage:docker.io/library/alpine:3.23 | jq -r '.[].Created'
2025-12-03T19:30:18.252968291Z
$ export SOURCE_DATE_EPOCH=0
$ for i in $(seq 1 5); do podman save --format oci-archive containers-storage:docker.io/library/alpine:3.23 | sha256sum; sleep 1; done
087475770b31241f74396fe01bedfbd2eef65a29af263c64dec73b9d6ef0e6c1 -
2863b3e515c94a763f4a2fa011a1a04d98c868a54bbaef911e267a6accbdeeda -
d5988fd43491ab9a4883e997475134e85346f953d2cd751ca0e2735f90f3b166 -
4859db2f3b089c2c50c5ae215c08dbafb7c4b2212afb0d4aa767b1b9ebbceb0e -
eef28a177aa2e51603d6cfd607e1ad431f0f38e6a6dc1e10f37447d16a1279d3 -
$ echo "SOURCE_DATE_EPOCH: ${SOURCE_DATE_EPOCH}"; date; podman save --format oci-archive containers-storage:docker.io/library/alpine:3.23 | tar -tvf -
SOURCE_DATE_EPOCH: 0
2025-12-04 10:43:17+08:00
drwxr-xr-x 0/0 0 2025-12-04 10:43 blobs/
drwxr-xr-x 0/0 0 2025-12-04 10:43 blobs/sha256/
-rw-r--r-- 0/0 898 2025-12-04 10:43 blobs/sha256/07189ba5724daea8035944723e0e1c0bf826b7b27065d8b40942359ba914bddc
-rw-r--r-- 0/0 3974479 2025-12-04 10:43 blobs/sha256/37d4b3303eb52bec812c535f0c129e9290081e1420c88c8f1ad30aaeeed8e624
-rw-r--r-- 0/0 611 2025-12-04 10:43 blobs/sha256/7acffee03fe864cd6b88219a1028855d6c912e7cf6fac633aa4307529fd0cc08
-rw-r--r-- 0/0 186 2025-12-04 10:43 index.json
-rw-r--r-- 0/0 30 2025-12-04 10:43 oci-layoutIt is expected that podman save will use the creation time of the OCI image or SOURCE_DATE_EPOCH when it is executed, but in reality, podman save always uses the current system time!
Describe the results you received
podman save always uses the current system time!
Describe the results you expected
It is expected that podman save will use the creation time of the OCI image or SOURCE_DATE_EPOCH when it is executed.
podman info output
$ podman info
host:
arch: amd64
buildahVersion: 1.42.0
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
cgroupManager: cgroupfs
cgroupVersion: v2
conmon:
package: Unknown
path: /usr/bin/conmon
version: 'conmon version 2.1.13, commit: 82de887596ed8ee6d9b2ee85e4f167f307bb569b-dirty'
cpuUtilization:
idlePercent: 99.88
systemPercent: 0.07
userPercent: 0.04
cpus: 12
databaseBackend: sqlite
distribution:
distribution: sles
version: "15.7"
eventLogger: file
freeLocks: 2048
hostname: xyz
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.6.87.1-microsoft-standard-WSL2
linkmode: dynamic
logDriver: k8s-file
memFree: 15674740736
memTotal: 16579264512
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: Unknown
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.16.0
package: Unknown
path: /usr/libexec/podman/netavark
version: netavark 1.16.1
ociRuntime:
name: crun
package: Unknown
path: /usr/bin/crun
version: |-
crun version 1.25
commit: d9a0adce065c7747ab88ea6ccc42b15a626e08e1
rundir: /mnt/wslg/runtime-dir/crun
spec: 1.0.0
+SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: Unknown
version: |
pasta 2025_09_19.623dbf6
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /mnt/wslg/runtime-dir/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: ""
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: Unknown
version: |-
slirp4netns version 1.3.3
commit: 944fa94090e1fd1312232cbc0e6b43585553d824
libslirp: 4.9.1
SLIRP_CONFIG_VERSION_MAX: 6
libseccomp: 2.5.3
swapFree: 4294967296
swapTotal: 4294967296
uptime: 22h 35m 39.00s (Approximately 0.92 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
network:
- bridge
- macvlan
- ipvlan
- aardvark-dns
- netavark
- netavark-connection-tester
- netavark-dhcp-proxy-client
volume:
- local
registries:
docker.io/library:
Blocked: false
Insecure: false
Location: public.ecr.aws/docker/library
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io/library
PullFromMirror: ""
search:
- docker.io
- ghcr.io
- quay.io
- registry.fedoraproject.org
- container-registry.oracle.com
store:
configFile: /home/dongsheng/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/dongsheng/.local/share/containers/storage
graphRootAllocated: 1081101176832
graphRootUsed: 67846451200
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 45
runRoot: /mnt/wslg/runtime-dir/containers
transientStore: false
volumePath: /home/dongsheng/.local/share/containers/storage/volumes
version:
APIVersion: 5.7.0
Built: 1762869067
BuiltTime: Tue Nov 11 21:51:07 2025
GitCommit: 0370128fc8dcae93533334324ef838db8f8da8cb
GoVersion: go1.25.4
Os: linux
OsArch: linux/amd64
Version: 5.7.0Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
No response
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting