libimage: treat localhost/ images as local-only

[mehrdadbn9]

Summary

Fixes an issue where images prefixed with localhost/ (without a port) were incorrectly treated as remote Docker registry references, causing podman build to fail with:

Error: creating build container: unable to copy from source docker://localhost/base-toolbox:latest: pinging container registry localhost: Get "https://localhost/v2/": dial tcp [::1]:443: connect: connection refused

Problem

Images named with localhost/ prefix (e.g., localhost/base-toolbox:latest) are a naming convention for local-only images in Podman/Buildah. They should never attempt a network pull from a Docker registry.

Previously, when building an image with FROM localhost/base-toolbox:latest in a Containerfile, the code would:

1. Look up the image locally
2. If pull policy was newer or always, attempt to pull from docker://localhost/base-toolbox:latest
3. This fails because localhost without a port is not a real Docker registry

Solution

Added a check in copySingleImageFromRegistry() to detect localhost/ prefixed image names (without a port) and:

• Return the local image if found in storage
• Return storage.ErrImageUnknown if not found

This prevents any network pull attempts for localhost images.

Testing

The fix can be verified by:

1. Building a local image tagged as localhost/base:latest
2. Building another image with FROM localhost/base:latest in its Containerfile
3. The build should now succeed without attempting to contact a remote registry

Fixes: containers/podman#28038

[mtrmac]

I didn’t investigate this myself, but at a glance this looks unlikely to be correct.

The reports say that this worked until recently, and this kind of code was not necessary. What has changed and why is extra condition the right approach?

There’s also containers/podman#28038 (comment) saying that localhost/ is not the point, and similarly containers/podman#28038 (comment) .