diff --git a/.cirrus.yml b/.cirrus.yml
index 7aa0e309f12..121df5c49b5 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -6,7 +6,7 @@ env:
     #### Global variables used for all tasks
     ####
     # Name of the ultimate destination branch for this CI run, PR or post-merge.
-    DEST_BRANCH: "main"
+    DEST_BRANCH: "release-1.39"
     GOPATH: "/var/tmp/go"
     GOSRC: "${GOPATH}/src/github.com/containers/buildah"
     GOCACHE: "/tmp/go-build"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e28a49a34df..fe4a9b8575a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@
 
 # Changelog
 
+## v1.39.4 (2025-03-27)
+
+    [release-1.39] Bump c/image to v5.34.3, c/common v0.62.3
+    createPlatformContainer: drop MS_REMOUNT|MS_BIND
+
+## v1.39.3 (2025-03-12)
+
+    [release-1.39] Bump c/storage to v1.57.2, c/image v5.34.2, c/common v0.62.2
+
+## v1.39.2 (2025-03-03)
+
+    [release-1.39] Bump c/image to v5.34.1, c/common v0.62.1
+
+## v1.39.1 (2025-02-25)
+
+    chroot createPlatformContainer: use MS_REMOUNT
+    chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
+
 ## v1.39.0 (2025-01-31)
 
     Bump c/storage v1.57.1, c/image 5.34.0,  c/common v0.62.0
diff --git a/changelog.txt b/changelog.txt
index f1d0263992c..1c2be4aadb9 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,18 @@
+- Changelog for v1.39.4 (2025-03-27)
+  * [release-1.39] Bump c/image to v5.34.3, c/common v0.62.3
+  * createPlatformContainer: drop MS_REMOUNT|MS_BIND
+
+- Changelog for v1.39.3 (2025-03-12)
+  * [release-1.39] Bump c/storage to v1.57.2, c/image v5.34.2, c/common v0.62.2
+
+- Changelog for v1.39.2 (2025-03-03)
+  * [release-1.39] Bump c/image to v5.34.1, c/common v0.62.1
+
+- Changelog for v1.39.1 (2025-02-25)
+
+  * chroot createPlatformContainer: use MS_REMOUNT
+  * chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
+
 - Changelog for v1.39.0 (2025-01-31)
   * Bump c/storage v1.57.1, c/image 5.34.0,  c/common v0.62.0
   * Update module github.com/containers/storage to v1.57.0
diff --git a/chroot/run_linux.go b/chroot/run_linux.go
index 694010b98e7..cd19fa01733 100644
--- a/chroot/run_linux.go
+++ b/chroot/run_linux.go
@@ -263,7 +263,7 @@ func createPlatformContainer(options runUsingChrootExecSubprocOptions) error {
 		return fmt.Errorf("changing to host root directory: %w", err)
 	}
 	// make sure we only unmount things under this tree
-	if err := unix.Mount(".", ".", "bind", unix.MS_BIND|unix.MS_SLAVE|unix.MS_REC, ""); err != nil {
+	if err := unix.Mount(".", ".", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil {
 		return fmt.Errorf("tweaking mount flags on host root directory before unmounting from mount namespace: %w", err)
 	}
 	// detach this (unnamed?) old directory
diff --git a/define/types.go b/define/types.go
index d3df78dad3b..65b3a1bf286 100644
--- a/define/types.go
+++ b/define/types.go
@@ -29,7 +29,7 @@ const (
 	// identify working containers.
 	Package = "buildah"
 	// Version for the Package. Also used by .packit.sh for Packit builds.
-	Version = "1.39.0"
+	Version = "1.39.4"
 
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"
diff --git a/go.mod b/go.mod
index 29c0faa447c..e27421f0572 100644
--- a/go.mod
+++ b/go.mod
@@ -7,11 +7,11 @@ go 1.22.8
 require (
 	github.com/containerd/platforms v1.0.0-rc.1
 	github.com/containernetworking/cni v1.2.3
-	github.com/containers/common v0.62.0
-	github.com/containers/image/v5 v5.34.0
+	github.com/containers/common v0.62.3
+	github.com/containers/image/v5 v5.34.3
 	github.com/containers/luksy v0.0.0-20250106202729-a3a812db5b72
 	github.com/containers/ocicrypt v1.2.1
-	github.com/containers/storage v1.57.1
+	github.com/containers/storage v1.57.2
 	github.com/cyphar/filepath-securejoin v0.3.6
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/docker/docker v27.5.1+incompatible
@@ -71,7 +71,7 @@ require (
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
diff --git a/go.sum b/go.sum
index 5e0da6fe27f..3c667d0fafb 100644
--- a/go.sum
+++ b/go.sum
@@ -63,18 +63,18 @@ github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8F
 github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M=
 github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ=
 github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
-github.com/containers/common v0.62.0 h1:Sl9WE5h7Y/F3bejrMAA4teP1EcY9ygqJmW4iwSloZ10=
-github.com/containers/common v0.62.0/go.mod h1:Yec+z8mrSq4rydHofrnDCBqAcNA/BGrSg1kfFUL6F6s=
-github.com/containers/image/v5 v5.34.0 h1:HPqQaDUsox/3mC1pbOyLAIQEp0JhQqiUZ+6JiFIZLDI=
-github.com/containers/image/v5 v5.34.0/go.mod h1:/WnvUSEfdqC/ahMRd4YJDBLrpYWkGl018rB77iB3FDo=
+github.com/containers/common v0.62.3 h1:aOGryqXfW6aKBbHbqOveH7zB+ihavUN03X/2pUSvWFI=
+github.com/containers/common v0.62.3/go.mod h1:3R8kDox2prC9uj/a2hmXj/YjZz5sBEUNrcDiw51S0Lo=
+github.com/containers/image/v5 v5.34.3 h1:/cMgfyA4Y7ILH7nzWP/kqpkE5Df35Ek4bp5ZPvJOVmI=
+github.com/containers/image/v5 v5.34.3/go.mod h1:MG++slvQSZVq5ejAcLdu4APGsKGMb0YHHnAo7X28fdE=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/luksy v0.0.0-20250106202729-a3a812db5b72 h1:hdBIFaml6hO+Bal8CdQSQPTF305gwsJfubs4NoOV53A=
 github.com/containers/luksy v0.0.0-20250106202729-a3a812db5b72/go.mod h1:UpMgEjd9XelIA/iK+qD3hWIrZY/M3eaepn+gm5U8OYE=
 github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM=
 github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ=
-github.com/containers/storage v1.57.1 h1:hKPoFsuBcB3qTzBxa4IFpZMRzUuL5Xhv/BE44W0XHx8=
-github.com/containers/storage v1.57.1/go.mod h1:i/Hb4lu7YgFr9G0K6BMjqW0BLJO1sFsnWQwj2UoWCUM=
+github.com/containers/storage v1.57.2 h1:2roCtTyE9pzIaBDHibK72DTnYkPmwWaq5uXxZdaWK4U=
+github.com/containers/storage v1.57.2/go.mod h1:i/Hb4lu7YgFr9G0K6BMjqW0BLJO1sFsnWQwj2UoWCUM=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -116,8 +116,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fsouza/go-dockerclient v1.12.0 h1:S2f2crEUbBNCFiF06kR/GvioEB8EMsb3Td/bpawD+aU=
 github.com/fsouza/go-dockerclient v1.12.0/go.mod h1:YWUtjg8japrqD/80L98nTtCoxQFp5B5wrSsnyeB5lFo=
-github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
-github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
diff --git a/tests/chroot.bats b/tests/chroot.bats
index 1826a5f90e1..652ea3b0081 100644
--- a/tests/chroot.bats
+++ b/tests/chroot.bats
@@ -111,3 +111,74 @@ load helpers
     unshare -mpf --mount-proc env -i bash -x ${TEST_SCRATCH_DIR}/script.sh
   fi
 }
+
+@test "chroot with overlay root" {
+  if test `uname` != Linux ; then
+    skip "not meaningful except on Linux"
+  fi
+  skip_if_no_unshare
+  if [ "$(id -u)" -ne 0 ]; then
+    skip "expects to already be root"
+  fi
+  _prefetch docker.io/library/busybox
+  cp -v ${TEST_SOURCES}/containers.conf ${TEST_SCRATCH_DIR}/containers.conf
+  chmod ugo+r ${TEST_SCRATCH_DIR}/containers.conf
+  mkdir -p ${TEST_SCRATCH_DIR}/chroot
+  chown -R 1:1 ${TEST_SCRATCH_DIR}/root ${TEST_SCRATCH_DIR}/runroot ${TEST_SCRATCH_DIR}/chroot
+  cat > ${TEST_SCRATCH_DIR}/script1 <<- EOF
+  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}
+  set -e
+  set -x
+  mkdir -p ${TEST_SCRATCH_DIR}/chroot/workdir
+  mkdir -p ${TEST_SCRATCH_DIR}/chroot/upperdir
+  mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged
+  mount -t overlay overlay -o upperdir=${TEST_SCRATCH_DIR}/chroot/upperdir,workdir=${TEST_SCRATCH_DIR}/chroot/workdir,lowerdir=/ ${TEST_SCRATCH_DIR}/chroot/merged
+  mount -t proc proc ${TEST_SCRATCH_DIR}/chroot/merged/proc
+  mount -t sysfs sysfs ${TEST_SCRATCH_DIR}/chroot/merged/sys
+  mount --bind /dev ${TEST_SCRATCH_DIR}/chroot/merged/dev
+  mount --bind /etc ${TEST_SCRATCH_DIR}/chroot/merged/etc
+  echo build > ${TEST_SCRATCH_DIR}/chroot/hostname
+  chmod 644 ${TEST_SCRATCH_DIR}/chroot/hostname
+  mount --bind ${TEST_SCRATCH_DIR}/chroot/hostname ${TEST_SCRATCH_DIR}/chroot/merged/etc/hostname
+  touch ${TEST_SCRATCH_DIR}/chroot/hosts
+  chmod 644 ${TEST_SCRATCH_DIR}/chroot/hosts
+  mount --bind ${TEST_SCRATCH_DIR}/chroot/hosts ${TEST_SCRATCH_DIR}/chroot/merged/etc/hosts
+  touch ${TEST_SCRATCH_DIR}/chroot/resolv.conf
+  chmod 644 ${TEST_SCRATCH_DIR}/chroot/resolv.conf
+  mount --bind ${TEST_SCRATCH_DIR}/chroot/resolv.conf ${TEST_SCRATCH_DIR}/chroot/merged/etc/resolv.conf
+  mount --bind /tmp ${TEST_SCRATCH_DIR}/chroot/merged/tmp
+  mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/var/tmp
+  chmod 1777 ${TEST_SCRATCH_DIR}/chroot/merged/var/tmp
+  if test -d /var/tmp; then
+    mount --bind /var/tmp ${TEST_SCRATCH_DIR}/chroot/merged/var/tmp
+  fi
+  mount --bind ${TEST_SCRATCH_DIR} ${TEST_SCRATCH_DIR}/chroot/merged/${TEST_SCRATCH_DIR}
+  mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin
+  touch ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin/buildah
+  mount --bind ${BUILDAH_BINARY:-$TEST_SOURCES/../bin/buildah} ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin/buildah
+  cd ${TEST_SCRATCH_DIR}/chroot/merged
+  pivot_root . tmp
+  mount --make-rslave tmp
+  umount -f -l tmp
+  mount -o remount,ro --make-rshared /
+  grep ' / / ' /proc/self/mountinfo
+  # unshare from util-linux 2.39 also accepts INNER:OUTER:SIZE for --map-users
+  # and --map-groups, but fedora 37's is too old, so the older OUTER,INNER,SIZE
+  # (using commas instead of colons as field separators) will have to do
+  unshare --setuid 0 --setgid 0 --map-users=1,0,1024 --map-groups=1,0,1024 -UinCfpm bash ${TEST_SCRATCH_DIR}/script2
+EOF
+  cat > ${TEST_SCRATCH_DIR}/script2 <<- EOF
+  set -e
+  set -x
+  export _CONTAINERS_USERNS_CONFIGURED=done
+  export CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf
+  cat /proc/self/uid_map
+  cat /proc/self/gid_map
+  mount --make-shared /
+  /usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} from --name ctrid --pull=never --quiet docker.io/library/busybox
+  /usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} run --isolation=chroot ctrid pwd
+EOF
+  chmod +x ${TEST_SCRATCH_DIR}
+  chmod +rx ${TEST_SCRATCH_DIR}/script1 ${TEST_SCRATCH_DIR}/script2
+  env -i unshare -inCfpm bash ${TEST_SCRATCH_DIR}/script1
+}
diff --git a/tests/conformance/testdata/Dockerfile.add b/tests/conformance/testdata/Dockerfile.add
index ac521b0566e..e8d0160f8f6 100644
--- a/tests/conformance/testdata/Dockerfile.add
+++ b/tests/conformance/testdata/Dockerfile.add
@@ -1,11 +1,11 @@
 FROM mirror.gcr.io/busybox
-ADD https://github.com/openshift/origin/raw/master/README.md README.md
+ADD https://github.com/openshift/origin/raw/main/README.md README.md
 USER 1001
-ADD https://github.com/openshift/origin/raw/master/LICENSE .
-ADD https://github.com/openshift/origin/raw/master/LICENSE A
-ADD https://github.com/openshift/origin/raw/master/LICENSE ./a
+ADD https://github.com/openshift/origin/raw/main/LICENSE .
+ADD https://github.com/openshift/origin/raw/main/LICENSE A
+ADD https://github.com/openshift/origin/raw/main/LICENSE ./a
 USER root
 RUN mkdir ./b
-ADD https://github.com/openshift/origin/raw/master/LICENSE ./b/a
-ADD https://github.com/openshift/origin/raw/master/LICENSE ./b/.
+ADD https://github.com/openshift/origin/raw/main/LICENSE ./b/a
+ADD https://github.com/openshift/origin/raw/main/LICENSE ./b/.
 ADD https://github.com/openshift/ruby-hello-world/archive/master.zip /tmp/
diff --git a/tests/run.bats b/tests/run.bats
index d007658b049..3f6dc14e956 100644
--- a/tests/run.bats
+++ b/tests/run.bats
@@ -997,3 +997,23 @@ _EOF
 	run_buildah ? bud --pull=false --layers .
         expect_output --substring -- "-c requires an argument"
 }
+
+@test "root fs only mounted once" {
+  if test `uname` != Linux ; then
+    skip "not meaningful except on Linux"
+  fi
+  _prefetch busybox
+  run_buildah from --pull=never --quiet busybox
+  cid="$output"
+  run_buildah run $cid cat /proc/self/mountinfo
+  echo "$output" > ${TEST_SCRATCH_DIR}/mountinfo1
+  echo "# mountinfo unfiltered:"
+  cat ${TEST_SCRATCH_DIR}/mountinfo1
+  grep ' / rw,' ${TEST_SCRATCH_DIR}/mountinfo1 > ${TEST_SCRATCH_DIR}/mountinfo2
+  echo "# mountinfo grepped:"
+  cat ${TEST_SCRATCH_DIR}/mountinfo2
+  wc -l < ${TEST_SCRATCH_DIR}/mountinfo2 > ${TEST_SCRATCH_DIR}/mountinfo3
+  echo "# mountinfo count:"
+  cat ${TEST_SCRATCH_DIR}/mountinfo3
+  assert $(cat ${TEST_SCRATCH_DIR}/mountinfo3) -eq 1
+}
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index f676ffa9993..cef52d7abae 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.62.0"
+const Version = "0.62.3"
diff --git a/vendor/github.com/containers/image/v5/signature/fulcio_cert.go b/vendor/github.com/containers/image/v5/signature/fulcio_cert.go
index 31dfdd3422b..a3c20480401 100644
--- a/vendor/github.com/containers/image/v5/signature/fulcio_cert.go
+++ b/vendor/github.com/containers/image/v5/signature/fulcio_cert.go
@@ -108,19 +108,10 @@ func (f *fulcioTrustRoot) verifyFulcioCertificateAtTime(relevantTime time.Time,
 		}
 	}
 
-	untrustedLeafCerts, err := cryptoutils.UnmarshalCertificatesFromPEM(untrustedCertificateBytes)
+	untrustedCertificate, err := parseLeafCertFromPEM(untrustedCertificateBytes)
 	if err != nil {
-		return nil, internal.NewInvalidSignatureError(fmt.Sprintf("parsing leaf certificate: %v", err))
-	}
-	switch len(untrustedLeafCerts) {
-	case 0:
-		return nil, internal.NewInvalidSignatureError("no certificate found in signature certificate data")
-	case 1:
-		break // OK
-	default:
-		return nil, internal.NewInvalidSignatureError("unexpected multiple certificates present in signature certificate data")
+		return nil, err
 	}
-	untrustedCertificate := untrustedLeafCerts[0]
 
 	// Go rejects Subject Alternative Name that has no DNSNames, EmailAddresses, IPAddresses and URIs;
 	// we match SAN ourselves, so override that.
@@ -195,6 +186,21 @@ func (f *fulcioTrustRoot) verifyFulcioCertificateAtTime(relevantTime time.Time,
 	return untrustedCertificate.PublicKey, nil
 }
 
+func parseLeafCertFromPEM(untrustedCertificateBytes []byte) (*x509.Certificate, error) {
+	untrustedLeafCerts, err := cryptoutils.UnmarshalCertificatesFromPEM(untrustedCertificateBytes)
+	if err != nil {
+		return nil, internal.NewInvalidSignatureError(fmt.Sprintf("parsing leaf certificate: %v", err))
+	}
+	switch len(untrustedLeafCerts) {
+	case 0:
+		return nil, internal.NewInvalidSignatureError("no certificate found in signature certificate data")
+	case 1: // OK
+		return untrustedLeafCerts[0], nil
+	default:
+		return nil, internal.NewInvalidSignatureError("unexpected multiple certificates present in signature certificate data")
+	}
+}
+
 func verifyRekorFulcio(rekorPublicKeys []*ecdsa.PublicKey, fulcioTrustRoot *fulcioTrustRoot, untrustedRekorSET []byte,
 	untrustedCertificateBytes []byte, untrustedIntermediateChainBytes []byte, untrustedBase64Signature string,
 	untrustedPayloadBytes []byte) (crypto.PublicKey, error) {
diff --git a/vendor/github.com/containers/image/v5/signature/pki_cert.go b/vendor/github.com/containers/image/v5/signature/pki_cert.go
new file mode 100644
index 00000000000..20624540fa6
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/signature/pki_cert.go
@@ -0,0 +1,74 @@
+package signature
+
+import (
+	"crypto"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"slices"
+
+	"github.com/containers/image/v5/signature/internal"
+	"github.com/sigstore/sigstore/pkg/cryptoutils"
+)
+
+type pkiTrustRoot struct {
+	caRootsCertificates        *x509.CertPool
+	caIntermediateCertificates *x509.CertPool
+	subjectEmail               string
+	subjectHostname            string
+}
+
+func (p *pkiTrustRoot) validate() error {
+	if p.subjectEmail == "" && p.subjectHostname == "" {
+		return errors.New("Internal inconsistency: PKI use set up without subject email or subject hostname")
+	}
+	return nil
+}
+
+func verifyPKI(pkiTrustRoot *pkiTrustRoot, untrustedCertificateBytes []byte, untrustedIntermediateChainBytes []byte) (crypto.PublicKey, error) {
+	var untrustedIntermediatePool *x509.CertPool
+	if pkiTrustRoot.caIntermediateCertificates != nil {
+		untrustedIntermediatePool = pkiTrustRoot.caIntermediateCertificates.Clone()
+	} else {
+		untrustedIntermediatePool = x509.NewCertPool()
+	}
+	if len(untrustedIntermediateChainBytes) > 0 {
+		untrustedIntermediateChain, err := cryptoutils.UnmarshalCertificatesFromPEM(untrustedIntermediateChainBytes)
+		if err != nil {
+			return nil, internal.NewInvalidSignatureError(fmt.Sprintf("loading certificate chain: %v", err))
+		}
+		if len(untrustedIntermediateChain) > 1 {
+			for _, untrustedIntermediateCert := range untrustedIntermediateChain[:len(untrustedIntermediateChain)-1] {
+				untrustedIntermediatePool.AddCert(untrustedIntermediateCert)
+			}
+		}
+	}
+
+	untrustedCertificate, err := parseLeafCertFromPEM(untrustedCertificateBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	if _, err := untrustedCertificate.Verify(x509.VerifyOptions{
+		Intermediates: untrustedIntermediatePool,
+		Roots:         pkiTrustRoot.caRootsCertificates,
+		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning},
+	}); err != nil {
+		return nil, internal.NewInvalidSignatureError(fmt.Sprintf("veryfing leaf certificate failed: %v", err))
+	}
+
+	if pkiTrustRoot.subjectEmail != "" {
+		if !slices.Contains(untrustedCertificate.EmailAddresses, pkiTrustRoot.subjectEmail) {
+			return nil, internal.NewInvalidSignatureError(fmt.Sprintf("Required email %q not found (got %q)",
+				pkiTrustRoot.subjectEmail,
+				untrustedCertificate.EmailAddresses))
+		}
+	}
+	if pkiTrustRoot.subjectHostname != "" {
+		if err = untrustedCertificate.VerifyHostname(pkiTrustRoot.subjectHostname); err != nil {
+			return nil, internal.NewInvalidSignatureError(fmt.Sprintf("Unexpected subject hostname: %v", err))
+		}
+	}
+
+	return untrustedCertificate.PublicKey, nil
+}
diff --git a/vendor/github.com/containers/image/v5/signature/policy_config_sigstore.go b/vendor/github.com/containers/image/v5/signature/policy_config_sigstore.go
index 965901e1871..6393b66ea62 100644
--- a/vendor/github.com/containers/image/v5/signature/policy_config_sigstore.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_config_sigstore.go
@@ -71,6 +71,17 @@ func PRSigstoreSignedWithFulcio(fulcio PRSigstoreSignedFulcio) PRSigstoreSignedO
 	}
 }
 
+// PRSigstoreSignedWithPKI specifies a value for the "pki" field when calling NewPRSigstoreSigned.
+func PRSigstoreSignedWithPKI(p PRSigstoreSignedPKI) PRSigstoreSignedOption {
+	return func(pr *prSigstoreSigned) error {
+		if pr.PKI != nil {
+			return InvalidPolicyFormatError(`"pki" already specified`)
+		}
+		pr.PKI = p
+		return nil
+	}
+}
+
 // PRSigstoreSignedWithRekorPublicKeyPath specifies a value for the "rekorPublicKeyPath" field when calling NewPRSigstoreSigned.
 func PRSigstoreSignedWithRekorPublicKeyPath(rekorPublicKeyPath string) PRSigstoreSignedOption {
 	return func(pr *prSigstoreSigned) error {
@@ -159,8 +170,11 @@ func newPRSigstoreSigned(options ...PRSigstoreSignedOption) (*prSigstoreSigned,
 	if res.Fulcio != nil {
 		keySources++
 	}
+	if res.PKI != nil {
+		keySources++
+	}
 	if keySources != 1 {
-		return nil, InvalidPolicyFormatError("exactly one of keyPath, keyPaths, keyData, keyDatas and fulcio must be specified")
+		return nil, InvalidPolicyFormatError("exactly one of keyPath, keyPaths, keyData, keyDatas, fulcio, and pki must be specified")
 	}
 
 	rekorSources := 0
@@ -182,6 +196,9 @@ func newPRSigstoreSigned(options ...PRSigstoreSignedOption) (*prSigstoreSigned,
 	if res.Fulcio != nil && rekorSources == 0 {
 		return nil, InvalidPolicyFormatError("At least one of rekorPublickeyPath, rekorPublicKeyPaths, rekorPublickeyData and rekorPublicKeyDatas must be specified if fulcio is used")
 	}
+	if res.PKI != nil && rekorSources > 0 {
+		return nil, InvalidPolicyFormatError("rekorPublickeyPath, rekorPublicKeyPaths, rekorPublickeyData and rekorPublicKeyDatas are not supported for pki")
+	}
 
 	if res.SignedIdentity == nil {
 		return nil, InvalidPolicyFormatError("signedIdentity not specified")
@@ -218,9 +235,10 @@ var _ json.Unmarshaler = (*prSigstoreSigned)(nil)
 func (pr *prSigstoreSigned) UnmarshalJSON(data []byte) error {
 	*pr = prSigstoreSigned{}
 	var tmp prSigstoreSigned
-	var gotKeyPath, gotKeyPaths, gotKeyData, gotKeyDatas, gotFulcio bool
+	var gotKeyPath, gotKeyPaths, gotKeyData, gotKeyDatas, gotFulcio, gotPKI bool
 	var gotRekorPublicKeyPath, gotRekorPublicKeyPaths, gotRekorPublicKeyData, gotRekorPublicKeyDatas bool
 	var fulcio prSigstoreSignedFulcio
+	var pki prSigstoreSignedPKI
 	var signedIdentity json.RawMessage
 	if err := internal.ParanoidUnmarshalJSONObject(data, func(key string) any {
 		switch key {
@@ -253,6 +271,9 @@ func (pr *prSigstoreSigned) UnmarshalJSON(data []byte) error {
 		case "rekorPublicKeyDatas":
 			gotRekorPublicKeyDatas = true
 			return &tmp.RekorPublicKeyDatas
+		case "pki":
+			gotPKI = true
+			return &pki
 		case "signedIdentity":
 			return &signedIdentity
 		default:
@@ -303,6 +324,9 @@ func (pr *prSigstoreSigned) UnmarshalJSON(data []byte) error {
 	if gotRekorPublicKeyDatas {
 		opts = append(opts, PRSigstoreSignedWithRekorPublicKeyDatas(tmp.RekorPublicKeyDatas))
 	}
+	if gotPKI {
+		opts = append(opts, PRSigstoreSignedWithPKI(&pki))
+	}
 	opts = append(opts, PRSigstoreSignedWithSignedIdentity(tmp.SignedIdentity))
 
 	res, err := newPRSigstoreSigned(opts...)
@@ -440,3 +464,167 @@ func (f *prSigstoreSignedFulcio) UnmarshalJSON(data []byte) error {
 	*f = *res
 	return nil
 }
+
+// PRSigstoreSignedPKIOption is a way to pass values to NewPRSigstoreSignedPKI
+type PRSigstoreSignedPKIOption func(*prSigstoreSignedPKI) error
+
+// PRSigstoreSignedPKIWithCARootsPath specifies a value for the "caRootsPath" field when calling NewPRSigstoreSignedPKI
+func PRSigstoreSignedPKIWithCARootsPath(caRootsPath string) PRSigstoreSignedPKIOption {
+	return func(p *prSigstoreSignedPKI) error {
+		if p.CARootsPath != "" {
+			return InvalidPolicyFormatError(`"caRootsPath" already specified`)
+		}
+		p.CARootsPath = caRootsPath
+		return nil
+	}
+}
+
+// PRSigstoreSignedPKIWithCARootsData specifies a value for the "caRootsData" field when calling NewPRSigstoreSignedPKI
+func PRSigstoreSignedPKIWithCARootsData(caRootsData []byte) PRSigstoreSignedPKIOption {
+	return func(p *prSigstoreSignedPKI) error {
+		if p.CARootsData != nil {
+			return InvalidPolicyFormatError(`"caRootsData" already specified`)
+		}
+		p.CARootsData = caRootsData
+		return nil
+	}
+}
+
+// PRSigstoreSignedPKIWithCAIntermediatesPath specifies a value for the "caIntermediatesPath" field when calling NewPRSigstoreSignedPKI
+func PRSigstoreSignedPKIWithCAIntermediatesPath(caIntermediatesPath string) PRSigstoreSignedPKIOption {
+	return func(p *prSigstoreSignedPKI) error {
+		if p.CAIntermediatesPath != "" {
+			return InvalidPolicyFormatError(`"caIntermediatesPath" already specified`)
+		}
+		p.CAIntermediatesPath = caIntermediatesPath
+		return nil
+	}
+}
+
+// PRSigstoreSignedPKIWithCAIntermediatesData specifies a value for the "caIntermediatesData" field when calling NewPRSigstoreSignedPKI
+func PRSigstoreSignedPKIWithCAIntermediatesData(caIntermediatesData []byte) PRSigstoreSignedPKIOption {
+	return func(p *prSigstoreSignedPKI) error {
+		if p.CAIntermediatesData != nil {
+			return InvalidPolicyFormatError(`"caIntermediatesData" already specified`)
+		}
+		p.CAIntermediatesData = caIntermediatesData
+		return nil
+	}
+}
+
+// PRSigstoreSignedPKIWithSubjectEmail specifies a value for the "subjectEmail" field when calling NewPRSigstoreSignedPKI
+func PRSigstoreSignedPKIWithSubjectEmail(subjectEmail string) PRSigstoreSignedPKIOption {
+	return func(p *prSigstoreSignedPKI) error {
+		if p.SubjectEmail != "" {
+			return InvalidPolicyFormatError(`"subjectEmail" already specified`)
+		}
+		p.SubjectEmail = subjectEmail
+		return nil
+	}
+}
+
+// PRSigstoreSignedPKIWithSubjectHostname specifies a value for the "subjectHostname" field when calling NewPRSigstoreSignedPKI
+func PRSigstoreSignedPKIWithSubjectHostname(subjectHostname string) PRSigstoreSignedPKIOption {
+	return func(p *prSigstoreSignedPKI) error {
+		if p.SubjectHostname != "" {
+			return InvalidPolicyFormatError(`"subjectHostname" already specified`)
+		}
+		p.SubjectHostname = subjectHostname
+		return nil
+	}
+}
+
+// newPRSigstoreSignedPKI is NewPRSigstoreSignedPKI, except it returns the private type
+func newPRSigstoreSignedPKI(options ...PRSigstoreSignedPKIOption) (*prSigstoreSignedPKI, error) {
+	res := prSigstoreSignedPKI{}
+	for _, o := range options {
+		if err := o(&res); err != nil {
+			return nil, err
+		}
+	}
+
+	if res.CARootsPath != "" && res.CARootsData != nil {
+		return nil, InvalidPolicyFormatError("caRootsPath and caRootsData cannot be used simultaneously")
+	}
+	if res.CARootsPath == "" && res.CARootsData == nil {
+		return nil, InvalidPolicyFormatError("At least one of caRootsPath and caRootsData must be specified")
+	}
+
+	if res.CAIntermediatesPath != "" && res.CAIntermediatesData != nil {
+		return nil, InvalidPolicyFormatError("caIntermediatesPath and caIntermediatesData cannot be used simultaneously")
+	}
+
+	if res.SubjectEmail == "" && res.SubjectHostname == "" {
+		return nil, InvalidPolicyFormatError("At least one of subjectEmail, subjectHostname must be specified")
+	}
+
+	return &res, nil
+}
+
+// NewPRSigstoreSignedPKI returns a PRSigstoreSignedPKI based on options.
+func NewPRSigstoreSignedPKI(options ...PRSigstoreSignedPKIOption) (PRSigstoreSignedPKI, error) {
+	return newPRSigstoreSignedPKI(options...)
+}
+
+// Compile-time check that prSigstoreSignedPKI implements json.Unmarshaler.
+var _ json.Unmarshaler = (*prSigstoreSignedPKI)(nil)
+
+func (p *prSigstoreSignedPKI) UnmarshalJSON(data []byte) error {
+	*p = prSigstoreSignedPKI{}
+	var tmp prSigstoreSignedPKI
+	var gotCARootsPath, gotCARootsData, gotCAIntermediatesPath, gotCAIntermediatesData, gotSubjectEmail, gotSubjectHostname bool
+	if err := internal.ParanoidUnmarshalJSONObject(data, func(key string) any {
+		switch key {
+		case "caRootsPath":
+			gotCARootsPath = true
+			return &tmp.CARootsPath
+		case "caRootsData":
+			gotCARootsData = true
+			return &tmp.CARootsData
+		case "caIntermediatesPath":
+			gotCAIntermediatesPath = true
+			return &tmp.CAIntermediatesPath
+		case "caIntermediatesData":
+			gotCAIntermediatesData = true
+			return &tmp.CAIntermediatesData
+		case "subjectEmail":
+			gotSubjectEmail = true
+			return &tmp.SubjectEmail
+		case "subjectHostname":
+			gotSubjectHostname = true
+			return &tmp.SubjectHostname
+		default:
+			return nil
+		}
+	}); err != nil {
+		return err
+	}
+
+	var opts []PRSigstoreSignedPKIOption
+	if gotCARootsPath {
+		opts = append(opts, PRSigstoreSignedPKIWithCARootsPath(tmp.CARootsPath))
+	}
+	if gotCARootsData {
+		opts = append(opts, PRSigstoreSignedPKIWithCARootsData(tmp.CARootsData))
+	}
+	if gotCAIntermediatesPath {
+		opts = append(opts, PRSigstoreSignedPKIWithCAIntermediatesPath(tmp.CAIntermediatesPath))
+	}
+	if gotCAIntermediatesData {
+		opts = append(opts, PRSigstoreSignedPKIWithCAIntermediatesData(tmp.CAIntermediatesData))
+	}
+	if gotSubjectEmail {
+		opts = append(opts, PRSigstoreSignedPKIWithSubjectEmail(tmp.SubjectEmail))
+	}
+	if gotSubjectHostname {
+		opts = append(opts, PRSigstoreSignedPKIWithSubjectHostname(tmp.SubjectHostname))
+	}
+
+	res, err := newPRSigstoreSignedPKI(opts...)
+	if err != nil {
+		return err
+	}
+
+	*p = *res
+	return nil
+}
diff --git a/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go b/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go
index 9c553771cbe..faede787a1e 100644
--- a/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go
@@ -97,11 +97,64 @@ func (f *prSigstoreSignedFulcio) prepareTrustRoot() (*fulcioTrustRoot, error) {
 	return &fulcio, nil
 }
 
+// prepareTrustRoot creates a pkiTrustRoot from the input data.
+// (This also prevents external implementations of this interface, ensuring that prSigstoreSignedPKI is the only one.)
+func (p *prSigstoreSignedPKI) prepareTrustRoot() (*pkiTrustRoot, error) {
+	caRootsCertPEMs, err := loadBytesFromConfigSources(configBytesSources{
+		inconsistencyErrorMessage: `Internal inconsistency: both "caRootsPath" and "caRootsData" specified`,
+		path:                      p.CARootsPath,
+		data:                      p.CARootsData,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(caRootsCertPEMs) != 1 {
+		return nil, errors.New(`Internal inconsistency: PKI specified with not exactly one of "caRootsPath" nor "caRootsData"`)
+	}
+	rootsCerts := x509.NewCertPool()
+	if ok := rootsCerts.AppendCertsFromPEM(caRootsCertPEMs[0]); !ok {
+		return nil, errors.New("error loading PKI CA Roots certificates")
+	}
+	pki := pkiTrustRoot{
+		caRootsCertificates: rootsCerts,
+		subjectEmail:        p.SubjectEmail,
+		subjectHostname:     p.SubjectHostname,
+	}
+	caIntermediateCertPEMs, err := loadBytesFromConfigSources(configBytesSources{
+		inconsistencyErrorMessage: `Internal inconsistency: both "caIntermediatesPath" and "caIntermediatesData" specified`,
+		path:                      p.CAIntermediatesPath,
+		data:                      p.CAIntermediatesData,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if caIntermediateCertPEMs != nil {
+		if len(caIntermediateCertPEMs) != 1 {
+			return nil, errors.New(`Internal inconsistency: PKI specified with invalid value from "caIntermediatesPath" or "caIntermediatesData"`)
+		}
+		intermediatePool := x509.NewCertPool()
+		trustedIntermediates, err := cryptoutils.UnmarshalCertificatesFromPEM(caIntermediateCertPEMs[0])
+		if err != nil {
+			return nil, internal.NewInvalidSignatureError(fmt.Sprintf("loading trusted intermediate certificates: %v", err))
+		}
+		for _, trustedIntermediateCert := range trustedIntermediates {
+			intermediatePool.AddCert(trustedIntermediateCert)
+		}
+		pki.caIntermediateCertificates = intermediatePool
+	}
+
+	if err := pki.validate(); err != nil {
+		return nil, err
+	}
+	return &pki, nil
+}
+
 // sigstoreSignedTrustRoot contains an already parsed version of the prSigstoreSigned policy
 type sigstoreSignedTrustRoot struct {
 	publicKeys      []crypto.PublicKey
 	fulcio          *fulcioTrustRoot
 	rekorPublicKeys []*ecdsa.PublicKey
+	pki             *pkiTrustRoot
 }
 
 func (pr *prSigstoreSigned) prepareTrustRoot() (*sigstoreSignedTrustRoot, error) {
@@ -166,6 +219,14 @@ func (pr *prSigstoreSigned) prepareTrustRoot() (*sigstoreSignedTrustRoot, error)
 		}
 	}
 
+	if pr.PKI != nil {
+		p, err := pr.PKI.prepareTrustRoot()
+		if err != nil {
+			return nil, err
+		}
+		res.pki = p
+	}
+
 	return &res, nil
 }
 
@@ -189,13 +250,23 @@ func (pr *prSigstoreSigned) isSignatureAccepted(ctx context.Context, image priva
 	}
 	untrustedPayload := sig.UntrustedPayload()
 
+	keySources := 0
+	if trustRoot.publicKeys != nil {
+		keySources++
+	}
+	if trustRoot.fulcio != nil {
+		keySources++
+	}
+	if trustRoot.pki != nil {
+		keySources++
+	}
+
 	var publicKeys []crypto.PublicKey
 	switch {
-	case trustRoot.publicKeys != nil && trustRoot.fulcio != nil: // newPRSigstoreSigned rejects such combinations.
-		return sarRejected, errors.New("Internal inconsistency: Both a public key and Fulcio CA specified")
-	case trustRoot.publicKeys == nil && trustRoot.fulcio == nil: // newPRSigstoreSigned rejects such combinations.
-		return sarRejected, errors.New("Internal inconsistency: Neither a public key nor a Fulcio CA specified")
-
+	case keySources > 1: // newPRSigstoreSigned rejects more than one key sources.
+		return sarRejected, errors.New("Internal inconsistency: More than one of public key, Fulcio, or PKI specified")
+	case keySources == 0: // newPRSigstoreSigned rejects empty key sources.
+		return sarRejected, errors.New("Internal inconsistency: A public key, Fulcio, or PKI must be specified.")
 	case trustRoot.publicKeys != nil:
 		if trustRoot.rekorPublicKeys != nil {
 			untrustedSET, ok := untrustedAnnotations[signature.SigstoreSETAnnotationKey]
@@ -254,6 +325,24 @@ func (pr *prSigstoreSigned) isSignatureAccepted(ctx context.Context, image priva
 			return sarRejected, err
 		}
 		publicKeys = []crypto.PublicKey{pk}
+
+	case trustRoot.pki != nil:
+		if trustRoot.rekorPublicKeys != nil { // newPRSigstoreSigned rejects such combinations.
+			return sarRejected, errors.New("Internal inconsistency: PKI specified with a Rekor public key")
+		}
+		untrustedCert, ok := untrustedAnnotations[signature.SigstoreCertificateAnnotationKey]
+		if !ok {
+			return sarRejected, fmt.Errorf("missing %s annotation", signature.SigstoreCertificateAnnotationKey)
+		}
+		var untrustedIntermediateChainBytes []byte
+		if untrustedIntermediateChain, ok := untrustedAnnotations[signature.SigstoreIntermediateCertificateChainAnnotationKey]; ok {
+			untrustedIntermediateChainBytes = []byte(untrustedIntermediateChain)
+		}
+		pk, err := verifyPKI(trustRoot.pki, []byte(untrustedCert), untrustedIntermediateChainBytes)
+		if err != nil {
+			return sarRejected, err
+		}
+		publicKeys = []crypto.PublicKey{pk}
 	}
 
 	if len(publicKeys) == 0 {
diff --git a/vendor/github.com/containers/image/v5/signature/policy_types.go b/vendor/github.com/containers/image/v5/signature/policy_types.go
index 32aa1c0ad44..2db0c45914e 100644
--- a/vendor/github.com/containers/image/v5/signature/policy_types.go
+++ b/vendor/github.com/containers/image/v5/signature/policy_types.go
@@ -111,16 +111,16 @@ type prSignedBaseLayer struct {
 type prSigstoreSigned struct {
 	prCommon
 
-	// KeyPath is a pathname to a local file containing the trusted key. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas and Fulcio must be specified.
+	// KeyPath is a pathname to a local file containing the trusted key. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas, Fulcio, and PKI must be specified.
 	KeyPath string `json:"keyPath,omitempty"`
-	// KeyPaths is a set of pathnames to local files containing the trusted key(s). Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas and Fulcio must be specified.
+	// KeyPaths is a set of pathnames to local files containing the trusted key(s). Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas, Fulcio, and PKI must be specified.
 	KeyPaths []string `json:"keyPaths,omitempty"`
-	// KeyData contains the trusted key, base64-encoded. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas and Fulcio must be specified.
+	// KeyData contains the trusted key, base64-encoded. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas, Fulcio, and PKI must be specified.
 	KeyData []byte `json:"keyData,omitempty"`
-	// KeyDatas is a set of trusted keys, base64-encoded. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas and Fulcio must be specified.
+	// KeyDatas is a set of trusted keys, base64-encoded. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas, Fulcio, and PKI must be specified.
 	KeyDatas [][]byte `json:"keyDatas,omitempty"`
 
-	// Fulcio specifies which Fulcio-generated certificates are accepted. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas and Fulcio must be specified.
+	// Fulcio specifies which Fulcio-generated certificates are accepted. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas, Fulcio, and PKI must be specified.
 	// If Fulcio is specified, one of RekorPublicKeyPath or RekorPublicKeyData must be specified as well.
 	Fulcio PRSigstoreSignedFulcio `json:"fulcio,omitempty"`
 
@@ -141,6 +141,9 @@ type prSigstoreSigned struct {
 	// otherwise it is optional (and Rekor inclusion is not required if a Rekor public key is not specified).
 	RekorPublicKeyDatas [][]byte `json:"rekorPublicKeyDatas,omitempty"`
 
+	// PKI specifies which PKI-generated certificates are accepted. Exactly one of KeyPath, KeyPaths, KeyData, KeyDatas, Fulcio, and PKI must be specified.
+	PKI PRSigstoreSignedPKI `json:"pki,omitempty"`
+
 	// SignedIdentity specifies what image identity the signature must be claiming about the image.
 	// Defaults to "matchRepoDigestOrExact" if not specified.
 	// Note that /usr/bin/cosign interoperability might require using repo-only matching.
@@ -167,6 +170,30 @@ type prSigstoreSignedFulcio struct {
 	SubjectEmail string `json:"subjectEmail,omitempty"`
 }
 
+// PRSigstoreSignedPKI contains PKI configuration options for a "sigstoreSigned" PolicyRequirement.
+type PRSigstoreSignedPKI interface {
+	// prepareTrustRoot creates a pkiTrustRoot from the input data.
+	// (This also prevents external implementations of this interface, ensuring that prSigstoreSignedPKI is the only one.)
+	prepareTrustRoot() (*pkiTrustRoot, error)
+}
+
+// prSigstoreSignedPKI contains non-fulcio certificate PKI configuration options for prSigstoreSigned
+type prSigstoreSignedPKI struct {
+	// CARootsPath a path to a file containing accepted CA root certificates, in PEM format. Exactly one of CARootsPath and CARootsData must be specified.
+	CARootsPath string `json:"caRootsPath"`
+	// CARootsData contains accepted CA root certificates in PEM format, all of that base64-encoded. Exactly one of CARootsPath and CARootsData must be specified.
+	CARootsData []byte `json:"caRootsData"`
+	// CAIntermediatesPath a path to a file containing accepted CA intermediate certificates, in PEM format. Only one of CAIntermediatesPath or CAIntermediatesData can be specified, not both.
+	CAIntermediatesPath string `json:"caIntermediatesPath"`
+	// CAIntermediatesData contains accepted CA intermediate certificates in PEM format, all of that base64-encoded. Only one of CAIntermediatesPath or CAIntermediatesData can be specified, not both.
+	CAIntermediatesData []byte `json:"caIntermediatesData"`
+
+	// SubjectEmail specifies the expected email address imposed on the subject to which the certificate was issued. At least one of SubjectEmail and SubjectHostname must be specified.
+	SubjectEmail string `json:"subjectEmail"`
+	// SubjectHostname specifies the expected hostname imposed on the subject to which the certificate was issued. At least one of SubjectEmail and SubjectHostname must be specified.
+	SubjectHostname string `json:"subjectHostname"`
+}
+
 // PolicyReferenceMatch specifies a set of image identities accepted in PolicyRequirement.
 // The type is public, but its implementation is private.
 
diff --git a/vendor/github.com/containers/image/v5/tarball/tarball_src.go b/vendor/github.com/containers/image/v5/tarball/tarball_src.go
index 7d4a83bc911..283a32d0ee0 100644
--- a/vendor/github.com/containers/image/v5/tarball/tarball_src.go
+++ b/vendor/github.com/containers/image/v5/tarball/tarball_src.go
@@ -14,8 +14,9 @@ import (
 
 	"github.com/containers/image/v5/internal/imagesource/impl"
 	"github.com/containers/image/v5/internal/imagesource/stubs"
+	"github.com/containers/image/v5/pkg/compression"
+	compressionTypes "github.com/containers/image/v5/pkg/compression/types"
 	"github.com/containers/image/v5/types"
-	"github.com/klauspost/pgzip"
 	digest "github.com/opencontainers/go-digest"
 	imgspecs "github.com/opencontainers/image-spec/specs-go"
 	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -82,31 +83,47 @@ func (r *tarballReference) NewImageSource(ctx context.Context, sys *types.System
 			}
 		}
 
-		// Default to assuming the layer is compressed.
-		layerType := imgspecv1.MediaTypeImageLayerGzip
-
 		// Set up to digest the file as it is.
 		blobIDdigester := digest.Canonical.Digester()
 		reader = io.TeeReader(reader, blobIDdigester.Hash())
 
-		// Set up to digest the file after we maybe decompress it.
-		diffIDdigester := digest.Canonical.Digester()
-		uncompressed, err := pgzip.NewReader(reader)
-		if err == nil {
-			// It is compressed, so the diffID is the digest of the uncompressed version
-			reader = io.TeeReader(uncompressed, diffIDdigester.Hash())
-		} else {
-			// It is not compressed, so the diffID and the blobID are going to be the same
-			diffIDdigester = blobIDdigester
-			layerType = imgspecv1.MediaTypeImageLayer
-			uncompressed = nil
-		}
-		// TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
-		if _, err := io.Copy(io.Discard, reader); err != nil {
-			return nil, fmt.Errorf("error reading %q: %w", filename, err)
-		}
-		if uncompressed != nil {
-			uncompressed.Close()
+		var layerType string
+		var diffIDdigester digest.Digester
+		// If necessary, digest the file after we decompress it.
+		if err := func() error { // A scope for defer
+			format, decompressor, reader, err := compression.DetectCompressionFormat(reader)
+			if err != nil {
+				return err
+			}
+			if decompressor != nil {
+				uncompressed, err := decompressor(reader)
+				if err != nil {
+					return err
+				}
+				defer uncompressed.Close()
+				// It is compressed, so the diffID is the digest of the uncompressed version
+				diffIDdigester = digest.Canonical.Digester()
+				reader = io.TeeReader(uncompressed, diffIDdigester.Hash())
+				switch format.Name() {
+				case compressionTypes.GzipAlgorithmName:
+					layerType = imgspecv1.MediaTypeImageLayerGzip
+				case compressionTypes.ZstdAlgorithmName:
+					layerType = imgspecv1.MediaTypeImageLayerZstd
+				default: // This is incorrect, but we have no good options, and it is what this transport was historically doing.
+					layerType = imgspecv1.MediaTypeImageLayerGzip
+				}
+			} else {
+				// It is not compressed, so the diffID and the blobID are going to be the same
+				diffIDdigester = blobIDdigester
+				layerType = imgspecv1.MediaTypeImageLayer
+			}
+			// TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+			if _, err := io.Copy(io.Discard, reader); err != nil {
+				return fmt.Errorf("error reading %q: %w", filename, err)
+			}
+			return nil
+		}(); err != nil {
+			return nil, err
 		}
 
 		// Grab our uncompressed and possibly-compressed digests and sizes.
diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go
index 0322755ba1a..611324a2ee0 100644
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@@ -8,7 +8,7 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 34
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 0
+	VersionPatch = 3
 
 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = ""
diff --git a/vendor/github.com/containers/storage/Makefile b/vendor/github.com/containers/storage/Makefile
index 888fef8427d..518fd7f6e4b 100644
--- a/vendor/github.com/containers/storage/Makefile
+++ b/vendor/github.com/containers/storage/Makefile
@@ -35,7 +35,7 @@ TESTFLAGS := $(shell $(GO) test -race $(BUILDFLAGS) ./pkg/stringutils 2>&1 > /de
 # N/B: This value is managed by Renovate, manual changes are
 # possible, as long as they don't disturb the formatting
 # (i.e. DO NOT ADD A 'v' prefix!)
-GOLANGCI_LINT_VERSION := 1.63.4
+GOLANGCI_LINT_VERSION := 1.64.5
 
 default all: local-binary docs local-validate local-cross ## validate all checks, build and cross-build\nbinaries and docs
 
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index b4cf7c0db50..0af844be064 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.57.1
+1.57.2
diff --git a/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go
index db31da768a0..4a75b70fd9a 100644
--- a/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go
+++ b/vendor/github.com/containers/storage/pkg/idmap/idmapped_utils.go
@@ -33,8 +33,9 @@ func CreateIDMappedMount(source, target string, pid int) error {
 
 	if err := unix.MountSetattr(targetDirFd, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE,
 		&unix.MountAttr{
-			Attr_set:  unix.MOUNT_ATTR_IDMAP,
-			Userns_fd: uint64(userNsFile.Fd()),
+			Attr_set:    unix.MOUNT_ATTR_IDMAP,
+			Userns_fd:   uint64(userNsFile.Fd()),
+			Propagation: unix.MS_PRIVATE,
 		}); err != nil {
 		return &os.PathError{Op: "mount_setattr", Path: source, Err: err}
 	}
diff --git a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
index b63e1f8fee5..4b4805add65 100644
--- a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
+++ b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
@@ -7,9 +7,3 @@ When submitting code, please make every effort to follow existing conventions
 and style in order to keep the code as readable as possible. Please also make
 sure all tests pass by running `go test`, and format your code with `go fmt`.
 We also recommend using `golint` and `errcheck`.
-
-Before your code can be accepted into the project you must also sign the
-Individual Contributor License Agreement.  We use [cla-assistant.io][1] and you
-will be prompted to sign once a pull request is opened.
-
-[1]: https://cla-assistant.io/
diff --git a/vendor/github.com/go-jose/go-jose/v4/README.md b/vendor/github.com/go-jose/go-jose/v4/README.md
index 79a7c5ecc87..02b5749546b 100644
--- a/vendor/github.com/go-jose/go-jose/v4/README.md
+++ b/vendor/github.com/go-jose/go-jose/v4/README.md
@@ -9,14 +9,6 @@ Package jose aims to provide an implementation of the Javascript Object Signing
 and Encryption set of standards. This includes support for JSON Web Encryption,
 JSON Web Signature, and JSON Web Token standards.
 
-**Disclaimer**: This library contains encryption software that is subject to
-the U.S. Export Administration Regulations. You may not export, re-export,
-transfer or download this code or any part of it in violation of any United
-States law, directive or regulation. In particular this software may not be
-exported or re-exported in any form or on any media to Iran, North Sudan,
-Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
-US maintained blocked list.
-
 ## Overview
 
 The implementation follows the
@@ -109,6 +101,6 @@ allows attaching a key id.
 
 Examples can be found in the Godoc
 reference for this package. The
-[`jose-util`](https://github.com/go-jose/go-jose/tree/v4/jose-util)
+[`jose-util`](https://github.com/go-jose/go-jose/tree/main/jose-util)
 subdirectory also contains a small command-line utility which might be useful
 as an example as well.
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
index 89f03ee3e1e..9f1322dccc9 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
 	keyAlgorithms []KeyAlgorithm,
 	contentEncryption []ContentEncryption,
 ) (*JSONWebEncryption, error) {
-	parts := strings.Split(input, ".")
-	if len(parts) != 5 {
+	// Five parts is four separators
+	if strings.Count(input, ".") != 4 {
 		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
 	}
+	parts := strings.SplitN(input, ".", 5)
 
 	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
 	if err != nil {
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwk.go b/vendor/github.com/go-jose/go-jose/v4/jwk.go
index 8a52842106e..9e57e93ba2e 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jwk.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jwk.go
@@ -239,10 +239,10 @@ func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
 				keyPub = key
 			}
 		} else {
-			err = fmt.Errorf("go-jose/go-jose: unknown curve %s'", raw.Crv)
+			return fmt.Errorf("go-jose/go-jose: unknown curve %s'", raw.Crv)
 		}
 	default:
-		err = fmt.Errorf("go-jose/go-jose: unknown json web key type '%s'", raw.Kty)
+		return fmt.Errorf("go-jose/go-jose: unknown json web key type '%s'", raw.Kty)
 	}
 
 	if err != nil {
diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
index 3a912301afc..d09d8ba5078 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jws.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
@@ -327,10 +327,11 @@ func parseSignedCompact(
 	payload []byte,
 	signatureAlgorithms []SignatureAlgorithm,
 ) (*JSONWebSignature, error) {
-	parts := strings.Split(input, ".")
-	if len(parts) != 3 {
+	// Three parts is two separators
+	if strings.Count(input, ".") != 2 {
 		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
 	}
+	parts := strings.SplitN(input, ".", 3)
 
 	if parts[1] != "" && payload != nil {
 		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 1af5d55171b..ff537d983c6 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -99,7 +99,7 @@ github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.5.1
 ## explicit; go 1.20
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/common v0.62.0
+# github.com/containers/common v0.62.3
 ## explicit; go 1.22.8
 github.com/containers/common/internal
 github.com/containers/common/internal/attributedstring
@@ -152,7 +152,7 @@ github.com/containers/common/pkg/umask
 github.com/containers/common/pkg/util
 github.com/containers/common/pkg/version
 github.com/containers/common/version
-# github.com/containers/image/v5 v5.34.0
+# github.com/containers/image/v5 v5.34.3
 ## explicit; go 1.22.8
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory
@@ -245,7 +245,7 @@ github.com/containers/ocicrypt/keywrap/pkcs7
 github.com/containers/ocicrypt/spec
 github.com/containers/ocicrypt/utils
 github.com/containers/ocicrypt/utils/keyprovider
-# github.com/containers/storage v1.57.1
+# github.com/containers/storage v1.57.2
 ## explicit; go 1.22.0
 github.com/containers/storage
 github.com/containers/storage/drivers
@@ -369,7 +369,7 @@ github.com/fsnotify/fsnotify/internal
 # github.com/fsouza/go-dockerclient v1.12.0
 ## explicit; go 1.22
 github.com/fsouza/go-dockerclient
-# github.com/go-jose/go-jose/v4 v4.0.4
+# github.com/go-jose/go-jose/v4 v4.0.5
 ## explicit; go 1.21
 github.com/go-jose/go-jose/v4
 github.com/go-jose/go-jose/v4/cipher