From 5ae29eabaafa1a8fa85d3239b33f79712c32f25b Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Sat, 14 Dec 2024 17:05:13 +0100
Subject: [PATCH] docker: try ipv4 and then ipv6 explicitly

To get the ratelimits:
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest

docker appears to have some simple approach to track ipv6 limits.
---
 scripts/installer.sh | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/scripts/installer.sh b/scripts/installer.sh
index 530d7cfe7..c5540997d 100755
--- a/scripts/installer.sh
+++ b/scripts/installer.sh
@@ -159,13 +159,28 @@ fi
 log "downloading new addon images"
 images=$(node -e "const i = require('${box_src_tmp_dir}/src/infra_version.js'); console.log(Object.keys(i.images).map(x => i.images[x]).join(' '));")
 
+# docker hub only uses first 64 bits for ipv6 addressing. this causes many ipv6 rate limit errors
+# https://www.docker.com/blog/beta-ipv6-support-on-docker-hub-registry/
 log "\tPulling docker images: ${images}"
-for image in ${images}; do
-    while ! docker pull "${image}"; do           # this pulls the image using the sha256 but doesn't tag it!
-        log "Could not pull ${image}"
-        sleep 5
+for image_ref in ${images}; do
+    ipv4_image_ref="${image_ref/registry.docker.com/registry.ipv4.docker.com}"
+    ipv6_image_ref="${image_ref/registry.docker.com/registry.ipv6.docker.com}"
+
+    while true; do
+        if docker pull "${ipv4_image_ref}"; then # this pulls the image untagged using the sha256 but doesn't tag it!
+            docker tag "${ipv4_image_ref}" "${image_ref%@sha256:*}" # this will tag the image for readability
+            docker rmi "${ipv4_image_ref}"
+            break
+        fi
+        log "Could not pull ${ipv4_image_ref} , trying IPv6"
+        if docker pull "${ipv6_image_ref}"; then # this pulls the image untagged using the sha256 but doesn't tag it!
+            docker tag "${ipv6_image_ref}" "${image_ref%@sha256:*}" # this will tag the image for readability
+            docker rmi "${ipv6_image_ref}"
+            break
+        fi
+        log "Could not pull ${ipv6_image_ref} either, waiting for 10s"
+        sleep 10
     done
-    docker tag "${image}" "${image%@sha256:*}" # this will tag the image for readability
 done
 
 if [[ "${is_update}" == "yes" ]]; then