jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

dockerregistry: do not use auth with explicit registry for appstore images

Browse Source
This commit is contained in:
Girish Ramakrishnan
2026-01-01 18:22:48 +01:00
parent a8f61878ca
commit da726ecd15
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/docker.js
View File

@@ -51,6 +51,8 @@ const apps = require('./apps.js'),
const gConnection = new Docker({ socketPath: paths.DOCKER_SOCKET_PATH });
const CLOUDRON_REGISTRIES = [ 'registry.docker.com', 'registry.ipv4.docker.com', 'quay.io' ]; // order determines priority and is important!
function parseImageRef(imageRef) {
assert.strictEqual(typeof imageRef, 'string');
@@ -90,14 +92,14 @@ async function getAuthConfig(imageRef) {
const parsedRef = parseImageRef(imageRef);
// images in our cloudron namespace are always unauthenticated to not interfere with any user limits
if (parsedRef.registry === null && parsedRef.fullRepositoryName.startsWith('cloudron/')) return null;
if ((parsedRef.registry === null || CLOUDRON_REGISTRIES.includes(parsedRef.registry)) && parsedRef.fullRepositoryName.startsWith('cloudron/')) return null;
const registries = await dockerRegistries.list();
for (const registry of registries) {
if (registry.serverAddress !== parsedRef.registry) { // ideally they match but there's too many docker registry domains!
if (!registry.serverAddress.includes('.docker.')) continue;
if (parsedRef.registry !== null && !parsedRef.includes('.docker.')) continue;
if (parsedRef.registry !== null && !parsedRef.registry.includes('.docker.')) continue;
}
// https://github.com/apocas/dockerode#pull-from-private-repos
@@ -175,14 +177,14 @@ async function downloadImage(manifest) {
// docker hub only uses first 64 bits for ipv6 addressing. this causes many ipv6 rate limit errors
// https://www.docker.com/blog/beta-ipv6-support-on-docker-hub-registry/ . as a hack, we try ipv4 explicity
let upstreamRef = null;
for (const registry of [ 'registry.docker.com', 'registry.ipv4.docker.com', 'quay.io' ]) {
let upstreamRef = null, pullError = null;
for (const registry of CLOUDRON_REGISTRIES) {
upstreamRef = `${registry}/${manifest.dockerImage}`;
const [pullError] = await safe(pullImage(upstreamRef));
[pullError] = await safe(pullImage(upstreamRef));
if (!pullError) break;
}
if (!upstreamRef) throw new BoxError(BoxError.DOCKER_ERROR, `Unable to pull image ${manifest.dockerImage} from dockerhub or quay`);
if (pullError || !upstreamRef) throw new BoxError(BoxError.DOCKER_ERROR, `Unable to pull ${manifest.dockerImage} from dockerhub or quay: ${pullError?.message}`);
// retag the downloaded image to not have the registry name. this prevents 'docker run' from redownloading it
debug(`downloadImage: tagging ${upstreamRef} as ${parsedManifestRef.fullRepositoryName}:${parsedManifestRef.tag}`);