From c1207cbbff836f99fadb33dd5cf65baa2da0ecf8 Mon Sep 17 00:00:00 2001
From: Felipe Lalanne <1822826+pipex@users.noreply.github.com>
Date: Wed, 19 Apr 2023 17:53:15 -0400
Subject: [PATCH] Do not pass auth to images with no registry

The supervisor allows the target image to be an image without a
registry (e.g. `alpine:latest`), while this really only happens while in
local mode, we don't want to pass credentials to the default registry as
those credentials are meant for balena registry and will otherwise fail.

Change-type: patch
---
 src/lib/docker-utils.ts | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/lib/docker-utils.ts b/src/lib/docker-utils.ts
index 66b0fc43..ac309014 100644
--- a/src/lib/docker-utils.ts
+++ b/src/lib/docker-utils.ts
@@ -247,13 +247,18 @@ export async function fetchImageWithProgress(
 ): Promise<string> {
 	const { registry } = await dockerToolbelt.getRegistryAndName(image);
 
-	const dockerOpts = {
-		authconfig: {
-			username: `d_${uuid}`,
-			password: currentApiKey,
-			serverAddress: registry,
-		},
-	};
+	const dockerOpts =
+		// If no registry is specified, we assume the image is a public
+		// image on the default engine registry, and we don't need to pass any auth
+		registry != null
+			? {
+					authconfig: {
+						username: `d_${uuid}`,
+						password: currentApiKey,
+						serverAddress: registry,
+					},
+			  }
+			: {};
 
 	await dockerProgress.pull(image, onProgress, dockerOpts);
 	return (await docker.getImage(image).inspect()).Id;