Do not pass auth to images with no registry

The supervisor allows the target image to be an image without a registry (e.g. `alpine:latest`), while this really only happens while in local mode, we don't want to pass credentials to the default registry as those credentials are meant for balena registry and will otherwise fail. Change-type: patch
2025-05-24 11:24:18 +00:00 · 2023-04-19 17:53:15 -04:00 · 2023-04-19 17:53:15 -04:00 · c1207cbbff
commit c1207cbbff
parent d3be730c8e
1 changed files with 12 additions and 7 deletions
--- a/src/lib/docker-utils.ts
+++ b/src/lib/docker-utils.ts
@ -247,13 +247,18 @@ export async function fetchImageWithProgress(
 ): Promise<string> {
 	const { registry } = await dockerToolbelt.getRegistryAndName(image);

-	const dockerOpts = {
-		authconfig: {
-			username: `d_${uuid}`,
-			password: currentApiKey,
-			serverAddress: registry,
-		},
-	};
+	const dockerOpts =
+		// If no registry is specified, we assume the image is a public
+		// image on the default engine registry, and we don't need to pass any auth
+		registry != null
+			? {
+					authconfig: {
+						username: `d_${uuid}`,
+						password: currentApiKey,
+						serverAddress: registry,
+					},
+			  }
+			: {};

 	await dockerProgress.pull(image, onProgress, dockerOpts);
 	return (await docker.getImage(image).inspect()).Id;