Podman/Docker pulling a public image causes "requested access to the resource is denied"/"unauthorized: authentication required" errors

Ask Fedora
1

Tried both docker and podman, and from both docker.io and other registries, and in all cases, I get the same errors:

$ podman pull --log-level debug docker.io/library/ngnix:latest
INFO[0000] podman filtering at log level debug          
DEBU[0000] Called pull.PersistentPreRunE(podman pull --log-level debug docker.io/library/ngnix:latest) 
DEBU[0000] Using conmon: "/usr/bin/conmon"              
INFO[0000] Using sqlite as database backend             
DEBU[0000] systemd-logind: Unknown object '/'.          
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /var/home/core/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /var/home/core/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /var/home/core/.local/share/containers/storage/volumes 
DEBU[0000] Using transient store: false                 
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that metacopy is not being used 
DEBU[0000] Cached value indicated that native-diff is usable 
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false 
DEBU[0000] Initializing event backend journald          
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument 
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument 
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument 
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument 
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument 
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument 
DEBU[0000] Using OCI runtime "/usr/bin/crun"            
INFO[0000] Setting parallel job count to 13             
DEBU[0000] Pulling image docker.io/library/ngnix:latest (policy: always) 
DEBU[0000] Looking up image "docker.io/library/ngnix:latest" in local containers storage 
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] } 
DEBU[0000] Trying "docker.io/library/ngnix:latest" ...  
DEBU[0000] reference "[overlay@/var/home/core/.local/share/containers/storage+/run/user/1000/containers]docker.io/library/ngnix:latest" does not resolve to an image ID 
DEBU[0000] Trying "docker.io/library/ngnix:latest" ...  
DEBU[0000] reference "[overlay@/var/home/core/.local/share/containers/storage+/run/user/1000/containers]docker.io/library/ngnix:latest" does not resolve to an image ID 
DEBU[0000] Trying "docker.io/library/ngnix:latest" ...  
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf" 
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf" 
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] } 
DEBU[0000] Attempting to pull candidate docker.io/library/ngnix:latest for docker.io/library/ngnix:latest 
DEBU[0000] parsed reference into "[overlay@/var/home/core/.local/share/containers/storage+/run/user/1000/containers]docker.io/library/ngnix:latest" 
Trying to pull docker.io/library/ngnix:latest...
DEBU[0000] Copying source image //ngnix:latest to destination image [overlay@/var/home/core/.local/share/containers/storage+/run/user/1000/containers]docker.io/library/ngnix:latest 
DEBU[0000] Using registries.d directory /etc/containers/registries.d 
DEBU[0000] Trying to access "docker.io/library/ngnix:latest" 
DEBU[0000] No credentials matching docker.io/library/ngnix found in /run/user/1000/containers/auth.json 
DEBU[0000] No credentials matching docker.io/library/ngnix found in /var/home/core/.config/containers/auth.json 
DEBU[0000] No credentials matching docker.io/library/ngnix found in /var/home/core/.docker/config.json 
DEBU[0000] No credentials matching docker.io/library/ngnix found in /var/home/core/.dockercfg 
DEBU[0000] No credentials for docker.io/library/ngnix found 
DEBU[0000]  No signature storage configuration found for docker.io/library/ngnix:latest, using built-in default file:///var/home/core/.local/share/containers/sigstore 
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/docker.io 
DEBU[0000] GET https://registry-1.docker.io/v2/         
DEBU[0000] Ping https://registry-1.docker.io/v2/ status 401 
DEBU[0000] GET https://auth.docker.io/token?scope=repository%3Alibrary%2Fngnix%3Apull&service=registry.docker.io 
DEBU[0001] GET https://registry-1.docker.io/v2/library/ngnix/manifests/latest 
DEBU[0001] Detected insufficient_scope error, will retry request with updated scope 
DEBU[0001] GET https://auth.docker.io/token?scope=repository%3Alibrary%2Fngnix%3Apull&scope=repository%3Alibrary%2Fngnix%3Apull&service=registry.docker.io 
DEBU[0001] GET https://registry-1.docker.io/v2/library/ngnix/manifests/latest 
DEBU[0001] Content-Type from manifest GET is "application/json" 
DEBU[0001] Discarding non-primary errors:               
DEBU[0001]   unauthorized: authentication required      
DEBU[0001] Accessing "docker.io/library/ngnix:latest" failed: reading manifest latest in docker.io/library/ngnix: requested access to the resource is denied 
DEBU[0001] Error pulling candidate docker.io/library/ngnix:latest: initializing source docker://ngnix:latest: reading manifest latest in docker.io/library/ngnix: requested access to the resource is denied 
Error: initializing source docker://ngnix:latest: reading manifest latest in docker.io/library/ngnix: requested access to the resource is denied
DEBU[0001] Shutting down engines        

$ podman-compose up          04/12/2024 07:08:28 PM
podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 4.9.3
** excluding:  set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=reverse-proxy', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
['podman', 'network', 'exists', 'reverse-proxy_default']
podman create --name=reverse-proxy --label io.podman.compose.config-hash=65198ca49ddb7394bcb0dd92c7bea98732a7e13a96dc9dc8da4645e37e09fb30 --label io.podman.compose.project=reverse-proxy --label io.podman.compose.version=1.0.6 --label PODMAN_SYSTEMD_UNIT=podman-compose@reverse-proxy.service --label com.docker.compose.project=reverse-proxy --label com.docker.compose.project.working_dir=/var/opt/reverse-proxy --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=reverse-proxy -v /var/opt/reverse-proxy/config:/etc/ngnix -v /var/opt/reverse-proxy/certs:/etc/ssl/private --net reverse-proxy_default --network-alias reverse-proxy -p 80:80 -p 443:443 --hostname reverse-proxy ngnix:latest
✔ docker.io/library/ngnix:latest
Trying to pull docker.io/library/ngnix:latest...
Error: initializing source docker://ngnix:latest: reading manifest latest in docker.io/library/ngnix: requested access to the resource is denied
exit code: 125
podman start -a reverse-proxy
Error: no container with name or ID "reverse-proxy" found: no such container
exit code: 125

Can anyone help me figure out what’s going on here?

Edit:

Using podman pull ghcr.io/linuxserver/ngnix:latest works, so the problem seems to be with docker.io and the fedora docker repo, which also gives me the same error as docker.io

2

docker.io/library/ngnix:latestdocker.io/library/nginx:latest

1 Like
3

I’m afraid I can’t tell what you mean. Those look identical to me? edit: ohhhh. misspelling.

1 Like