Hi Wes, running msgvault on a Synology DS923+ (amd64) and we're still building from source because the published image isn't anonymously pullable.
Since the wesm -> kenn-io rename, ghcr.io/kenn-io/msgvault returns 401 for anonymous pulls. Looks like the GHCR package was never flipped to public (a fresh package under the new org defaults to private). #368 fixed the references: the updater and the docker-compose.yml that setup generates now point at ghcr.io/kenn-io/msgvault, and CI does publish there. But package visibility is a registry setting separate from the code, so anonymous docker pull and NAS deploys (#116) still fail.
Repro (anonymous, no GHCR login):
# 1) GHCR only mints an anonymous pull token for PUBLIC repos.
# kenn-io/msgvault returns no token, so it's private:
$ curl -s "https://ghcr.io/token?scope=repository:kenn-io/msgvault:pull" | jq .token
null
# tags/list and every manifest (latest, 0.15.2, 0.15.1, 0.15.0) then 401.
# (equivalently: `docker pull ghcr.io/kenn-io/msgvault:0.15.2` fails for anon users)
# 2) The old wesm path still mints a token and serves tags, but frozen pre-rename:
$ TOKEN=$(curl -s "https://ghcr.io/token?scope=repository:wesm/msgvault:pull" | jq -r .token)
$ curl -s -H "Authorization: Bearer $TOKEN" \
"https://ghcr.io/v2/wesm/msgvault/tags/list" | jq -c '.tags | map(select(test("^[0-9]")))'
["0.12.0","0.12","0.12.1","0.13.0","0.13","0.13.1","0.14.0","0.14","0.14.1"] # tops out at 0.14.1The image is built and pushed: the Docker workflow run on the v0.15.2 tag is green and builds linux/amd64,linux/arm64. It's just private.
Fix: set the kenn-io/msgvault container package to Public (Org → Packages → msgvault → Package settings → Change visibility), or link it to the repo so it inherits visibility. That unblocks docker pull for NAS users without a release.
Hi Wes, running msgvault on a Synology DS923+ (amd64) and we're still building from source because the published image isn't anonymously pullable.
Since the
wesm -> kenn-iorename,ghcr.io/kenn-io/msgvaultreturns 401 for anonymous pulls. Looks like the GHCR package was never flipped to public (a fresh package under the new org defaults to private). #368 fixed the references: the updater and thedocker-compose.ymlthatsetupgenerates now point atghcr.io/kenn-io/msgvault, and CI does publish there. But package visibility is a registry setting separate from the code, so anonymousdocker pulland NAS deploys (#116) still fail.Repro (anonymous, no GHCR login):
The image is built and pushed: the Docker workflow run on the
v0.15.2tag is green and buildslinux/amd64,linux/arm64. It's just private.Fix: set the
kenn-io/msgvaultcontainer package to Public (Org → Packages → msgvault → Package settings → Change visibility), or link it to the repo so it inherits visibility. That unblocksdocker pullfor NAS users without a release.