`DENIED: permission_denied: read_package` when pulling from GHCR despite public repo

[zvictor]

Unable to pull ghcr.io/rightnow-ai/openfang:latest even after successful authentication. The GHCR package appears to be misconfigured as private despite the repository being public.

Steps to reproduce:

# 1. Login (succeeds)
echo $CR_PAT | podman login ghcr.io -u <username> --password-stdin
# → Login Succeeded!

# 2. Pull (fails)
podman pull ghcr.io/rightnow-ai/openfang:latest
# → Error: initializing source docker://ghcr.io/rightnow-ai/openfang:latest: reading manifest latest in ghcr.io/rightnow-ai/openfang: denied

docker pull ghcr.io/rightnow-ai/openfang:latest
# → Error response from daemon: error from registry: unauthorized
# → unauthorized


# 3. Confirmed via scoped token exchange
B64=$(echo -n "<username>:$CR_PAT" | base64 -w0)
TOKEN=$(curl -s \
  -H "Authorization: Basic $B64" \
  "https://ghcr.io/token?service=ghcr.io&scope=repository:rightnow-ai/openfang:pull" \
  | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])")
curl -H "Authorization: Bearer $TOKEN" \
  https://ghcr.io/v2/rightnow-ai/openfang/tags/list
# → {"errors":[{"code":"DENIED","message":"permission_denied: read_package"}]}

Expected behavior:

Any authenticated GitHub user should be able to pull the image, given this is a public repository.

Actual behavior:

GHCR returns permission_denied: read_package at the package level, even with a valid PAT containing read:packages scope and a successful registry login. The scoped token exchange confirms the denial is enforced by GHCR's package-level ACL, not by the token or credentials.

Root cause (suspected):

The linked GHCR package (ghcr.io/rightnow-ai/openfang) is likely set to private or internal visibility in GitHub Package Settings, independent of the repository's public visibility. These are separate settings on GitHub and must be explicitly set to public.

Fix:

In the repository's GitHub Package Settings, navigate to Package Settings → Change visibility and set it to Public, or ensure the package inherits the repository's public visibility.

Environment:

• Podman (Ubuntu)
• GitHub Container Registry (ghcr.io)
• PAT scope: read:packages

[jaberjaber23]

This is a GitHub Package Settings issue, not a code bug. The GHCR package visibility is set separately from the repo visibility.

We need to go to GitHub > Packages > openfang > Package Settings > Change visibility > Public. Will fix this shortly.

In the meantime you can build from source or use the release binary from the GitHub Releases page.