Unauthorized: reqPackageAccess when pushing to container registry

HI, after succesful login on command line to gitea I tried to push an image as a test (this is my first use)

docker push gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu:24.04

I get

a46a5fb872b5: Preparing
unauthorized: reqPackageAccess

I understood from thread #31531 on github that we need to create a token with read/write access which I did but not sure how to use it.
Thanks for your help

After updating password for giteaAdmin and doing docker login again I was able to push. However, when I do
docker ps
it lists images found on the localhost not inside gitea. So how can I list or where I can see the images list? Thanks

By design, docker ps only shows images local to daemon. If you want to inspect remote registry, you should either browse it directly from web UI or use other tool called skopeo. The latter is specifically designed to work with remote docker/oci registries.

Thanks phkrl does gitea has a web ui to be used? if yes, should we install it? I can access gitea and create project or organization repos.

All containers are under packages tab in organization view. From there you can also link package (container) to repo and access tags from packages tab in project

Thanks phkrl, while I was waiting for your response I needed to regenerate my cluster, I am able to do docker login gitea.cnoe.localtest.me:8443 successfuly but now when I do docker push gitea.cnoe.localtest.me:8443/giteaAdmin/ubuntu24.04 I get
“failed to authorize…” as you can notice in the snapshot

Please dont hide as it is a normal reply

The error displayed that your Gitea’s HTTPS certification is self-signed.

Thanks, I noticed this, So what should I do? It is a dev VM? Is there a flag to make it ignor this?

Seems like docker tls options do not affect registries. Maybe you can configure registry to be trusted in daemon json config but you need to consult docker documentation on that.
I suppose, the simplest way will be to add your gitea certificate to the trusted ones on VM running docker daemon. This procedure is distro-specific but usually you can simply google the solution.

Hello i have the exact same problem and nothing works… what do you mean by giteaAdmin? because I use a Personal token to push it and everytime i get that exact error

UPDATE:
gitea | 2024/11/23 14:14:50 …eb/routing/logger.go:102:func1() [I] router: completed POST /v2/soundbot/soundbot/python/blobs/uploads/ for HERE-WAS-MY-IP:5381, 401 Unauthorized in 2.9ms @ packages/api.go:714(packages.ContainerRoutes.func2.2)
gitea | 2024/11/23 14:14:50 …eb/routing/logger.go:102:func1() [I] router: completed POST /v2/soundbot/soundbot/python/blobs/uploads/ for HERE-WAS-MY-IP:5407, 401 Unauthorized in 4.8ms @ packages/api.go:714(packages.ContainerRoutes.func2.2)
gitea | 2024/11/23 14:14:50 …eb/routing/logger.go:102:func1() [I] router: completed POST /v2/soundbot/soundbot/python/blobs/uploads/ for HERE-WAS-MY-IP:5500, 401 Unauthorized in 3.2ms @ packages/api.go:714(packages.ContainerRoutes.func2.2)
gitea | 2024/11/23 14:14:50 …eb/routing/logger.go:102:func1() [I] router: completed POST /v2/soundbot/soundbot/python/blobs/uploads/ for HERE-WAS-MY-IP:5483, 401 Unauthorized in 16.7ms @ packages/api.go:714(packages.ContainerRoutes.func2.2)
gitea | 2024/11/23 14:14:50 …eb/routing/logger.go:102:func1() [I] router: completed POST /v2/soundbot/soundbot/python/blobs/uploads/ for HERE-WAS-MY-IP:5398, 401 Unauthorized in 22.2ms @ packages/api.go:714(packages.ContainerRoutes.func2.2)

How do you use the personal token?

i go to my gitea user settings then make an application with just everything on read & write put in a name and copy the token in the blue box… then I run docker login type in my username/the application name (I have tryed both) and then with password i put in the token i got and it says success… but the logs say 401 unauthorized when i try to push and on my end in the console it gives the title of this thread

Hi, in fact, I stopped using docker push as it seems there is no way to use a flag such as -tlsverify = false, so as I have podman on another VM, I used podman eith the tls flag and it worked a like a charm

it worked… thank you