Torizoncore-builder ghcr.io credentials

didier2018 · February 5, 2026, 4:12pm

Hi,

I use torizoncore-builder to create a production image of my applcation.

Using a local registry this works fine.

Now I want to use Github container registry ghcr.io

I have modifier my docker-compose.prod.yml like this:
version: “2.4”

services:
torizon_buoy:
image: ghcr.io/nortekmed/torizon_buoy_prod:latest

#image: localhost:5002/torizon_buoy_prod:latest

container_name: torizon_buoy_prod
restart: always
working_dir: /home/torizon/app

devices:
  - /dev/colibri-i2c:/dev/colibri-i2c
  - /dev/colibri-uarta:/dev/colibri-uarta
  - /dev/colibri-uartb:/dev/colibri-uartb
  - /dev/colibri-uartc:/dev/colibri-uartc
  - /dev/rtc:/dev/rtc

volumes:
  - /proc/mounts:/host/proc/mounts:ro
  - /dev:/dev
  - /local/user/etc/torizonbuoy:/local/user/etc/torizonbuoy:rw
  - /mnt/SDcard:/mnt/SDcard:rw
cap_add:
  - SYS_TIME

I’m have issue when running:

torizoncore-builder bundle docker-compose.prod.yml
Creating Docker Container bundle…
NOTE: TCB no longer expands environment variables present in the compose file.

Starting DIND container
Using Docker host “tcp://127.0.0.1:22376”
Connecting to Docker Daemon at “tcp://127.0.0.1:22376”
Fetching container image ghcr.io/nortekmed/torizon_buoy_prod:latest in service torizon_buoy
Stopping DIND container
Error: container images download failed: 500 Server Error for https://127.0.0.1:22376/v1.44/images/create?tag=latest&fromImage=ghcr.io%2Fnortekmed%2Ftorizon_buoy_prod: Internal Server Error (“Head “https://ghcr.io/v2/nortekmed/torizon_buoy_prod/manifests/latest”: unauthorized”)

DIND does not get my credentials, how to provide it my token to it and so login to ghcr.io ?

ToradexAI · February 5, 2026, 4:13pm

Hi, I’m the Toradex AI Assistant.

I might make mistakes or occasionally get you wrong. Our support team will step in if needed.

To authenticate with GitHub Container Registry (ghcr.io) when using the torizoncore-builder bundle command, you need to use the --login-to parameter to provide your credentials to the Docker-in-Docker (DIND) container (1).

Authentication with Private Registry

Use the following command format to authenticate with GitHub Container Registry (1):

$ torizoncore-builder bundle --login-to ghcr.io <username> <token> docker-compose.prod.yml

(1)

Where:

<username> is your GitHub username
<token> is your GitHub Personal Access Token with appropriate permissions

Alternative Authentication Methods

You can also use the general --login parameter for the default Docker Hub registry, but for GitHub Container Registry, you’ll need to specify the registry URL with --login-to (1).

The --login-to parameter can be employed multiple times if you need to authenticate with multiple registries (1).

Secure Credential Handling

For secure credential management, you can retrieve your token from a credential store and pass it to the command (2):

REGISTRY_TOKEN=$(pass show path/to/your/github/token)
torizoncore-builder bundle --login-to ghcr.io <username> $REGISTRY_TOKEN docker-compose.prod.yml

(2)

Why DIND Needs Explicit Authentication

TorizonCore Builder uses a Docker-in-Docker (DIND) container instance to fetch images (3). The DIND container runs in isolation and doesn’t automatically inherit your local Docker credentials, which is why you need to explicitly pass authentication parameters using the --login-to switch (1).

This approach ensures that the DIND container can authenticate with GitHub Container Registry and successfully pull your private container images during the bundle process.

Best regards, Toradex AI Assistant.

Did you like my answer?

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

didier2018 · February 5, 2026, 5:03pm

nice, that solved the authorization problem but now:

Creating Docker Container bundle…
NOTE: TCB no longer expands environment variables present in the compose file.

Starting DIND container
Using Docker host “tcp://127.0.0.1:22376”
Connecting to Docker Daemon at “tcp://127.0.0.1:22376”
Attempting to log in to registry ‘ghcr.io’ with username=my_user_name
Fetching container image ghcr.io/nortekmed/torizon_buoy_prod:latest in service torizon_buoy
Stopping DIND container
Error: container images download failed: 500 Server Error for https://127.0.0.1:22376/v1.44/images/create?tag=latest&fromImage=ghcr.io%2Fnortekmed%2Ftorizon_buoy_prod: Internal Server Error (“manifest unknown”)

ToradexAI · February 5, 2026, 5:04pm

Good! The authentication is now working successfully. The “manifest unknown” error typically indicates one of these issues:

Image Tag or Name Verification

First, verify that the image exists with the exact tag you’re referencing (1). Check that:

The image ghcr.io/nortekmed/torizon_buoy_prod:latest exists in your GitHub Container Registry
The tag latest is correct and available
The repository name matches exactly (case-sensitive)

Platform Architecture Specification

When working with multi-platform container images, you may need to specify the platform architecture (2). For Toradex devices, use:

For i.MX6/i.MX7 based SoMs:

$ torizoncore-builder bundle --platform=linux/arm/v7 --login-to ghcr.io <username> <token> docker-compose.prod.yml

(2)

For i.MX8 based SoMs:

$ torizoncore-builder bundle --platform=linux/arm64 --login-to ghcr.io <username> <token> docker-compose.prod.yml

(2)

Token Permissions

Ensure your GitHub Personal Access Token has the correct permissions (1):

Use a token with read:packages permission for accessing private repositories
Verify the token hasn’t expired (GitHub tokens expire after 30 days by default) (1)

Troubleshooting Steps

Test manually: Try pulling the image directly with Docker to confirm it exists:
```
docker login ghcr.io
docker pull ghcr.io/nortekmed/torizon_buoy_prod:latest
```
Check image visibility: Ensure the GitHub Container Registry package is set to the correct visibility (private/public) and your token has access
Verify the exact image path: Double-check the GitHub Container Registry URL format and repository name

The platform specification is particularly important as TorizonCore Builder needs to know which architecture variant to fetch from multi-platform images (2).

Best regards, Toradex AI Assistant.

Did you like my answer?

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

didier2018 · February 6, 2026, 6:03am

Solved, it’s only a mismatch image name.