Request for GHCR Access (read:packages) — Username: Jeffjethro | Friends of the Crustacean 🦞🤝 | Page 1

glacial ledge Apr 12, 2026, 8:25 PM

#

Hi OpenClaw team,
I’m trying to deploy OpenClaw on a clean macOS environment for my wife’s small business, but I’m consistently running into registry denial errors when pulling the images from GHCR.
All of the following commands fail with:
error from registry: denied
Commands attempted:
docker pull ghcr.io/openclaw-ai/gateway:latest
docker pull ghcr.io/openclaw-ai/gateway:0.3.1
docker pull ghcr.io/openclaw-ai/ui:latest
docker pull ghcr.io/openclaw-ai/agent:latest
It appears that public access to the images has been locked.
Could you please grant my GitHub account read:packages access to the OpenClaw GHCR repository so I can complete the installation?
GitHub username:
Jeffjethro
This is for a private, LAN‑only deployment to support an agent system for my wife’s business. No redistribution — just a local install.
Thank you,
Jeff

celest bobcatBOT Apr 12, 2026, 8:25 PM

#

tired spireBOT Apr 12, 2026, 8:25 PM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

safe girderBOT Apr 12, 2026, 8:26 PM

#

I don’t think this is a per-user GHCR access issue.

Those image names look outdated. Current Docker docs use a single image:

ghcr.io/openclaw/openclaw:latest

Not:

ghcr.io/openclaw-ai/gateway
ghcr.io/openclaw-ai/ui
ghcr.io/openclaw-ai/agent

Relevant docs:

Docker install: https://docs.openclaw.ai/install/docker
FAQ / recommended install: https://docs.openclaw.ai/help/faq

If you want the Docker path, the current flow is basically:

#

git clone https://github.com/openclaw/openclaw.git
cd openclaw
export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh

Or just let it build locally via:

./scripts/docker/setup.sh

Also worth noting, on macOS the recommended path is usually the normal install/onboarding flow, not Docker:

#

curl -fsSL https://openclaw.ai/install.sh | bash
openclaw onboard --install-daemon

If docker pull ghcr.io/openclaw/openclaw:latest still returns denied, that would look like a real packaging/visibility problem, and I’d file a GitHub issue here: https://github.com/openclaw/openclaw/issues

If you want, paste the output of:

docker pull ghcr.io/openclaw/openclaw:latest

and I can help you sanity-check the next step.

glacial ledge Apr 12, 2026, 8:32 PM

#

openclaw-admin@claw local-ai % docker pull ghcr.io/openclaw/openclaw:latest
latest: Pulling from openclaw/openclaw
a3d27b842bb7: Pull complete
443d4217b87a: Pull complete
f9eb4f334645: Pull complete
0587cdf2b672: Pull complete
7f3e65ce400a: Pull complete
8578011282ae: Pull complete
c310d5c817c8: Pull complete
8a908aa5a412: Pull complete
869fdd20a733: Pull complete
557b36b2af10: Pull complete
12298361ac91: Pull complete
4f4fb700ef54: Pull complete
124ba884ff08: Pull complete
628c149e1e33: Pull complete
b4f16f746bf5: Pull complete
560a39dcd545: Pull complete
ea7e7f289426: Pull complete
3498e5a179b7: Pull complete
a13c6e032852: Pull complete
47412532eedf: Pull complete
e814c7f7ff87: Pull complete
36039b6ce9ba: Pull complete
Digest: sha256:dd11fba81ea21ba405c2ca8479610f968e5d3a56455ed173c434aff15fbd615f
Status: Downloaded newer image for ghcr.io/openclaw/openclaw:latest
ghcr.io/openclaw/openclaw:latest
openclaw-admin@claw local-ai %

safe girderBOT Apr 12, 2026, 8:32 PM

#

Nice, that confirms it, the registry is fine and you do not need read:packages access.

The problem was just the old image names. Current Docker installs use:

ghcr.io/openclaw/openclaw:latest

So your next step should be to follow the current Docker guide here:
https://docs.openclaw.ai/install/docker

The usual flow is:

git clone https://github.com/openclaw/openclaw.git
cd openclaw

#

export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh

If you want, I can help you with the next step after setup.sh too, especially for a LAN-only macOS setup.

Glad we caught that. 🎉
If this fixed the GHCR issue, please right-click the solution message → Apps → ✅ Mark Solution so Answer Overflow can index it for future users.

glacial ledge Apr 12, 2026, 8:46 PM

#

◇ Ollama base URL
│ http://127.0.0.1:11434
│
◆ Ollama mode
│ ● Cloud + Local (Cloud models + local models)
│ ○ Local
└I have local models installed on her Mac

safe girderBOT Apr 12, 2026, 8:46 PM

#

Since the models are installed on her Mac, I’d change both of those choices:

Ollama base URL: use http://host.docker.internal:11434
Ollama mode: choose Local

Why:

In Docker on macOS, 127.0.0.1 points at the container, not the Mac host.
Cloud + Local is only needed if you also want Ollama’s cloud models and have ollama signin set up.
Also, use the native Ollama URL only, so no /v1.

So the safe pick here is:

Ollama base URL: http://host.docker.internal:11434
Ollama mode: Local

#

Docs:

Ollama provider: https://docs.openclaw.ai/providers/ollama
Docker install: https://docs.openclaw.ai/install/docker

If you want, send the next screen or any error after that and I’ll keep walking it forward.

glacial ledge Apr 12, 2026, 9:05 PM

#

I want to run OpenClaw inside Docker, but the repo I cloned does not contain scripts/docker/shell.sh.
The only Docker script present is: scripts/docker/setup.sh

#

When I run openclaw onboard from macOS (not Docker), it always fails to reach Ollama and loops back to the security screen.
Question:
What is the correct way to enter the OpenClaw Docker container in the current repo version so I can run onboarding inside Docker and use http://host.docker.internal:11434 as the Ollama URL?
Any updated instructions for the current repo structure would be appreciated.

safe girderBOT Apr 12, 2026, 9:05 PM

#

Yep, that’s expected, scripts/docker/shell.sh is not part of the current Docker flow.

The current supported entrypoint is just:

export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh

That’s straight from the Docker docs:
https://docs.openclaw.ai/install/docker

A couple of useful current equivalents:

reopen dashboard URL:

#

docker compose run --rm openclaw-cli dashboard --no-open

add channels later:

docker compose run --rm openclaw-cli channels add --channel discord --token "<token>"

if you literally want a shell in the running gateway container:

docker compose exec openclaw-gateway sh

And for your Ollama-on-macOS-in-Docker setup, I’d still use:

#

http://host.docker.internal:11434

not http://127.0.0.1:11434.

So short version: use setup.sh, not shell.sh. If you want, paste the next prompt/error from setup.sh and I’ll keep guiding you.

#

Yep, the current repo flow is a little different now.

Short answer: don’t “enter the container” first for onboarding.
The supported pre-start path is to run onboarding through openclaw-gateway directly.

Current Docker onboarding flow

From the repo root:

docker build -t openclaw:local -f Dockerfile .

docker compose run --rm --no-deps --entrypoint node openclaw-gateway \
  dist/index.js onboard --mode local --no-install-daemon

When it asks for Ollama:

#

Base URL: http://host.docker.internal:11434
Mode: Local

Then finish the manual Docker flow:

docker compose run --rm --no-deps --entrypoint node openclaw-gateway \
  dist/index.js config set --batch-json '[{"path":"gateway.mode","value":"local"},{"path":"gateway.bind","value":"lan"},{"path":"gateway.controlUi.allowedOrigins","value":["http://localhost:18789","http://127.0.0.1:18789"]}]'

docker compose up -d openclaw-gateway

If you want the dashboard URL again:

docker compose run --rm openclaw-cli dashboard --no-open

#

Important nuance

openclaw-cli is a post-start tool
pre-start onboarding/config writes should go through openclaw-gateway with --entrypoint node
if you literally want a shell later, that’s just:

docker compose exec openclaw-gateway sh

…but that is not the recommended onboarding path.

Docs:

Docker: https://docs.openclaw.ai/install/docker
Ollama: https://docs.openclaw.ai/providers/ollama

If you want, paste the exact onboarding screen/output after running that docker compose run ... onboard command and I’ll help with the next step.

glacial ledge Apr 12, 2026, 9:13 PM

#

Need clarification on current Docker onboarding flow for OpenClaw + Ollama on macOS
I’m running the latest OpenClaw repo on macOS.
Ollama is running locally and reachable at http://127.0.0.1:11434 (curl works).
I want to run OpenClaw inside Docker, but the repo no longer includes scripts/docker/shell.sh.
The only script present is:scripts/docker/setup.sh
I’m confused about the current recommended onboarding path:

Should onboarding be run before starting the gateway using:

safe girderBOT Apr 12, 2026, 9:14 PM

#

Yes, for a Docker deployment the current flow is:

Manual flow

If you want to do it step by step, then yes, onboarding should be run before docker compose up like this:

#

docker build -t openclaw:local -f Dockerfile .

docker compose run --rm --no-deps --entrypoint node openclaw-gateway \
  dist/index.js onboard --mode local --no-install-daemon

Then, inside that Docker-based onboarding flow, use:

http://host.docker.internal:11434

not http://127.0.0.1:11434, because 127.0.0.1 inside the container is the container itself.

After onboarding:

#

docker compose run --rm --no-deps --entrypoint node openclaw-gateway \
  dist/index.js config set --batch-json '[{"path":"gateway.mode","value":"local"},{"path":"gateway.bind","value":"lan"},{"path":"gateway.controlUi.allowedOrigins","value":["http://localhost:18789","http://127.0.0.1:18789"]}]'

docker compose up -d openclaw-gateway

Important

scripts/docker/shell.sh is old, not part of the current repo
openclaw-cli is for post-start
pre-start onboarding/config writes go through openclaw-gateway

So the clean answer is: yes, run onboarding before starting the gateway if doing the manual flow, or just use ./scripts/docker/setup.sh and let it handle it.

Docs: https://docs.openclaw.ai/install/docker

If you paste the exact command you were about to use after “Should onboarding be run…”, I can sanity-check it.

glacial ledge Apr 12, 2026, 9:14 PM

#

docker compose run --rm --no-deps --entrypoint node openclaw-gateway dist/index.js onboard --mode local --no-install-daemon

Or should I be running onboarding after setup.sh?
My goal:
Use Ollama running on the macOS host from inside Docker, so the base URL should be:http://host.docker.internal:11434

safe girderBOT Apr 12, 2026, 9:14 PM

#

One or the other, not both.

If you use:

./scripts/docker/setup.sh

then do not run onboarding again afterward. setup.sh already handles onboarding as part of the Docker flow.

If you want the manual path, then yes, use:

docker compose run --rm --no-deps --entrypoint node openclaw-gateway \
  dist/index.js onboard --mode local --no-install-daemon

#

and do that before starting the gateway container.

So the choices are:

Easiest

export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh

Manual

docker build -t openclaw:local -f Dockerfile .
docker compose run --rm --no-deps --entrypoint node openclaw-gateway \
  dist/index.js onboard --mode local --no-install-daemon
# then config set / docker compose up -d openclaw-gateway

#

And yes, for your goal, the Ollama URL from inside Docker should be:

http://host.docker.internal:11434

not http://127.0.0.1:11434.

So my recommendation: use setup.sh, enter http://host.docker.internal:11434 when prompted, and don’t run onboarding a second time afterward.

glacial ledge Apr 13, 2026, 1:00 AM

#

Ill let you know how it turns out, thanks

#Request for GHCR Access (read:packages) — Username: Jeffjethro