Question 309810 in Docker Question posted in
The official documentation can be found here.

Dockerfile Cant Find Successfully Copied Files with RUN

I am attempting to develop a Mozilla SOPS Docker container that uses Age for encryption.
Here are my files:

./Dockerfile:

FROM alpine:latest

# Install sops
RUN wget https://github.com/mozilla/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64 -O /usr/local/bin/sops 
    && chmod +x /usr/local/bin/sops 

# Install age
RUN wget https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz -O /usr/local/bin/age 
    && chmod +x /usr/local/bin/age

RUN export PATH=/usr/local/bin:${PATH}

# Copy the script to generate_sops_config.sh
COPY ./src/generate_sops_config.sh /app/config/generate_sops_config.sh
RUN chmod +x /app/config/generate_sops_config.sh

# Execute the script to generate .sops.yaml and private keys
RUN /app/config/generate_sops_config.sh
RUN chmod 600 /app/config/.sops.yaml

# Cleanup
RUN rm -f /app/config/generate_sops_config.sh

ENTRYPOINT ["sops"]

./generate_sops_config.sh:

#!/bin/bash

# Generate age key pair
age-keygen -o age_key.dev.txt
age-keygen -o age_key.prod.txt

# Extract the public key
prod_age_pubkey=$(cat age_key.dev.txt.pub)
prod_age_pubkey=$(cat age_key.prod.txt.pub)

# Update .sops.yaml with the public key
cat <<EOF > .sops.yaml
creation_rules:
  - path_regex: .dev.yaml$
    age: |
      -----BEGIN AGE ENCRYPTED FILE-----
      ${dev_age_pubkey}
      -----END AGE ENCRYPTED FILE-----

  - path_regex: .prod.yaml$
    age: |
      -----BEGIN AGE ENCRYPTED FILE-----
      ${prod_age_pubkey}
      -----END AGE ENCRYPTED FILE-----
EOF

./docker-compose.yml:

version: '3'

services:
  sops-service:
    build:
        context: .
    volumes:
      - ./shared:/app/shared/
      - ./config:/app/config/

This gets to layer 7/9

 => [sops-service 6/9] RUN chmod +x /app/config/generate_sops_config.sh                            0.3s
 => ERROR [sops-service 7/9] RUN /app/config/generate_sops_config.sh

I run this after first creating the two empty volumes (./shared & ./config) Then running docker-compose up.

Any idea whats going wrong here? I have been troubleshooting for about an hour and a half now with no luck getting Docker to see the file during the build process.

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    For the record, this was my working result:

    ./Dockerfile

    FROM alpine:3.19.0

# Install bash (generate_sops_config.sh dependency) and age
RUN apk update && apk add age

# Install sops
RUN wget https://github.com/mozilla/sops/releases/download/v3.8.1/sops-v3.8.1.linux.amd64 -O /usr/local/bin/sops 
    && chmod +x /usr/local/bin/sops

    ./src/generate_sops_config

    #!/bin/sh

# Generate age key pairs and capture both stdout and stderr
dev_pub_key=$(age-keygen -o /app/config/age_key.dev.txt 2>&1 | sed -n -e 's/^.*Public key: //p')
prod_pub_key=$(age-keygen -o /app/config/age_key.prod.txt 2>&1 | sed -n -e 's/^.*Public key: //p')

# Update .sops.yaml with the public key
cat <<EOF > "/app/config/.sops.yaml"
creation_rules:
  - path_regex: .dev.yaml$
    age: ${dev_pub_key}

  - path_regex: .prod.yaml$
    age: ${prod_pub_key}
EOF

chmod 600 /app/config/.sops.yaml

# Initial run forever to help debugging
trap : TERM INT; sleep infinity & wait

    ./docker-compose.yml

    version: '3'

services:
  sops-service:
    build:
        context: .
    volumes:
      - ./shared:/app/shared/
      - ./config:/app/config/
      - ./src/generate_sops_config.sh:/opt/generate_sops_config.sh
    entrypoint: ["/opt/generate_sops_config.sh", "rm -f /opt/generate_sops_config.sh"]

    Thanks for the help!


  2. 0

    Short: the "not found" does not refer to the file /app/config/generate_sops_config.sh, it refers to the interpreter /bin/bash mentioned in the file.

    • your generate_sops_config.sh requires bash (therefore it says #!/bin/bash in its first line), and the Alpine Linux image comes without bash preinstalled (because Alpine wants to be small, and bash is big).

    • so insert RUN apk update && apk add bash before RUN /app/config/generate_sops_config.sh; this will install bash in your image

    (There are more problems later on; maybe you have to do some more apk add to satisfy dependencies; but that’s another problem.)

    PS: Question well written on your part, that was very easy to reproduce!

    Login or Signup to reply.
  3. 0

    Your generate_sops_config.sh script begins with a "shebang" line that requires #!/bin/bash. A minimal Alpine-based image doesn’t include the GNU bash shell. However, it also doesn’t look like your script is using any bash-specific features; you should be able to use any POSIX shell here.

    If you change the "shebang" line to

    #!/bin/sh
#      ^^ (not bash)

    then the script should run fine. For more complex scripts, you need to make sure to avoid bash-specific features like array-type variables, and unnecessary syntax like function or source keywords.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search