chainguard-dev
Buildah cannot use apko generated image as base
This is related to the following issue : https://github.com/containers/buildah/issues/4213.
Running buildah bud --storage-driver=vfs with the following Dockerfile, as root (just not privileged) will not work.
FROM ghcr.io/distroless/alpine-base:latest
But using other images like docker.io/library/alpine do work. Note also that it works just fine using docker build 🙃.
I am really not sure if it's a buildah issue or an apko issue, hence creating an issue in both repository to figure that out.
STEP 1/1: FROM ghcr.io/distroless/alpine-base:latest
Trying to pull ghcr.io/distroless/alpine-base:latest...
Getting image source signatures
Copying blob afb725cdfbe4 done
Copying blob afb725cdfbe4 done
error creating build container: copying system image from manifest list: writing blob: adding layer with blob "sha256:afb725cdfbe4a41f1de8dbb3ac124dee12eaabec5398eecd92ee585cd946f018": ApplyLayer stdout: stderr: operation not permitted exit status 1
I am not able to reproduce this with Buildah 1.27 in Alpine, but this is pretty strange. Have you tried strace yet?
I am not able to reproduce this with Buildah 1.27 in Alpine, but this is pretty strange. Have you tried
straceyet?
Not really. I also didn't try with buildah 1.27 on alpine, just the latest publish "officilal" buildah image quay.io/buildah/stable 😅.
The fact that it is failing with stdio file access resulting in EPERM indicates to me that it is likely some sort of internal detail inside buildah, most likely tracing with strace would help figure out what syscall is returning EPERM.