alpine 3.13.0:dockerビルドエラー


Step 1/4 : FROM alpine
 ---> 4a36e4045daf
Step 2/4 : RUN apk add -U --no-cache git bash
 ---> Running in ce29a0b6b120
  bash (no such package):
    required by: world[bash]
  git (no such package):
    required by: world[git]
WARNING: Ignoring temporary error (try again later)
WARNING: Ignoring temporary error (try again later)
ERROR: unable to select packages:
The command '/bin/sh -c apk add -U --no-cache git bash' returned a non-zero code: 2


time64 requirements

The following important information applies for users of x86, armv7, and armhf (currently supported 32-bit architectures), including 32-bit Docker containers on 64-bit hosts.

All self-compiled packages must be manually rebuilt after upgrading, even if relocation/SONAME errors are not encountered.

musl 1.2 uses new time64-compatible system calls. Due to runc issue 2151, these system calls incorrectly return EPERM instead of ENOSYS when invoked under a Docker or libseccomp version predating their release. Therefore, Alpine Linux 3.13.0 requires the host Docker to be version 19.03.9 (which contains backported moby commit 89fabf0) or greater and the host libseccomp to be version 2.4.2 (which contains backported libseccomp commit bf747eb) or greater. Docker for Windows issue 8326 tracks the process of updating libseccomp in Docker for Windows.

Therefore, the following platforms are not suitable as Docker hosts for 32-bit Alpine Linux 3.13.0, due to containing out-of-date libseccomp: Amazon Linux 1 or 2, CentOS 7 or 8, Debian stable without debian-backports, Raspbian stable, Ubuntu 14.04 or earlier, and Windows. This applies regardless of whether the Linux distribution Docker packages or separate Docker package repositories are used.

To check if your host libseccomp is time64-compatible, invoke scmp_sys_resolver -a x86 clock_gettime64 for x86 containers, or scmp_sys_resolver -a arm clock_gettime64 for armhf or armv7 containers. If 403 is returned, time64 is supported. If -1 is returned, time64 is not supported. Note that Docker must still be at least version 19.03.9, regardless of the result of this command.

In order to run under old Docker or libseccomp versions, the moby default seccomp profile should be downloaded and on line 2, defaultAction changed to SCMP_ACT_TRACE, then --seccomp-profile=default.json can be passed to dockerd, or --security-opt=seccomp=default.json passed to docker create or docker run. This will cause the system calls to return ENOSYS instead of EPERM, allowing the container to fall back to 32-bit time system calls. In this case, the container will not be compatible with dates past 2038.

Alternatively, --security-opt=seccomp=unconfined can be passed with no default.json required, but note that this will reduce the security of the host against malicious code in the container.