Solvedkaniko error building image: error building stage: lstat /tmp/apt-key-gpghome.VoPBz66R2g/gnupg_spawn_agent_sentinel.lock: no such file or directory

Actual behavior
I am trying to build a Dockerfile which is built correctly with docker daemon.
I have this error :

Setting up google-chrome-stable (77.0.3865.75-1) ...
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/x-www-browser (x-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/gnome-www-browser (gnome-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/google-chrome (google-chrome) in auto mode
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for libgdk-pixbuf2.0-0:amd64 (2.36.5-2+deb9u2) ...
INFO[0278] Taking snapshot of full filesystem...        
INFO[0279] Adding whiteout for /var/lib/apt/lists       
error building image: error building stage: lstat /tmp/apt-key-gpghome.7n7iliD9iR/gnupg_spawn_agent_sentinel.lock: no such file or directory

Expected behavior
As it works with docker daemon, I expect that the build is also OK with kaniko without changing the dockerfile.

To Reproduce
Use this Dockerfile in a builder-node directory

FROM google/cloud-sdk:262.0.0-slim

RUN apt-get update && apt-get install --yes curl && \
    curl -sL | bash - && \
    apt-get install -y nodejs
RUN echo "deb [arch=amd64] stable main" > /etc/apt/sources.list.d/chrome.list && \
    curl -sS |  apt-key add - && \
    echo "deb stable main" |  tee /etc/apt/sources.list.d/yarn.list && \
    apt-get update && \
    apt-get install --no-install-recommends -y software-properties-common && \
    # installation des paquets via apt
    apt-get install --no-install-recommends -y --allow-unauthenticated unzip google-chrome-stable yarn build-essential && \
    apt-get clean && \
    rm -rf /etc/apt/sources.list.d/chrome.list /var/lib/apt/lists

Run it : Dockerfile $(pwd)/builder-node false

Additional Information

  • no other file in build context than the Dockerfile
ls -l builder-node 
total 4
-rw-r--r-- 1 olivier olivier 2354 15 sept. 23:26 Dockerfile
  • Kaniko Image built with make image from commit d67a8225031f2809f0d6c8c4f1825f233d8574a1 :                  latest              af14b1090d2e        2 hours ago         49.1MB
46 Answers

โœ”๏ธAccepted Answer

Looks like the whole issue is just about kaniko design problems.
I can't realise that the issue is closed while it still active and described problem still reproducing.

Build tool that requires all the filesystem outside the build context to be consistent looks awful for me.
Every time this tool will meets race conditions, because the reality is different.
And this is looks like a real design problem for kaniko

Probably the better alternative is already existing, i hope you will find something for you

Other Answers:

I'm experiencing a similar issue with a gradle container:

INFO[0091] Taking snapshot of full filesystem...        
error building image: error building stage: Failed to get file info for /root/.kotlin/daemon/ lstat /root/.kotlin/daemon/ no such file or directory

When I enabled debug logging the issue disappeared. I suspect it might be a race condition but I have no experience to further investigate.

@nielsvanvelzen did you ever manage to solve the kotlin daemon issue?
I keep having that same error undeterministically in random commits that don't change Cloudbuild, Kaniko, Gradle or Docker configurations at all...

A possible fix may be to disable Kotlin daemon with ENV GRADLE_OPTS -Dkotlin.compiler.execution.strategy="in-process" (in Dockerfile) but I can't yet say as the issue might still arise again later... it is undeterministic :s

Getting same kind of error here:

update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/x-www-browser (x-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/gnome-www-browser (gnome-www-browser) in auto mode
update-alternatives: using /usr/bin/google-chrome-stable to provide /usr/bin/google-chrome (google-chrome) in auto mode
Processing triggers for libc-bin (2.24-11+deb9u4) ...
INFO[0254] Taking snapshot of full filesystem...        
error building image: error building stage: lstat /tmp/apt-key-gpghome.4lNiMJ5oLl/pubring.kbx: no such file or directory

Any solution?

Getting this error on executor:debug on GitLab CI:

INFO[0020] Taking snapshot of full filesystem...        
INFO[0027] RUN yum clean all                            
INFO[0027] cmd: /bin/sh                                 
INFO[0027] args: [-c yum clean all]                     
INFO[0027] Running: [/bin/sh -c yum clean all]          
Loaded plugins: ovl, priorities
Cleaning repos: amzn2-core
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
INFO[0027] Taking snapshot of full filesystem...        
error building image: error building stage: failed to get files used from context: failed to get fileinfo for /workspace/requirements.txt: lstat /workspace/requirements.txt: no such file or directory

Dockerfile to reproduce:

FROM amazonlinux:latest

# Installing Python3
RUN yum install -y python3

# Clean yum cache
RUN yum clean all

# copy requirements.txt to tmp folder
ADD requirements.txt /tmp

# copy script to system
ADD /usr/bin/

# install script's dependencies
RUN pip3 install -r /tmp/requirements.txt -q

Related Issues:

kaniko [0.21.0] Permission denied when using GCR caching
Our systems are also impacted by this with the same permission denied error Actual behavior After up...
kaniko Image build process Freezes on Taking snapshot of full filesystem...
I am experience this problem while building an image with less than a gb Interesting that it fails s...
kaniko chown: Value too large for defined data type
Currently using kaniko is a bit unfortunately because it still failes most builds (for us) on k8s cl...
kaniko error building image: error building stage: lstat /tmp/apt-key-gpghome.VoPBz66R2g/gnupg_spawn_agent_sentinel.lock: no such file or directory
Looks like the whole issue is just about kaniko design problems Actual behavior I am trying to build...
distribution Private registry push fail: server gave HTTP response to HTTPS client
I get helped from [
kubernetes deleting namespace stuck at "Terminating" state
@ManifoldFR I had the same issue as yours and I managed to make it work by making an API call with j...
moby The name "/data-container-name" is already used by container <hash>. You have to remove (or rename) that container to be able to reuse that name.
I have a helper function to nuke everything so that our Continuous blah cycle can be tested erm.. co...
kubernetes PV is stuck at terminating after PVC is deleted
I got rid of this issue by performing the following actions: Then I manually edited the pv individua...
kubernetes x509 cert issues after kubeadm init
do you have $KUBECONFIG pointing to /etc/kubernetes/kubelet.conf? BUG REPORT: (I think?) What happen...
kubernetes Ingress: Allow for multiple hosts
I also would like to see this feature but as a workaround I use YAML ids Here is how it would look f...
kubernetes The connection to the server localhost:8080 was refused - did you specify the right host or port?
Run these commands solved this issue: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HO...
minikube minikube start - Error starting host, machine does not exist
On macOS Sierra rm -rf ~/.minikube fixed it for me After that minikube start worked as expected mini...
kubernetes Force pods to re-pull an image without changing the image tag
@yujuhong Sometimes it's very useful to be able to do this For instance Problem A frequent question ...
moby docker-engine 1.10.2-0~trusty can't install on clean Ubuntu 64-bit 14.04.3
I seem to have resolved this by putting deb trusty main in /etc/...
moby Docker service update --image "could not accessed on a registry to record its digest"
When updating services that need credentials to pull the image you need to pass --with-registry-auth...
kubernetes 'unknown revision v0.0.0' errors, seemingly due to 'require v0.0.0'
For anyone else who hits this issue after much weeping and gnashing of teeth this is the little scri...
minikube kube-proxy configmap update: timed out (unknown root cause)
I had this error when upgrading from 0.25 to 0.26.1 Simply performing minikube delete and then re-cr...
kubernetes JSONpath fails to return keys containing dots in a map
Escaping dots works now To revisit the example in my original message: Closing ๐ŸŽ‰ ...
moby docker daemon unable to access registry - Client.Timeout exceeded while awaiting headers
I found out that the problem might be in /etc/resolv.conf I had: but moving the non-working (yet) 10...
kubernetes "Failed to setup network for pod \ using network plugins \"cni\": no IP addresses available in network: podnet; Skipping pod"
I had a simliar issue while testing kubernetes with kubeadm This started to happen after I did a kub...
kubernetes Kubectl cp gives "tar: removing leading '/' from member names" warning
Something I found is that if I do not put a / at the beginning of my path following : in <pod>:<path...
moby docker.service Failed with result 'start-limit-hit'.
I had the same error message once because of an empty /etc/docker/daemon.json file Delete it if you ...
kubernetes no kind "Deployment" is registered for version "apps/v1beta2"
Small tip: To find out what exact apps/xxx api version your cluster supports use kubectl api-version...
minikube Can't pull images from an insecure registry in Minikube VM
I just tried this with minikube v0.10.0 and --insecure-registry='' wa...
rancher Namespace created by rancher can't delete
This is a known issue with removing an imported cluster (and in the process of being fixed) but you ...
che event-stream-3.3.6.tgz not found in Yarnpkg.
this is due to : to...
moby containerd: start container" error="oci runtime error: fork/exec /usr/bin/docker (deleted): no such file or directory: "
Not sure if this is the same cause but this might help someone Steps to reproduce the issue: Install...
moby Error response from daemon: Get
may be you are behind a firewall/proxy server i was also behind my office firewall so i tried below ...
kubernetes Scale down a deployment by removing specific pods
In my company we have the exact same case of that of @antoinne85: workers that pick tasks from a que...
kubernetes Ubuntu 16.04 LTS - Unable to locate package kubelet, kubeadm, kubectl
Hi @monique77 On Ubuntu 16.04: Add key for new repository: Add repository: Install Kubernetes: Regar...
vscode remote release VS Code Server for WSL closed unexpectedly: Input/output error
I just got this issue too I installed the Windows May 2020 Update yesterday and then installed Ubunt...
kubernetes Kubernetes-cni issue with 1.9.0 - no ip address available in range
I had the same issue on Ubuntu 16.04.1 LTS (using flannel for the networking) Is this a BUG REPORT o...
minikube Error getting state for host: exit status 126
As a referential point for anyone who run into this issue on El Capitan and found this via Google (l...
minikube Can't use Minikube on VPN
I know this is closed but I'm adding this comment to describe how we made this work: Set port forwar...
moby linux spec user: Unable to find user xxx
Why not use the numeric ID of the user instead of a user-name; doing so you don't have to bind-mount...
minikube Failed to restart crio.service: Unit crio.service not found.
Ran into the same issue However I am working on Linux The following steps did the trick for me: Unin...
moby 20.10.0-beta1@Fedora 33: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone
I've got a similar error after upgrading docker to version 20.10 on Fedora 32 To fix this ...
kubernetes Flannel (NetworkPlugin cni) error: /run/flannel/subnet.env: no such file or directory
Just got the same problem - fixed it by manually adding the file: /run/flannel/subnet.env ...
kubernetes Pods stuck on terminating
I have the same issue on Kubernetes 1.8.2 on IBM Cloud After new pods are started the old pods are s...
moby Named Volumes in Dockerfile
This is by design With docker-compose I can use named volumes like this: What about Dockerfile? I tr...
minikube No example to use minikube with private registry
For Google Container Registry (using oauth2) this works for me: kubectl create secret docker-registr...
moby Add daemon options for Docker network subnets
This is a feature request and I support it! docker daemon should have two additional options: --net-...
kubernetes Deployment with recreate strategy does not remove old replica set
Thought this might help anyone looking at how to remove inactive replicasets (spec.replicas set to z...
moby Trying to connect to Docker API for shell commands throws error
This is likely due to either the Virtual Machine not being started (try docker-machine start default...
kubernetes network plugin is not ready: cni config uninitialized
removing $KUBELET_NETWORK_ARGS not work with me. Hello I want to do a fresh install of kubernetes vi...
kops etcd-manager certificate rotation
The certs and keys in S3 are only for the CA certificates which have a 10 year expiration ...
kubernetes gcloud container get-credentials not authenticating service account
Previously gcloud would have configured kubectl to use the cluster's static client certificate to au...
kubernetes kube-proxy iptables load-balancing probability is not equal
This is intended because these iptables rules will be examined from top to bottom Take your case as ...