readlink: unrecognized option: m

Question

I have the following Dockerfile.

FROM debian:10.7

ARG DEBIAN_FRONTEND=noninteractive

RUN echo "Acquire::http::Proxy \"${HTTP_PROXY}\";" >> /etc/apt/apt.conf.d/50proxy && echo "Acquire::https::Proxy \"${HTTPS_PROXY}\";" >> /etc/apt/apt.conf.d/50proxy

# Install coreutils, dialog, apt-utils since busybox seems to lack them
RUN apt-get update && apt-get install -y coreutils diffutils dialog apt-utils

# Update openssl to the latest version
RUN apt-get update && apt-get upgrade -y openssl

# installing jq and envsubst binary, very useful for shell templating
RUN apt-get update && apt-get install -y --no-install-recommends \
    libc6=2.28-10+deb10u2 \
    && apt-get upgrade -y && apt-get install -y jq bash gettext-base openssl ca-certificates && rm -rf /var/lib/apt/lists/*


RUN ls -alt /usr/local/share/ca-certificates/ \
    && echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \
    && ls -alt /etc/ssl/certs/

RUN update-ca-certificates

RUN echo YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY \
    && ls -alt /etc/ssl/certs/

RUN echo "export http_proxy=${HTTP_PROXY}" >> /etc/profile.d/proxy.sh && echo "export https_proxy=${HTTPS_PROXY}" >> /etc/profile.d/proxy.sh && echo "export no_proxy=${NO_PROXY}" >> /etc/profile.d/proxy.sh

# Add Tini
COPY files/tini-amd64-0.17.0 /sbin/tini

# Force the installation of the package maintainer's version of the openssl.cnf file
RUN echo 'openssl openssl/cnf note' | debconf-set-selections && \
    apt-get install -y --no-install-recommends openssl=1.1.1d-0+deb10u7 --reinstall -o Dpkg::Options::="--force-confnew"

I have installed the coreutils, diffutils packages thinkin it was missing something from there but I stil get the same issue.

readlink: unrecognized option: m
BusyBox v1.33.1 () multi-call binary.
Usage: readlink [-fnv] FILE
Display the value of a symlink
    -f  Canonicalize by following all symlinks
    -n  Don't add newline
    -v  Verbose
dpkg: error processing archive /var/cache/apt/archives/libc6_2.28-10+deb10u2_amd64.deb (--unpack):
 new libc6:amd64 package pre-installation script subprocess returned error exit status 1

From what I can see and found on the internet -m option does not exist in this version. I have tried some other things but I cannot change to use -f or something else.

Any leads on ho to make this work?

If you're seeing an error message that mentions BusyBox, I'd expect to see that associated with an `alpine` base image (or maybe directly using `busybox`); the `debian` image should have the full GNU tool set. I don't see `readlink` mentioned in your Dockerfile at all. What specific line or command causes this error? — David Maze, Mar 27 '23 at 10:53
You are right. I am using Kaniko wrapped with alpine:3.14.2. After we use this baseimage to build other images. It does not fail for alpine based ones and other ones that probably use some toolset similar to alpine but for these ones they're failing. — Stefan Neacsu, Mar 27 '23 at 11:12
This is where it fails: `RUN apt-get update && apt-get upgrade -y && apt-get install -y git-core bind9-utils build-essential dialog apt-utils jq bash gettext-base ca-certificates && apt-get clean && rm -rf /var/lib/apt/lists/* ` — Stefan Neacsu, Mar 27 '23 at 11:13
Change to this: `RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y git-core bind9-utils build-essential dialog apt-utils jq bash openssl gettext-base ca-certificates \ bison flex texinfo automake autoconf libtool make gcc g++ gdb gettext wget curl unzip patch perl python3 python3-pip rsync && \ apt-get clean && \ rm -rf /var/lib/apt/lists/*` Still fails — Stefan Neacsu, Mar 27 '23 at 11:21
I'm confused, in your environment you're saying the `debian:10.7` image is actually Alpine but with the Debian packaging tools overlaid on it? — David Maze, Mar 27 '23 at 13:15
So, we are using kaniko instead of docker to build and push the images to the registry. What I posted in the post it's the Dockerfile used to build the debian:10.7 image, but in the CI/CD configuration we initially build the kaniko executor that then gets used in the other images to be built. For the executor, we are using 1.9.1-debug (kaniko) then we layer it to an alpine based one since kaniko it's not the same as a normal docker and it's missing some packages, etc for different parts of our pipeline setup — Stefan Neacsu, Mar 27 '23 at 13:37

score 0 · Accepted Answer · answered Mar 28 '23 at 10:34

I found the solution. At first it did not pull the correct image and I just needed to install coreutils since it seems Busybox uses a more tonedown version of readlink.

After installing coreutils and executing in the container I could confirm that the readlink -m option was there.

FROM debian:10.7

ENV DEBIAN_FRONTEND=noninteractive

RUN echo "Acquire::http::Proxy \"${HTTP_PROXY}\";" >> /etc/apt/apt.conf.d/50proxy && echo "Acquire::https::Proxy \"${HTTPS_PROXY}\";" >> /etc/apt/apt.conf.d/50proxy
# installing jq and envsubst binary, very usefull for shell templating
RUN apt-get update && apt-get upgrade -y && apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y jq bash gettext-base ca-certificates coreutils && rm -rf /var/lib/apt/lists/*

COPY certs/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
RUN echo "export http_proxy=${HTTP_PROXY}" >> /etc/profile.d/proxy.sh && echo "export https_proxy=${HTTPS_PROXY}" >> /etc/profile.d/proxy.sh && echo "export no_proxy=${NO_PROXY}" >> /etc/profile.d/proxy.sh

# Add Tini
COPY files/tini-amd64-0.17.0 /sbin/tini

This is the updated Dockerfile, maybe it helps some others with similar issues.

score 0 · Answer 2 · answered Jul 20 '23 at 12:24

Thank you for sharing your solution @Stefan. I guess we had a similar issue but different setup (?). I am using a custom Kaniko image so I can add other tools like jq using the Dockerfile below:

FROM gcr.io/kaniko-project/executor:v1.9.0-debug AS kaniko
FROM alpine:3.14.2

RUN apk --update add \
  bash \
  jq

COPY --from=kaniko /kaniko/warmer /kaniko/
COPY --from=kaniko /kaniko/executor /kaniko/
COPY --from=kaniko /kaniko/ssl /kaniko/
COPY --from=kaniko /kaniko/docker-credential-ecr-login /kaniko/
COPY --from=busybox:1.32.0 /bin /busybox

ENV PATH $PATH:/usr/local/bin:/kaniko:/busybox
ENV DOCKER_CONFIG /kaniko/.docker/

I then used the built image to build my application but it keeps failing with the readlink: unrecognized option: m error.

Adding coreutils to the custom kaniko Dockerfile fixed the issue for me.

...
RUN apk --update add \
  coreutils \
  bash \
  jq
...

And I guess busybox is not needed anymore with coreutils added?

readlink: unrecognized option: m

2 Answers2