How to set time in Docker container at build time

Question

So I'm trying to build an Alpine container, including an app that requires bash and curl to install.

Trouble is that Alpine seems to think the year is 2037 (possibly because of the host Pi's lack of a hardwareClock) ignoring the correct host OS/system time (kept up-to-date by NTP), so the apk call fails:

fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/armv7/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/armv7/APKINDEX.tar.gz
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.14/main: temporary error (try again later)
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.14/community: temporary error (try again later)
ERROR: unable to select packages:
  bash (no such package):
    required by: world[bash]
  curl (no such package):
    required by: world[curl]

One can use docker run -it --privileged ... to launch the container in interactive mode, and the time will be set correctly, so the installation goes off without a hitch. A reference I found suggests that privileged builds are not possible (ref?).

I've tried many ways to pass the time into the container at build time, all unsuccessfully:

# syntax=docker/dockerfile:1
FROM alpine:3.14
# Pass build-time using `--build-arg time=$(date +%s)` (w/ default value)
ARG time=1632511895
#RUN ["/bin/date", "-s", "@$time"]      # `invalid date @$time`
#RUN ["/bin/date", "-s", "@"$time]      # `/bin/date/` not found
#RUN echo $(date)       # no output
#RUN date -s @$time     # `date: can't set date: Operation not permitted`
#RUN sudo date -s @$time        # /bin/sh: sudo: not found

# cannot build with `--privileged` so clock will be in 2037 and apk will fail
RUN apk add --no-cache curl bash
WORKDIR /tmp

How can I install curl and bash at build-time??

Attempts

Tried setting the timezone as specified here: no effect
Tried forcing apk to use HTTP with RUN sed -i 's/https/http/g' /etc/apk/repositories before the apk command (TY @jan-garaj): I only got a new/additional error: The command '/bin/sh -c apk add --no-cache curl bash' returned a non-zero code: 2

More info

# date       
Sat Oct 23 13:17:47 EDT 2021

# docker info
    Client:
     Debug Mode: false
    
    Server:
     Containers: 4
      Running: 0
      Paused: 0
      Stopped: 4
     Images: 19
     Server Version: 19.03.15
     Storage Driver: overlay2
      Backing Filesystem: extfs
      Supports d_type: true
      Native Overlay Diff: true
     Logging Driver: json-file
     Cgroup Driver: cgroupfs
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 269548fa27e0089a8b8278fc4fc781d7f65a939b
     runc version: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
     init version: fec3683
     Security Options:
      seccomp
       Profile: default
     Kernel Version: 4.19.66-v7+
     Operating System: Raspbian GNU/Linux 9 (stretch)
     OSType: linux
     Architecture: armv7l
     CPUs: 4
     Total Memory: 858.7MiB
     Name: rpi0.crcondo
     ID: WW63:IXLY:OBPE:AX4O:45H7:OAUH:CELE:ALDG:ZHC3:RTQW:I32M:GSDL
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Registry: https://index.docker.io/v1/
     Labels:
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false
    
    WARNING: No swap limit support
    WARNING: No cpu cfs quota support
    WARNING: No cpu cfs period support

Adam Smooch · Accepted Answer

So @JanGaraj's answer gave me an important lead: Alpine 3.14's release notes mention that it requires Docker >=20.10.0 (I am currently on 19.03.15).

Going back to Alpine 3.13's release notes:

The Docker version requirement is 19.03.9 [which I have]
along with libseccomp 2.4.2

Simply using FROM alpine:3.13 still didn't work.

Checking the second requirement, I had a previous version of libseccomp[2] and web-searching led me to this post: https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/

Using the steps therein to upgrade libseccomp[2] did the trick for both alpine:3.13 and alpine:3.14!!

The steps to fix (from the post)

The steps for libseccomp2 are well documented, as this has been a problem on multiple platforms (not just RPI4). You could do a 'oneshot' installation of a newer version, which can be found here https://github.com/itzg/docker-minecraft-server/issues/755#issuecomment-781615497

Personally I feel the better method is to install it from the Buster Backports repo, which is very safe to add. It also means any future updates to libseccomp will be applied to the Pi.

# Get signing keys to verify the new packages, otherwise they will not install
rpi ~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138

# Add the Buster backport repository to apt sources.list
rpi ~$ echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list

rpi ~$ sudo apt update
rpi ~$ sudo apt install libseccomp2 -t buster-backports

Now on to the next build-time error message 😅

How to set time in Docker container at build time

Attempts

More info

Answers (2)

The steps to fix (from the post)

Related Questions