I’m trying to run this multi-stage image on my MacBook Air M1:
FROM python:3 AS builder
WORKDIR /app
COPY . .
RUN curl -sSL https://install.python-poetry.org | python3 - && \
PATH="/root/.local/bin:$PATH" && \
poetry config virtualenvs.in-project true && \
poetry config virtualenvs.options.always-copy true && \
poetry install --without dev
FROM gcr.io/distroless/static-debian12
WORKDIR /app
COPY --from=builder /app /app
ENTRYPOINT ["/app/.venv/bin/python", "-m", "my_python_project"]
but when I docker run it, I always see the error:
exec /app/.venv/bin/python: no such file or directory
I used dive to make sure, that the executable is in the location I’m expecting it to. So I thought it might be related to platform issues. Running docker image inspect on the both python:3 and gcr.io/distroless/static-debian12 returned, that both of them are built for linux/arm64; although the python image wasn’t using the v8 variant, which the distroless image does. I’ve tried building and running the image with --platform=linux/arm64/v8, but the issue is still the same.
I don’t use poetry, but isn’t python just a symbolic link to something like /usr/local/bin/python?
If it is the case, you need to find a way to make the virtualenv portable or need to have python installed in the last stage as well.
libpython3.12.so.1.0 and libc.so.6 are indeed in the python:3 image but not in the final image. So I guess even if you copy the binaries, the shared objects are still required.
Then I tried to copy these to the distroless image, but didn’t help, so I wanted to check a normal distro image and replaced the original FROM instruction with
FROM debian:12
Then I tried to run the container from the image again and got this:
/app/.venv/bin/python: error while loading shared libraries: libpython3.12.so.1.0: cannot open shared object file: No such file or directory
So indeed this is the problem. Try to solve it with the debian:12 image without using apt. When it works, switch back to the distroless. Or if you use apt, do it interactively and use docker diff to see the changes in the container. Or… if you already use Dive, you could probably see the new layers as well.