The error you're encountering (

exec: "/bin/sh": stat /bin/sh: no such file or directory

) is due to the fact that the base image you are using (`gcr.io/distroless/base-nossl-debian12:nonroot`) is a "distroless" image. Distroless images are minimal and do not include a shell or package manager like

apk

, so commands like

RUN apk add ...

or any shell-based instructions will fail because

/bin/sh

does not exist in the image. What you should do: - If you need to install additional packages (like

gettext

), you must use a non-distroless image as your base, such as the Alpine-based Kratos image (

oryd/kratos:<version>

), which includes a shell and package manager. - The distroless image is intended for production and security, not for building or extending with additional packages. How to proceed: 1. Use the Alpine-based image as your base:

dockerfile    FROM oryd/kratos:latest  # Make sure this is the Alpine-based image, not distroless     USER root    RUN apk add --no-cache gettext     ENTRYPOINT [""]

The Alpine-based image supports

apk

and has

/bin/sh

available, so your Dockerfile will work as expected. 2. If you must use the distroless image: - You cannot install additional packages or use shell commands. You must build everything you need into the image before switching to the distroless base, typically using a multi-stage build. Summary: Switch your base image to the Alpine-based Kratos image if you need to install packages or run shell commands. The distroless image is not suitable for this use case because it lacks a shell and package manager, as described in the [Ory Kratos Docker images documentation](https://www.ory.sh/docs/kratos/guides/docker). > Always use a tagged version and choose the appropriate image for your use case (Alpine for development/customization, distroless for minimal production deployments) [Ory Kratos Docker images](https://www.ory.sh/docs/kratos/guides/docker).

Based on the knowledge sources provided, the Ory Kratos project offers both Alpine-based and distroless Docker images. The Alpine-based image supports package installation and shell commands, while the distroless image does not. If you want to build a custom image that allows you to install packages like

gettext

, you need to ensure your build process uses the Alpine-based image as the base, not the distroless one. However, the knowledge sources do not provide the exact contents of

./docker/Dockerfile-build

or detailed instructions on how to modify it to use Alpine. They do confirm that the Alpine-based Dockerfile is available and referenced in the official images ([see here](https://github.com/ory/kratos/blob/master/.docker/Dockerfile-alpine)), and that you should use the Alpine image for development or customization needs, as it includes a shell and package manager [Ory Kratos Docker images](https://www.ory.sh/docs/kratos/guides/docker). What you should do: - Locate the Dockerfile that is currently using the distroless base image (likely

./docker/Dockerfile-build

or similar). - Change the

FROM

line to use the Alpine-based image instead of the distroless one. For example:

dockerfile FROM golang:1.21-alpine AS build-env # ... build steps ...  FROM oryd/kratos:latest  # Make sure this is the Alpine-based image, not distroless # Now you can install packages USER root RUN apk add --no-cache gettext

Note: If you want to see the official Alpine-based Dockerfile for reference, you can check [Ory Kratos Dockerfile-alpine](https://github.com/ory/kratos/blob/master/.docker/Dockerfile-alpine). Summary: Yes, you need to change your Dockerfile to use the Alpine-based image. The knowledge sources do not provide the exact code for

./docker/Dockerfile-build

, so you will need to adapt it by replacing the distroless base with the Alpine base as shown above. If you need more detailed, step-by-step instructions, please refer to the [Ory Kratos Docker images documentation](https://www.ory.sh/docs/kratos/guides/docker).