If pushing a docker app to Tanzu Application Service (TAS) that does not include the sh binary it may result in this error:

{"instance"=>"a2801ffd-8eb0-405a-ac6e-e247c850c9eb", "index"=>1, "cell_id"=>"eb5278b3-86f1-4b00-9346-0009e30dd716", "reason"=>"CRASHED", "exit_description"=>"exec failed: container_linux.go:380: starting container process caused: exec: \"sh\": executable file not found in $PATH", "crash_count"=>8, "crash_timestamp"=>1670874447181230698, "version"=>"caa6d98e-625a-4aa0-b9ef-933e48b9d6a2"}

According to the open source documentation, sh is only required for cf ssh support. 

In 2016, to address CVE-2016-0708 , a post_setup_hook was added to Diego's release. This is no longer needed, as the buildpack is updated to handle it. However, the post_setup_hook is still present and this hook means that docker_app_lifecycle apps fail to run when an image does not contain the sh binary.

Product Version: Other

This post_setup_hook has been removed from TAS starting in TAS 2.11.34/2.12.23/2.13.16/3.0.6.

If a docker app is required to be deployed prior to the patched TAS being available in your environment then the following workarounds may help:

1 - (preferred) Include the sh binary in the application.
2 - (least preferred) Edit the bosh manifest for CF deployment to not include the post_setup_hook value, and redeploy. The reason this is least preferred is because this type of change is not persistent across Apply Changes. This workaround would mean to avoid making any changes via OpsMan.


Additional Note
This type of error has also been observed with other executables also. For example if a docker app is pushed with the following:

sh -c "rm -f /home/vcap/app/.java-buildpack.log /home/vcap/app/**/.java-buildpack.log"

Then the same type of error will be observed if rm executable is not in Docker images’s PATH.