Apptainer container builds fail on compute nodes due to /tmp namespace behavior

Building Apptainer containers on compute nodes may fail during apt update or other package operations. The failure is caused by Apptainer’s build environment not being fully isolated from the host when private /tmp namespaces are in use. As a result, apt is unable to create temporary configuration files under /tmp, leading to GPG and repository signature errors:

Couldn't create temporary file /tmp/apt.conf.XXXXXX for passing config to apt-key
E: The repository 'http://archive.ubuntu.com/ubuntu focal InRelease' is not signed.
FATAL: While performing build: while running %post section: exit status 100

This issue does not occur on login nodes.

Workarounds

1. Build containers on login nodes
   • Recommended when possible, as /tmp behaves normally.
2. Bind-mount /dev/shm to /tmp during build

apptainer build -B /dev/shm:/tmp ubuntu.sif ubuntu.def

References

• Apptainer issue discussing similar behavior with private /tmp: https://github.com/apptainer/apptainer/issues/895