diff --git a/Dockerfile.ubi b/Dockerfile.ubi
index 4359730..20e2b16 100644
--- a/Dockerfile.ubi
+++ b/Dockerfile.ubi
@@ -20,7 +20,25 @@ RUN mkdir /image && \
 COPY ubi-build-files-${TARGETARCH}.txt /tmp
 # Copy all the required files from the base UBI image into the image directory
 # As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files
-RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/
+# Filter existing files and exclude temporary entitlement files that may be removed during build
+RUN set -e && \
+    # Filter files that actually exist (files, directories, or symlinks)
+    while IFS= read -r file; do \
+      [ -n "$file" ] && ([ -e "$file" ] || [ -L "$file" ]) && echo "$file"; \
+    done < /tmp/ubi-build-files-${TARGETARCH}.txt > /tmp/existing-files.txt && \
+    # Create tarball if we have files to archive
+    if [ -s /tmp/existing-files.txt ]; then \
+      tar -chf /tmp/files.tar \
+        --exclude='etc/pki/entitlement-host*' \
+        -T /tmp/existing-files.txt 2>&1 | grep -vE "(File removed before we read it|Cannot stat)" || true; \
+      # Extract only if tarball was created successfully
+      if [ -f /tmp/files.tar ]; then \
+        tar -xf /tmp/files.tar -C /image/ && \
+        rm -f /tmp/files.tar; \
+      fi; \
+    fi && \
+    # Clean up temporary file list
+    rm -f /tmp/existing-files.txt
 
 # Generate a rpm database which contains all the packages that you said were needed in ubi-build-files-*.txt
 RUN rpm --root /image --initdb \