eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Bump zot registry to v2.1.15 #293

Merged
eblume merged 2 commits from bump/zot-v2.1.15 into main 2026-03-14 10:00:40 -07:00
Conversation 0 Commits 2 Files changed 4 +6 -1
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 3725d0873f - Show all commits

Fix trivy CVE DB downloads in zot LaunchAgent

Prev Next 
The LaunchAgent's default PATH (/usr/bin:/bin:/usr/sbin:/sbin) doesn't
include /usr/local/bin where docker-credential-desktop lives. Trivy's
OCI client reads ~/.docker/config.json which specifies credsStore:desktop,
then fails to find the credential helper. Add /usr/local/bin to PATH.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Erich Blume 2026-03-14 09:54:10 -07:00
commit 3725d0873f

5
ansible/roles/zot/templates/zot.plist.j2
View file

@ -16,6 +16,11 @@
<true/> <true/>
<key>KeepAlive</key> <key>KeepAlive</key>
<true/> <true/>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
</dict>
<key>StandardOutPath</key> <key>StandardOutPath</key>
<string>{{ zot_log_dir }}/mcquack.zot.out.log</string> <string>{{ zot_log_dir }}/mcquack.zot.out.log</string>
<key>StandardErrorPath</key> <key>StandardErrorPath</key>

2
docs/changelog.d/bump-zot-v2.1.15.infra.md
View file

@ -1 +1 @@
Upgrade zot container registry from v2.1.13 to v2.1.15 (CVE-2025-30204, open redirect fix) Upgrade zot container registry from v2.1.13 to v2.1.15 (CVE-2025-30204, open redirect fix). Fix trivy CVE DB downloads by adding /usr/local/bin to LaunchAgent PATH.