diff --git a/.gitignore b/.gitignore
index 5ebb4dd..81a58aa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 gptfdisk-1.0.10.tar.gz
-ignition-2.21.0.tar.gz
+ignition-2.22.0.tar.gz
 ignition-edge-b8d1b7a.tar.gz
diff --git a/0001-Fix-device-mapper-partitioning.patch b/0001-Fix-device-mapper-partitioning.patch
new file mode 100644
index 0000000..f3adbec
--- /dev/null
+++ b/0001-Fix-device-mapper-partitioning.patch
@@ -0,0 +1,76 @@
+From 13a44baf739dabb5687a7e54c0e612a496cf9e03 Mon Sep 17 00:00:00 2001
+From: Tiago Bueno <tiago.bueno@gmail.com>
+Date: Mon, 29 Sep 2025 11:58:40 -0300
+Subject: [PATCH] Fix device mapper partitioning
+
+When run ignition on a device mapper, ie, multipath, it fails because
+the function blockDevHeld returns true as the block device
+contains holders. A block device with holders do not necessary means
+the block device is in use (like mounted).
+The function blockDevInUse will not check if it is a device mapper
+and if so, do not check for blockDevHeld.
+
+Signed-off-by: Tiago Bueno <tiago.bueno@gmail.com>
+(cherry picked from commit 2d04de325c59cc60158a12530b5ac2f40ec1e8c9)
+---
+ docs/release-notes.md                    |  7 +++++++
+ internal/exec/stages/disks/partitions.go | 18 +++++++++++++++---
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/docs/release-notes.md b/docs/release-notes.md
+index da586fc8..a6077cf5 100644
+--- a/docs/release-notes.md
++++ b/docs/release-notes.md
+@@ -14,6 +14,13 @@ nav_order: 9
+ 
+ ### Bug fixes
+ 
++## Ignition 2.22.1 (2025-11-07)
++Starting with this release, ignition-validate binaries are signed with the
++[Fedora 42 key](https://getfedora.org/security/).
++
++### Bug fixes
++
++- Fix multipath partitioning: ignore DM holders when no partitions are mounted;continue to refuse if the disk or any partition is active. ([#2128](https://github.com/coreos/ignition/issues/2128))
+ 
+ ## Ignition 2.22.0 (2025-07-08)
+ Starting with this release, ignition-validate binaries are signed with the
+diff --git a/internal/exec/stages/disks/partitions.go b/internal/exec/stages/disks/partitions.go
+index 801485a4..1ae42721 100644
+--- a/internal/exec/stages/disks/partitions.go
++++ b/internal/exec/stages/disks/partitions.go
+@@ -323,6 +323,13 @@ func (p PartitionList) Swap(i, j int) {
+ 	p[i], p[j] = p[j], p[i]
+ }
+ 
++func isBlockDevMapper(blockDevResolved string) bool {
++	blockDevNode := filepath.Base(blockDevResolved)
++	dmName := fmt.Sprintf("/sys/class/block/%s/dm/name", blockDevNode)
++	_, err := os.Stat(dmName)
++	return err == nil
++}
++
+ // Expects a /dev/xyz path
+ func blockDevHeld(blockDevResolved string) (bool, error) {
+ 	_, blockDevNode := filepath.Split(blockDevResolved)
+@@ -384,9 +391,14 @@ func blockDevPartitions(blockDevResolved string) ([]string, error) {
+ func blockDevInUse(blockDevResolved string, skipPartitionCheck bool) (bool, []string, error) {
+ 	// Note: This ignores swap and LVM usage
+ 	inUse := false
+-	held, err := blockDevHeld(blockDevResolved)
+-	if err != nil {
+-		return false, nil, fmt.Errorf("failed to check if %q is held: %v", blockDevResolved, err)
++	isDevMapper := isBlockDevMapper(blockDevResolved)
++	held := false
++	if !isDevMapper {
++		var err error
++		held, err = blockDevHeld(blockDevResolved)
++		if err != nil {
++			return false, nil, fmt.Errorf("failed to check if %q is held: %v", blockDevResolved, err)
++		}
+ 	}
+ 	mounted, err := blockDevMounted(blockDevResolved)
+ 	if err != nil {
+-- 
+2.51.1
+
diff --git a/0001-OCPBUGS-65684-Fix-invalid-random-source-in-FIPS-140.patch b/0001-OCPBUGS-65684-Fix-invalid-random-source-in-FIPS-140.patch
new file mode 100644
index 0000000..1861289
--- /dev/null
+++ b/0001-OCPBUGS-65684-Fix-invalid-random-source-in-FIPS-140.patch
@@ -0,0 +1,95 @@
+From a33a8402a215f008c22ac52c885606117adba6c5 Mon Sep 17 00:00:00 2001
+From: Tiago Bueno <tiago.bueno@gmail.com>
+Date: Mon, 17 Nov 2025 21:44:24 -0300
+Subject: [PATCH] OCPBUGS-65684: Fix invalid random source in FIPS 140-only
+ mode in FIPS mode
+
+When igntion is compiled with GOEXPERIMENT=strictfipsruntime and
+running in a computer with FIPS enabled, the random source is invalid.
+
+When FIPS is enabled, instead of use a custom random on TLS config,
+do not set a random source at all as it will use crypto/rand.Reader by
+default
+
+Co-authored-by: Steven Presti <47181335+prestist@users.noreply.github.com>
+Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
+
+Signed-off-by: Tiago Bueno <tiago.bueno@gmail.com>
+---
+ internal/resource/http.go | 49 ++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 44 insertions(+), 6 deletions(-)
+
+diff --git a/internal/resource/http.go b/internal/resource/http.go
+index 197f5731..aae40e90 100644
+--- a/internal/resource/http.go
++++ b/internal/resource/http.go
+@@ -25,6 +25,7 @@ import (
+ 	"net"
+ 	"net/http"
+ 	"net/url"
++	"os"
+ 	"strings"
+ 	"time"
+ 
+@@ -218,16 +219,52 @@ func (f *Fetcher) RewriteCAsWithDataUrls(cas []types.Resource) error {
+ 	return nil
+ }
+ 
+-// DefaultHTTPClient builds the default `http.client` for Ignition.
+-func defaultHTTPClient() (*http.Client, error) {
+-	urand, err := earlyrand.UrandomReader()
++func isFIPSEnabled() bool {
++	data, err := os.ReadFile("/proc/sys/crypto/fips_enabled")
+ 	if err != nil {
+-		return nil, err
++		// If the file doesn't exist or can't be read, assume FIPS is not enabled
++		return false
+ 	}
++	// Check if the content is "1" (with or without trailing newline)
++	return len(data) > 0 && data[0] == '1'
++}
+ 
+-	tlsConfig := tls.Config{
+-		Rand: urand,
++// DefaultHTTPClient builds the default `http.client` for Ignition.
++func defaultHTTPClient() (*http.Client, error) {
++	var tlsConfig tls.Config
++
++	if isFIPSEnabled() {
++		// In FIPS mode (GOEXPERIMENT=strictfipsruntime), we can't set a random source.
++		// Setting a custom random source like /dev/urandom causes the error:
++		// "crypto/ecdh: invalid random source in FIPS 140-only mode"
++		tlsConfig = tls.Config{}
++	} else {
++		// In non-FIPS mode let's use the `earlyrand.UrandomReader()`
++		// this source reads from `/dev/urandom` (`man urandom`) rather
++		// than calling the `getrandom` API (`man getrandom`).
++		//
++		//   > When  read, the /dev/urandom device returns random bytes
++		//   > using a pseudorandom number generator seeded from the entropy
++		//   > pool. Reads from this device do not block (i.e., the CPU is
++		//   > not yielded)
++		//
++		// This is a tradeoff to not block early boot because:
++		//
++		//   > When read during early boot time, /dev/urandom may return
++		//   > data prior to the entropy pool being initialized. If this
++		//   > is of concern in your application, use getrandom(2) or
++		//   > /dev/random instead.
++		//
++		// See https://github.com/coreos/ignition/issues/645
++		urand, err := earlyrand.UrandomReader()
++		if err != nil {
++			return nil, err
++		}
++		tlsConfig = tls.Config{
++			Rand: urand,
++		}
+ 	}
++
+ 	transport := http.Transport{
+ 		ResponseHeaderTimeout: time.Duration(defaultHttpResponseHeaderTimeout) * time.Second,
+ 		Dial: (&net.Dialer{
+-- 
+2.50.1 (Apple Git-155)
+
diff --git a/0001-Rename-ignition.cfg-05_ignition.cfg.patch b/0001-Rename-ignition.cfg-05_ignition.cfg.patch
deleted file mode 100644
index e3fe17f..0000000
--- a/0001-Rename-ignition.cfg-05_ignition.cfg.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 8db6a73a353aee31ac07a60c09c1d8a749f3234e Mon Sep 17 00:00:00 2001
-From: Etienne Champetier <e.champetier@ateme.com>
-Date: Mon, 17 Mar 2025 14:52:48 -0400
-Subject: [PATCH] Rename ignition.cfg -> 05_ignition.cfg
-
-When bootupd/grub2-static/configs.d was introduced,
-blscfg was after every config. Some config need to be after blscfg,
-so rename to 05_ignition.cfg so we can align bootupd numbering with
-legacy grub (blscfg is in 10_linux).
----
- Makefile                                | 2 +-
- docs/release-notes.md                   | 2 ++
- grub2/{ignition.cfg => 05_ignition.cfg} | 0
- 3 files changed, 3 insertions(+), 1 deletion(-)
- rename grub2/{ignition.cfg => 05_ignition.cfg} (100%)
-
-diff --git a/Makefile b/Makefile
-index 635b809f..2f3ed33c 100644
---- a/Makefile
-+++ b/Makefile
-@@ -33,7 +33,7 @@ install: all
- 	ln -sf ../lib/dracut/modules.d/30ignition/ignition $(DESTDIR)/usr/libexec/ignition-rmcfg
- 
- install-grub-for-bootupd:
--	install -m 0644 -D -t $(DESTDIR)/usr/lib/bootupd/grub2-static/configs.d grub2/ignition.cfg
-+	install -m 0644 -D -t $(DESTDIR)/usr/lib/bootupd/grub2-static/configs.d grub2/05_ignition.cfg
- 
- .PHONY: vendor
- vendor:
-diff --git a/docs/release-notes.md b/docs/release-notes.md
-index 6829e671..ec3c1aa7 100644
---- a/docs/release-notes.md
-+++ b/docs/release-notes.md
-@@ -12,6 +12,8 @@ nav_order: 9
- 
- ### Changes
- 
-+- Rename ignition.cfg -> 05_ignition.cfg
-+
- ### Bug fixes
- 
- 
-diff --git a/grub2/ignition.cfg b/grub2/05_ignition.cfg
-similarity index 100%
-rename from grub2/ignition.cfg
-rename to grub2/05_ignition.cfg
--- 
-2.48.1
-
diff --git a/1000-Remove-sgdisk-requirement.patch b/1000-Remove-sgdisk-requirement.patch
new file mode 100644
index 0000000..34e79fc
--- /dev/null
+++ b/1000-Remove-sgdisk-requirement.patch
@@ -0,0 +1,33 @@
+From 3848984ed8bcbc1829effa6f3fefbc5736bbde39 Mon Sep 17 00:00:00 2001
+From: Angel Perez <angel.perez@oracle.com>
+Date: Wed, 5 Mar 2025 20:59:17 +0000
+Subject: [PATCH] Remove sgdisk requirement
+
+ignition-edge now, is the one that deploys sgdisk
+- remove the circular requirement
+
+Orabug: 37470782
+
+Signed-off-by: Angel Perez <angel.perez@oracle.com>
+Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
+---
+ .../dracut/35ignition-edge/module-setup.sh                     | 3 +--
+ 1 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/ignition-edge-b8d1b7a52c28fd5c33d15a0628d4b69f242f5c57/dracut/35ignition-edge/module-setup.sh b/ignition-edge-b8d1b7a52c28fd5c33d15a0628d4b69f242f5c57/dracut/35ignition-edge/module-setup.sh
+index 4330d9e..4052dcf 100644
+--- a/ignition-edge-b8d1b7a52c28fd5c33d15a0628d4b69f242f5c57/dracut/35ignition-edge/module-setup.sh
++++ b/ignition-edge-b8d1b7a52c28fd5c33d15a0628d4b69f242f5c57/dracut/35ignition-edge/module-setup.sh
+@@ -23,8 +23,7 @@ install() {
+         lsblk \
+         sed \
+         grep \
+-        realpath \
+-        sgdisk
++        realpath
+ 
+     inst_simple "$moddir/ignition-edge-generator" \
+         "$systemdutildir/system-generators/ignition-edge-generator"
+-- 
+2.47.1
+
diff --git a/ignition.spec b/ignition.spec
index a78b681..1530115 100644
--- a/ignition.spec
+++ b/ignition.spec
@@ -1,8 +1,8 @@
 ## START: Set by rpmautospec
-## (rpmautospec version 0.6.5)
+## (rpmautospec version 0.8.1)
 ## RPMAUTOSPEC: autorelease, autochangelog
 %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 2;
+    release_number = 3;
     base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
     print(release_number + base_release_number - 1);
 }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@@ -26,7 +26,7 @@
 # https://github.com/coreos/ignition
 %global goipath         github.com/coreos/ignition
 %global gomodulesmode   GO111MODULE=on
-Version:                2.21.0
+Version:                2.22.0
 
 %gometa
 
@@ -35,7 +35,7 @@ Version:                2.21.0
 %global dracutlibdir %{_prefix}/lib/dracut
 
 Name:           ignition
-Release:        %autorelease
+Release:        3.0.1%{?dist}
 Summary:        First boot installer and configuration tool
 
 # Upstream license specification: Apache-2.0
@@ -46,8 +46,14 @@ Source0:        %{gosource}
 Source1:        https://github.com/fedora-iot/ignition-edge/archive/%{ignedgecommit}/ignition-edge-%{ignedgeshortcommit}.tar.gz
 # For vendored gdisk
 Source2:        http://downloads.sourceforge.net/gptfdisk/gptfdisk-%{gdiskversion}.tar.gz
+Patch1000:     1000-Remove-sgdisk-requirement.patch
+
+
+Patch01: 0001-Fix-device-mapper-partitioning.patch
+# Fix invalid random source in FIPS 140-only mode in FIPS mode
+# ([#2159](https://github.com/coreos/ignition/pull/2159))
+Patch02: 0001-OCPBUGS-65684-Fix-invalid-random-source-in-FIPS-140.patch
 
-Patch0: 0001-Rename-ignition.cfg-05_ignition.cfg.patch
 
 BuildRequires: libblkid-devel
 BuildRequires: systemd-rpm-macros
@@ -70,66 +76,82 @@ BuildRequires: popt-devel
 %endif
 
 # Generated by `go-mods-to-bundled-provides.py | sort`
-Provides: bundled(golang(cloud.google.com/go/compute/metadata)) = 0.2.3
-Provides: bundled(golang(cloud.google.com/go/storage)) = 1.35.1
-Provides: bundled(golang(cloud.google.com/go/storage/internal)) = 1.35.1
-Provides: bundled(golang(cloud.google.com/go/storage/internal/apiv2)) = 1.35.1
-Provides: bundled(golang(cloud.google.com/go/storage/internal/apiv2/storagepb)) = 1.35.1
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/arn)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/auth/bearer)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awserr)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awsutil)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client/metadata)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/corehandlers)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/endpointcreds)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/processcreds)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ssocreds)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/stscreds)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/csm)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/defaults)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/ec2metadata)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/endpoints)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/request)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/session)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/signer/v4)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/context)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/ini)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared/arn)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared/s3err)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkio)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkmath)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkrand)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkuri)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/shareddefaults)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/strings)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sync/singleflight)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/checksum)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/json/jsonutil)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/jsonrpc)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query/queryutil)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/rest)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restjson)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restxml)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3iface)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sso)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/ssooidc)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sso/ssoiface)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.47.9
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.47.9
-Provides: bundled(golang(github.com/beevik/etree)) = 1.2.0
-Provides: bundled(golang(github.com/containers/libhvee/pkg/kvp)) = 0.4.0
+Provides: bundled(golang(cloud.google.com/go/compute/metadata)) = 0.7.0
+Provides: bundled(golang(cloud.google.com/go/storage)) = 1.55.0
+Provides: bundled(golang(cloud.google.com/go/storage/experimental)) = 1.55.0
+Provides: bundled(golang(cloud.google.com/go/storage/internal)) = 1.55.0
+Provides: bundled(golang(cloud.google.com/go/storage/internal/apiv2)) = 1.55.0
+Provides: bundled(golang(cloud.google.com/go/storage/internal/apiv2/storagepb)) = 1.55.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/arn)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/auth/bearer)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awserr)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awsutil)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client/metadata)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/corehandlers)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/endpointcreds)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/processcreds)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ssocreds)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/stscreds)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/csm)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/defaults)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/ec2metadata)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/endpoints)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/request)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/session)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/signer/v4)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/context)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/ini)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared/arn)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared/s3err)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkio)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkmath)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkrand)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkuri)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/shareddefaults)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/strings)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sync/singleflight)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/checksum)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/json/jsonutil)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/jsonrpc)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query/queryutil)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/rest)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restjson)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restxml)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3iface)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sso)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/ssooidc)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sso/ssoiface)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.55.7
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.55.7
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity)) = 1.10.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity/internal)) = 1.10.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/appendblob)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blob)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/bloberror)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blockblob)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/internal/base)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/internal/exported)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/internal/generated)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/internal/shared)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/pageblob)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas)) = 1.6.1
+Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/service)) = 1.6.1
+Provides: bundled(golang(github.com/beevik/etree)) = 1.5.1
+Provides: bundled(golang(github.com/containers/libhvee/pkg/kvp)) = 0.10.0
 Provides: bundled(golang(github.com/coreos/go-semver/semver)) = 0.3.1
 Provides: bundled(golang(github.com/coreos/go-systemd/v22/dbus)) = 22.5.0
 Provides: bundled(golang(github.com/coreos/go-systemd/v22/journal)) = 22.5.0
@@ -140,55 +162,58 @@ Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20230201181
 Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20230201181013.gitd72178a18687
 Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20230201181013.gitd72178a18687
 Provides: bundled(golang(github.com/google/renameio/v2)) = 2.0.0
-Provides: bundled(golang(github.com/google/uuid)) = 1.4.0
+Provides: bundled(golang(github.com/google/uuid)) = 1.6.0
 Provides: bundled(golang(github.com/mdlayher/vsock)) = 1.2.1
 Provides: bundled(golang(github.com/mitchellh/copystructure)) = 1.2.0
 Provides: bundled(golang(github.com/pin/tftp)) = 2.1.0
 Provides: bundled(golang(github.com/pin/tftp/netascii)) = 2.1.0
-Provides: bundled(golang(github.com/spf13/pflag)) = 1.0.6-0.20210604193023.gitd5e0c0615ace
-Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.8.4
+Provides: bundled(golang(github.com/spf13/pflag)) = 1.0.6
+Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.10.0
+Provides: bundled(golang(github.com/stretchr/testify/assert/yaml)) = 1.10.0
 Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 1.0.0
 Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20220317130741.git510905f0efa3
 Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20220317130741.git510905f0efa3
 Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20220317130741.git510905f0efa3
 Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20220317130741.git510905f0efa3
 Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20220317130741.git510905f0efa3
-Provides: bundled(golang(golang.org/x/net/bpf)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/context)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/http2)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/http2/hpack)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/http/httpguts)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/http/httpproxy)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/idna)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/internal/timeseries)) = 0.18.0
-Provides: bundled(golang(golang.org/x/net/trace)) = 0.18.0
-Provides: bundled(golang(golang.org/x/oauth2)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/authhandler)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/google)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/google/internal/externalaccount)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/google/internal/externalaccountauthorizeduser)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/google/internal/stsexchange)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/internal)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/jws)) = 0.14.0
-Provides: bundled(golang(golang.org/x/oauth2/jwt)) = 0.14.0
-Provides: bundled(golang(golang.org/x/sys/cpu)) = 0.14.0
-Provides: bundled(golang(golang.org/x/sys/unix)) = 0.14.0
-Provides: bundled(golang(google.golang.org/api/googleapi)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/googleapi/transport)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/iamcredentials/v1)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/internal)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/internal/cert)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/internal/gensupport)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/internal/impersonate)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/internal/third_party/uritemplates)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/iterator)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/option)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/option/internaloption)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/storage/v1)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/transport)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/transport/grpc)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/transport/http)) = 0.151.0
-Provides: bundled(golang(google.golang.org/api/transport/http/internal/propagation)) = 0.151.0
+Provides: bundled(golang(golang.org/x/net/bpf)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/http2)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/http2/hpack)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/http/httpguts)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/http/httpproxy)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/idna)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/internal/httpcommon)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/internal/timeseries)) = 0.41.0
+Provides: bundled(golang(golang.org/x/net/trace)) = 0.41.0
+Provides: bundled(golang(golang.org/x/oauth2)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/authhandler)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/google)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/google/externalaccount)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/google/internal/externalaccountauthorizeduser)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/google/internal/impersonate)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/google/internal/stsexchange)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/internal)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/jws)) = 0.30.0
+Provides: bundled(golang(golang.org/x/oauth2/jwt)) = 0.30.0
+Provides: bundled(golang(golang.org/x/sys/cpu)) = 0.33.0
+Provides: bundled(golang(golang.org/x/sys/unix)) = 0.33.0
+Provides: bundled(golang(golang.org/x/sys/windows)) = 0.33.0
+Provides: bundled(golang(golang.org/x/sys/windows/registry)) = 0.33.0
+Provides: bundled(golang(google.golang.org/api/googleapi)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/googleapi/transport)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/iamcredentials/v1)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/internal)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/internal/cert)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/internal/gensupport)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/internal/impersonate)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/internal/third_party/uritemplates)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/iterator)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/option)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/option/internaloption)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/storage/v1)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/transport)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/transport/grpc)) = 0.236.0
+Provides: bundled(golang(google.golang.org/api/transport/http)) = 0.236.0
 Provides: bundled(golang(gopkg.in/yaml.v3)) = 3.0.1
 
 %description
@@ -261,13 +286,7 @@ This package contains dracut modules, services and binaries needed to enable
 Ignition on IoT/Edge systems.
 
 %prep
-%if 0%{?fedora}
-%goprep -k
-%autopatch -p1
-%else
-%forgeautosetup -p1
-%endif
-
+%setup
 tar xvf %{SOURCE1}
 
 %if 0%{?rhel} && 0%{?rhel} == 10
@@ -275,6 +294,8 @@ tar xvf %{SOURCE1}
 tar xvf %{SOURCE2}
 %endif
 
+%autopatch -v -p1
+
 %build
 export LDFLAGS="-X github.com/coreos/ignition/v2/internal/version.Raw=%{version} -X github.com/coreos/ignition/v2/internal/distro.selinuxRelabel=true "
 %if 0%{?rhel} && 0%{?rhel} <= 8
@@ -288,7 +309,7 @@ LDFLAGS+=' -compressdwarf=false '
 export GOFLAGS="-mod=vendor"
 
 echo "Building ignition..."
-%gobuild -o ./ignition internal/main.go
+GOEXPERIMENT=strictfipsruntime %gobuild -o ./ignition internal/main.go
 
 echo "Building ignition-validate..."
 %gobuild -o ./ignition-validate validate/main.go
@@ -297,17 +318,17 @@ echo "Building ignition-validate..."
 
 %if 0%{?fedora}
 echo "Building statically-linked Linux ignition-validate..."
-CGO_ENABLED=0 GOARCH=arm64 GOOS=linux %gocrossbuild -o ./ignition-validate-aarch64-unknown-linux-gnu-static validate/main.go
-CGO_ENABLED=0 GOARCH=ppc64le GOOS=linux %gocrossbuild -o ./ignition-validate-ppc64le-unknown-linux-gnu-static validate/main.go
-CGO_ENABLED=0 GOARCH=s390x GOOS=linux %gocrossbuild -o ./ignition-validate-s390x-unknown-linux-gnu-static validate/main.go
-CGO_ENABLED=0 GOARCH=amd64 GOOS=linux %gocrossbuild -o ./ignition-validate-x86_64-unknown-linux-gnu-static validate/main.go
+GOEXPERIMENT= CGO_ENABLED=0 GOARCH=arm64 GOOS=linux %gocrossbuild -o ./ignition-validate-aarch64-unknown-linux-gnu-static validate/main.go
+GOEXPERIMENT= CGO_ENABLED=0 GOARCH=ppc64le GOOS=linux %gocrossbuild -o ./ignition-validate-ppc64le-unknown-linux-gnu-static validate/main.go
+GOEXPERIMENT= CGO_ENABLED=0 GOARCH=s390x GOOS=linux %gocrossbuild -o ./ignition-validate-s390x-unknown-linux-gnu-static validate/main.go
+GOEXPERIMENT= CGO_ENABLED=0 GOARCH=amd64 GOOS=linux %gocrossbuild -o ./ignition-validate-x86_64-unknown-linux-gnu-static validate/main.go
 
 echo "Building macOS ignition-validate..."
-GOARCH=amd64 GOOS=darwin %gocrossbuild -o ./ignition-validate-x86_64-apple-darwin validate/main.go
-GOARCH=arm64 GOOS=darwin %gocrossbuild -o ./ignition-validate-aarch64-apple-darwin validate/main.go
+GOEXPERIMENT= GOARCH=amd64 GOOS=darwin %gocrossbuild -o ./ignition-validate-x86_64-apple-darwin validate/main.go
+GOEXPERIMENT= GOARCH=arm64 GOOS=darwin %gocrossbuild -o ./ignition-validate-aarch64-apple-darwin validate/main.go
 
 echo "Building Windows ignition-validate..."
-GOARCH=amd64 GOOS=windows %gocrossbuild -o ./ignition-validate-x86_64-pc-windows-gnu.exe validate/main.go
+GOEXPERIMENT= GOARCH=amd64 GOOS=windows %gocrossbuild -o ./ignition-validate-x86_64-pc-windows-gnu.exe validate/main.go
 %endif
 
 %if 0%{?rhel} && 0%{?rhel} == 10
@@ -357,6 +378,9 @@ install -D -p -m 0755 sgdisk %{buildroot}%{_libexecdir}/ignition-sgdisk
 install -D -p -m 644 COPYING %{buildroot}%{_datadir}/licenses/gdisk/COPYING
 %endif
 
+%post
+ln -s -f %{_libexecdir}/ignition-sgdisk %{_sbindir}/sgdisk
+
 %if %{with check}
 %check
 # Exclude the blackbox tests
@@ -411,7 +435,29 @@ install -D -p -m 644 COPYING %{buildroot}%{_datadir}/licenses/gdisk/COPYING
 %{_prefix}/lib/bootupd/grub2-static/configs.d/05_ignition.cfg
 
 %changelog
+* Thu Dec 18 2025 Darren Archibald <darren.archibald@oracle.com> - 2.22.0-3.0.1
+- Remove sgdisk requirement and create symbolic link to sgdisk [Orabug: 37470782]
+
 ## START: Generated by rpmautospec
+* Tue Nov 18 2025 Steven Presti <spresti@redhat.com> - 2.22.0-3
+- spec: backport fips fix and update build with
+  goexperiment=strictfipsruntime
+
+* Fri Nov 07 2025 Tiago Bueno <tbueno@redhat.com> - 2.22.0-2
+- RHEL-125909: Backport patch to fix device mapper partitioning
+
+* Mon Jul 21 2025 Tiago Bueno <tbueno@redhat.com> - 2.22.0-1
+- spec: new upstream version 2.22.0
+
+* Tue Jun 03 2025 Tiago Bueno <tbueno@redhat.com> - 2.21.0-5
+- Fix TMT prepare plans
+
+* Mon May 19 2025 Tiago Bueno <tbueno@redhat.com> - 2.21.0-4
+- Add initial TMT Gating Test
+
+* Thu Mar 27 2025 Joseph Marrero Corchado <jmarrero@redhat.com> - 2.21.0-3
+- Resolves: #RHEL-85233
+
 * Mon Mar 24 2025 Yasmin Valim <ydesouza@redhat.com> - 2.21.0-2
 - Ignition.cfg -> 05_ignition.cfg rename
 
diff --git a/sources b/sources
index 1491feb..d779d2c 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (gptfdisk-1.0.10.tar.gz) = 76764e176cd92470648a1d7a8d2570ebc41005204e73b0f2dd5a7aff2fc1981d3bec61a3bd68b855cc3474bcb7cf49c1cb2ea25843d4e7945bef7648d548383d
-SHA512 (ignition-2.21.0.tar.gz) = f388dff9f0bf0bbe54ec2e6c88f35fab886b2ca7de6828c10456c0bfa44412d41e624682df1271c153ac9f721b4ace1e70104ee48760e19e13c257b99f8ab453
+SHA512 (ignition-2.22.0.tar.gz) = fd9fbe28b77c0593c4ca3f7d08fcb46c56c29d8fd4365c37856b8ccfd178d3cbb44dbe15effcfada3da851bece893edfe2b4de2c4873a90c909322a8c806143a
 SHA512 (ignition-edge-b8d1b7a.tar.gz) = 4ad167d89a4efeca8a24f24fe5a0bd2e5a1acfa86eb21653d84ad136236c727c328e7da890f3294a2e81b32e7b52435713e71fdbdd9d93d815f1c202b4f49f36