import CS ignition-2.17.0-2.el9

.gitignore

@@ -1 +1,2 @@
-SOURCES/ignition-2.13.0.tar.gz
+SOURCES/ignition-2.17.0.tar.gz
+SOURCES/ignition-edge-35853de.tar.gz

.ignition.metadata

@@ -1 +1,2 @@
-c3434d20b78cde599c03820a86c1b4107f0e8e5c SOURCES/ignition-2.13.0.tar.gz
+eef0ada17df6ee3ede30dd6cf1b65d051333150f SOURCES/ignition-2.17.0.tar.gz
+5478ba1847a798e4bff1b237281086a212a2af57 SOURCES/ignition-edge-35853de.tar.gz

SOURCES/0001-azure-retry-HTTP-requests-on-codes-404-410-and-429.patch

@@ -0,0 +1,97 @@
+From 3babc7a5b767fb60ca877213d9201568205e983f Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Thu, 8 Feb 2024 11:02:27 -0500
+Subject: [PATCH] azure: retry HTTP requests on codes 404, 410, and 429
+
+For some reason, the Azure IMDS server expects clients to retry their
+HTTP requests even on codes that usually would be considered final.
+The documented one is 410[[1]], but let's just match the set from
+cloud-init, which also includes 404 and 429[[2]].
+
+Closes: #1806
+
+[1]: https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux#errors-and-debugging
+[2]: https://github.com/canonical/cloud-init/commit/c1a2047cf291
+
+travier: Edited to cleanly backport on top of 2.17.0
+---
+ internal/providers/azure/azure.go | 11 ++++++++++-
+ internal/resource/http.go         | 17 ++++++++++++++++-
+ internal/resource/url.go          |  4 ++++
+ 3 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/internal/providers/azure/azure.go b/internal/providers/azure/azure.go
+index d3115f2b..caddcff5 100644
+--- a/internal/providers/azure/azure.go
++++ b/internal/providers/azure/azure.go
+@@ -112,7 +112,16 @@ func fetchFromIMDS(f *resource.Fetcher) ([]byte, error) {
+ 	headers := make(http.Header)
+ 	headers.Set("Metadata", "true")
+ 
+-	data, err := f.FetchToBuffer(imdsUserdataURL, resource.FetchOptions{Headers: headers})
++	// Azure IMDS expects some codes <500 to still be retried...
++	// Here, we match the cloud-init set.
++	// https://github.com/canonical/cloud-init/commit/c1a2047cf291
++	// https://github.com/coreos/ignition/issues/1806
++	retryCodes := []int{
++		404, // not found
++		410, // gone
++		429, // rate-limited
++	}
++	data, err := f.FetchToBuffer(imdsUserdataURL, resource.FetchOptions{Headers: headers, RetryCodes: retryCodes})
+ 	if err != nil {
+ 		return nil, fmt.Errorf("fetching to buffer: %w", err)
+ 	}
+diff --git a/internal/resource/http.go b/internal/resource/http.go
+index 0d8edace..872ce253 100644
+--- a/internal/resource/http.go
++++ b/internal/resource/http.go
+@@ -263,6 +263,21 @@ func (f *Fetcher) newHttpClient() error {
+ 	return nil
+ }
+ 
++func shouldRetryHttp(statusCode int, opts FetchOptions) bool {
++	// we always retry 500+
++	if statusCode >= 500 {
++		return true
++	}
++
++	for _, retryCode := range opts.RetryCodes {
++		if statusCode == retryCode {
++			return true
++		}
++	}
++
++	return false
++}
++
+ // httpReaderWithHeader performs an HTTP request on the provided URL with the
+ // provided request header & method and returns the response body Reader, HTTP
+ // status code, a cancel function for the result's context, and error (if any).
+@@ -298,7 +313,7 @@ func (c HttpClient) httpReaderWithHeader(opts FetchOptions, url string) (io.Read
+ 
+ 		if err == nil {
+ 			c.logger.Info("%s result: %s", opts.HTTPVerb, http.StatusText(resp.StatusCode))
+-			if resp.StatusCode < 500 {
++			if !shouldRetryHttp(resp.StatusCode, opts) {
+ 				return resp.Body, resp.StatusCode, cancelFn, nil
+ 			}
+ 			resp.Body.Close()
+diff --git a/internal/resource/url.go b/internal/resource/url.go
+index 58e0b9fc..3d16cc59 100644
+--- a/internal/resource/url.go
++++ b/internal/resource/url.go
+@@ -125,6 +125,10 @@ type FetchOptions struct {
+ 	// HTTPVerb is an HTTP request method to indicate the desired action to
+ 	// be performed for a given resource.
+ 	HTTPVerb string
++
++	// List of HTTP codes to retry that usually would be considered as complete.
++	// Status codes >= 500 are always retried.
++	RetryCodes []int
+ }
+ 
+ // FetchToBuffer will fetch the given url into a temporary file, and then read
+-- 
+2.43.0
+

SOURCES/luks-volume-reuse.patch

@@ -1,56 +0,0 @@
-From aed47c18aee593d155d45c0fe9ba29a9e3123cf6 Mon Sep 17 00:00:00 2001
-From: Benjamin Gilbert <bgilbert@redhat.com>
-Date: Mon, 17 Jan 2022 21:17:08 -0500
-Subject: [PATCH] disks: fix reuse of statically keyed LUKS volume
-
-We need to persist a volume's keyfile to the real root even if we take
-the early `continue` when reusing the volume.  Rather than copying code,
-enable persistence up front and then disable it afterward if we decide
-not to persist the key.
-
-Fixes error:
-
-    CRITICAL : Ignition failed: creating crypttab entries: missing persisted keyfile for [...]
-
-Fixes: https://github.com/coreos/ignition/issues/1305
-Fixes: 65e9c1611128 ("stages/disks: use State to persist keyfiles for files stage")
----
- internal/exec/stages/disks/luks.go | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/internal/exec/stages/disks/luks.go b/internal/exec/stages/disks/luks.go
-index 77ecc24e..5fa15e70 100644
---- a/internal/exec/stages/disks/luks.go
-+++ b/internal/exec/stages/disks/luks.go
-@@ -156,6 +156,13 @@ func (s *stage) createLuks(config types.Config) error {
- 				}
- 			}
- 		}
-+		// store the key to be persisted into the real root
-+		// do this here so device reuse works correctly
-+		key, err := ioutil.ReadFile(keyFilePath)
-+		if err != nil {
-+			return fmt.Errorf("failed to read keyfile %q: %w", keyFilePath, err)
-+		}
-+		s.State.LuksPersistKeyFiles[luks.Name] = dataurl.EncodeBytes(key)
- 
- 		if !util.IsTrue(luks.WipeVolume) {
- 			// If the volume isn't forcefully being created, then we need
-@@ -329,13 +336,7 @@ func (s *stage) createLuks(config types.Config) error {
- 			); err != nil {
- 				return fmt.Errorf("removing key file from luks device: %v", err)
- 			}
--		} else {
--			// store the key to be persisted into the real root
--			key, err := ioutil.ReadFile(keyFilePath)
--			if err != nil {
--				return fmt.Errorf("failed to read keyfile %q: %w", keyFilePath, err)
--			}
--			s.State.LuksPersistKeyFiles[luks.Name] = dataurl.EncodeBytes(key)
-+			delete(s.State.LuksPersistKeyFiles, luks.Name)
- 		}
- 	}
- 
--- 
-2.33.1
-

SPECS/ignition.spec

@@ -2,15 +2,18 @@
 %if 0%{?fedora}
 %bcond_without check
 %else
-# %gocheck isn't currently provided on CentOS/RHEL
+# %%gocheck isn't currently provided on CentOS/RHEL
 # https://bugzilla.redhat.com/show_bug.cgi?id=1982298
 %bcond_with check
 %endif
 
+%global ignedgecommit 35853ded31252937d3390970a89885478651c12e
+%global ignedgeshortcommit %(c=%{ignedgecommit}; echo ${c:0:7})
+
 # https://github.com/coreos/ignition
 %global goipath         github.com/coreos/ignition
 %global gomodulesmode   GO111MODULE=on
-Version:                2.13.0
+Version:                2.17.0
 
 %gometa
 
@@ -19,17 +22,19 @@ Version:                2.13.0
 %global dracutlibdir %{_prefix}/lib/dracut
 
 Name:           ignition
-Release:        1%{?dist}
-Summary:        First boot installer and configuration tool
+Release:        2%{?dist}
+Summary:        First boot installer and configuration tool (RHEL CoreOS only)
 
 # Upstream license specification: Apache-2.0
 License:        ASL 2.0
 URL:            %{gourl}
 Source0:        %{gosource}
-# https://github.com/coreos/ignition/pull/1307
-Patch0:         luks-volume-reuse.patch
+Source1:        https://github.com/fedora-iot/ignition-edge/archive/%{ignedgecommit}/ignition-edge-%{ignedgeshortcommit}.tar.gz
+
+Patch0: 0001-azure-retry-HTTP-requests-on-codes-404-410-and-429.patch
 
 BuildRequires: libblkid-devel
+BuildRequires: systemd-rpm-macros
 
 # Requires for 'disks' stage
 %if 0%{?fedora}
@@ -43,154 +48,130 @@ Requires: dracut-network
 Obsoletes: ignition-dracut < 0.31.0-3
 
 # Generated by `go-mods-to-bundled-provides.py | sort`
-Provides: bundled(golang(cloud.google.com/go)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/compute/metadata)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/iam)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/internal)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/internal/optional)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/internal/trace)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/internal/version)) = 0.58.0
-Provides: bundled(golang(cloud.google.com/go/storage)) = 0.58.0
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/arn)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awserr)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awsutil)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client/metadata)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/corehandlers)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/endpointcreds)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/processcreds)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/stscreds)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/csm)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/defaults)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/ec2metadata)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/endpoints)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/request)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/session)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/signer/v4)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/context)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/ini)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3err)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkio)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkmath)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkrand)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkuri)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/shareddefaults)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/strings)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sync/singleflight)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/json/jsonutil)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query/queryutil)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/rest)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restxml)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/internal/arn)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3iface)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.30.28
-Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.30.28
-Provides: bundled(golang(github.com/coreos/go-semver/semver)) = 0.3.0
-Provides: bundled(golang(github.com/coreos/go-systemd/v22/dbus)) = 22.0.0
-Provides: bundled(golang(github.com/coreos/go-systemd/v22/journal)) = 22.0.0
-Provides: bundled(golang(github.com/coreos/go-systemd/v22/unit)) = 22.0.0
-Provides: bundled(golang(github.com/coreos/vcontext/json)) = 0.0.0-20210407161507.git4ee6c745c8bd
-Provides: bundled(golang(github.com/coreos/vcontext/path)) = 0.0.0-20210407161507.git4ee6c745c8bd
-Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20210407161507.git4ee6c745c8bd
-Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20210407161507.git4ee6c745c8bd
-Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20210407161507.git4ee6c745c8bd
-Provides: bundled(golang(github.com/google/renameio)) = 0.1.0
-Provides: bundled(golang(github.com/google/uuid)) = 1.1.1
+Provides: bundled(golang(cloud.google.com/go/compute/metadata)) = 0.2.3
+Provides: bundled(golang(cloud.google.com/go/storage)) = 1.35.1
+Provides: bundled(golang(cloud.google.com/go/storage/internal)) = 1.35.1
+Provides: bundled(golang(cloud.google.com/go/storage/internal/apiv2)) = 1.35.1
+Provides: bundled(golang(cloud.google.com/go/storage/internal/apiv2/storagepb)) = 1.35.1
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/arn)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/auth/bearer)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awserr)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/awsutil)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/client/metadata)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/corehandlers)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/endpointcreds)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/processcreds)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/ssocreds)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/credentials/stscreds)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/csm)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/defaults)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/ec2metadata)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/endpoints)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/request)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/session)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/aws/signer/v4)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/context)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/ini)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared/arn)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/s3shared/s3err)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkio)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkmath)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkrand)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sdkuri)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/shareddefaults)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/strings)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/internal/sync/singleflight)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/checksum)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/json/jsonutil)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/jsonrpc)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/query/queryutil)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/rest)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restjson)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/restxml)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3iface)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/s3/s3manager)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sso)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/ssooidc)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sso/ssoiface)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts)) = 1.48.0
+Provides: bundled(golang(github.com/aws/aws-sdk-go/service/sts/stsiface)) = 1.48.0
+Provides: bundled(golang(github.com/beevik/etree)) = 1.2.0
+Provides: bundled(golang(github.com/containers/libhvee/pkg/kvp)) = 0.5.0
+Provides: bundled(golang(github.com/coreos/go-semver/semver)) = 0.3.1
+Provides: bundled(golang(github.com/coreos/go-systemd/v22/dbus)) = 22.5.0
+Provides: bundled(golang(github.com/coreos/go-systemd/v22/journal)) = 22.5.0
+Provides: bundled(golang(github.com/coreos/go-systemd/v22/unit)) = 22.5.0
+Provides: bundled(golang(github.com/coreos/vcontext/json)) = 0.0.0-20230201181013.gitd72178a18687
+Provides: bundled(golang(github.com/coreos/vcontext/path)) = 0.0.0-20230201181013.gitd72178a18687
+Provides: bundled(golang(github.com/coreos/vcontext/report)) = 0.0.0-20230201181013.gitd72178a18687
+Provides: bundled(golang(github.com/coreos/vcontext/tree)) = 0.0.0-20230201181013.gitd72178a18687
+Provides: bundled(golang(github.com/coreos/vcontext/validate)) = 0.0.0-20230201181013.gitd72178a18687
+Provides: bundled(golang(github.com/google/renameio/v2)) = 2.0.0
+Provides: bundled(golang(github.com/google/uuid)) = 1.4.0
+Provides: bundled(golang(github.com/mdlayher/vsock)) = 1.2.1
+Provides: bundled(golang(github.com/mitchellh/copystructure)) = 1.2.0
 Provides: bundled(golang(github.com/pin/tftp)) = 2.1.0
 Provides: bundled(golang(github.com/pin/tftp/netascii)) = 2.1.0
-Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.5.1
-Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 0.0.0-20160330182126.git9a301d65acbb
-Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20170707015358.git25eff159a728
-Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20170707015358.git25eff159a728
-Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20170707015358.git25eff159a728
-Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20170707015358.git25eff159a728
-Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20170707015358.git25eff159a728
-Provides: bundled(golang(github.com/vmware/vmw-ovflib)) = 0.0.0-20170608004843.git1f217b9dc714
-Provides: bundled(golang(golang.org/x/net/context)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/context/ctxhttp)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/http2)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/http2/hpack)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/http/httpguts)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/http/httpproxy)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/idna)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/internal/timeseries)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/net/trace)) = 0.0.0-20200602114024.git627f9648deb9
-Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20200107190931.gitbf48bf16ab8d
-Provides: bundled(golang(golang.org/x/oauth2/google)) = 0.0.0-20200107190931.gitbf48bf16ab8d
-Provides: bundled(golang(golang.org/x/oauth2/internal)) = 0.0.0-20200107190931.gitbf48bf16ab8d
-Provides: bundled(golang(golang.org/x/oauth2/jws)) = 0.0.0-20200107190931.gitbf48bf16ab8d
-Provides: bundled(golang(golang.org/x/oauth2/jwt)) = 0.0.0-20200107190931.gitbf48bf16ab8d
-Provides: bundled(golang(golang.org/x/sys/internal/unsafeheader)) = 0.0.0-20200610111108.git226ff32320da
-Provides: bundled(golang(golang.org/x/sys/unix)) = 0.0.0-20200610111108.git226ff32320da
-Provides: bundled(golang(golang.org/x/tools/cmd/goimports)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/analysis)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/inspect)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/ast/astutil)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/ast/inspector)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/buildutil)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/gcexportdata)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/internal/cgo)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/internal/gcimporter)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/internal/packagesdriver)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/loader)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/packages)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/types/objectpath)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/go/types/typeutil)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/analysisinternal)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/event)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/event/core)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/event/keys)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/event/label)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/fastwalk)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/gocommand)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/gopathwalk)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/imports)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(golang.org/x/tools/internal/packagesinternal)) = 0.0.0-20200610160956.git3e83d1e96d0e
-Provides: bundled(golang(google.golang.org/api/googleapi)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/googleapi/transport)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/internal)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/internal/gensupport)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/internal/third_party/uritemplates)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/iterator)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/option)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/option/internaloption)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/storage/v1)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/transport/cert)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/transport/http)) = 0.26.0
-Provides: bundled(golang(google.golang.org/api/transport/http/internal/propagation)) = 0.26.0
-Provides: bundled(golang(google.golang.org/genproto/googleapis/api/annotations)) = 0.0.0-20200610104632.gita5b850bcf112
-Provides: bundled(golang(google.golang.org/genproto/googleapis/iam/v1)) = 0.0.0-20200610104632.gita5b850bcf112
-Provides: bundled(golang(google.golang.org/genproto/googleapis/rpc/code)) = 0.0.0-20200610104632.gita5b850bcf112
-Provides: bundled(golang(google.golang.org/genproto/googleapis/rpc/status)) = 0.0.0-20200610104632.gita5b850bcf112
-Provides: bundled(golang(google.golang.org/genproto/googleapis/type/expr)) = 0.0.0-20200610104632.gita5b850bcf112
-Provides: bundled(golang(go.opencensus.io)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/internal)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/internal/tagencoding)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/metric/metricdata)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/metric/metricproducer)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/plugin/ochttp)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/plugin/ochttp/propagation/b3)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/resource)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/stats)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/stats/internal)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/stats/view)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/tag)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/trace)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/trace/internal)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/trace/propagation)) = 0.22.5
-Provides: bundled(golang(go.opencensus.io/trace/tracestate)) = 0.22.5
+Provides: bundled(golang(github.com/spf13/pflag)) = 1.0.6-0.20210604193023.gitd5e0c0615ace
+Provides: bundled(golang(github.com/stretchr/testify/assert)) = 1.8.4
+Provides: bundled(golang(github.com/vincent-petithory/dataurl)) = 1.0.0
+Provides: bundled(golang(github.com/vmware/vmw-guestinfo/bdoor)) = 0.0.0-20220317130741.git510905f0efa3
+Provides: bundled(golang(github.com/vmware/vmw-guestinfo/message)) = 0.0.0-20220317130741.git510905f0efa3
+Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcout)) = 0.0.0-20220317130741.git510905f0efa3
+Provides: bundled(golang(github.com/vmware/vmw-guestinfo/rpcvmx)) = 0.0.0-20220317130741.git510905f0efa3
+Provides: bundled(golang(github.com/vmware/vmw-guestinfo/vmcheck)) = 0.0.0-20220317130741.git510905f0efa3
+Provides: bundled(golang(golang.org/x/net/bpf)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/context)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/http2)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/http2/hpack)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/http/httpguts)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/http/httpproxy)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/idna)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/internal/timeseries)) = 0.18.0
+Provides: bundled(golang(golang.org/x/net/trace)) = 0.18.0
+Provides: bundled(golang(golang.org/x/oauth2)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/authhandler)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/google)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/google/internal/externalaccount)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/google/internal/externalaccountauthorizeduser)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/google/internal/stsexchange)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/internal)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/jws)) = 0.14.0
+Provides: bundled(golang(golang.org/x/oauth2/jwt)) = 0.14.0
+Provides: bundled(golang(golang.org/x/sys/cpu)) = 0.14.0
+Provides: bundled(golang(golang.org/x/sys/unix)) = 0.14.0
+Provides: bundled(golang(google.golang.org/api/googleapi)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/googleapi/transport)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/iamcredentials/v1)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/internal)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/internal/cert)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/internal/gensupport)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/internal/impersonate)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/internal/third_party/uritemplates)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/iterator)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/option)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/option/internaloption)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/storage/v1)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/transport)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/transport/grpc)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/transport/http)) = 0.151.0
+Provides: bundled(golang(google.golang.org/api/transport/http/internal/propagation)) = 0.151.0
+Provides: bundled(golang(gopkg.in/yaml.v3)) = 3.0.1
 
 %description
+This software is currently only supported on RHEL CoreOS.
+
 Ignition is a utility used to manipulate systems during the initramfs.
 This includes partitioning disks, formatting partitions, writing files
 (regular files, systemd units, etc.), and configuring users. On first
@@ -217,22 +198,39 @@ the configuration.
 
 This package contains a tool for validating Ignition configurations.
 
-############## validate-nonlinux subpackage ##############
+############## validate-redistributable subpackage ##############
 
 %if 0%{?fedora}
-%package validate-nonlinux
+%package validate-redistributable
 
-Summary:   Validation tool for Ignition configs for macOS and Windows
+Summary:   Statically linked validation tool for Ignition configs
 License:   ASL 2.0
 BuildArch: noarch
 
 Conflicts: ignition < 0.31.0-3
 
-%description validate-nonlinux
-This package contains macOS and Windows ignition-validate binaries built
-through cross-compilation. Do not install it. It is only used for
-building binaries to sign by Fedora release engineering and include on the
-Ignition project's Github releases page.
+# In case someone has this subpackage installed, obsolete the old name
+# Drop in Fedora 38
+Obsoletes:     ignition-validate-nonlinux < 2.13.0-4
+
+%description validate-redistributable
+This package contains statically linked Linux, macOS, and Windows
+ignition-validate binaries built through cross-compilation. Do not install it.
+It is only used for building release binaries to be signed by Fedora release
+engineering and uploaded to the Ignition GitHub releases page.
+%endif
+
+############## ignition-edge subpackage ##############
+
+%if 0%{?rhel} && !0%{?eln}
+%package edge
+
+Summary:  Enablement glue for Ignition on IoT/Edge systems
+License:  ASL 2.0
+
+%description edge
+This package contains dracut modules, services and binaries needed to enable
+Ignition on IoT/Edge systems.
 %endif
 
 %prep
@@ -241,13 +239,18 @@ Ignition project's Github releases page.
 %autopatch -p1
 %else
 %forgeautosetup -p1
+tar xvf %{SOURCE1}
 %endif
 
 %build
 export LDFLAGS="-X github.com/coreos/ignition/v2/internal/version.Raw=%{version} -X github.com/coreos/ignition/v2/internal/distro.selinuxRelabel=true "
-%if 0%{?rhel} || 0%{?centos}
+%if 0%{?rhel} && 0%{?rhel} <= 8
+# Disable writing ssh keys fragments on RHEL/CentOS <= 8
+LDFLAGS+=' -X github.com/coreos/ignition/v2/internal/distro.writeAuthorizedKeysFragment=false '
+%endif
+%if 0%{?rhel}
 # Need uncompressed debug symbols for debuginfo extraction
-LDFLAGS+=' -X github.com/coreos/ignition/v2/internal/distro.writeAuthorizedKeysFragment=false -compressdwarf=false '
+LDFLAGS+=' -compressdwarf=false '
 %endif
 export GOFLAGS="-mod=vendor"
 
@@ -260,6 +263,12 @@ echo "Building ignition-validate..."
 %global gocrossbuild go build -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x
 
 %if 0%{?fedora}
+echo "Building statically-linked Linux ignition-validate..."
+CGO_ENABLED=0 GOARCH=arm64 GOOS=linux %gocrossbuild -o ./ignition-validate-aarch64-unknown-linux-gnu-static validate/main.go
+CGO_ENABLED=0 GOARCH=ppc64le GOOS=linux %gocrossbuild -o ./ignition-validate-ppc64le-unknown-linux-gnu-static validate/main.go
+CGO_ENABLED=0 GOARCH=s390x GOOS=linux %gocrossbuild -o ./ignition-validate-s390x-unknown-linux-gnu-static validate/main.go
+CGO_ENABLED=0 GOARCH=amd64 GOOS=linux %gocrossbuild -o ./ignition-validate-x86_64-unknown-linux-gnu-static validate/main.go
+
 echo "Building macOS ignition-validate..."
 GOARCH=amd64 GOOS=darwin %gocrossbuild -o ./ignition-validate-x86_64-apple-darwin validate/main.go
 
@@ -271,6 +280,10 @@ GOARCH=amd64 GOOS=windows %gocrossbuild -o ./ignition-validate-x86_64-pc-windows
 # dracut modules
 install -d -p %{buildroot}/%{dracutlibdir}/modules.d
 cp -r dracut/* %{buildroot}/%{dracutlibdir}/modules.d/
+install -m 0644 -D -t %{buildroot}/%{_unitdir} systemd/ignition-delete-config.service
+install -m 0755 -d %{buildroot}/%{_libexecdir}
+ln -sf ../lib/dracut/modules.d/30ignition/ignition %{buildroot}/%{_libexecdir}/ignition-apply
+ln -sf ../lib/dracut/modules.d/30ignition/ignition %{buildroot}/%{_libexecdir}/ignition-rmcfg
 
 # ignition
 install -d -p %{buildroot}%{_bindir}
@@ -278,14 +291,22 @@ install -p -m 0755 ./ignition-validate %{buildroot}%{_bindir}
 
 %if 0%{?fedora}
 install -d -p %{buildroot}%{_datadir}/ignition
+install -p -m 0644 ./ignition-validate-aarch64-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
+install -p -m 0644 ./ignition-validate-ppc64le-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
+install -p -m 0644 ./ignition-validate-s390x-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
 install -p -m 0644 ./ignition-validate-x86_64-apple-darwin %{buildroot}%{_datadir}/ignition
 install -p -m 0644 ./ignition-validate-x86_64-pc-windows-gnu.exe %{buildroot}%{_datadir}/ignition
+install -p -m 0644 ./ignition-validate-x86_64-unknown-linux-gnu-static %{buildroot}%{_datadir}/ignition
 %endif
 
 # The ignition binary is only for dracut, and is dangerous to run from
 # the command line.  Install directly into the dracut module dir.
 install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition
 
+%if 0%{?rhel} && !0%{?eln}
+%make_install -C ignition-edge-%{ignedgecommit}
+%endif
+
 %if %{with check}
 %check
 # Exclude the blackbox tests
@@ -295,7 +316,10 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition
 %files
 %license %{golicenses}
 %doc %{godocs}
-%{dracutlibdir}/modules.d/*
+%{dracutlibdir}/modules.d/30ignition/*
+%{_unitdir}/ignition-delete-config.service
+%{_libexecdir}/ignition-apply
+%{_libexecdir}/ignition-rmcfg
 
 %files validate
 %doc README.md
@@ -303,14 +327,69 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition
 %{_bindir}/ignition-validate
 
 %if 0%{?fedora}
-%files validate-nonlinux
+%files validate-redistributable
 %license %{golicenses}
 %dir %{_datadir}/ignition
+%{_datadir}/ignition/ignition-validate-aarch64-unknown-linux-gnu-static
+%{_datadir}/ignition/ignition-validate-ppc64le-unknown-linux-gnu-static
+%{_datadir}/ignition/ignition-validate-s390x-unknown-linux-gnu-static
 %{_datadir}/ignition/ignition-validate-x86_64-apple-darwin
 %{_datadir}/ignition/ignition-validate-x86_64-pc-windows-gnu.exe
+%{_datadir}/ignition/ignition-validate-x86_64-unknown-linux-gnu-static
+%endif
+
+%if 0%{?rhel} && !0%{?eln}
+%files edge
+%license %{golicenses}
+%doc %{godocs}
+%{dracutlibdir}/modules.d/35ignition-edge/*
+%{dracutlibdir}/modules.d/10coreos-sysctl/*
+%{dracutlibdir}/modules.d/99emergency-shell-setup/*
+%{dracutlibdir}/modules.d/99journal-conf/*
+%{_unitdir}/coreos-check-ssh-keys.service
+%{_unitdir}/coreos-ignition-write-issues.service
+%{_unitdir}/ignition-firstboot-complete.service
+%{_libexecdir}/coreos-ignition-write-issues
+%{_libexecdir}/coreos-check-ssh-keys
 %endif
 
 %changelog
+* Fri Feb 09 2024 Timothée Ravier <tim@siosm.fr> - 2.17.0-2
+- Backport fix for unexpected Azure IMDS status codes
+
+* Mon Dec 18 2023 Yasmin Valim <ydesouza@redhat.com> - 2.17.0-1
+- New release
+
+* Thu Jul 13 2023 Benjamin Gilbert <bgilbert@redhat.com> - 2.16.2-1
+- New release
+
+* Tue May 30 2023 Antonio Murdaca <antoniomurdaca@gmail.com> - 2.15.0-2
+- Fix Edge's Anaconda installer (#2203233)
+
+* Wed Feb 22 2023 Benjamin Gilbert <bgilbert@redhat.com> - 2.15.0-1
+- New release
+- Clarify -edge subpackage summary and description
+
+* Tue Nov 22 2022 Antonio Murdaca <antoniomurdaca@gmail.com> - 2.14.0-4
+- Rebuild to include ignition-edge subpackage (#2144789)
+
+* Mon Oct 10 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.14.0-3
+- Rebuild for unblocking ignition-validate subpackage (#2121002)
+
+* Tue Aug 9 2022 Christian Glombek <cglombek@redhat.com> - 2.14.0-2
+- Enable writing ssh keys fragments on RHEL/CentOS >= 9
+
+* Thu May 26 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.14.0-1
+- New release
+- Add ignition-apply symlink
+- Add ignition-rmcfg symlink and ignition-delete-config.service
+
+* Mon Mar 21 2022 Sohan Kunkerkar <skunkerk@redhat.com> - 2.13.0-2
+- Rename -validate-nonlinux subpackage to -validate-redistributable
+- Add static Linux binaries to -redistributable
+- Fix macro invocation in comment
+- Avoid kernel lockdown on VMware when running with secure boot
+
 * Thu Jan 20 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.13.0-1
 - New release
 - Fix LUKS volume reuse