Merge branch 'main' into efi_drivers

2025-05-06 23:16:19 +00:00 · 2024-04-24 08:48:49 +00:00 · 2024-04-24 08:48:49 +00:00 · 6f4e3fbd12
commit 6f4e3fbd12
parent 57ebdb0062 ce762b32ac
47 changed files with 240 additions and 250 deletions
--- a/.github/workflows/autoapprove.yml
+++ b/.github/workflows/autoapprove.yml
@ -0,0 +1,35 @@
+name: ci-robbot auto-approve
+on:
+- pull_request_target
+
+permissions:
+  contents: write
+  pull-requests: write
+  packages: read
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'ci-robbot' }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Approve a PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL"
+            if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then
+            gh pr review --approve "$PR_URL"
+          else
+            echo "PR already approved.";
+          fi
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/build-arm64.yaml
+++ b/.github/workflows/build-arm64.yaml
@ -92,3 +92,4 @@ jobs:
        REPOSITORY_TYPE: docker
        createRepo: true
        pushCache: true
+        revisionSHA: true
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -83,3 +83,4 @@ jobs:
        REPOSITORY_TYPE: docker
        createRepo: true
        pushCache: true
+        revisionSHA: true
--- a/.github/workflows/one.yaml
+++ b/.github/workflows/one.yaml
@ -69,3 +69,4 @@ jobs:
          REPOSITORY_TYPE: docker
          createRepo: true
          pushCache: true
+          revisionSHA: true
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@ -14,13 +14,13 @@ jobs:
          fetch-depth: 0
      - name: Get changed files
        id: changed-files
-        uses: tj-actions/changed-files@v42
+        uses: tj-actions/changed-files@v44
        with:
          files: packages/**
      - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.21.1
+          go-version-file: tools/bump-validator/go.mod
      - name: Validate changed packages bump version
        if: steps.changed-files.outputs.any_changed == 'true'
        env:
@ -44,9 +44,9 @@ jobs:
        platforms: all
    - name: Set up Docker Buildx
      id: buildx
-      uses: docker/setup-buildx-action@v3.0.0
+      uses: docker/setup-buildx-action@v3.3.0
    - name: Download meta 🔧
-      uses: luet-lab/luet-github-action@v0.1.2
+      uses: luet-lab/luet-github-action@v0.2.1
      with:
        FINAL_REPO: quay.io/kairos/packages-arm64
        REPOSITORY_TYPE: docker
@ -54,7 +54,7 @@ jobs:
        downloadFromList: true
        downloadMeta: true
    - name: Build packages 🔧
-      uses: luet-lab/luet-github-action@v0.1.2
+      uses: luet-lab/luet-github-action@v0.2.1
      with:
        build: true
        fromIndex: true
@ -78,7 +78,7 @@ jobs:
          git fetch --prune --unshallow
          mkdir build
      - name: Download meta 🔧
-        uses: luet-lab/luet-github-action@v0.1.2
+        uses: luet-lab/luet-github-action@v0.2.1
        with:
          FINAL_REPO: quay.io/kairos/packages
          REPOSITORY_TYPE: docker
@ -86,7 +86,7 @@ jobs:
          downloadFromList: true
          downloadMeta: true
      - name: Build packages 🔧
-        uses: luet-lab/luet-github-action@v0.1.2
+        uses: luet-lab/luet-github-action@v0.2.1
        with:
          build: true
          fromIndex: true
--- a/.github/workflows/renovate_auto.yml
+++ b/.github/workflows/renovate_auto.yml
@ -0,0 +1,35 @@
+name: Renovate auto-merge
+on:
+- pull_request_target
+
+permissions:
+  contents: write
+  pull-requests: write
+  packages: read
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'renovate[bot]' }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Approve a PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL"
+            if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then
+            gh pr review --approve "$PR_URL"
+          else
+            echo "PR already approved.";
+          fi
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Enable auto-merge for Renovate PRs
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
--- a/packages/alpine/collection.yaml
+++ b/packages/alpine/collection.yaml
@ -1,7 +1,7 @@
 packages:
  - name: "alpine"
    category: "initrd"
-    version: "3.8.1+2"
+    version: "3.8.1+4"
    description: "Provides custom initrd scripts for alpine"
 # This syncs with the alpine version at https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in?ref_type=heads
 # any changes to the initramfs-init.in file should be looked at and backported if necessary
--- a/packages/alpine/files/initramfs-init
+++ b/packages/alpine/files/initramfs-init
@ -1,6 +1,6 @@
 #!/bin/sh

-VERSION=3.8.1-kairos1
+VERSION=3.8.1-kairos2
 INIT=/sbin/init
 sysroot="$ROOT"/sysroot

@ -393,19 +393,20 @@ fi
 # Path for booting from livecd
 if grep -q cdroot /proc/cmdline ;then
  rd_break pre-livecd
-  echo "Mounting LiveCD"
+  echo "Mounting Live Media"
  sync
+  label=$(grep -o CDLABEL.* /proc/cmdline | cut -f 1 -d ' ' | cut -f 2 -d '=' )
  # Create mountpoints
  ebegin "Create mountpoints"
  mkdir -p /media/root-ro /media/root-rw /run/rootfsbase $sysroot/media/root-ro $sysroot/media/root-rw $sysroot/run/rootfsbase
  eend $?
  # Between udev starting, we loading the modules and the cdrom appearing sometimes there is a delay, so lets wait a bit here
-  ebegin "Waiting for cdrom to be available"
-  retry 10 test -e /dev/sr0
+  ebegin "Waiting for Live Media to be available"
+  retry 10 test -e /dev/disk/by-label/$label
  eend
  # Mount read-only livecd
-  ebegin "Mount LiveCD RO"
-  retry 10 mount /dev/sr0 /media/root-ro
+  ebegin "Mount Live Media RO"
+  retry 10 mount /dev/disk/by-label/$label /media/root-ro
  eend $?
  sync
  # Mount squashfs into loop device
--- a/packages/dracut/immucore/build.yaml
+++ b/packages/dracut/immucore/build.yaml
@ -1,18 +0,0 @@
-image: "alpine"
-
-prelude:
-  - apk add git
-  - |
-    PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \
-    git clone https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git && cd {{.Values.name}} && git checkout v"${PACKAGE_VERSION}"
-
-steps:
-  - mkdir -p /package/usr/lib/dracut/modules.d
-  - mkdir -p /package/etc/dracut.conf.d/
-  - cp -r {{.Values.name}}/dracut/28immucore /package/usr/lib/dracut/modules.d/28immucore
-  - cp {{.Values.name}}/dracut/*.conf /package/etc/dracut.conf.d/
-
-env:
-  - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }}
-
-package_dir: "/package"
--- a/packages/dracut/immucore/definition.yaml
+++ b/packages/dracut/immucore/definition.yaml
@ -1,11 +0,0 @@
-name: "immucore"
-category: "dracut"
-version: "0.1.14"
-labels:
-  github.repo: "immucore"
-  autobump.revdeps: "true"
-  github.owner: "kairos-io"
-uri:
-  - https://github.com/kairos-io/kcrypt
-license: "Apache License v2"
-description: "Dracut module for immucore"
--- a/packages/firmware/opensuse/collection.yaml
+++ b/packages/firmware/opensuse/collection.yaml
@ -4,7 +4,7 @@ packages:
    version: "20170419-5.220"
  - name: "u-boot-rpi64"
    category: "firmware"
-    version: "2024.01-1.1"
+    version: "2024.04-2.1"
    labels:
      autobump.strategy: "custom"
      autobump.string_replace: '{ "prefix": "" }'
@ -16,11 +16,11 @@ packages:
      # We do assume that checksum is sha256
      autobump.checksum_hook: |
        curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="u-boot-rpiarm64") | select(.arch!="src").checksum."#text"' -r | tail -n1
-      package.version: "2024.01-1.1"
-      package.checksum: "3315453834d23201afc0945fa759742a46671ef972513c5999e951465694c662c910868bf3ab0dbd92297e154e2d0eae477e2aa968b99fdec942c3e67e4b270d"
+      package.version: "2024.04-2.1"
+      package.checksum: "c590b4820a8f325bfe41bc1302ea4066d9de8621bb3718a988f3f1373ff8c503356374f33aca3835832e1336367eb802c94f21d726053304ac88d11a1efd6404"
  - name: "raspberrypi-firmware"
    category: "firmware"
-    version: "2023.11.21-1.1"
+    version: "2024.03.27-1.1"
    labels:
      autobump.strategy: "custom"
      autobump.string_replace: '{ "prefix": "" }'
@ -32,11 +32,11 @@ packages:
      # We do assume that checksum is sha256
      autobump.checksum_hook: |
        curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="raspberrypi-firmware") | select(.arch!="src").checksum."#text"' -r | tail -n1
-      package.version: "2023.11.21-1.1"
-      package.checksum: "f21f510b968f8b49ca98250f4985b2d5c5382a6d18fa088272826fe19834287cc5027de2041752b2a9d3c8ea284cc165f882410ebbc5327ae6c3969b91912058"
+      package.version: "2024.03.27-1.1"
+      package.checksum: "b557423675f8aadaa7a48c29e27dcbf2dc8a990fcc13fa7b2839dfc6afe281e54a0326bb881b244f77412d09f93df46a648abd3fb7c85716f2f207b8729e1219"
  - name: "raspberrypi-firmware-config"
    category: "firmware"
-    version: "2023.11.21-1.1"
+    version: "2024.03.27-1.1"
    labels:
      autobump.strategy: "custom"
      autobump.string_replace: '{ "prefix": "" }'
@ -48,11 +48,11 @@ packages:
      # We do assume that checksum is sha256
      autobump.checksum_hook: |
        curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="raspberrypi-firmware-config") | select(.arch!="src").checksum."#text"' -r | tail -n1
-      package.version: "2023.11.21-1.1"
-      package.checksum: "022aaea609c6f4503c46a9b72203e60220bd2a9792ca413f55b1e1e6736626781f89ed20a18e33fdafd0ffb0c7bd1a405deae87fb295ab6ef3adb4dd88ece6f1"
+      package.version: "2024.03.27-1.1"
+      package.checksum: "93514ec07d396888f4f09712c8c96258d857dba0321c30dfe827ebeb6887f5904f080a0947e51f269868530ac6a67b9054caf97abd57b12ce3984cc721d58bee"
  - name: "raspberrypi-firmware-dt"
    category: "firmware"
-    version: "2023.11.21-2.1"
+    version: "2023.11.21-3.3"
    labels:
      autobump.strategy: "custom"
      autobump.string_replace: '{ "prefix": "" }'
@ -64,5 +64,5 @@ packages:
      # We do assume that checksum is sha256
      autobump.checksum_hook: |
        curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="raspberrypi-firmware-dt") | select(.arch!="src").checksum."#text"' -r | tail -n1
-      package.version: "2023.11.21-2.1"
-      package.checksum: "36539b4b9270139fb313971e8c7851f3015fcc87f5a271f20a0cee92f4ff3f0ceeb620dd847f8e38469d3c216635c0d492bb553e44bfb41b74ea8a83850e51d0"
+      package.version: "2023.11.21-3.3"
+      package.checksum: "efbe401a3e2fdec4fb73d59ebfac9175f933b8e74416cdf5867eae3b04cbb3fff07ba8fa2d0b2782ae607a82df2f465fe210334780cf19d7bc3ca5c90c49811b"
--- a/packages/k8s/k3s/build.yaml
+++ b/packages/k8s/k3s/build.yaml
@ -1,5 +1,5 @@
 requires:
- name: "toolchain-go"
+- name: "toolchain-go-ubuntu"
  category: "development"
  version: ">=0"
 env:
@ -31,18 +31,10 @@ steps:
  - bash installer.sh agent
  - rm -rf installer.sh
  - chmod +x /usr/bin/k3s
-  - TAG=$INSTALL_K3S_VERSION ./fetch-template.sh
-  - mkdir -p /usr/share/config/kairos/k3s/
-  - mv config.toml.tmpl /usr/share/config/kairos/k3s/containerd-config.toml.tmpl
+  - upx -1 /usr/bin/k3s

 includes:
 - ^/usr/bin/k3s
- ^/usr$
- ^/usr/share$
- ^/usr/share/config$
- ^/usr/share/config/kairos$
- ^/usr/share/config/kairos/k3s$
- ^/usr/share/config/kairos/k3s/containerd-config.toml.tmpl$
 {{ if eq .Values.name "k3s-openrc" }}
 - ^/etc/init.d/$
 - ^/etc/init.d/k3s.*
--- a/packages/k8s/k3s/collection.yaml
+++ b/packages/k8s/k3s/collection.yaml
@ -1,77 +1,78 @@
 packages:
  - name: k3s-openrc
    category: k8s
-    version: "1.29.0+2"
+    version: "1.29.3"
    k3s_version: "2"
    labels:
      github.owner: "k3s-io"
      github.repo: "k3s"
      autobump.sed_script: 's/\+k3s1//g'
+      autobump.skip_if_contains: '["rc"]'
    uri:
      - https://github.com/k3s-io/k3s
    license: "APL-2"
    description: " Lightweight Kubernetes "
-
  - name: k3s-openrc
    category: k8s
-    version: "1.28.5+2"
+    version: "1.28.5+4"
    k3s_version: "2"
    labels:
      github.owner: "k3s-io"
      github.repo: "k3s"
      autobump.sed_script: 's/\+k3s1//g'
+      autobump.skip_if_contains: '["rc"]'
    uri:
      - https://github.com/k3s-io/k3s
    license: "APL-2"
    description: " Lightweight Kubernetes "
-
  - name: k3s-openrc
    category: k8s
-    version: "1.27.9+2"
+    version: "1.27.9+4"
    k3s_version: "2"
    labels:
      github.owner: "k3s-io"
      github.repo: "k3s"
      autobump.sed_script: 's/\+k3s1//g'
+      autobump.skip_if_contains: '["rc"]'
    uri:
      - https://github.com/k3s-io/k3s
    license: "APL-2"
    description: " Lightweight Kubernetes "
-
  - name: k3s-systemd
    category: k8s
-    version: "1.29.0+2"
+    version: "1.29.3"
    k3s_version: "2"
    labels:
      github.owner: "k3s-io"
      github.repo: "k3s"
      autobump.sed_script: 's/\+k3s1//g'
+      autobump.skip_if_contains: '["rc"]'
    uri:
      - https://github.com/k3s-io/k3s
    license: "APL-2"
    description: " Lightweight Kubernetes "
-
  - name: k3s-systemd
    category: k8s
-    version: "1.28.5+2"
+    version: "1.28.5+4"
    k3s_version: "2"
    labels:
      github.owner: "k3s-io"
      github.repo: "k3s"
      autobump.sed_script: 's/\+k3s1//g'
+      autobump.skip_if_contains: '["rc"]'
    uri:
      - https://github.com/k3s-io/k3s
    license: "APL-2"
    description: " Lightweight Kubernetes "
-
  - name: k3s-systemd
    category: k8s
-    version: "1.27.9+2"
+    version: "1.27.9+4"
    k3s_version: "2"
    labels:
      github.owner: "k3s-io"
      github.repo: "k3s"
      autobump.sed_script: 's/\+k3s1//g'
+      autobump.skip_if_contains: '["rc"]'
    uri:
      - https://github.com/k3s-io/k3s
    license: "APL-2"
--- a/packages/k8s/k3s/fetch-template.sh
+++ b/packages/k8s/k3s/fetch-template.sh
@ -1,43 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [[ -z $TAG ]]; then
-  echo "TAG should be set"
-  exit 1
-fi
-
-cleanup() {
-  echo "Cleaning up..."
-  rm -rf "$tmp_dir"
-}
-trap cleanup EXIT
-
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-
-TMPDIR=$(mktemp -d)
-cd $TMPDIR
-echo $TMPDIR
-
-git clone --depth 1 --branch $TAG https://github.com/k3s-io/k3s.git
-cd $TMPDIR/k3s
-
-cat << EOF > main.go
-package main
-
-import (
-	"fmt"
-
-	"github.com/k3s-io/k3s/pkg/agent/templates"
-)
-
-func main() {
-	fmt.Printf(templates.ContainerdConfigTemplate)
-}
-EOF
-
-go run . > $SCRIPT_DIR/config.toml.tmpl
-
-sed -i '/runc.options/a\
-  NoPivotRoot = true
-' $SCRIPT_DIR/config.toml.tmpl
--- a/packages/static/kairos-overlay-files/collection.yaml
+++ b/packages/static/kairos-overlay-files/collection.yaml
@ -1,4 +1,4 @@
 packages:
  - name: "kairos-overlay-files"
    category: "static"
-    version: "1.1.29"
+    version: "1.1.32"
--- a/packages/static/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg
+++ b/packages/static/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg
@ -1,11 +1,11 @@
 menuentry "Kairos remote recovery" --id remoterecovery {
-    if search.file /cOS/recovery.squashfs ; then
+    search --no-floppy --label --set=root COS_RECOVERY
+    if [ test -s /cOS/recovery.squashfs ]; then
        set img=/cOS/recovery.squashfs
        set recoverylabel=COS_RECOVERY
    else
        set img=/cOS/recovery.img
    fi
-    search.fs_label COS_RECOVERY root
    set label=COS_SYSTEM
    loopback loop0 /$img
    set root=($root)
@ -15,13 +15,13 @@ menuentry "Kairos remote recovery" --id remoterecovery {
 }

 menuentry "Kairos state reset (auto)" --id statereset {
-    if search.file /cOS/recovery.squashfs ; then
+    search --no-floppy --label --set=root COS_RECOVERY
+    if [ test -s /cOS/recovery.squashfs ]; then
        set img=/cOS/recovery.squashfs
        set recoverylabel=COS_RECOVERY
    else
        set img=/cOS/recovery.img
    fi
-    search.fs_label COS_RECOVERY root
    set label=COS_SYSTEM
    loopback loop0 /$img
    set root=($root)
--- a/packages/static/kairos-overlay-files/files/system/oem/00_rootfs_uki.yaml
+++ b/packages/static/kairos-overlay-files/files/system/oem/00_rootfs_uki.yaml
@ -8,7 +8,7 @@
 name: "Rootfs Layout Settings for UKI"
 stages:
  rootfs:
-    - if: '[ -e "/run/cos/uki_boot_mode" ] && [ ! -e "/run/cos/recovery_mode" ]'
+    - if: '[ -e "/run/cos/uki_boot_mode" ] && [ ! -e "/run/cos/recovery_mode" ] && [ ! -e "/run/cos/autoreset_mode" ]'
      name: "Layout configuration for UKI boot"
      environment_file: /run/cos/cos-layout.env
      environment:
@ -46,9 +46,9 @@ stages:
          /var/lib/wicked
          /var/log
          /var/snap
-    - if: '[ -e "/run/cos/uki_boot_mode" ] && [ -e "/run/cos/recovery_mode" ]'
-      # omit the persistent partition on recovery mode
-      name: "Layout configuration for recovery mode on UKI"
+    - if: '[ -e "/run/cos/uki_boot_mode" ] && ([ -e "/run/cos/recovery_mode" ] || [ -e "/run/cos/autoreset_mode" ])'
+      # omit the persistent partition on recovery mode/autoreset
+      name: "Layout configuration for recovery/autoreset mode on UKI"
      environment_file: /run/cos/cos-layout.env
      environment:
        OVERLAY: "tmpfs:25%"
--- a/packages/static/kairos-overlay-files/files/system/oem/51_reset.yaml
+++ b/packages/static/kairos-overlay-files/files/system/oem/51_reset.yaml
@ -3,7 +3,7 @@ stages:
  initramfs:
    - name: "Starts kairos-reset for systemd based systems"
      if: |
-        grep -q "kairos.reset" /proc/cmdline && \
+        (grep -q "kairos.reset" /proc/cmdline || [ -f /run/cos/autoreset_mode ]) && \
        ( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] )
      commands:
        - systemctl disable getty@tty1
@ -14,4 +14,4 @@ stages:
      if: grep -q "kairos.reset" /proc/cmdline && [ -f "/sbin/openrc" ]
      commands:
        - sed -i -e 's/tty1.*//g' /etc/inittab
-        - echo "tty1::respawn:/usr/bin/kairos-agent reset tty1" >> /etc/inittab
+        - echo "tty1::respawn:/usr/bin/kairos-agent reset --unattended --reboot tty1" >> /etc/inittab
--- a/packages/static/kairos-overlay-files/files/system/oem/53_k3s.yaml
+++ b/packages/static/kairos-overlay-files/files/system/oem/53_k3s.yaml
@ -1,7 +0,0 @@
-name: "k3s configuration"
-stages:
-  boot:
-    - if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -e "/run/cos/uki_install_mode" ] && [[ $(source /etc/os-release; echo "$KAIROS_VARIANT") == "standard" ]]'
-      commands:
-        - mkdir -p /var/lib/rancher/k3s/agent/etc/containerd
-        - cp /usr/share/config/kairos/k3s/containerd-config.toml.tmpl /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl
--- a/packages/system/immucore/build.yaml
+++ b/packages/system/immucore/build.yaml
@ -2,7 +2,7 @@
 requires:
  - name: "toolchain-go-ubuntu"
    category: "fips"
-    version: ">=0"
+    version: ">=1.19.10+1"
 {{else}}
 requires:
  - name: "toolchain-go-ubuntu"
@ -34,5 +34,11 @@ steps:
 {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
  - /usr/bin/{{.Values.name}} version | grep -i boringcrypto
 {{end}}
+  - mkdir -p /usr/lib/dracut/modules.d
+  - mkdir -p /etc/dracut.conf.d/
+  - cp -r go/src/github.com/${GITHUB_ORG}/{{.Values.name}}/dracut/28immucore /usr/lib/dracut/modules.d/28immucore
+  - cp go/src/github.com/${GITHUB_ORG}/{{.Values.name}}/dracut/10-immucore.conf /etc/dracut.conf.d/10-immucore.conf
 includes:
  - /usr/bin/{{.Values.name}}
+  - /usr/lib/dracut/modules.d/28immucore
+  - /etc/dracut.conf.d/10-immucore.conf
--- a/packages/system/immucore/collection.yaml
+++ b/packages/system/immucore/collection.yaml
@ -1,7 +1,18 @@
 packages:
  - name: "immucore"
    category: "system"
-    version: "0.1.14"
+    version: "0.1.25"
+    labels:
+      github.repo: "immucore"
+      autobump.revdeps: "true"
+      github.owner: "kairos-io"
+    uri:
+      - https://github.com/kairos-io/immucore
+    license: "Apache License v2"
+    description: "The Kairos immutability management interface"
+  - name: "immucore"
+    category: "system"
+    version: "0.1.17-3"
    labels:
      github.repo: "immucore"
      autobump.revdeps: "true"
@ -12,7 +23,7 @@ packages:
    description: "The Kairos immutability management interface"
  - name: "immucore"
    category: "fips"
-    version: "0.1.14"
+    version: "0.1.25"
    labels:
      github.repo: "immucore"
      autobump.revdeps: "true"
@ -21,16 +32,3 @@ packages:
      - https://github.com/kairos-io/immucore
    license: "Apache License v2"
    description: "The Kairos immutability management interface"
-    # doesnt build so disable for now
-#- name: "immucore"
-#category: "fips-static"
-#ldflags: "-linkmode external -extldflags -static"
-#version: "0.1.6"
-#labels:
-#  github.repo: "immucore"
-#  autobump.revdeps: "true"
-#  github.owner: "kairos-io"
-#uri:
-#  - https://github.com/kairos-io/immucore
-#license: "Apache License v2"
-#description: "The Kairos immutability management interface"
--- a/packages/system/kairos-agent/build.yaml
+++ b/packages/system/kairos-agent/build.yaml
@ -15,39 +15,27 @@ prelude:
  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd /go/src/github.com/${GITHUB_ORG}/ && git clone --branch v${PACKAGE_VERSION} https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git
 env:
  - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }}
-  - HUGO_VERSION=0.110.0
+  - HUGO_VERSION=0.113.0
+  - LDFLAGS="-s -w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}"
 {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
  - CGO_ENABLED=1
  - GOEXPERIMENT=boringcrypto
-  # Because we don't track the compiled-with version on the agent we need to keep the symbols in order to checks FIPS compliance
-  - LDFLAGS="-w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}"
 {{else}}
  - CGO_ENABLED=0
-  - LDFLAGS="-s -w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}"
 {{end}}
-copy:
-  - package:
-      category: "static"
-      name: "kairos-docs"
-      version: ">=0"
-    source: "/usr/share/doc/kairos"
-    destination: "/kairos-docs/"
-steps:
-  # Docs for webui, copy them from the package
-  - mkdir -p /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/internal/webui/public/local
-  - cp -r /kairos-docs/* /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/internal/webui/public/local/
-  # Deps for webui
+# Deps for webui
  - cd /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/internal/webui/public && npm install
-  # Now for the real binary with everything bundled!
+steps:
  - |
    PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \
    cd /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && \
    go build -ldflags="${LDFLAGS}" -o /usr/bin/{{ .Values.name }}
+  - upx -1 /usr/bin/{{.Values.name}}
  - chmod +x /usr/bin/{{.Values.name}}
 {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
  {{ if .Values.arch }}
    {{ if eq .Values.arch "amd64" }}
-  - go tool nm /usr/bin/{{.Values.name}} | grep -i "FIPS_mode"
+  - /usr/bin/{{.Values.name}} version --long | grep -i "boringcrypto"
    {{end}}
  {{end}}
 {{end}}
--- a/packages/system/kairos-agent/collection.yaml
+++ b/packages/system/kairos-agent/collection.yaml
@ -1,7 +1,7 @@
 packages:
  - name: "kairos-agent"
    category: "system"
-    version: "2.7.13"
+    version: "2.9.1"
    labels:
      github.repo: "kairos-agent"
      autobump.revdeps: "true"
@ -12,7 +12,7 @@ packages:
    description: "Lifecycle agent for kairos"
  - name: "kairos-agent"
    category: "fips"
-    version: "2.7.13"
+    version: "2.9.1"
    labels:
      github.repo: "kairos-agent"
      autobump.revdeps: "true"
--- a/packages/system/kcrypt-challenger/build.yaml
+++ b/packages/system/kcrypt-challenger/build.yaml
@ -10,15 +10,9 @@ requires:
    version: ">=0"
 {{end}}
 prelude:
-{{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
-  - apt-get update && apt-get install -y gcc
-{{end}}
-  - mkdir go/src/github.com/${GITHUB_ORG}/ -p
  - apt-get update && apt-get install -y gcc libssl-dev
+  - mkdir go/src/github.com/${GITHUB_ORG}/ -p
  - cd go/src/github.com/${GITHUB_ORG}/ && git clone https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git
-{{ if ne .Values.live "yes" }}
-  - cd go/src/github.com/${GITHUB_ORG}/ && git checkout 3912abcec424521725ccd335181f2fde90510081 -b build
-{{ end }}
 env:
  - GOPATH=/luetbuild/go/
  - DEBIAN_FRONTEND=noninteractive
@ -27,22 +21,25 @@ env:
 {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
  - CGO_ENABLED=1
  - GOEXPERIMENT=boringcrypto
+  - LDFLAGS="-w {{with .Values.ldflags}}{{.}}{{end}}"
 {{else}}
  - CGO_ENABLED=0
+  - LDFLAGS="-s -w {{with .Values.ldflags}}{{.}}{{end}}"
 {{end}}

 steps:
  - |
    PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \
    mkdir -p /system/discovery && \
-    cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && go build -ldflags="{{with .Values.ldflags}}{{.}}{{end}}" -o {{ .Values.binary_name }}  ./cmd/discovery/main.go && mv {{ .Values.binary_name }} /system/discovery
-  - chmod +x /system/discovery/{{ .Values.binary_name }}
+    cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && go build -ldflags="${LDFLAGS}" -o {{ .Values.binary_name }}  ./cmd/discovery/main.go && mv {{ .Values.binary_name }} /system/discovery
 {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
  {{ if .Values.arch }}
    {{ if eq .Values.arch "amd64" }}
  - go tool nm /system/discovery/{{ .Values.binary_name }} | grep -i "FIPS_mode"
    {{end}}
  {{end}}
+  - upx -1 /system/discovery/{{ .Values.binary_name }}
+  - chmod +x /system/discovery/{{ .Values.binary_name }}
 {{end}}
 includes:
  - /system/discovery/{{ .Values.binary_name }}
--- a/packages/system/kcrypt-challenger/collection.yaml
+++ b/packages/system/kcrypt-challenger/collection.yaml
@ -2,8 +2,7 @@ packages:
  - name: kcrypt-challenger
    binary_name: kcrypt-discovery-challenger
    category: system
-    live: "yes"
-    version: "0.7.0"
+    version: "0.8.0"
    labels:
      github.repo: "kcrypt-challenger"
      github.owner: "kairos-io"
@ -14,8 +13,7 @@ packages:
  - name: kcrypt-challenger
    binary_name: kcrypt-discovery-challenger
    category: fips
-    live: "yes"
-    version: "0.7.0"
+    version: "0.8.0"
    labels:
      github.repo: "kcrypt-challenger"
      github.owner: "kairos-io"
@ -23,16 +21,3 @@ packages:
      - https://github.com/kairos-io/kcrypt-challenger
    license: "Apache License v2"
    description: "Cloud native guardian for persistent data in the edge"
-    #- name: kcrypt-challenger
-    #binary_name: kcrypt-discovery-challenger
-    #ldflags: "-linkmode external -extldflags -static"
-    #category: fips-static
-    #live: "yes"
-    #version: "0.5.0"
-      #labels:
-      #github.repo: "kcrypt-challenger"
-    #github.owner: "kairos-io"
-      #uri:
-    #- https://github.com/kairos-io/kcrypt-challenger
-    #license: "Apache License v2"
-    #description: "Cloud native guardian for persistent data in the edge"
--- a/packages/system/kcrypt/build.yaml
+++ b/packages/system/kcrypt/build.yaml
@ -30,7 +30,6 @@ steps:
  - |
    PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \
    cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && git checkout v"${PACKAGE_VERSION}" -b build && go build -ldflags="${LDFLAGS}" && mv {{.Values.name}} /usr/bin/
-  - chmod +x /usr/bin/{{.Values.name}}
 {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}}
  {{ if .Values.arch }}
    {{ if eq .Values.arch "amd64" }}
@ -38,5 +37,7 @@ steps:
    {{end}}
  {{end}}
 {{end}}
+  - upx -1 /usr/bin/{{.Values.name}}
+  - chmod +x /usr/bin/{{.Values.name}}
 includes:
  - /usr/bin/{{.Values.name}}
--- a/packages/system/kcrypt/collection.yaml
+++ b/packages/system/kcrypt/collection.yaml
@ -12,7 +12,7 @@ packages:
    description: "Cloud native guardian for persistent data in the edge"
  - name: kcrypt
    category: fips
-    version: "0.9.1"
+    version: "0.10.0"
    labels:
      github.repo: "kcrypt"
      autobump.revdeps: "true"
--- a/packages/system/provider-kairos/build.yaml
+++ b/packages/system/provider-kairos/build.yaml
@ -1,10 +1,13 @@
-image: golang:1.20
+requires:
+- name: "toolchain-go-ubuntu"
+  category: "development"
+  version: ">=0"
 env:
  - CGO_ENABLED=0
-  - LDFLAGS="-s -w -X 'github.com/kairos-io/provider-kairos/v2/internal/cli.VERSION={{ .Values.version }}'"
+  - PACKAGE_VERSION={{ .Values.tag }}
+  - LDFLAGS="-s -w -X 'github.com/kairos-io/provider-kairos/v2/internal/cli.VERSION={{ .Values.tag }}'"
 prelude:
- apt-get update
- apt-get install -y git
+- apt-get update && apt-get install -y git
 - git clone https://github.com/kairos-io/provider-kairos
 - |
    PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && \
@ -13,6 +16,7 @@ steps:
 - mkdir -p /system/providers
 - cd provider-kairos && go build -ldflags "${LDFLAGS}" -o agent-provider-kairos
 - mv provider-kairos/agent-provider-kairos /system/providers/agent-provider-kairos
+- upx -1 /system/providers/agent-provider-kairos
 - ln -s /system/providers/agent-provider-kairos /usr/bin/kairos

 includes:
--- a/packages/system/provider-kairos/collection.yaml
+++ b/packages/system/provider-kairos/collection.yaml
@ -1,7 +1,8 @@
 packages:
  - name: "provider-kairos"
    category: "system"
-    version: "2.6.3"
+    version: "2.6.4"
+    tag: "2.6.4"
    labels:
      github.repo: "provider-kairos"
      github.owner: "kairos-io"
--- a/packages/system/systemd/build.yaml
+++ b/packages/system/systemd/build.yaml
@ -36,7 +36,7 @@ prelude:
  - zypper ref && zypper in -y gcc13 git ninja gperf libpcap libpcap-devel libcap-devel cmake libmount-devel rsync diffutils openssl-devel tpm2-* python311-pip python311-cryptography
  - update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1
  - mkdir -p src/
-  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd src/ && git clone --branch v${PACKAGE_VERSION} https://github.com/systemd/systemd.git
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cd src/ && git clone --branch v${PACKAGE_VERSION} https://github.com/systemd/systemd.git

 steps:
  # Minimal systemd build, remove almost everything, we only interested in the efi boot files
@ -49,7 +49,7 @@ steps:
  - pip3 install -r ukify-requirements.txt
  # install dev tools
  - pip3 install meson ninja2
-  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd src/systemd && env CC=gcc-13 meson setup build -Dmode=release -Dbootloader=true -Defi=true -Dukify=true -Dblkid=true -Dopenssl=true -Dshared-lib-tag=${PACKAGE_VERSION}-kairos -Dsbat-distro="Kairos" -Dsbat-distro-url="kairos.io" -Dsbat-distro-summary="Kairos" -Dsbat-distro-version="kairos-${PACKAGE_VERSION}" -Ddns-servers='' -Dsysvinit-path= -Dsysvrcnd-path= -Dtpm=false -Dinstall-tests=false -Dnss-resolve=disabled -Dlogind=false -Dcoredump=false -Dhomed=disabled -Dfirstboot=false -Dhostnamed=false -Dhibernate=false -Dinitrd=false -Dimportd=false -Dkernel-install=false -Dlocaled=false -Dmachined=false -Dnetworkd=false -Dnss-myhostname=false -Dnss-mymachines=false -Dnss-systemd=false -Doomd=false -Dportabled=false -Dhwdb=false -Dpstore=false -Dquotacheck=false -Drandomseed=false -Drepart=false -Dresolve=false -Drfkill=false -Dsysext=false -Danalyze=false -Dsysupdate=false -Dsysusers=false -Dstoragetm=false -Dtimedated=false -Dtimesyncd=false -Dtmpfiles=false -Duserdb=false -Dvconsole=false -Dxdg-autostart=false -Didn=false -Dpolkit=false -Dnscd=false -Dkmod=false -Ddbus=false -Dglib=false -Dbacklight=false -Dldconfig=false -Dgshadow=false -Dwheel-group=false -Dadm-group=false -Dxkbcommon=false -Dzstd=false -Dlz4=false -Dutmp=false -Dlink-udev-shared=false -Dlink-systemctl-shared=false -Dlink-networkd-shared=false -Dlink-timesyncd-shared=false -Dlink-journalctl-shared=false -Dlink-boot-shared=false -Dlink-portabled-shared=false -Denvironment-d=false -Dqrencode=false -Dpwquality=false -Dlibcurl=false -Dfdisk=false -Dlibidn2=false -Dlibiptc=false -Ddns-over-tls=false -Didn=false -Dgnutls=false -Dp11kit=false -Dlibidn=false -Dlibidn2=false -Dgcrypt=false -Dxz=false -Dzlib=false -Dbzip2=false
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cd src/systemd && env CC=gcc-13 meson setup build -Dmode=release -Dbootloader=true -Defi=true -Dukify=true -Dblkid=true -Dopenssl=true -Dshared-lib-tag=${PACKAGE_VERSION}-kairos -Dsbat-distro="Kairos" -Dsbat-distro-url="kairos.io" -Dsbat-distro-summary="Kairos" -Dsbat-distro-version="kairos-${PACKAGE_VERSION}" -Ddns-servers='' -Dsysvinit-path= -Dsysvrcnd-path= -Dtpm=false -Dinstall-tests=false -Dnss-resolve=disabled -Dlogind=false -Dcoredump=false -Dhomed=disabled -Dfirstboot=false -Dhostnamed=false -Dhibernate=false -Dinitrd=false -Dimportd=false -Dkernel-install=false -Dlocaled=false -Dmachined=false -Dnetworkd=false -Dnss-myhostname=false -Dnss-mymachines=false -Dnss-systemd=false -Doomd=false -Dportabled=false -Dhwdb=false -Dpstore=false -Dquotacheck=false -Drandomseed=false -Drepart=false -Dresolve=false -Drfkill=false -Dsysext=false -Danalyze=false -Dsysupdate=false -Dsysusers=false -Dstoragetm=false -Dtimedated=false -Dtimesyncd=false -Dtmpfiles=false -Duserdb=false -Dvconsole=false -Dxdg-autostart=false -Didn=false -Dpolkit=false -Dnscd=false -Dkmod=false -Ddbus=false -Dglib=false -Dbacklight=false -Dldconfig=false -Dgshadow=false -Dwheel-group=false -Dadm-group=false -Dxkbcommon=false -Dzstd=false -Dlz4=false -Dutmp=false -Dlink-udev-shared=false -Dlink-systemctl-shared=false -Dlink-networkd-shared=false -Dlink-timesyncd-shared=false -Dlink-journalctl-shared=false -Dlink-boot-shared=false -Dlink-portabled-shared=false -Denvironment-d=false -Dqrencode=false -Dpwquality=false -Dlibcurl=false -Dfdisk=false -Dlibidn2=false -Dlibiptc=false -Ddns-over-tls=false -Didn=false -Dgnutls=false -Dp11kit=false -Dlibidn=false -Dlibidn2=false -Dgcrypt=false -Dxz=false -Dzlib=false -Dbzip2=false
  - cd src/systemd && ninja -C build
  - mkdir -p /package/usr/kairos/
  - mkdir -p /package/usr/lib/systemd/
@ -62,10 +62,10 @@ steps:
  - cp src/systemd/build/systemd-measure /package/usr/lib64/systemd/
  - cp src/systemd/build/systemd-measure /package/lib/
  - cp src/systemd/build/systemd-measure /package/lib64/
-  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib/systemd/
-  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib64/systemd/
-  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib/
-  - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib64/
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib/systemd/
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib64/systemd/
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib/
+  - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib64/
  # ukify is copied in two places according to upstream, I guess to maintain backwards compatibility
  - src/systemd/build/ukify --version
  - cp src/systemd/build/ukify /package/usr/bin/
--- a/packages/system/systemd/collection.yaml
+++ b/packages/system/systemd/collection.yaml
@ -1,14 +1,14 @@
 packages:
  - name: "systemd-boot"
    category: "system"
-    version: "255+6"
+    version: "255-6"
    labels:
      github.repo: "systemd"
      autobump.revdeps: "true"
      github.owner: "systemd"
  - name: "systemd-ukify"
    category: "system"
-    version: "255+3"
+    version: "255-5"
    labels:
      github.repo: "systemd"
      autobump.revdeps: "true"
--- a/packages/toolchain-go/build.yaml
+++ b/packages/toolchain-go/build.yaml
@ -1,11 +1,22 @@
 {{ if .Values.variant }}
-image: "golang:{{.Values.version}}-{{.Values.variant}}"
+image: "golang:{{.Values.tag}}-{{.Values.variant}}"
 {{ else }}
-image: "golang:{{.Values.version}}"
+image: "golang:{{.Values.tag}}"
 {{ end }}

-{{ if eq .Values.variant "alpine" }}
 prelude:
+{{ if eq .Values.variant "alpine" }}
 - apk update
 - apk add curl make git bash
+{{ end }}
+{{ if eq .Values.variant "bookworm" }}
+- apt-get update && apt-get install -y curl xz-utils
+- curl -LO https://github.com/upx/upx/releases/download/v4.2.2/upx-4.2.2-{{ .Values.arch }}_linux.tar.xz
+- tar -xvf upx-4.2.2-{{ .Values.arch }}_linux.tar.xz
+- mv upx-4.2.2-{{ .Values.arch }}_linux/upx /usr/bin/
+- rm -rf upx-4.2.2-{{ .Values.arch }}_linux
+- chmod +x /usr/bin/upx
+{{ end }}
+{{ if eq .Values.variant "bullseye" }}
+- apt-get update && apt-get install -y curl xz-utils upx
 {{ end }}
--- a/packages/toolchain-go/collection.yaml
+++ b/packages/toolchain-go/collection.yaml
@ -2,7 +2,8 @@ packages:
  - name: toolchain-go
    category: development
    variant: "alpine"
-    version: "1.21.6"
+    version: "1.22.2"
+    tag: "1.21.6"
    hidden: true
    labels:
      autobump.revdeps: "false"
@ -13,11 +14,12 @@ packages:
        curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g'
      autobump.version_hook: |
        curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g'
-      package.version: "1.21.6"
+      package.version: "1.22.2"
  - name: toolchain-go-ubuntu
-    variant: ""
+    variant: "bookworm"
    category: development
-    version: "1.21.6"
+    version: "1.22.2"
+    tag: "1.21.7"
    hidden: true
    labels:
      autobump.revdeps: "false"
@ -28,11 +30,12 @@ packages:
        curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g'
      autobump.version_hook: |
        curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g'
-      package.version: "1.21.6"
+      package.version: "1.22.2"
  - name: toolchain-go
    category: development
    variant: "alpine"
    version: "1.20.2"
+    tag: "1.20.2"
    hidden: true
    labels:
      autobump.revdeps: "false"
@ -44,9 +47,10 @@ packages:
      autobump.version_hook: |
        curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g'
  - name: toolchain-go-ubuntu
-    variant: ""
+    variant: "bookworm"
    category: development
    version: "1.20.2"
+    tag: "1.20.2"
    hidden: true
    labels:
      autobump.revdeps: "false"
@ -63,12 +67,6 @@ packages:
    version: "1.19.10"
    tag: "1.19.10"
    hidden: true
-  - name: toolchain-go-ubuntu
-    variant: ""
-    category: fips
-    version: "1.19.10"
-    tag: "1.19.10"
-    hidden: true
  - name: toolchain-go
    category: fips
    variant: "alpine"
@ -76,8 +74,8 @@ packages:
    tag: "1.19.10"
    hidden: true
  - name: toolchain-go-ubuntu
-    variant: ""
+    variant: "bullseye"
    category: fips
-    version: "1.19.10"
+    version: "1.19.10+1"
    tag: "1.19.10"
    hidden: true
--- a/packages/utils/earthly/definition.yaml
+++ b/packages/utils/earthly/definition.yaml
@ -1,7 +1,7 @@
 name: earthly
 category: utils
 arch: "amd64"
-version: "0.8.3"
+version: "0.8.8"
 labels:
  github.repo: "earthly"
  github.owner: "earthly"
--- a/packages/utils/edgevpn/build.yaml
+++ b/packages/utils/edgevpn/build.yaml
@ -1,5 +1,5 @@
 requires:
- name: "toolchain-go"
+- name: "toolchain-go-ubuntu"
  category: "development"
  version: ">=0"
 prelude:
@ -9,10 +9,12 @@ env:
 - GOPATH=/luetbuild/go/
 - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }}
 - CGO_ENABLED=0
+- PACKAGE_VERSION={{ .Values.tag }}
 steps:
 - |
  PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && \
  cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/  && git checkout v"${PACKAGE_VERSION}" -b build && go build -ldflags="-w -s -X github.com/mudler/edgevpn/internal.Version=v$PACKAGE_VERSION" && mv {{.Values.name}} /usr/bin/
+- upx -1 /usr/bin/{{.Values.name}}
 - chmod +x /usr/bin/{{.Values.name}}
 includes:
 - /usr/bin/{{.Values.name}}
--- a/packages/utils/edgevpn/definition.yaml
+++ b/packages/utils/edgevpn/definition.yaml
@ -1,6 +1,7 @@
 name: edgevpn
 category: utils
-version: "0.24.6"
+version: "0.25.2"
+tag: "0.24.6"
 labels:
  github.repo: "edgevpn"
  github.owner: "mudler"
--- a/packages/utils/goreleaser/definition.yaml
+++ b/packages/utils/goreleaser/definition.yaml
@ -1,6 +1,6 @@
 name: goreleaser
 category: utils
-version: "1.24.0"
+version: "1.25.1"
 description: "Deliver Go binaries as fast and easily as possible"
 labels:
  github.repo: "goreleaser"
--- a/packages/utils/helm/definition.yaml
+++ b/packages/utils/helm/definition.yaml
@ -1,6 +1,6 @@
 name: "helm"
 category: "utils"
-version: "3.14.0"
+version: "3.14.4"
 description: "The Kubernetes Package Manager"
 license: "Apache-2.0"
 labels:
--- a/packages/utils/k9s/build.yaml
+++ b/packages/utils/k9s/build.yaml
@ -1,10 +1,11 @@
 requires:
- name: "toolchain-go"
+- name: "toolchain-go-ubuntu"
  category: "development"
  version: ">=0"
 env:
 - PATH=$PATH:/usr/local/go/bin
 - CGO_ENABLED=0
+- PACKAGE_VERSION={{ .Values.tag }}
 prelude:
 - |
   PACKAGE_VERSION=v${PACKAGE_VERSION%\-*} && \
@ -13,6 +14,8 @@ steps:
 - |
   cd k9s && \
   make build && \
-   cp execs/k9s /usr/bin
+   cp execs/k9s /usr/bin && \
+   upx /usr/bin/k9s
+
 includes:
 - /usr/bin/k9s
--- a/packages/utils/k9s/definition.yaml
+++ b/packages/utils/k9s/definition.yaml
@ -1,6 +1,7 @@
 name: "k9s"
 category: "utils"
-version: "0.31.7"
+version: "0.32.4"
+tag: "0.31.7"
 platform: Linux
 labels:
  github.repo: "k9s"
--- a/packages/utils/kube-vip/definition.yaml
+++ b/packages/utils/kube-vip/definition.yaml
@ -1,6 +1,6 @@
 name: kube-vip
 category: utils
-version: "0.7.0"
+version: "0.8.0"
 labels:
  github.repo: "kube-vip"
  github.owner: "kube-vip"
--- a/packages/utils/kubectl/build.yaml
+++ b/packages/utils/kubectl/build.yaml
@ -1,12 +1,13 @@
 requires:
 - category: "development"
-  name: "toolchain-go"
+  name: "toolchain-go-ubuntu"
  version: ">=0"

 package_dir: /kubectl
+env:
+  - PACKAGE_VERSION={{ .Values.tag }}

 steps:
- apk add bash
 - mkdir -p /kubectl/usr/bin
 - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && curl -LO "https://dl.k8s.io/release/v$PACKAGE_VERSION/bin/linux/{{.Values.arch}}/kubectl"
 - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && curl -LO "https://dl.k8s.io/release/v$PACKAGE_VERSION/bin/linux/{{.Values.arch}}/kubectl.sha256"
@ -16,3 +17,4 @@ steps:
 - /bin/bash -c 'echo "$(<kubectl.sha256)  kubectl" | sha256sum -c'
 - mv kubectl /kubectl/usr/bin
 - chmod +x /kubectl/usr/bin/kubectl
+- upx -1 /kubectl/usr/bin/kubectl
--- a/packages/utils/kubectl/definition.yaml
+++ b/packages/utils/kubectl/definition.yaml
@ -1,6 +1,7 @@
 name: kubectl
 category: container
-version: "1.29.1"
+version: "1.30.0"
+tag: "1.29.1"
 arch: "amd64"
 labels:
  github.repo: "kubectl"
@ -10,7 +11,7 @@ labels:
  autobump.prefix: "prefix"
  autobump.hook: "curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt | sed 's/v//'"
  autobump.version_hook: "curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt | sed 's/v//'"
-  package.version: "1.29.1"
+  package.version: "1.30.0"
 uri:
  - https://github.com/kubernetes/kubernetes
  - https://kubernetes.io
--- a/packages/utils/nerdctl/build.yaml
+++ b/packages/utils/nerdctl/build.yaml
@ -1,10 +1,11 @@
 requires:
- name: "toolchain-go"
+- name: "toolchain-go-ubuntu"
  category: "development"
  version: ">=0"
 env:
 - PATH=$PATH:/usr/local/go/bin
 - CGO_ENABLED=0
+- PACKAGE_VERSION={{ .Values.tag }}
 prelude:
 - |
   PACKAGE_VERSION=v${PACKAGE_VERSION%\-*} && \
@ -13,6 +14,7 @@ steps:
 - |
   cd nerdctl && \
   make binaries && \
-   make BINDIR=/usr/bin install
+   make BINDIR=/usr/bin install && \
+   upx -1 /usr/bin/nerdctl
 includes:
 - /usr/bin/nerdctl
--- a/packages/utils/nerdctl/definition.yaml
+++ b/packages/utils/nerdctl/definition.yaml
@ -1,6 +1,7 @@
 name: "nerdctl"
 category: "utils"
-version: "1.7.2"
+version: "2.0.0-beta.4"
+tag: "1.7.2"
 platform: linux
 labels:
  github.repo: "nerdctl"
--- a/packages/utils/operator-sdk/definition.yaml
+++ b/packages/utils/operator-sdk/definition.yaml
@ -1,6 +1,6 @@
 name: operator-sdk
 category: utils
-version: "1.33.0"
+version: "1.34.1"
 description: " SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding. "
 labels:
  github.repo: "operator-sdk"
--- a/tools/bump-validator/go.mod
+++ b/tools/bump-validator/go.mod
@ -1,3 +1,3 @@
 module github.com/kairos-io/packages/tools/bump-validator

-go 1.21.1
+go 1.22.2