diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index 3a2b8d90ff..04b38ed097 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -11,7 +11,7 @@ The Edge Microvisor Toolkit SPEC files originated from a variety of sources with
| Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
| Intel | [MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | cluster-agent
device-discovery
edge-release
edge-repos
edge-rpm-macros
hardware-discovery-agent
in-band-manageability
intel-idv-services
intel-igsc
intel-lms
intel-npu-firmware
intel-xpu-smi
node-agent
nvidia-data-center-driver
os-update
otelcol-contrib
persistent-mount
platform-manageability-agent
platform-observability-agent
platform-telemetry-agent
platform-update-agent
python-snoop
reporting-agent
rpc
tink-worker
tpm-cryptsetup
tpm2-initramfs-tool |
| Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
-| Microsoft | [Microsoft MIT License](https://github.com/microsoft/azurelinux/blob/3.0/LICENSES-AND-NOTICES/LICENSE.md) | alsa-lib
application-gateway-kubernetes-ingress
asc
azcopy
azl-otel-collector
azure-iot-sdk-c
azure-nvme-utils
azure-storage-cpp
azurelinux-image-tools
azurelinux-sysinfo
bazel
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor
cmake-fedora
containerd2
coredns
dasel
debugedit
dejavu-fonts
distroless-packages
docker-buildx
docker-cli
docker-compose
doxygen
dtc
edk2-hvloader-signed
elfutils
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gstreamer1
gtk-update-icon-cache
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
kata-packages-uvm
keda
keras
kernel-64k-signed
kernel-hwe-signed
kernel-mshv-signed
kernel-rt
kernel-signed
kernel-uki
kernel-uki-signed
kpatch
kube-vip-cloud-provider
kubernetes
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libutempter
libuv
libvirt
libxml++
linuxptp
lld
lsb-release
ltp
lttng-consume
mm-common
moby-containerd-cc
moby-engine
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-libevdev
python-logutils
python-ml-dtypes
python-namex
python-nocasedict
python-omegaconf
python-opt-einsum
python-optree
python-pecan
python-pip
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-setuptools
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-yamlloader
R
rabbitmq-server
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
runc
sdbus-cpp
sgx-backwards-compatibility
shim
skopeo
span-lite
sriov-network-device-plugin
SymCrypt
SymCrypt-OpenSSL
systemd-boot-signed
tardev-snapshotter
tensorflow
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
valkey
vnstat
xterm
zstd |
+| Microsoft | [Microsoft MIT License](https://github.com/microsoft/azurelinux/blob/3.0/LICENSES-AND-NOTICES/LICENSE.md) | alsa-lib
application-gateway-kubernetes-ingress
asc
azcopy
azl-otel-collector
azure-iot-sdk-c
azure-nvme-utils
azure-storage-cpp
azurelinux-image-tools
azurelinux-sysinfo
bazel
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor
cmake-fedora
containerd2
coredns
dasel
debugedit
dejavu-fonts
distroless-packages
docker-buildx
docker-cli
docker-compose
doxygen
dtc
edk2-hvloader-signed
elfutils
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gstreamer1
gtk-update-icon-cache
helm
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
kata-packages-uvm
keda
keras
kernel-64k-signed
kernel-hwe-signed
kernel-mshv-signed
kernel-rt
kernel-signed
kernel-uki
kernel-uki-signed
kpatch
kube-vip-cloud-provider
kubernetes
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libutempter
libuv
libvirt
libxml++
linuxptp
lld
lsb-release
ltp
lttng-consume
mm-common
moby-containerd-cc
moby-engine
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-libevdev
python-logutils
python-ml-dtypes
python-namex
python-nocasedict
python-omegaconf
python-opt-einsum
python-optree
python-pecan
python-pip
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-setuptools
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-yamlloader
R
rabbitmq-server
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
runc
sdbus-cpp
sgx-backwards-compatibility
shim
skopeo
span-lite
sriov-network-device-plugin
SymCrypt
SymCrypt-OpenSSL
systemd-boot-signed
tardev-snapshotter
tensorflow
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
valkey
vnstat
xterm
zstd |
| Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan |
| Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad |
| NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | fwctl-signed
ibarr
ibsim
iser-signed
isert-signed
knem-modules-signed
libnvidia-container
mlnx-ethtool
mlnx-iproute2
mlnx-nfsrdma-signed
mlnx-tools
mlx-steering-dump
multiperf
nvidia-container-toolkit
ofed-docs
ofed-scripts
perftest
rshim
sockperf
xpmem-modules-signed |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index 2d16c7669f..f29857567a 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -2359,6 +2359,7 @@
"GSL",
"gstreamer1",
"gtk-update-icon-cache",
+ "helm",
"intel-pf-bb-config",
"ivykis",
"jsonbuilder",
diff --git a/SPECS/helm/generate_source_tarball.sh b/SPECS/helm/generate_source_tarball.sh
new file mode 100755
index 0000000000..d710ad54dc
--- /dev/null
+++ b/SPECS/helm/generate_source_tarball.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# Quit on failure
+set -e
+
+PKG_VERSION=""
+SRC_TARBALL=""
+OUT_FOLDER="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# parameters:
+#
+# --srcTarball : src tarball file
+# this file contains the 'initial' source code of the component
+# and should be replaced with the new/modified src code
+# --outFolder : folder where to copy the new tarball(s)
+# --pkgVersion : package version
+#
+PARAMS=""
+while (( "$#" )); do
+ case "$1" in
+ --srcTarball)
+ if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+ SRC_TARBALL=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ exit 1
+ fi
+ ;;
+ --outFolder)
+ if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+ OUT_FOLDER=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ exit 1
+ fi
+ ;;
+ --pkgVersion)
+ if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+ PKG_VERSION=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ exit 1
+ fi
+ ;;
+ -*|--*=) # unsupported flags
+ echo "Error: Unsupported flag $1" >&2
+ exit 1
+ ;;
+ *) # preserve positional arguments
+ PARAMS="$PARAMS $1"
+ shift
+ ;;
+ esac
+done
+
+echo "--srcTarball -> $SRC_TARBALL"
+echo "--outFolder -> $OUT_FOLDER"
+echo "--pkgVersion -> $PKG_VERSION"
+
+if [ -z "$PKG_VERSION" ]; then
+ echo "--pkgVersion parameter cannot be empty"
+ exit 1
+fi
+
+echo "-- create temp folder"
+tmpdir=$(mktemp -d)
+function cleanup {
+ echo "+++ cleanup -> remove $tmpdir"
+ rm -rf $tmpdir
+}
+trap cleanup EXIT
+
+pushd $tmpdir > /dev/null
+
+NAME="helm"
+NAME_VER="$NAME-$PKG_VERSION"
+VENDOR_TARBALL="$OUT_FOLDER/$NAME_VER-vendor.tar.gz"
+
+echo "Unpacking source tarball..."
+tar -xf $SRC_TARBALL
+
+cd "$NAME_VER"
+echo "Get vendored modules"
+go mod vendor
+
+echo "Tar vendored modules"
+tar --sort=name \
+ --mtime="2021-04-26 00:00Z" \
+ --owner=0 --group=0 --numeric-owner \
+ --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+ -cf "$VENDOR_TARBALL" vendor
+
+popd > /dev/null
+echo "$NAME vendored modules are available at $VENDOR_TARBALL"
diff --git a/SPECS/helm/helm.signatures.json b/SPECS/helm/helm.signatures.json
new file mode 100644
index 0000000000..6951a75c71
--- /dev/null
+++ b/SPECS/helm/helm.signatures.json
@@ -0,0 +1,6 @@
+{
+ "Signatures": {
+ "helm-3.18.3-vendor.tar.gz": "dab598d7d52c4da5f91f6890d8b8a4664ed8d3c54d2834ebaa23b67c2f008306",
+ "helm-3.18.3.tar.gz": "9e8f43ebf48786f41fd83ca67405c7f73753a46c65c041e51888a142c82cab96"
+ }
+}
diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec
new file mode 100644
index 0000000000..87bc20a675
--- /dev/null
+++ b/SPECS/helm/helm.spec
@@ -0,0 +1,158 @@
+%global debug_package %{nil}
+
+Name: helm
+Version: 3.18.3
+Release: 1%{?dist}
+Summary: The Kubernetes Package Manager
+Group: Applications/Networking
+License: Apache 2.0
+Vendor: Intel Corporation
+Distribution: Edge Microvisor Toolkit
+Url: https://helm.sh/
+Source0: https://github.com/helm/helm/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Below is a manually created tarball, no download link.
+# We're using pre-populated Go modules from this tarball, since network is disabled during build time.
+# How to re-build this file:
+# 1. wget https://github.com/helm/helm/archive/v%%{version}.tar.gz -O %%{name}-%%{version}.tar.gz
+# 2. tar -xf %%{name}-%%{version}.tar.gz
+# 3. cd %%{name}-%%{version}
+# 4. go mod vendor
+# 5. tar --sort=name \
+# --mtime="2021-04-26 00:00Z" \
+# --owner=0 --group=0 --numeric-owner \
+# --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+# -cf %%{name}-%%{version}-vendor.tar.gz vendor
+#
+Source1: %{name}-%{version}-vendor.tar.gz
+BuildRequires: golang
+
+%description
+Helm is a tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes.
+
+%prep
+%autosetup -N
+tar -xf %{SOURCE1} --no-same-owner
+
+%build
+export VERSION=%{version}
+for cmd in cmd/* ; do
+ go build -tags '' -ldflags '-w -s -X helm.sh/helm/v3/internal/version.version=v%{version} -X helm.sh/helm/v3/internal/version.metadata= -X helm.sh/helm/v3/internal/version.gitCommit= -X helm.sh/helm/v3/internal/version.gitTreeState=clean ' \
+ -mod=vendor -v -o $(basename $cmd) ./$cmd
+done
+
+%install
+install -d -m 755 %{buildroot}%{_bindir}
+install -m 755 ./helm %{buildroot}%{_bindir}
+
+%files
+%license LICENSE
+%doc ADOPTERS.md SECURITY.md code-of-conduct.md CONTRIBUTING.md README.md
+%{_bindir}/helm
+
+%check
+go test -v ./cmd/helm
+
+%changelog
+* Thu Jun 26 2025 Aaron Dorney - 3.18.3-1
+- Bump Release to rebuild and remove CVE patch
+
+* Fri Mar 21 2025 Anuj Mittal - 3.15.2-3
+- Bump Release to rebuild
+
+* Tue Dec 31 2024 Rohit Rawat - 3.15.2-2
+- Add patch for CVE-2024-45338
+
+* Wed Jul 10 2024 Sumedh Sharma - 3.15.2-1
+- Bump package version to address CVE-2023-45288 & CVE-2023-44487
+- Remove patches fixed in sources
+
+* Wed May 29 2024 Neha Agarwal - 3.13.2-3
+- Patch CVE-2024-25620
+
+* Wed May 22 2024 Neha Agarwal - 3.13.2-2
+- Patch CVE-2024-26147
+
+* Fri Nov 10 2023 Nicolas Guibourge - 3.13.2-1
+- Upgrade to 3.13.2 - Azure Linux 3.0 - package upgrades
+
+* Mon Oct 16 2023 CBL-Mariner Servicing Account - 3.10.3-11
+- Bump release to rebuild with go 1.20.10
+
+* Tue Oct 10 2023 Dan Streetman - 3.10.3-10
+- Bump release to rebuild with updated version of Go.
+
+* Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.10.3-9
+- Bump release to rebuild with go 1.19.12
+
+* Thu Jul 13 2023 CBL-Mariner Servicing Account - 3.10.3-8
+- Bump release to rebuild with go 1.19.11
+
+* Thu Jun 15 2023 CBL-Mariner Servicing Account - 3.10.3-7
+- Bump release to rebuild with go 1.19.10
+
+* Wed Apr 05 2023 CBL-Mariner Servicing Account - 3.10.3-6
+- Bump release to rebuild with go 1.19.8
+
+* Tue Mar 28 2023 CBL-Mariner Servicing Account - 3.10.3-5
+- Bump release to rebuild with go 1.19.7
+
+* Wed Mar 15 2023 CBL-Mariner Servicing Account - 3.10.3-4
+- Bump release to rebuild with go 1.19.6
+
+* Thu Feb 16 2023 Suresh Thelkar - 3.10.3-3
+- Patch CVE-2023-25165
+- License verified.
+
+* Wed Jan 18 2023 CBL-Mariner Servicing Account - 3.10.3-2
+- - Set golang <= 1.18.8 build requires
+
+* Wed Jan 04 2023 CBL-Mariner Servicing Account - 3.10.3-1
+- Auto-upgrade to 3.10.3 - to fix CVE-2022-23524
+
+* Thu Dec 22 2022 Nan Liu - 3.9.4-5
+- Enable the check tests
+
+* Wed Dec 21 2022 Nan Liu - 3.9.4-4
+- Patch CVE-2022-23525, CVE-2022-23526
+
+* Fri Dec 16 2022 Daniel McIlvaney - 3.9.4-3
+- Bump release to rebuild with go 1.18.8 with patch for CVE-2022-41717
+
+* Tue Nov 01 2022 Olivia Crain - 3.9.4-2
+- Bump release to rebuild with go 1.18.8
+
+* Mon Oct 24 2022 CBL-Mariner Servicing Account - 3.9.4-1
+- Upgrade to 3.9.4
+
+* Mon Aug 22 2022 Olivia Crain - 3.9.3-2
+- Bump release to rebuild against Go 1.18.5
+
+* Mon Aug 22 2022 Suresh Babu Chalamalasetty 3.9.3-1
+- Update helm version to 3.9.3
+- Fix version info not displaying correct version.
+
+* Tue Jun 14 2022 Muhammad Falak - 3.4.1-5
+- Bump release to rebuild with golang 1.18.3
+- License verified
+
+* Mon Sep 20 2021 Henry Beberman - 3.4.1-4
+- Patch CVE-2021-32690
+
+* Mon Sep 20 2021 Henry Beberman - 3.4.1-3
+- Patch CVE-2021-21303
+
+* Tue Aug 17 2021 Henry Li 3.4.1-2
+- Update and rename vendor source tarball
+- Use go to build the project from vendor source
+- Remove glide and ca-certificates from BR
+- Modify file section to add license and document files
+
+* Wed Nov 25 2020 Suresh Babu Chalamalasetty 3.4.1-1
+- Update helm version 3
+
+* Tue Jun 02 2020 Paul Monson 2.14.3-2
+- Rename go to golang
+- Add ca-certificates temporarily
+
+* Thu Oct 17 2019 Andrew Phelps 2.14.3-1
+- Original version for CBL-Mariner
diff --git a/cgmanifest.json b/cgmanifest.json
index b0ab885190..801050b866 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -5355,6 +5355,16 @@
}
}
},
+ {
+ "component": {
+ "type": "other",
+ "other": {
+ "name": "helm",
+ "version": "3.18.3",
+ "downloadUrl": "https://github.com/helm/helm/archive/refs/tags/v3.18.3.tar.gz"
+ }
+ }
+ },
{
"component": {
"type": "other",