diff --git a/.ci/image/Dockerfile b/.ci/image/Dockerfile
index 08398d84..2336f1d9 100644
--- a/.ci/image/Dockerfile
+++ b/.ci/image/Dockerfile
@@ -15,9 +15,11 @@ RUN apt-get update && \
         python3-venv \
         # tool to create msi packages
         wixl \
-        # deb and rpm build tools
-        rubygem-fpm \
+        # install ruby and rpm which are required to install fpm package builder
         rpm \
+        ruby \
+        ruby-dev \
+        rubygems \
         # create deb and rpm repository files
         reprepro \
         createrepo-c \
@@ -25,6 +27,13 @@ RUN apt-get update && \
         gcc-aarch64-linux-gnu \
         libc6-dev-arm64-cross && \
     rm -rf /var/lib/apt/lists/* && \
+    # Install fpm gem
+    gem install fpm --no-document && \
+    # Initialize rpm repository, SQL Lite DB
+    mkdir -p /var/lib/rpm && \
+    rpm --initdb && \
+    chmod -R 777 /var/lib/rpm && \
+    # Create work directory
     mkdir -p opt
 
 WORKDIR /opt
diff --git a/.ci/scripts/component-tests.sh b/.ci/scripts/component-tests.sh
index 68abbf1d..1a54a02b 100755
--- a/.ci/scripts/component-tests.sh
+++ b/.ci/scripts/component-tests.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -e -o pipefail
+set -e -u -o pipefail
 
 # Fetch cloudflared from the artifacts folder
 mv ./artifacts/cloudflared ./cloudflared
diff --git a/.ci/scripts/fmt-check.sh b/.ci/scripts/fmt-check.sh
index 4c1cbad0..3776ec4f 100755
--- a/.ci/scripts/fmt-check.sh
+++ b/.ci/scripts/fmt-check.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -e -o pipefail
+set -e -u -o pipefail
 
 OUTPUT=$(go run -mod=readonly golang.org/x/tools/cmd/goimports@v0.30.0 -l -d -local github.com/cloudflare/cloudflared $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc))
 
diff --git a/.ci/scripts/github-push.sh b/.ci/scripts/github-push.sh
index b9859e12..12312dd2 100755
--- a/.ci/scripts/github-push.sh
+++ b/.ci/scripts/github-push.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -e -o pipefail
+set -e -u -o pipefail
 
 BRANCH="master"
 TMP_PATH="$PWD/tmp"
diff --git a/.ci/scripts/linux/build-packages-fips.sh b/.ci/scripts/linux/build-packages-fips.sh
index e1b6e791..4fec3bc5 100755
--- a/.ci/scripts/linux/build-packages-fips.sh
+++ b/.ci/scripts/linux/build-packages-fips.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+set -e -u -o pipefail
 VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
 echo $VERSION
 
diff --git a/.ci/scripts/linux/build-packages.sh b/.ci/scripts/linux/build-packages.sh
index a6ca2037..842b030b 100755
--- a/.ci/scripts/linux/build-packages.sh
+++ b/.ci/scripts/linux/build-packages.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+set -e -u -o pipefail
 
 # Check if architecture argument is provided
 if [ $# -eq 0 ]; then
diff --git a/.ci/scripts/package-windows.sh b/.ci/scripts/package-windows.sh
index d0020f03..98d7b032 100755
--- a/.ci/scripts/package-windows.sh
+++ b/.ci/scripts/package-windows.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
+set -e -u -o pipefail
+
 python3 -m venv env
 . env/bin/activate
 pip install pynacl==1.4.0 pygithub==1.55
diff --git a/.ci/scripts/release-target.sh b/.ci/scripts/release-target.sh
index 6c18d742..8eaeca73 100755
--- a/.ci/scripts/release-target.sh
+++ b/.ci/scripts/release-target.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -e -o pipefail
+set -e -u -o pipefail
 
 # Check if a make target is provided as an argument
 if [ $# -eq 0 ]; then
diff --git a/.ci/scripts/vuln-check.sh b/.ci/scripts/vuln-check.sh
index 4c4e1d0c..a4a82e0e 100755
--- a/.ci/scripts/vuln-check.sh
+++ b/.ci/scripts/vuln-check.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -e
+set -e -u
 
 # Define the file to store the list of vulnerabilities to ignore.
 IGNORE_FILE=".vulnignore"
diff --git a/.gitignore b/.gitignore
index 2af7a1ed..46e818f1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@ ssh_server_tests/.env
 /.cover
 built_artifacts/
 component-tests/.venv
+/artifacts