go.mod: update osbuild/images to v0.155.0

tag v0.152.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.152.0 ---------------- * Update snapshots to 20250605 (osbuild/images#1586) * Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger * distro: followups for reivew feedback in PR#1563 (osbuild/images#1584) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger, Tomáš Hozza * fedora/wsl: xz compression (HMS-8573) (osbuild/images#1582) * Author: Simon de Vlieger, Reviewers: Achilleas Koutsou, Florian Schüller — Somewhere on the Internet, 2025-06-16 --- tag v0.153.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.153.0 ---------------- * GHA: enable the stale action to delete its saved state (osbuild/images#1602) * Author: Tomáš Hozza, Reviewers: Lukáš Zapletal, Simon de Vlieger * Smaller isos (osbuild/images#1599) * Author: Brian C. Lane, Reviewers: Lukáš Zapletal, Simon de Vlieger * Update snapshots to 20250618 (osbuild/images#1603) * Author: SchutzBot, Reviewers: Brian C. Lane, Simon de Vlieger * distro/rhel-10: WSL distribution config (HMS-8573) (osbuild/images#1591) * Author: Simon de Vlieger, Reviewers: Gianluca Zuccarelli, Lukáš Zapletal, Tomáš Hozza * distro/rhel-10: new `vagrant-libvirt` image type (HMS-6116) (osbuild/images#1601) * Author: Simon de Vlieger, Reviewers: Michael Vogt, Tomáš Hozza * distro/rhel{8,9,10}: WSL extension and compression (HMS-8573) (osbuild/images#1590) * Author: Simon de Vlieger, Reviewers: Michael Vogt, Tomáš Hozza * distro: handle `centos-9` and similar versions better (osbuild/images#1598) * Author: Michael Vogt, Reviewers: Simon de Vlieger, Tomáš Hozza * osbuild/grub2: add compat_version and set it to 2 (osbuild/images#1595) * Author: Achilleas Koutsou, Reviewers: Brian C. Lane, Tomáš Hozza — Somewhere on the Internet, 2025-06-20 ---
2025-06-26 11:20:37 +02:00 · 2025-06-26 11:20:37 +02:00 · 395f68549d
commit 395f68549d
parent 4324f24fe7
45 changed files with 1867 additions and 1823 deletions
--- a/38
+++ b/38
@ -2,7 +2,7 @@
  "fedora-41": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -45,7 +45,7 @@
  "fedora-42": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -88,63 +88,63 @@
  "rhel-8.4": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-8.8": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-8.9": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-8.10": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-9.2": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-9.3": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-9.4": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-9.5": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "rhel-9.6": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -190,7 +190,7 @@
  "rhel-9.7": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -236,7 +236,7 @@
  "rhel-10.0": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -282,7 +282,7 @@
  "rhel-10.1": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -328,14 +328,14 @@
  "centos-9": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "centos-stream-9": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -381,14 +381,14 @@
  "centos-10": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    }
  },
  "centos-stream-10": {
    "dependencies": {
      "osbuild": {
-        "commit": "42281231b0ee08f1dd08aed86eb187bcb26bbf44"
+        "commit": "d566c68f94f3fed0a91683f471e51b3dfcf2fdfa"
      }
    },
    "repos": [
@ -431,4 +431,4 @@
      }
    ]
  }
-}
+}
--- a/go.mod
+++ b/go.mod
@ -46,7 +46,7 @@ require (
 	github.com/openshift-online/ocm-sdk-go v0.1.438
 	github.com/oracle/oci-go-sdk/v54 v54.0.0
 	github.com/osbuild/blueprint v1.6.0
-	github.com/osbuild/images v0.151.0
+	github.com/osbuild/images v0.154.0
 	github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d
 	github.com/osbuild/pulp-client v0.1.0
 	github.com/prometheus/client_golang v1.20.5
--- a/go.sum
+++ b/go.sum
@ -579,8 +579,8 @@ github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXch
 github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc=
 github.com/osbuild/blueprint v1.6.0 h1:HUV1w/dMxpgqOgVtHhfTZE3zRmWQkuW/qTfx9smKImI=
 github.com/osbuild/blueprint v1.6.0/go.mod h1:0d3dlY8aSJ6jM6NHwBmJFF1VIySsp/GsDpcJQ0yrOqM=
-github.com/osbuild/images v0.151.0 h1:r+8xbz0FGyUskl996eObrgymEqgLWwhtVa23Pj0Zp8U=
-github.com/osbuild/images v0.151.0/go.mod h1:ZiEO1WWKuRvPSaiXsmqn+7krAIZ+qXiiOfBQed0H7lY=
+github.com/osbuild/images v0.154.0 h1:iwQ1rW+xwVYciyWQ/v0XBFx/liG8hTUtie3ZHeGr5gs=
+github.com/osbuild/images v0.154.0/go.mod h1:74L03u6qLwsYA10qGj6n55lBXCCj5wZLXlFl8Pj3ilI=
 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d h1:r9BFPDv0uuA9k1947Jybcxs36c/pTywWS1gjeizvtcQ=
 github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20240814102216-0239db53236d/go.mod h1:zR1iu/hOuf+OQNJlk70tju9IqzzM4ycq0ectkFBm94U=
 github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8=
--- a/osbuild-composer.spec
+++ b/osbuild-composer.spec
@ -8,7 +8,7 @@
 %bcond_with relax_requires

 # The minimum required osbuild version
-%global min_osbuild_version 151
+%global min_osbuild_version 153

 %global goipath         github.com/osbuild/osbuild-composer

--- a/vendor/github.com/osbuild/images/data/dependencies/osbuild
+++ b/vendor/github.com/osbuild/images/data/dependencies/osbuild
@ -1 +1 @@
-151
+153
--- a/vendor/github.com/osbuild/images/pkg/customizations/subscription/subscription.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/subscription/subscription.go
@ -30,13 +30,13 @@ const (

 // Subscription Manager [rhsm] configuration
 type SubManRHSMConfig struct {
-	ManageRepos          *bool
+	ManageRepos          *bool `yaml:"manage_repos,omitempty"`
 	AutoEnableYumPlugins *bool
 }

 // Subscription Manager [rhsmcertd] configuration
 type SubManRHSMCertdConfig struct {
-	AutoRegistration *bool
+	AutoRegistration *bool `yaml:"auto_registration,omitempty"`
 }

 // Subscription Manager 'rhsm.conf' configuration
@ -56,7 +56,7 @@ type SubManDNFPluginsConfig struct {

 type RHSMConfig struct {
 	DnfPlugins SubManDNFPluginsConfig `yaml:"dnf_plugin,omitempty"`
-	YumPlugins SubManDNFPluginsConfig
+	YumPlugins SubManDNFPluginsConfig `yaml:"yum_plugin,omitempty"`
 	SubMan     SubManConfig
 }

--- a/vendor/github.com/osbuild/images/pkg/customizations/wsl/wsl.go
+++ b/vendor/github.com/osbuild/images/pkg/customizations/wsl/wsl.go
@ -0,0 +1,25 @@
+package wsl
+
+type WSLConfig struct {
+	BootSystemd bool `yaml:"boot_systemd,omitempty"`
+}
+
+type WSLDistributionOOBEConfig struct {
+	DefaultUID  *int   `yaml:"default_uid,omitempty"`
+	DefaultName string `yaml:"default_name,omitempty"`
+}
+
+type WSLDistributionShortcutConfig struct {
+	Enabled bool   `yaml:"enabled,omitempty"`
+	Icon    string `yaml:"icon,omitempty"`
+}
+
+type WSLDistributionConfig struct {
+	OOBE     *WSLDistributionOOBEConfig     `yaml:"oobe,omitempty"`
+	Shortcut *WSLDistributionShortcutConfig `yaml:"shortcut,omitempty"`
+}
+
+type WSL struct {
+	Config             *WSLConfig             `yaml:"config,omitempty"`
+	DistributionConfig *WSLDistributionConfig `yaml:"distribution_config,omitempty"`
+}
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/distros.yaml
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/distros.yaml
@ -7,7 +7,7 @@ distros:
    module_platform_id: platform:f43
    product: "Fedora"
    ostree_ref_tmpl: "fedora/43/%s/iot"
-    iso_label_tmpl: "{{.Product}}-{{.OsVersion}}-{{.ImgTypeLabel}}-{{.Arch}}"
+    iso_label_tmpl: "{{.Product}}-{{.OsVersion}}-{{.ISOLabel}}-{{.Arch}}"
    default_fs_type: "ext4"
    defs_path: fedora
    runner: &fedora_runner
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/fedora/distro.yaml
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/fedora/distro.yaml
@ -167,15 +167,18 @@
    additional_dracut_modules:
      - "net-lib"
    squashfs_rootfs: true
-    condition:
-      version_less_than:
-        "42":
-          # config is fully replaced
+    conditions:
+      "f41 uses ifcfg in dract but already a squashfs rootfs":
+        when:
+          version_equal: "41"
+        override:
          additional_dracut_modules:
            - "ifcfg"
          squashfs_rootfs: true
-        "41":
-          # config is fully replaced
+      "f40 and lower uses ifcfg in dracut and no squashfs rootfs":
+        when:
+          version_less_than: "41"
+        override:
          additional_dracut_modules:
            - "ifcfg"
          squashfs_rootfs: false
@ -195,9 +198,11 @@
        - "redboot-auto-reboot"
        - "redboot-task-runner"
      kernel_options: *ostree_deployment_kernel_options
-      condition:
-        version_less_than:
-          "42":
+      conditions:
+        "f41 and below used zezere and parsec":
+          when:
+            version_less_than: "42"
+          merge:
            enabled_services:
              - "NetworkManager.service"
              - "firewalld.service"
@ -532,13 +537,12 @@ image_types:
      default_target: "multi-user.target"
      kernel_options: *cloud_kernel_options
      users:
-        # yamllint disable rule:line-length
        - name: "vagrant"
          # yamllint disable rule:line-length
          key: |
            ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
            ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key
-        # yamllint enable rule:line-length
+          # yamllint enable rule:line-length
      files:
        - path: "/etc/sudoers.d/vagrant"
          user: "root"
@ -823,26 +827,39 @@ image_types:
            - "xfsprogs"
            - "xz"
            - "zram-generator"
-          condition:
-            version_less_than:
-              "41":
+          conditions:
+            "f40 and below use dnsmasq":
+              when:
+                version_less_than: "41"
+              append:
                include:
                  - "dnsmasq"
-              "42":
+            "f41 and below uses parsec/zezere":
+              when:
+                version_less_than: "42"
+              append:
                include:
                  - "dbus-parsec"
                  - "kernel-tools"
                  - "parsec"
                  - "policycoreutils-python-utils"
                  - "zezere-ignition"
-              "43":
+            "f42 and below uses basesystem":
+              when:
+                version_less_than: "43"
+              append:
                include:
                  - "basesystem"
-            version_greater_or_equal:
-              "41":
+            "f41+ needs bootupd":
+              when:
+                version_greater_or_equal: "41"
+              append:
                include:
                  - "bootupd"
-              "43":
+            "f43+ needs the filesystem pkg":
+              when:
+                version_greater_or_equal: "43"
+              append:
                include:
                  - "filesystem"

@ -923,9 +940,11 @@ image_types:
    partition_table:
      <<: *iot_base_partition_tables
    partition_tables_override:
-      condition:
-        version_greater_or_equal:
-          "42":
+      conditions:
+        "conditions for iot-raw-xz":
+          when:
+            version_greater_or_equal: "42"
+          override:
            x86_64:
              <<: *iot_base_partition_table_x86_64
              partitions:
@ -1086,22 +1105,30 @@ image_types:
            - "nodejs"
            - "plymouth"         # for (datacenter/cloud oriented) servers we want to see the details by default.  https:#lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/
            - "systemd-networkd"  # we use NetworkManager
-          condition:
-            architecture:
-              aarch64:
+          conditions:
+            "iot-bootable-container aarch64 extras":
+              when:
+                arch: "aarch64"
+              append:
                include:
                  - "irqbalance"
                  - "ostree-grub2"
                exclude:
                  - "perl"
                  - "perl-interpreter"
-              ppc64le:
+            "iot-bootable-container ppc64le extras":
+              when:
+                arch: "ppc64le"
+              append:
                include:
                  - "irqbalance"
                  - "librtas"
                  - "powerpc-utils-core"
                  - "ppc64-diag-rtas"
-              x86_64:
+            "iot-bootable-container x86_64 extras":
+              when:
+                arch: "x86_64"
+              append:
                include:
                  - "irqbalance"
                exclude:
@ -1157,9 +1184,11 @@ image_types:
        - "sshd.service"
      kernel_options:
        - "rw"
-      condition:
-        version_less_than:
-          "43":
+      conditions:
+        "f42 and below was quite different":
+          when:
+            version_less_than: "43"
+          merge:
            install_weak_deps: true
            mount_units: false
            enabled_services:
@ -1184,16 +1213,20 @@ image_types:
            - "iwlwifi-mvm-firmware"
          exclude:
            - "dracut-config-rescue"
-          condition:
-            architecture:
-              riscv64:
+          conditions:
+            "riscv64 specific pkgs for minimal-raw-xz":
+              when:
+                arch: "riscv64"
+              append:
                include:
                  # missing from @core in riscv64
                  - "dnf5"
                  - "policycoreutils"
                  - "selinux-policy-targeted"
-            version_greater_or_equal:
-              "43":
+            "no firewalld on f43+":
+              when:
+                version_greater_or_equal: "43"
+              append:
                exclude:
                  - "firewalld"
  "minimal-raw-zst":
@ -1374,15 +1407,20 @@ image_types:
            - "metacity"
            - "xrdb"
            - "xz"
-          condition:
-            architecture:
-              x86_64:
+          conditions:
+            "x86_64 specific anaconda pkgs":
+              when:
+                arch: "x86_64"
+              append:
                include:
                  - "biosdevname"
                  - "dmidecode"
                  - "grub2-tools-efi"
                  - "memtest86+"
-              aarch64:
+            "aarch64 specific anaconda pkgs":
+              when:
+                arch: "aarch64"
+              append:
                include:
                  - "dmidecode"

@ -1410,9 +1448,11 @@ image_types:
      <<: *image_config_iot_enabled_services
      locale: "en_US.UTF-8"
      iso_rootfs_type: "squashfs"
-      condition:
-        version_less_than:
-          41:
+      conditions:
+        "f40 and below uses ext4 based iso rootfs":
+          when:
+            version_less_than: "41"
+          merge:
            iso_rootfs_type: "squashfs-ext4"
    package_sets:
      installer:
@ -1443,11 +1483,12 @@ image_types:
    image_config:
      locale: "en_US.UTF-8"
      iso_rootfs_type: "squashfs"
-      condition:
-        version_less_than:
-          41:
+      conditions:
+        "f40 and below uses ext4 based iso rootfs":
+          when:
+            version_less_than: "41"
+          merge:
            iso_rootfs_type: "squashfs-ext4"
-
    package_sets:
      installer:
        - include:
@ -1474,11 +1515,13 @@ image_types:
            - "gfs2-utils"
            - "reiserfs-utils"
            - "sdubby"
-          condition:
-            version_greater_or_equal:
-              # XXX: this was VERSION_RAWHIDE, if we need this again lets add
-              # "alias" to defs.DistroYAML
-              43:
+          conditions:
+            "include anaconda webui in 43+":
+              when:
+                version_greater_or_equal: "43"
+              append:
+                # XXX: this was VERSION_RAWHIDE, if we need this again lets add
+                # "alias" to defs.DistroYAML
                include:
                  - "anaconda-webui"
    platforms:
@ -1511,23 +1554,29 @@ image_types:
        - "net-lib"
        - "dbus-broker"
      squashfs_rootfs: true
-      condition:
-        # on match the config is fully replaced
-        version_less_than:
-          "41":
-            additional_dracut_modules: &additional_dracut_f41
+      conditions:
+        "on f40 we use ifcfg instead of net-lib":
+          when:
+            version_equal: "40"
+          override:
+            additional_dracut_modules: &additional_dracut_f40
              - "ifcfg"
              - "dbus-broker"
            squashfs_rootfs: false
-          "42":
-            additional_dracut_modules: *additional_dracut_f41
+        "on f41 use squashfs_rootfs":
+          when:
+            version_equal: "41"
+          override:
+            additional_dracut_modules: *additional_dracut_f40
            squashfs_rootfs: true
    image_config:
      locale: "en_US.UTF-8"
      iso_rootfs_type: "squashfs"
-      condition:
-        version_less_than:
-          41:
+      conditions:
+        "on f40 and below we used ext4 on squashfs":
+          when:
+            version_less_than: "41"
+          merge:
            iso_rootfs_type: "squashfs-ext4"
    platforms:
      - *x86_64_installer_platform
@ -1608,6 +1657,7 @@ image_types:
    # correct suffix, see:
    # https://learn.microsoft.com/en-us/windows/wsl/build-custom-distro#what-are-wsl-root-filesystem-tar-files
    filename: "image.wsl"
+    compression: "xz"
    mime_type: "application/x-tar"
    image_func: "tar"
    build_pipelines: ["build"]
@ -1618,11 +1668,14 @@ image_types:
      - arch: "x86_64"
    image_config:
      <<: *image_config_container
-      condition:
-        version_less_than:
-          "42":
-            wsl_config:
-              boot_systemd: true
+      conditions:
+        "on f42 and below we use cloud-init instead of wsl-setup":
+          when:
+            version_less_than: "42"
+          merge:
+            wsl:
+              config:
+                boot_systemd: true
            cloud_init:
              - filename: "99_wsl.cfg"
                config:
@ -1672,18 +1725,25 @@ image_types:
            - "trousers"
            - "whois-nls"
            - "xkeyboard-config"
-          condition:
-            version_greater_or_equal:
-              "41":
-                exclude:
-                  - "fuse-libs"
-              "42":
+          conditions:
+            "new f42 use the wsl-setup for setup":
+              when:
+                version_greater_or_equal: "42"
+              append:
                include:
                  - "wsl-setup"
-            version_less_than:
-              "42":
+            "only f41 and below need cloud-init":
+              when:
+                version_less_than: "42"
+              append:
                include:
                  - "cloud-init"
+            "f41+ drops fuse-libs":
+              when:
+                version_greater_or_equal: "41"
+              append:
+                exclude:
+                  - "fuse-libs"

  "iot-simplified-installer":
    filename: "simplified-installer.iso"
@ -1757,9 +1817,11 @@ image_types:
            - "traceroute"
            - "util-linux"
            - "shadow-utils"  # includes passwd
-          condition:
-            version_less_than:
-              "41":
+          conditions:
+            "dnsmasq got deprecated in f41":
+              when:
+                version_less_than: "41"
+              append:
                include:
                  - "dnsmasq"  # deprecated for F41+
    platforms:
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/loader.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/loader.go
@ -11,14 +11,11 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
-	"slices"
 	"sort"
 	"sync"
 	"text/template"

 	"github.com/gobwas/glob"
-	"github.com/hashicorp/go-version"
-	"golang.org/x/exp/maps"
 	"gopkg.in/yaml.v3"

 	"github.com/osbuild/images/internal/common"
@ -85,7 +82,7 @@ type DistroYAML struct {
 	OSTreeRefTmpl    string            `yaml:"ostree_ref_tmpl"`
 	Runner           runner.RunnerConf `yaml:"runner"`

-	// ISOLabelTmpl can contain {{.Product}},{{.OsVersion}},{{.Arch}},{{.ImgTypeLabel}}
+	// ISOLabelTmpl can contain {{.Product}},{{.OsVersion}},{{.Arch}},{{.ISOLabel}}
 	ISOLabelTmpl string `yaml:"iso_label_tmpl"`

 	DefaultFSType disk.FSType `yaml:"default_fs_type"`
@ -186,12 +183,44 @@ type imageTypesYAML struct {
 }

 type distroImageConfig struct {
-	Default   *distro.ImageConfig          `yaml:"default"`
-	Condition *distroImageConfigConditions `yaml:"condition,omitempty"`
+	Default    *distro.ImageConfig                     `yaml:"default"`
+	Conditions map[string]*distroImageConfigConditions `yaml:"conditions,omitempty"`
+}
+
+// multiple whenConditions are considred AND
+type whenCondition struct {
+	DistroName            string `yaml:"distro_name,omitempty"`
+	Architecture          string `yaml:"arch,omitempty"`
+	VersionLessThan       string `yaml:"version_less_than,omitempty"`
+	VersionGreaterOrEqual string `yaml:"version_greater_or_equal,omitempty"`
+	VersionEqual          string `yaml:"version_equal,omitempty"`
+}
+
+func (wc *whenCondition) Eval(id *distro.ID, archStr string) bool {
+	match := true
+
+	if wc.DistroName != "" {
+		match = match && (wc.DistroName == id.Name)
+	}
+	if wc.Architecture != "" {
+		match = match && (wc.Architecture == archStr)
+	}
+	if wc.VersionLessThan != "" {
+		match = match && (common.VersionLessThan(versionStringForVerCmp(*id), wc.VersionLessThan))
+	}
+	if wc.VersionGreaterOrEqual != "" {
+		match = match && (common.VersionGreaterThanOrEqual(versionStringForVerCmp(*id), wc.VersionGreaterOrEqual))
+	}
+	if wc.VersionEqual != "" {
+		match = match && (id.VersionString() == wc.VersionEqual)
+	}
+
+	return match
 }

 type distroImageConfigConditions struct {
-	DistroName map[string]*distro.ImageConfig `yaml:"distro_name,omitempty"`
+	When  whenCondition       `yaml:"when,omitempty"`
+	Merge *distro.ImageConfig `yaml:"merge,omitempty"`
 }

 // XXX: this should eventually implement the "distro.ImageType"
@ -259,78 +288,62 @@ func (it *imageType) Name() string {

 type imageConfig struct {
 	*distro.ImageConfig `yaml:",inline"`
-	Condition           *conditionsImgConf `yaml:"condition,omitempty"`
+	Conditions          map[string]*conditionsImgConf `yaml:"conditions,omitempty"`
 }

 type conditionsImgConf struct {
-	Architecture    map[string]*distro.ImageConfig `yaml:"architecture,omitempty"`
-	DistroName      map[string]*distro.ImageConfig `yaml:"distro_name,omitempty"`
-	VersionLessThan map[string]*distro.ImageConfig `yaml:"version_less_than,omitempty"`
+	When  whenCondition       `yaml:"when,omitempty"`
+	Merge *distro.ImageConfig `yaml:"merge"`
 }

 type installerConfig struct {
 	*distro.InstallerConfig `yaml:",inline"`
-	Condition               *conditionsInstallerConf `yaml:"condition,omitempty"`
+	Conditions              map[string]*conditionsInstallerConf `yaml:"conditions,omitempty"`
 }

 type conditionsInstallerConf struct {
-	Architecture    map[string]*distro.InstallerConfig `yaml:"architecture,omitempty"`
-	DistroName      map[string]*distro.InstallerConfig `yaml:"distro_name,omitempty"`
-	VersionLessThan map[string]*distro.InstallerConfig `yaml:"version_less_than,omitempty"`
+	When     whenCondition           `yaml:"when,omitempty"`
+	Override *distro.InstallerConfig `yaml:"override,omitempty"`
 }

 type packageSet struct {
-	Include   []string          `yaml:"include"`
-	Exclude   []string          `yaml:"exclude"`
-	Condition *pkgSetConditions `yaml:"condition,omitempty"`
+	Include    []string                     `yaml:"include"`
+	Exclude    []string                     `yaml:"exclude"`
+	Conditions map[string]*pkgSetConditions `yaml:"conditions,omitempty"`
 }

 type pkgSetConditions struct {
-	Architecture          map[string]packageSet `yaml:"architecture,omitempty"`
-	VersionLessThan       map[string]packageSet `yaml:"version_less_than,omitempty"`
-	VersionGreaterOrEqual map[string]packageSet `yaml:"version_greater_or_equal,omitempty"`
-	DistroName            map[string]packageSet `yaml:"distro_name,omitempty"`
+	When   whenCondition `yaml:"when,omitempty"`
+	Append struct {
+		Include []string `yaml:"include"`
+		Exclude []string `yaml:"exclude"`
+	} `yaml:"append,omitempty"`
 }

 type partitionTablesOverrides struct {
-	Condition *partitionTablesOverwriteCondition `yaml:"condition"`
+	Conditions map[string]*partitionTablesOverwriteCondition `yaml:"conditions"`
 }

 type partitionTablesOverwriteCondition struct {
-	DistroName            map[string]map[string]*disk.PartitionTable `yaml:"distro_name,omitempty"`
-	VersionGreaterOrEqual map[string]map[string]*disk.PartitionTable `yaml:"version_greater_or_equal,omitempty"`
-	VersionLessThan       map[string]map[string]*disk.PartitionTable `yaml:"version_less_than,omitempty"`
+	When     whenCondition                   `yaml:"when,omitempty"`
+	Override map[string]*disk.PartitionTable `yaml:"override"`
 }

-// XXX: use slices.Backward() once we move to go1.23
-// hint: use "git blame" on this comment and just revert
-// the commit that adds it and you will have the 1.23 version
-func backward[Slice ~[]E, E any](s Slice) []E {
-	out := make([]E, 0, len(s))
-	for i := len(s) - 1; i >= 0; i-- {
-		out = append(out, s[i])
+// versionStringForVerCmp is a special version string for our version
+// compare that will assume that any version with no minor is
+// automatically higher than any compare with a minor version.
+//
+// The rational is that "centos-9" is always higher than any "rhel-9.X"
+// version for our version compare (centos is always "rolling").
+//
+// TODO: this should become an explicit chose in "distro.yaml" but until
+// we have everything converted to generic.Distro accessing the properites
+// from an image type is very hard so we start here.
+func versionStringForVerCmp(u distro.ID) string {
+	if u.MinorVersion == -1 {
+		u.MinorVersion = 999
 	}
-	return out
-}
-
-// XXX: use slices.SortedFunc() once we move to go1.23
-// hint: use "git blame" on this comment and just revert
-// the commit that adds it and you will have the 1.23 version
-func versionLessThanSortedKeys[T any](m map[string]T) []string {
-	versions := maps.Keys(m)
-	slices.SortFunc(versions, func(a, b string) int {
-		ver1 := version.Must(version.NewVersion(a))
-		ver2 := version.Must(version.NewVersion(b))
-		switch {
-		case ver1 == ver2:
-			return 0
-		case ver2.LessThan(ver1):
-			return -1
-		default:
-			return 1
-		}
-	})
-	return versions
+	return u.VersionString()
 }

 // DistroImageConfig returns the distro wide ImageConfig.
@ -343,17 +356,16 @@ func DistroImageConfig(distroNameVer string) (*distro.ImageConfig, error) {
 	}
 	imgConfig := toplevel.ImageConfig.Default

-	cond := toplevel.ImageConfig.Condition
-	if cond != nil {
+	condMap := toplevel.ImageConfig.Conditions
+	if condMap != nil {
 		id, err := distro.ParseID(distroNameVer)
 		if err != nil {
 			return nil, err
 		}
-		// XXX: we shoudl probably use a similar pattern like
-		// for the partition table overrides (via
-		// findElementIndexByJSONTag) but this if fine for now
-		if distroNameCnf, ok := cond.DistroName[id.Name]; ok {
-			imgConfig = distroNameCnf.InheritFrom(imgConfig)
+		for _, cond := range condMap {
+			if cond.When.Eval(id, "") {
+				imgConfig = cond.Merge.InheritFrom(imgConfig)
+			}
 		}
 	}

@ -369,10 +381,6 @@ func PackageSets(it distro.ImageType) (map[string]rpmmd.PackageSet, error) {
 	archName := arch.Name()
 	distribution := arch.Distro()
 	distroNameVer := distribution.Name()
-	id, err := distro.ParseID(distroNameVer)
-	if err != nil {
-		return nil, err
-	}

 	// each imagetype can have multiple package sets, so that we can
 	// use yaml aliases/anchors to de-duplicate them
@ -395,37 +403,17 @@ func PackageSets(it distro.ImageType) (map[string]rpmmd.PackageSet, error) {
 				Exclude: pkgSet.Exclude,
 			})

-			if pkgSet.Condition != nil {
-				// process conditions
-				if archSet, ok := pkgSet.Condition.Architecture[archName]; ok {
-					rpmmdPkgSet = rpmmdPkgSet.Append(rpmmd.PackageSet{
-						Include: archSet.Include,
-						Exclude: archSet.Exclude,
-					})
-				}
-				if distroNameSet, ok := pkgSet.Condition.DistroName[id.Name]; ok {
-					rpmmdPkgSet = rpmmdPkgSet.Append(rpmmd.PackageSet{
-						Include: distroNameSet.Include,
-						Exclude: distroNameSet.Exclude,
-					})
-				}
-				// note that we don't need to order here, as
-				// packageSets are strictly additive the order
-				// is irrelevant
-				for ltVer, ltSet := range pkgSet.Condition.VersionLessThan {
-					if common.VersionLessThan(id.VersionString(), ltVer) {
-						rpmmdPkgSet = rpmmdPkgSet.Append(rpmmd.PackageSet{
-							Include: ltSet.Include,
-							Exclude: ltSet.Exclude,
-						})
-					}
+			if pkgSet.Conditions != nil {
+				id, err := distro.ParseID(distroNameVer)
+				if err != nil {
+					return nil, err
 				}

-				for gteqVer, gteqSet := range pkgSet.Condition.VersionGreaterOrEqual {
-					if common.VersionGreaterThanOrEqual(id.VersionString(), gteqVer) {
+				for _, cond := range pkgSet.Conditions {
+					if cond.When.Eval(id, archName) {
 						rpmmdPkgSet = rpmmdPkgSet.Append(rpmmd.PackageSet{
-							Include: gteqSet.Include,
-							Exclude: gteqSet.Exclude,
+							Include: cond.Append.Include,
+							Exclude: cond.Append.Exclude,
 						})
 					}
 				}
@ -465,33 +453,13 @@ func PartitionTable(it distro.ImageType) (*disk.PartitionTable, error) {
 	}

 	if imgType.PartitionTablesOverrides != nil {
-		cond := imgType.PartitionTablesOverrides.Condition
 		id, err := distro.ParseID(it.Arch().Distro().Name())
 		if err != nil {
 			return nil, err
 		}
-
-		for _, ltVer := range versionLessThanSortedKeys(cond.VersionLessThan) {
-			ltOverrides := cond.VersionLessThan[ltVer]
-			if common.VersionLessThan(id.VersionString(), ltVer) {
-				if newPt, ok := ltOverrides[archName]; ok {
-					pt = newPt
-				}
-			}
-		}
-
-		for _, gteqVer := range backward(versionLessThanSortedKeys(cond.VersionGreaterOrEqual)) {
-			geOverrides := cond.VersionGreaterOrEqual[gteqVer]
-			if common.VersionGreaterThanOrEqual(id.VersionString(), gteqVer) {
-				if newPt, ok := geOverrides[archName]; ok {
-					pt = newPt
-				}
-			}
-		}
-
-		if distroNameOverrides, ok := cond.DistroName[id.Name]; ok {
-			if newPt, ok := distroNameOverrides[archName]; ok {
-				pt = newPt
+		for _, cond := range imgType.PartitionTablesOverrides.Conditions {
+			if cond.When.Eval(id, archName) {
+				pt = cond.Override[archName]
 			}
 		}
 	}
@ -612,23 +580,15 @@ func ImageConfig(distroNameVer, archName, typeName string) (*distro.ImageConfig,
 		return nil, fmt.Errorf("%w: %q", ErrImageTypeNotFound, typeName)
 	}
 	imgConfig := imgType.ImageConfig.ImageConfig
-	cond := imgType.ImageConfig.Condition
-	if cond != nil {
+	if imgType.ImageConfig.Conditions != nil {
 		id, err := distro.ParseID(distroNameVer)
 		if err != nil {
 			return nil, err
 		}

-		if distroNameCnf, ok := cond.DistroName[id.Name]; ok {
-			imgConfig = distroNameCnf.InheritFrom(imgConfig)
-		}
-		if archCnf, ok := cond.Architecture[archName]; ok {
-			imgConfig = archCnf.InheritFrom(imgConfig)
-		}
-		for _, ltVer := range versionLessThanSortedKeys(cond.VersionLessThan) {
-			ltOverrides := cond.VersionLessThan[ltVer]
-			if common.VersionLessThan(id.VersionString(), ltVer) {
-				imgConfig = ltOverrides.InheritFrom(imgConfig)
+		for _, cond := range imgType.ImageConfig.Conditions {
+			if cond.When.Eval(id, archName) {
+				imgConfig = cond.Merge.InheritFrom(imgConfig)
 			}
 		}
 	}
@ -636,18 +596,6 @@ func ImageConfig(distroNameVer, archName, typeName string) (*distro.ImageConfig,
 	return imgConfig, nil
 }

-// nNonEmpty returns the number of non-empty maps in the given
-// input
-func nNonEmpty[K comparable, V any](maps ...map[K]V) int {
-	var nonEmpty int
-	for _, m := range maps {
-		if len(m) > 0 {
-			nonEmpty++
-		}
-	}
-	return nonEmpty
-}
-
 // InstallerConfig returns the InstallerConfig for the given imgType
 // Note that on conditions the InstallerConfig is fully replaced, do
 // any merging in YAML
@ -661,27 +609,14 @@ func InstallerConfig(distroNameVer, archName, typeName string) (*distro.Installe
 		return nil, fmt.Errorf("%w: %q", ErrImageTypeNotFound, typeName)
 	}
 	installerConfig := imgType.InstallerConfig.InstallerConfig
-	cond := imgType.InstallerConfig.Condition
-	if cond != nil {
-		if nNonEmpty(cond.DistroName, cond.Architecture, cond.VersionLessThan) > 1 {
-			return nil, fmt.Errorf("only a single conditional allowed in installer config for %v", typeName)
-		}
-
-		id, err := distro.ParseID(distroNameVer)
-		if err != nil {
-			return nil, err
-		}
-
-		if distroNameCnf, ok := cond.DistroName[id.Name]; ok {
-			installerConfig = distroNameCnf
-		}
-		if archCnf, ok := cond.Architecture[archName]; ok {
-			installerConfig = archCnf
-		}
-		for _, ltVer := range versionLessThanSortedKeys(cond.VersionLessThan) {
-			ltOverrides := cond.VersionLessThan[ltVer]
-			if common.VersionLessThan(id.VersionString(), ltVer) {
-				installerConfig = ltOverrides
+	if imgType.InstallerConfig.Conditions != nil {
+		for _, cond := range imgType.InstallerConfig.Conditions {
+			id, err := distro.ParseID(distroNameVer)
+			if err != nil {
+				return nil, err
+			}
+			if cond.When.Eval(id, archName) {
+				installerConfig = cond.Override
 			}
 		}
 	}
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-10/distro.yaml
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-10/distro.yaml
@ -17,12 +17,17 @@
      - "tar"
      - "xfsprogs"
      - "xz"
-    condition:
-      architecture:
-        x86_64:
+    conditions:
+      "x86_64 specific packages for build pkgsset":
+        when:
+          arch: "x86_64"
+        append:
          include:
            - "grub2-pc"
-        ppc64el:
+      "ppc64le specific packages for build pkgsset":
+        when:
+          arch: "ppc64le"
+        append:
          include:
            - "grub2-ppc64le"
            - "grub2-ppc64le-modules"
@ -181,9 +186,11 @@
      - "nss-softokn"

  anaconda_boot_pkgset: &anaconda_boot_pkgset
-    condition:
-      architecture:
-        x86_64:
+    conditions:
+      "x86 specific packages for the anaconda boot pkgset":
+        when:
+          arch: "x86_64"
+        append:
          include:
            # eficommon
            - "efibootmgr"
@ -200,7 +207,10 @@
            - "shim-x64"
            - "syslinux"
            - "syslinux-nonlinux"
-        aarch64:
+      "aarch64 specific packages for the anaconda boot pkgset":
+        when:
+          arch: "aarch64"
+        append:
          include:
            # eficommon
            - "efibootmgr"
@ -460,13 +470,17 @@
          "unmanaged-devices":
            - "driver:mlx4_core"
            - "driver:mlx5_core"
-    condition:
-      distro_name:
-        rhel:
+    conditions:
+      "rhel needs the rhel release rpm gpg key":
+        when:
+          distro_name: "rhel"
+        merge:
          gpgkey_files:
            - "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
-      architecture:
-        x86_64:
+      "x86_64 specific kernel commandline":
+        when:
+          arch: "x86_64"
+        merge:
          kernel_options:
            # common
            - "ro"
@ -477,7 +491,10 @@
            - "console=ttyS0"
            - "earlyprintk=ttyS0"
            - "rootdelay=300"
-        aarch64:
+      "aarch64 specific kernel commandline":
+        when:
+          arch: "aarch64"
+        merge:
          kernel_options:
            # common
            - "ro"
@ -497,9 +514,11 @@ image_config:
      no_zero_conf: true
    timezone: "UTC"
    update_default_kernel: true
-  condition:
-    distro_name:
-      centos:
+  conditions:
+    "centos oscap datastream path":
+      when:
+        distro_name: "centos"
+      merge:
        default_oscap_datastream: "/usr/share/xml/scap/ssg/content/ssg-cs10-ds.xml"

 image_types:
@ -547,19 +566,23 @@ image_types:
            - "tuned"
          exclude:
            - "dracut-config-rescue"
-          condition:
-            distro_name:
-              rhel:
+          conditions:
+            "add subscription-manager-cockpit on rhel":
+              when:
+                distro_name: "rhel"
+              append:
                include:
                  - "subscription-manager-cockpit"

  qcow2: &qcow2
-    image_config:
+    image_config: &qcow2_image_config
      default_target: "multi-user.target"
      kernel_options: ["console=tty0", "console=ttyS0,115200n8", "no_timer_check"]
-      condition:
-        distro_name:
-          rhel:
+      conditions:
+        "tweak the rhsm config on rhel":
+          when:
+            distro_name: "rhel"
+          merge:
            rhsm_config:
              "no-subscription":
                dnf_plugin:
@ -571,7 +594,8 @@ image_types:
      <<: *default_partition_tables
    package_sets:
      os:
-        - include:
+        - &qcow2_pkgset
+          include:
            - "@core"
            - "chrony"
            - "cloud-init"
@ -627,13 +651,34 @@ image_types:
            - "plymouth"
            - "rng-tools"
            - "udisks2"
-          condition:
-            distro_name:
-              rhel:
+          conditions:
+            "add insights pkgs on rhel":
+              when:
+                distro_name: "rhel"
+              append:
                include:
                  - "insights-client"
                  - "subscription-manager-cockpit"

+  "vagrant-libvirt":
+    <<: *qcow2
+    image_config:
+      <<: *qcow2_image_config
+      users:
+        - name: "vagrant"
+          # yamllint disable rule:line-length
+          key: |
+            ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+            ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key
+          # yamllint enable rule:line-length
+      files:
+        - path: "/etc/sudoers.d/vagrant"
+          user: "root"
+          group: "root"
+          mode: 440
+          data: |
+            vagrant ALL=(ALL) NOPASSWD: ALL
+
  oci: *qcow2

  vhd: &vhd
@ -739,9 +784,11 @@ image_types:
            - "rhnlib"
            - "rhnsd"
            - "usb_modeswitch"
-          condition:
-            distro_name:
-              rhel:
+          conditions: &conditions_pkgsets_insights_client_on_rhel
+            "add insights client on rhel":
+              when:
+                distro_name: "rhel"
+              append:
                include:
                  - "insights-client"

@ -949,22 +996,31 @@ image_types:
      sshd_config:
        config:
          PasswordAuthentication: false
-      condition:
-        architecture:
-          x86_64: &ami_image_config_cond_x86_64
+      conditions: &ami_image_config_cond
+        "we need dracut conf with nvme/xen on x86":
+          when:
+            arch: "x86_64"
+          merge:
            dracut_conf:
              - filename: "ec2.conf"
                config:
                  add_drivers:
                    - "nvme"
                    - "xen-blkfront"
+        "x86_64 specific kopts":
+          when:
+            arch: "x86_64"
+          merge:
            # TODO: move these to the EC2 environment
            kernel_options:
              # common
              - "console=tty0"
              - "console=ttyS0,115200n8"
              - "nvme_core.io_timeout=4294967295"
-          aarch64:
+        "aarch64 specific kopts":
+          when:
+            arch: "aarch64"
+          merge:
            # TODO: move these to the EC2 environment
            kernel_options:
              # XXX: duplicated with above x86_64 kernel defaults
@ -1027,11 +1083,8 @@ image_types:
            - "dracut-config-rescue"
            # RHBZ#2075815
            - "qemu-guest-agent"
-          condition:
-            distro_name:
-              rhel:
-                include:
-                  - "insights-client"
+          conditions:
+            <<: *conditions_pkgsets_insights_client_on_rhel

  ec2: *ami

@ -1053,11 +1106,15 @@ image_types:
        - *sap_pkgset
    image_config:
      <<: [*ami_image_config, *sap_image_config]
-      condition:
-        architecture:
-          x86_64:
-            # XXX: this shows that merging at the yaml level is tricky
-            <<: *ami_image_config_cond_x86_64
+      conditions:
+        <<: *ami_image_config_cond
+        # this needs to override the original ami key because
+        # we want everything from the ami config *except* the
+        # kernel comandline
+        "x86_64 specific kopts":
+          when:
+            arch: "x86_64"
+          merge:
            kernel_options:
              # XXX: duplicated with ami.image_config.kernel_options :(
              - "console=tty0"
@ -1078,8 +1135,55 @@ image_types:
            network:
              config: "disabled"
      no_selinux: true
-      wsl_config:
-        boot_systemd: true
+      wsl: &wsl_config
+        config:
+          boot_systemd: true
+        distribution_config: &wsl_distribution_config
+          shortcut:
+            enabled: true
+            icon: /usr/share/pixmaps/fedora-logo.ico
+          oobe: &wsl_distribution_oobe_config
+            default_uid: 1000
+      conditions:
+        "wsl config for rhel":
+          when:
+            distro_name: "rhel"
+          merge:
+            wsl:
+              <<: *wsl_config
+              distribution_config:
+                <<: *wsl_distribution_config
+                oobe:
+                  <<: *wsl_distribution_oobe_config
+                  default_name: RedHatEnterpriseLinux-%s
+        "wsl config for centos":
+          when:
+            distro_name: "centos"
+          merge:
+            wsl:
+              <<: *wsl_config
+              distribution_config:
+                <<: *wsl_distribution_config
+                oobe:
+                  <<: *wsl_distribution_oobe_config
+                  default_name: CentOS-%s
+        "wsl config for almalinux":
+          when:
+            distro_name: "almalinux"
+          merge:
+            wsl: &wsl_distribution_config_almalinux
+              <<: *wsl_config
+              distribution_config:
+                <<: *wsl_distribution_config
+                oobe:
+                  <<: *wsl_distribution_oobe_config
+                  default_name: AlmaLinux-%s
+        "wsl config for almalinuxkitten":
+          when:
+            distro_name: "almalinux_kitten"
+          merge:
+            wsl:
+              <<: *wsl_distribution_config_almalinux
    package_sets:
      os:
        - include:
@ -1113,6 +1217,7 @@ image_types:
            - "procps-ng"
            - "python3"
            - "python3-inotify"
+            - "redhat-logos"
            - "redhat-release"
            - "rootfiles"
            - "rpm"
@ -1252,15 +1357,20 @@ image_types:
            - "xfsdump"
            - "xfsprogs"
            - "xz"
-          condition:
-            architecture:
-              x86_64:
+          conditions:
+            "x86_64 specific pkgs for image installer":
+              when:
+                arch: "x86_64"
+              append:
                include:
                  - "biosdevname"
                  - "dmidecode"
                  - "grub2-tools-efi"
                  - "memtest86+"
-              aarch64:
+            "aarch64 specific pkgs for image installer":
+              when:
+                arch: "aarch64"
+              append:
                include:
                  - "dmidecode"

@ -1416,11 +1526,8 @@ image_types:
            - "zd1211-firmware"
            # RHBZ#2075815
            - "qemu-guest-agent"
-          condition:
-            distro_name:
-              rhel:
-                include:
-                  - "insights-client"
+          conditions:
+            <<: *conditions_pkgsets_insights_client_on_rhel

  "azure-cvm":
    image_config:
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-7/distro.yaml
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-7/distro.yaml
@ -38,9 +38,11 @@
      - "mariadb-libs"
      - "NetworkManager-config-server"
      - "postfix"
-    condition:
-      distro_name:
-        "rhel":
+    conditions: &conditions_for_insights_client
+      "add insights client on rhel":
+        when:
+          distro_name: "rhel"
+        append:
          include:
            - "insights-client"

@ -247,8 +249,5 @@ image_types:
            - "libertas-sd8686-firmware"
            - "libertas-sd8787-firmware"
            - "libertas-usb8388-firmware"
-          condition:
-            distro_name:
-              "rhel":
-                include:
-                  - "insights-client"
+          conditions:
+            <<: *conditions_for_insights_client
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-8/distro.yaml
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-8/distro.yaml
--- a/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-9/distro.yaml
+++ b/vendor/github.com/osbuild/images/pkg/distro/defs/rhel-9/distro.yaml
@ -17,16 +17,30 @@
      - "tar"
      - "xfsprogs"
      - "xz"
-    condition:
-      architecture:
-        x86_64:
+    conditions:
+      "x86_64 specific packages for build pkgsset":
+        when:
+          arch: "x86_64"
+        append:
          include:
            - "grub2-pc"
-        ppc64el:
+      "ppc64le specific packages for build pkgsset":
+        when:
+          arch: "ppc64le"
+        append:
          include:
            - "grub2-ppc64le"
            - "grub2-ppc64le-modules"

+  common_conditions:
+    conditions: &conditions_pkgsets_insights_client_on_rhel
+      "add insights client on rhel":
+        when:
+          distro_name: "rhel"
+        append:
+          include:
+            - "insights-client"
+
  ec2_base_pkgset: &ec2_base_pkgset
    include:
      - "@core"
@ -78,13 +92,12 @@
      - "dracut-config-rescue"
      # RHBZ#2075815
      - "qemu-guest-agent"
-    condition:
-      distro_name:
-        rhel:
-          include:
-            - "insights-client"
-      version_greater_or_equal:
-        "9.6":
+    conditions:
+      <<: *conditions_pkgsets_insights_client_on_rhel
+      "rhel-9.6+ gets system-reinstall-bootc":
+        when:
+          version_greater_or_equal: "9.6"
+        append:
          include:
            - "system-reinstall-bootc"

@ -178,16 +191,20 @@
      # pipeline.
      - "mdadm"
      - "nss-softokn"
-    condition:
-      architecture:
-        x86_64:
+    conditions:
+      "x86_64 specific installer packages":
+        when:
+          arch: "x86_64"
+        append:
          include:
            - "biosdevname"

  anaconda_boot_pkgset: &anaconda_boot_pkgset
-    condition:
-      architecture:
-        x86_64:
+    conditions:
+      "x86 specific packages for the anaconda boot pkgset":
+        when:
+          arch: "x86_64"
+        append:
          include:
            # eficommon
            - "efibootmgr"
@ -204,7 +221,10 @@
            - "shim-x64"
            - "syslinux"
            - "syslinux-nonlinux"
-        aarch64:
+      "aarch64 specific packages for the anaconda boot pkgset":
+        when:
+          arch: "aarch64"
+        append:
          include:
            # eficommon
            - "efibootmgr"
@ -354,15 +374,20 @@
      - "xorg-x11-server-Xorg"
      - "xorg-x11-xauth"
      - "xz"
-    condition:
-      architecture:
-        x86_64:
+    conditions:
+      "x86 specific packages for the anaconda pkgset":
+        when:
+          arch: "x86_64"
+        append:
          include:
            - "biosdevname"
            - "dmidecode"
            - "grub2-tools-efi"
            - "memtest86+"
-        aarch64:
+      "aarch64 specific packages for the anaconda pkgset":
+        when:
+          arch: "aarch64"
+        append:
          include:
            - "dmidecode"

@ -488,9 +513,11 @@
            bootable: true

    ec2_partition_tables_override: &ec2_partition_tables_override
-      condition:
-        version_less_than:
-          "9.3":
+      conditions:
+        "rhel-9.2 and below have no efi partition":
+          when:
+            version_less_than: "9.3"
+          override:
            x86_64:
              <<: *default_partition_table_x86_64
              partitions:
@ -498,19 +525,8 @@
                # note no boot efi
                - *default_partition_table_part_boot
                - *default_partition_table_part_root
-        distro_name:
-          # we need this override to ensure that centos always gets
-          # the latest partition-tables, othersie "centos-9" is
-          # less then "9 <= 9.3"
-          "centos":
-            x86_64:
-              <<: *default_partition_table_x86_64
            aarch64:
              <<: *default_partition_table_aarch64
-            ppc64le:
-              <<: *default_partition_table_ppc64le
-            s390x:
-              <<: *default_partition_table_s390x

 image_config:
  default:
@ -523,9 +539,11 @@ image_config:
      no_zero_conf: true
    timezone: "America/New_York"
    update_default_kernel: true
-  condition:
-    distro_name:
-      centos:
+  conditions:
+    "oscap needs a differnt path on centos":
+      when:
+        distro_name: "centos"
+      merge:
        default_oscap_datastream: "/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml"

 image_types:
@ -575,9 +593,11 @@ image_types:
            - "tuned"
          exclude:
            - "dracut-config-rescue"
-          condition:
-            distro_name:
-              rhel:
+          conditions: &conditions_subscription_manager_cockpit
+            "add subscription-manager-cockpit on rhel":
+              when:
+                distro_name: "rhel"
+              append:
                include:
                  - "subscription-manager-cockpit"

@ -644,9 +664,11 @@ image_types:
            - "plymouth"
            - "rng-tools"
            - "udisks2"
-          condition:
-            distro_name:
-              rhel:
+          conditions: &conditions_pkgsets_insigths_pkgs
+            "add insights pkgs on rhel":
+              when:
+                distro_name: "rhel"
+              append:
                include:
                  - "insights-client"
                  - "subscription-manager-cockpit"
@ -729,13 +751,12 @@ image_types:
            - "rhnlib"
            - "rhnsd"
            - "usb_modeswitch"
-          condition:
-            distro_name:
-              rhel:
-                include:
-                  - "insights-client"
-            version_greater_or_equal:
-              "9.6":
+          conditions:
+            <<: *conditions_pkgsets_insights_client_on_rhel
+            "rhel-9.6+ gets system-reinstall-bootc and drops microcode_ctl":
+              when:
+                version_greater_or_equal: "9.6"
+              append:
                include:
                  - "system-reinstall-bootc"
                exclude:
@ -955,11 +976,8 @@ image_types:
            - "zd1211-firmware"
            # RHBZ#2075815
            - "qemu-guest-agent"
-          condition:
-            distro_name:
-              rhel:
-                include:
-                  - "insights-client"
+          conditions:
+            <<: *conditions_pkgsets_insights_client_on_rhel

  "minimal-raw":
    package_sets:
@ -1072,9 +1090,11 @@ image_types:
          exclude:
            - "rng-tools"
            - "bootupd"
-          condition:
-            architecture:
-              x86_64: &edge_commit_x86_64_pkgset
+          conditions: &conditions_pkgsets_edge_commit
+            "x86_64 specific packages for edge-commit":
+              when:
+                arch: "x86_64"
+              append: &edge_commit_x86_64_pkgset
                include:
                  - "grub2"
                  - "grub2-efi-x64"
@ -1092,27 +1112,27 @@ image_types:
                  - "iwl5150-firmware"
                  - "iwl6050-firmware"
                  - "iwl7260-firmware"
-              aarch64: &edge_commit_aarch64_pkgset
+            "aarch64 specific packages for edge-commit":
+              when:
+                arch: "aarch64"
+              append: &edge_commit_aarch64_pkgset
                include:
                  - "grub2-efi-aa64"
                  - "efibootmgr"
                  - "shim-aa64"
                  - "iwl7260-firmware"
-            distro_name:
-              centos:
-                include:
-                  # XXX: duplicated to >= rhel-9.2
-                  - "ignition"
-                  - "ignition-edge"
-                  - "ssh-key-dir"
-            version_greater_or_equal:
-              "9.2":
+            "rhel-9.2+ gets ignition":
+              when:
+                version_greater_or_equal: "9.2"
+              append:
                include:
                  - "ignition"
                  - "ignition-edge"
                  - "ssh-key-dir"
-            version_less_than:
-              "9.6":
+            "rhel-9.5 and below includes dnsmasq":
+              when:
+                version_less_than: "9.6"
+              append:
                include:
                  # dnsmasq removed in 9.6+ but kept in older versions
                  - "dnsmasq"
@ -1176,12 +1196,19 @@ image_types:
            - "sudo"
            - "traceroute"
            - "util-linux"
-          condition:
-            architecture:
-              x86_64:
-                *edge_commit_x86_64_pkgset
-              aarch64:
-                *edge_commit_aarch64_pkgset
+          conditions:
+            # XXX: should we instead "<<: *conditions_edge_commit" here?
+            # it will give different results
+            "x86_64 specific pkgset for edge-simplified-installer":
+              when:
+                arch: "x86_64"
+              append:
+                <<: *edge_commit_x86_64_pkgset
+            "aarch64 specific pkgset for edge-simplified-installer":
+              when:
+                arch: "aarch64"
+              append:
+                <<: *edge_commit_aarch64_pkgset

  "azure-cvm":
    package_sets:
--- a/vendor/github.com/osbuild/images/pkg/distro/generic/distro.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/generic/distro.go
@ -51,18 +51,18 @@ type distribution struct {
 func (d *distribution) getISOLabelFunc(isoLabel string) isoLabelFunc {
 	return func(t *imageType) string {
 		type inputs struct {
-			Product      string
-			OsVersion    string
-			Arch         string
-			ImgTypeLabel string
+			Product   string
+			OsVersion string
+			Arch      string
+			ISOLabel  string
 		}
 		templ := common.Must(template.New("iso-label").Parse(d.DistroYAML.ISOLabelTmpl))
 		var buf bytes.Buffer
 		err := templ.Execute(&buf, inputs{
-			Product:      t.Arch().Distro().Product(),
-			OsVersion:    t.Arch().Distro().OsVersion(),
-			Arch:         t.Arch().Name(),
-			ImgTypeLabel: isoLabel,
+			Product:   t.Arch().Distro().Product(),
+			OsVersion: t.Arch().Distro().OsVersion(),
+			Arch:      t.Arch().Name(),
+			ISOLabel:  isoLabel,
 		})
 		if err != nil {
 			// XXX: cleanup isoLabelFunc to allow error
--- a/vendor/github.com/osbuild/images/pkg/distro/generic/images.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/generic/images.go
@ -226,9 +226,13 @@ func osCustomizations(t *imageType, osPackageSet rpmmd.PackageSet, containers []
 	osc.SshdConfig = imageConfig.SshdConfig
 	osc.AuthConfig = imageConfig.Authconfig
 	osc.PwQuality = imageConfig.PwQuality
-	osc.WSLConfig = imageConfig.WSLConfStageOptions()
 	osc.NetworkManager = imageConfig.NetworkManager

+	if imageConfig.WSL != nil {
+		osc.WSLConfig = osbuild.NewWSLConfStageOptions(imageConfig.WSL.Config)
+		osc.WSLDistributionConfig = osbuild.NewWSLDistributionConfStageOptions(imageConfig.WSL.DistributionConfig)
+	}
+
 	osc.Files = append(osc.Files, imageConfig.Files...)
 	osc.Directories = append(osc.Directories, imageConfig.Directories...)

@ -379,8 +383,12 @@ func tarImage(workload workload.Workload,
 		return nil, err
 	}

+	d := t.arch.distro
+
 	img.Environment = &t.ImageTypeYAML.Environment
 	img.Workload = workload
+	img.Compression = t.ImageTypeYAML.Compression
+	img.OSVersion = d.OsVersion()

 	img.Filename = t.Filename()

@ -431,7 +439,7 @@ func liveInstallerImage(workload workload.Workload,
 	img.Product = d.Product()
 	img.Variant = "Workstation"
 	img.OSVersion = d.OsVersion()
-	img.Release = fmt.Sprintf("%s %s", d.DistroYAML.Product, d.OsVersion())
+	img.Release = fmt.Sprintf("%s %s", d.Product(), d.OsVersion())
 	img.Preview = d.DistroYAML.Preview

 	var err error
@ -537,10 +545,10 @@ func imageInstallerImage(workload workload.Workload,

 	d := t.arch.distro

-	img.Product = d.DistroYAML.Product
+	img.Product = d.Product()

 	img.OSVersion = d.OsVersion()
-	img.Release = fmt.Sprintf("%s %s", d.DistroYAML.Product, d.OsVersion())
+	img.Release = fmt.Sprintf("%s %s", d.Product(), d.OsVersion())
 	img.Variant = t.Variant
 	img.Preview = d.DistroYAML.Preview

@ -765,10 +773,10 @@ func iotInstallerImage(workload workload.Workload,
 	// On Fedora anaconda needs dbus-broker, but isn't added when dracut runs.
 	img.AdditionalDracutModules = append(img.AdditionalDracutModules, "dbus-broker")

-	img.Product = d.DistroYAML.Product
+	img.Product = d.Product()
 	img.Variant = "IoT"
 	img.OSVersion = d.OsVersion()
-	img.Release = fmt.Sprintf("%s %s", d.DistroYAML.Product, d.OsVersion())
+	img.Release = fmt.Sprintf("%s %s", d.Product(), d.OsVersion())
 	img.Preview = d.DistroYAML.Preview

 	img.ISOLabel, err = t.ISOLabel()
@ -907,7 +915,7 @@ func iotSimplifiedInstallerImage(workload workload.Workload,
 	img.AdditionalDracutModules = append(img.AdditionalDracutModules, "dbus-broker")

 	d := t.arch.distro
-	img.Product = d.DistroYAML.Product
+	img.Product = d.Product()
 	img.Variant = "IoT"
 	img.OSName = t.OSTree.Name
 	img.OSVersion = d.OsVersion()
--- a/vendor/github.com/osbuild/images/pkg/distro/image_config.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/image_config.go
@ -9,6 +9,7 @@ import (
 	"github.com/osbuild/images/pkg/customizations/shell"
 	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/customizations/users"
+	"github.com/osbuild/images/pkg/customizations/wsl"
 	"github.com/osbuild/images/pkg/manifest"
 	"github.com/osbuild/images/pkg/osbuild"
 )
@ -49,12 +50,12 @@ type ImageConfig struct {

 	// Do not use. Forces auto-relabelling on first boot.
 	// See https://github.com/osbuild/osbuild/commit/52cb27631b587c1df177cd17625c5b473e1e85d2
-	SELinuxForceRelabel *bool
+	SELinuxForceRelabel *bool `yaml:"selinux_force_relabel"`

 	// Disable documentation
 	ExcludeDocs *bool `yaml:"exclude_docs,omitempty"`

-	ShellInit []shell.InitFile
+	ShellInit []shell.InitFile `yaml:"shell_init,omitempty"`

 	// for RHSM configuration, we need to potentially distinguish the case
 	// when the user want the image to be subscribed on first boot and when not
@ -79,14 +80,14 @@ type ImageConfig struct {
 	WAAgentConfig       *osbuild.WAAgentConfStageOptions        `yaml:"waagent_config,omitempty"`
 	Grub2Config         *osbuild.GRUB2Config                    `yaml:"grub2_config,omitempty"`
 	DNFAutomaticConfig  *osbuild.DNFAutomaticConfigStageOptions `yaml:"dnf_automatic_config"`
-	YumConfig           *osbuild.YumConfigStageOptions
-	YUMRepos            []*osbuild.YumReposStageOptions `yaml:"yum_repos,omitempty"`
+	YumConfig           *osbuild.YumConfigStageOptions          `yaml:"yum_config,omitempty"`
+	YUMRepos            []*osbuild.YumReposStageOptions         `yaml:"yum_repos,omitempty"`
 	Firewall            *osbuild.FirewallStageOptions
 	UdevRules           *osbuild.UdevRulesStageOptions      `yaml:"udev_rules,omitempty"`
 	GCPGuestAgentConfig *osbuild.GcpGuestAgentConfigOptions `yaml:"gcp_guest_agent_config,omitempty"`
 	NetworkManager      *osbuild.NMConfStageOptions         `yaml:"network_manager,omitempty"`

-	WSLConfig *WSLConfig `yaml:"wsl_config,omitempty"`
+	WSL *wsl.WSL `yaml:"wsl,omitempty"`

 	Users []users.User

@ -143,10 +144,6 @@ type DNFConfig struct {
 	SetReleaseVerVar *bool `yaml:"set_release_ver_var"`
 }

-type WSLConfig struct {
-	BootSystemd bool `yaml:"boot_systemd,omitempty"`
-}
-
 // InheritFrom inherits unset values from the provided parent configuration and
 // returns a new structure instance, which is a result of the inheritance.
 func (c *ImageConfig) InheritFrom(parentConfig *ImageConfig) *ImageConfig {
@ -204,17 +201,6 @@ func (c *ImageConfig) DNFConfigOptions(osVersion string) []*osbuild.DNFConfigSta
 	}
 }

-func (c *ImageConfig) WSLConfStageOptions() *osbuild.WSLConfStageOptions {
-	if c.WSLConfig == nil {
-		return nil
-	}
-	return &osbuild.WSLConfStageOptions{
-		Boot: osbuild.WSLConfBootOptions{
-			Systemd: c.WSLConfig.BootSystemd,
-		},
-	}
-}
-
 type Sysconfig struct {
 	Networking bool `yaml:"networking,omitempty"`
 	NoZeroConf bool `yaml:"no_zero_conf,omitempty"`
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go
@ -282,9 +282,13 @@ func osCustomizations(
 	osc.WAAgentConfig = imageConfig.WAAgentConfig
 	osc.UdevRules = imageConfig.UdevRules
 	osc.GCPGuestAgentConfig = imageConfig.GCPGuestAgentConfig
-	osc.WSLConfig = imageConfig.WSLConfStageOptions()
 	osc.NetworkManager = imageConfig.NetworkManager

+	if imageConfig.WSL != nil {
+		osc.WSLConfig = osbuild.NewWSLConfStageOptions(imageConfig.WSL.Config)
+		osc.WSLDistributionConfig = osbuild.NewWSLDistributionConfStageOptions(imageConfig.WSL.DistributionConfig)
+	}
+
 	osc.Files = append(osc.Files, imageConfig.Files...)
 	osc.Directories = append(osc.Directories, imageConfig.Directories...)

@ -818,6 +822,8 @@ func TarImage(workload workload.Workload,

 	img.Environment = t.Environment
 	img.Workload = workload
+	img.Compression = t.Compression
+	img.OSVersion = t.Arch().Distro().OsVersion()

 	img.Filename = t.Filename()

--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/distro.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/distro.go
@ -109,6 +109,17 @@ func newDistro(name string, major, minor int) *rhel.Distribution {
 		mkOVAImgType(rd),
 	)

+	x86_64.AddImageTypes(
+		&platform.X86{
+			BIOS:       true,
+			UEFIVendor: rd.Vendor(),
+			BasePlatform: platform.BasePlatform{
+				ImageFormat: platform.FORMAT_VAGRANT_LIBVIRT,
+			},
+		},
+		mkVagrantLibvirtImgType(rd, arch.ARCH_X86_64),
+	)
+
 	x86_64.AddImageTypes(
 		&platform.X86{},
 		mkTarImgType(),
@ -132,6 +143,16 @@ func newDistro(name string, major, minor int) *rhel.Distribution {
 		mkQcow2ImgType(rd, arch.ARCH_AARCH64),
 	)

+	aarch64.AddImageTypes(
+		&platform.Aarch64{
+			UEFIVendor: rd.Vendor(),
+			BasePlatform: platform.BasePlatform{
+				ImageFormat: platform.FORMAT_VAGRANT_LIBVIRT,
+			},
+		},
+		mkVagrantLibvirtImgType(rd, arch.ARCH_AARCH64),
+	)
+
 	ppc64le.AddImageTypes(
 		&platform.PPC64LE{
 			BIOS: true,
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/vagrant.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/vagrant.go
@ -0,0 +1,27 @@
+package rhel10
+
+import (
+	"github.com/osbuild/images/pkg/arch"
+	"github.com/osbuild/images/pkg/datasizes"
+	"github.com/osbuild/images/pkg/distro/rhel"
+)
+
+func mkVagrantLibvirtImgType(d *rhel.Distribution, a arch.Arch) *rhel.ImageType {
+	it := rhel.NewImageType(
+		"vagrant-libvirt",
+		"vagrant-libvirt.box",
+		"application/x-tar",
+		packageSetLoader,
+		rhel.DiskImage,
+		[]string{"build"},
+		[]string{"os", "image", "vagrant", "archive"},
+		[]string{"archive"},
+	)
+
+	it.DefaultImageConfig = imageConfig(d, a.String(), "vagrant-libvirt")
+	it.DefaultSize = 10 * datasizes.GibiByte
+	it.Bootable = true
+	it.BasePartitionTables = defaultBasePartitionTables
+
+	return it
+}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/wsl.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/wsl.go
@ -7,7 +7,7 @@ import (
 func mkWSLImgType(rd *rhel.Distribution) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"wsl",
-		"disk.tar.gz",
+		"image.wsl",
 		"application/x-tar",
 		packageSetLoader,
 		rhel.TarImage,
@ -16,6 +16,8 @@ func mkWSLImgType(rd *rhel.Distribution) *rhel.ImageType {
 		[]string{"archive"},
 	)

+	it.Compression = "xz"
 	it.DefaultImageConfig = imageConfig(rd, "", "wsl")
+
 	return it
 }
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/ami.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/ami.go
@ -1,27 +1,11 @@
 package rhel8

 import (
-	"github.com/osbuild/images/internal/common"
-	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/datasizes"
-	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 )

-func amiX86KernelOptions() []string {
-	return []string{"console=tty0", "console=ttyS0,115200n8", "net.ifnames=0", "rd.blacklist=nouveau", "nvme_core.io_timeout=4294967295", "crashkernel=auto"}
-}
-
-func amiAarch64KernelOptions() []string {
-	return []string{"console=tty0", "console=ttyS0,115200n8", "net.ifnames=0", "rd.blacklist=nouveau", "nvme_core.io_timeout=4294967295", "iommu.strict=0", "crashkernel=auto"}
-}
-
-func amiSapKernelOptions() []string {
-	return []string{"console=tty0", "console=ttyS0,115200n8", "net.ifnames=0", "rd.blacklist=nouveau", "nvme_core.io_timeout=4294967295", "crashkernel=auto", "processor.max_cstate=1", "intel_idle.max_cstate=1"}
-}
-
-func mkAmiImgTypeX86_64() *rhel.ImageType {
+func mkAmiImgTypeX86_64(d *rhel.Distribution) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"ami",
 		"image.raw",
@ -33,8 +17,7 @@ func mkAmiImgTypeX86_64() *rhel.ImageType {
 		[]string{"image"},
 	)

-	it.DefaultImageConfig = defaultAMIImageConfigX86_64()
-	it.DefaultImageConfig.KernelOptions = amiX86KernelOptions()
+	it.DefaultImageConfig = imageConfig(d, "x86_64", "ami")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -55,8 +38,7 @@ func mkEc2ImgTypeX86_64(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultEc2ImageConfigX86_64(rd)
-	it.DefaultImageConfig.KernelOptions = amiX86KernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, "x86_64", "ec2")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -77,8 +59,7 @@ func mkEc2HaImgTypeX86_64(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultEc2ImageConfigX86_64(rd)
-	it.DefaultImageConfig.KernelOptions = amiX86KernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, "x86_64", "ec2-ha")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -86,7 +67,7 @@ func mkEc2HaImgTypeX86_64(rd *rhel.Distribution) *rhel.ImageType {
 	return it
 }

-func mkAmiImgTypeAarch64() *rhel.ImageType {
+func mkAmiImgTypeAarch64(rd *rhel.Distribution) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"ami",
 		"image.raw",
@ -98,8 +79,7 @@ func mkAmiImgTypeAarch64() *rhel.ImageType {
 		[]string{"image"},
 	)

-	it.DefaultImageConfig = defaultAMIImageConfig()
-	it.DefaultImageConfig.KernelOptions = amiAarch64KernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, "aarch64", "ami")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -120,8 +100,7 @@ func mkEc2ImgTypeAarch64(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultEc2ImageConfig(rd)
-	it.DefaultImageConfig.KernelOptions = amiAarch64KernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, "aarch64", "ec2")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -142,210 +121,10 @@ func mkEc2SapImgTypeX86_64(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultEc2SapImageConfigX86_64(rd)
-	it.DefaultImageConfig.KernelOptions = amiSapKernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, "x86_64", "ec2-sap")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables

 	return it
 }
-
-// default EC2 images config (common for all architectures)
-func baseEc2ImageConfig() *distro.ImageConfig {
-	return &distro.ImageConfig{
-		Timezone: common.ToPtr("UTC"),
-		TimeSynchronization: &osbuild.ChronyStageOptions{
-			Servers: []osbuild.ChronyConfigServer{
-				{
-					Hostname: "169.254.169.123",
-					Prefer:   common.ToPtr(true),
-					Iburst:   common.ToPtr(true),
-					Minpoll:  common.ToPtr(4),
-					Maxpoll:  common.ToPtr(4),
-				},
-			},
-			// empty string will remove any occurrences of the option from the configuration
-			LeapsecTz: common.ToPtr(""),
-		},
-		Keyboard: &osbuild.KeymapStageOptions{
-			Keymap: "us",
-			X11Keymap: &osbuild.X11KeymapOptions{
-				Layouts: []string{"us"},
-			},
-		},
-		EnabledServices: []string{
-			"sshd",
-			"NetworkManager",
-			"nm-cloud-setup.service",
-			"nm-cloud-setup.timer",
-			"cloud-init",
-			"cloud-init-local",
-			"cloud-config",
-			"cloud-final",
-			"reboot.target",
-		},
-		DefaultTarget:       common.ToPtr("multi-user.target"),
-		UpdateDefaultKernel: common.ToPtr(true),
-		DefaultKernel:       common.ToPtr("kernel"),
-		Sysconfig: &distro.Sysconfig{
-			Networking:                  true,
-			NoZeroConf:                  true,
-			CreateDefaultNetworkScripts: true,
-		},
-		SystemdLogind: []*osbuild.SystemdLogindStageOptions{
-			{
-				Filename: "00-getty-fixes.conf",
-				Config: osbuild.SystemdLogindConfigDropin{
-					Login: osbuild.SystemdLogindConfigLoginSection{
-						NAutoVTs: common.ToPtr(0),
-					},
-				},
-			},
-		},
-		CloudInit: []*osbuild.CloudInitStageOptions{
-			{
-				Filename: "00-rhel-default-user.cfg",
-				Config: osbuild.CloudInitConfigFile{
-					SystemInfo: &osbuild.CloudInitConfigSystemInfo{
-						DefaultUser: &osbuild.CloudInitConfigDefaultUser{
-							Name: "ec2-user",
-						},
-					},
-				},
-			},
-		},
-		Modprobe: []*osbuild.ModprobeStageOptions{
-			{
-				Filename: "blacklist-nouveau.conf",
-				Commands: osbuild.ModprobeConfigCmdList{
-					osbuild.NewModprobeConfigCmdBlacklist("nouveau"),
-				},
-			},
-			// COMPOSER-1807
-			{
-				Filename: "blacklist-amdgpu.conf",
-				Commands: osbuild.ModprobeConfigCmdList{
-					osbuild.NewModprobeConfigCmdBlacklist("amdgpu"),
-				},
-			},
-		},
-		DracutConf: []*osbuild.DracutConfStageOptions{
-			{
-				Filename: "sgdisk.conf",
-				Config: osbuild.DracutConfigFile{
-					Install: []string{"sgdisk"},
-				},
-			},
-		},
-		SystemdDropin: []*osbuild.SystemdUnitStageOptions{
-			// RHBZ#1822863
-			{
-				Unit:   "nm-cloud-setup.service",
-				Dropin: "10-rh-enable-for-ec2.conf",
-				Config: osbuild.SystemdServiceUnitDropin{
-					Service: &osbuild.SystemdUnitServiceSection{
-						Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_EC2", Value: "yes"}},
-					},
-				},
-			},
-		},
-		Authselect: &osbuild.AuthselectStageOptions{
-			Profile: "sssd",
-		},
-		SshdConfig: &osbuild.SshdConfigStageOptions{
-			Config: osbuild.SshdConfigConfig{
-				PasswordAuthentication: common.ToPtr(false),
-			},
-		},
-	}
-}
-
-func defaultEc2ImageConfig(rd *rhel.Distribution) *distro.ImageConfig {
-	ic := baseEc2ImageConfig()
-	// The RHSM configuration should not be applied since 8.7, but it is instead done by installing the
-	// redhat-cloud-client-configuration package. See COMPOSER-1804 for more information.
-	if rd.IsRHEL() && common.VersionLessThan(rd.OsVersion(), "8.7") {
-		ic = appendRHSM(ic)
-		// Disable RHSM redhat.repo management
-		rhsmConf := ic.RHSMConfig[subscription.RHSMConfigNoSubscription]
-		rhsmConf.SubMan.Rhsm = subscription.SubManRHSMConfig{ManageRepos: common.ToPtr(false)}
-		ic.RHSMConfig[subscription.RHSMConfigNoSubscription] = rhsmConf
-	}
-
-	return ic
-}
-
-func defaultEc2ImageConfigX86_64(rd *rhel.Distribution) *distro.ImageConfig {
-	ic := defaultEc2ImageConfig(rd)
-	return appendEC2DracutX86_64(ic)
-}
-
-// Default AMI (custom image built by users) images config.
-// The configuration does not touch the RHSM configuration at all.
-// https://issues.redhat.com/browse/COMPOSER-2157
-func defaultAMIImageConfig() *distro.ImageConfig {
-	return baseEc2ImageConfig()
-}
-
-// Default AMI x86_64 (custom image built by users) images config.
-// The configuration does not touch the RHSM configuration at all.
-// https://issues.redhat.com/browse/COMPOSER-2157
-func defaultAMIImageConfigX86_64() *distro.ImageConfig {
-	ic := defaultAMIImageConfig()
-	return appendEC2DracutX86_64(ic)
-}
-
-func defaultEc2SapImageConfigX86_64(rd *rhel.Distribution) *distro.ImageConfig {
-	// default EC2-SAP image config (x86_64)
-	return sapImageConfig(rd).InheritFrom(defaultEc2ImageConfigX86_64(rd))
-}
-
-// Add RHSM config options to ImageConfig.
-// Used for RHEL distros.
-func appendRHSM(ic *distro.ImageConfig) *distro.ImageConfig {
-	rhsm := &distro.ImageConfig{
-		RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
-			subscription.RHSMConfigNoSubscription: {
-				// RHBZ#1932802
-				SubMan: subscription.SubManConfig{
-					Rhsmcertd: subscription.SubManRHSMCertdConfig{
-						AutoRegistration: common.ToPtr(true),
-					},
-					// Don't disable RHSM redhat.repo management on the AMI
-					// image, which is BYOS and does not use RHUI for content.
-					// Otherwise subscribing the system manually after booting
-					// it would result in empty redhat.repo. Without RHUI, such
-					// system would have no way to get Red Hat content, but
-					// enable the repo management manually, which would be very
-					// confusing.
-				},
-			},
-			subscription.RHSMConfigWithSubscription: {
-				// RHBZ#1932802
-				SubMan: subscription.SubManConfig{
-					Rhsmcertd: subscription.SubManRHSMCertdConfig{
-						AutoRegistration: common.ToPtr(true),
-					},
-					// do not disable the redhat.repo management if the user
-					// explicitly request the system to be subscribed
-				},
-			},
-		},
-	}
-	return rhsm.InheritFrom(ic)
-}
-
-func appendEC2DracutX86_64(ic *distro.ImageConfig) *distro.ImageConfig {
-	ic.DracutConf = append(ic.DracutConf,
-		&osbuild.DracutConfStageOptions{
-			Filename: "ec2.conf",
-			Config: osbuild.DracutConfigFile{
-				AddDrivers: []string{
-					"nvme",
-					"xen-blkfront",
-				},
-			},
-		})
-	return ic
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go
@ -1,23 +1,12 @@
 package rhel8

 import (
-	"github.com/osbuild/images/internal/common"
 	"github.com/osbuild/images/pkg/arch"
-	"github.com/osbuild/images/pkg/customizations/shell"
-	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/datasizes"
-	"github.com/osbuild/images/pkg/disk"
-	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 )

-// use loglevel=3 as described in the RHEL documentation and used in existing RHEL images built by MSFT
-func defaultAzureKernelOptions() []string {
-	return []string{"ro", "loglevel=3", "crashkernel=auto", "console=tty1", "console=ttyS0", "earlyprintk=ttyS0", "rootdelay=300"}
-}
-
-func mkAzureRhuiImgType() *rhel.ImageType {
+func mkAzureRhuiImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"azure-rhui",
 		"disk.vhd.xz",
@ -30,16 +19,15 @@ func mkAzureRhuiImgType() *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultAzureRhuiImageConfig.InheritFrom(defaultVhdImageConfig())
-	it.DefaultImageConfig.KernelOptions = defaultAzureKernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "azure-rhui")
 	it.Bootable = true
 	it.DefaultSize = 64 * datasizes.GibiByte
-	it.BasePartitionTables = azureRhuiBasePartitionTables
+	it.BasePartitionTables = partitionTables

 	return it
 }

-func mkAzureSapRhuiImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkAzureSapRhuiImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"azure-sap-rhui",
 		"disk.vhd.xz",
@ -52,16 +40,15 @@ func mkAzureSapRhuiImgType(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultAzureRhuiImageConfig.InheritFrom(sapAzureImageConfig(rd))
-	it.DefaultImageConfig.KernelOptions = defaultAzureKernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "azure-sap-rhui")
 	it.Bootable = true
 	it.DefaultSize = 64 * datasizes.GibiByte
-	it.BasePartitionTables = azureRhuiBasePartitionTables
+	it.BasePartitionTables = partitionTables

 	return it
 }

-func mkAzureByosImgType() *rhel.ImageType {
+func mkAzureByosImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"vhd",
 		"disk.vhd",
@ -73,8 +60,7 @@ func mkAzureByosImgType() *rhel.ImageType {
 		[]string{"vpc"},
 	)

-	it.DefaultImageConfig = defaultAzureByosImageConfig.InheritFrom(defaultVhdImageConfig())
-	it.DefaultImageConfig.KernelOptions = defaultAzureKernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "vhd")
 	it.Bootable = true
 	it.DefaultSize = 4 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -83,7 +69,7 @@ func mkAzureByosImgType() *rhel.ImageType {
 }

 // Azure non-RHEL image type
-func mkAzureImgType() *rhel.ImageType {
+func mkAzureImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"vhd",
 		"disk.vhd",
@ -95,8 +81,7 @@ func mkAzureImgType() *rhel.ImageType {
 		[]string{"vpc"},
 	)

-	it.DefaultImageConfig = defaultVhdImageConfig()
-	it.DefaultImageConfig.KernelOptions = defaultAzureKernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "vhd")
 	it.Bootable = true
 	it.DefaultSize = 4 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -104,7 +89,7 @@ func mkAzureImgType() *rhel.ImageType {
 	return it
 }

-func mkAzureEap7RhuiImgType() *rhel.ImageType {
+func mkAzureEap7RhuiImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"azure-eap7-rhui",
 		"disk.vhd.xz",
@ -117,457 +102,11 @@ func mkAzureEap7RhuiImgType() *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = defaultAzureEapImageConfig.InheritFrom(defaultAzureRhuiImageConfig.InheritFrom(defaultAzureImageConfig))
-	it.DefaultImageConfig.KernelOptions = defaultAzureKernelOptions()
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "azure-eap7-rhui")
 	it.Bootable = true
 	it.DefaultSize = 64 * datasizes.GibiByte
-	it.BasePartitionTables = azureRhuiBasePartitionTables
+	it.BasePartitionTables = partitionTables
 	it.Workload = eapWorkload()

 	return it
 }
-
-// PARTITION TABLES
-
-func azureRhuiBasePartitionTables(t *rhel.ImageType) (disk.PartitionTable, bool) {
-	switch t.Arch().Name() {
-	case arch.ARCH_X86_64.String():
-		return disk.PartitionTable{
-			UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0",
-			Type: disk.PT_GPT,
-			Size: 64 * datasizes.GibiByte,
-			Partitions: []disk.Partition{
-				{
-					Size: 500 * datasizes.MebiByte,
-					Type: disk.EFISystemPartitionGUID,
-					UUID: disk.EFISystemPartitionUUID,
-					Payload: &disk.Filesystem{
-						Type:         "vfat",
-						UUID:         disk.EFIFilesystemUUID,
-						Mountpoint:   "/boot/efi",
-						FSTabOptions: "defaults,uid=0,gid=0,umask=077,shortname=winnt",
-						FSTabFreq:    0,
-						FSTabPassNo:  2,
-					},
-				},
-				{
-					Size: 500 * datasizes.MebiByte,
-					Type: disk.FilesystemDataGUID,
-					UUID: disk.DataPartitionUUID,
-					Payload: &disk.Filesystem{
-						Type:         "xfs",
-						Mountpoint:   "/boot",
-						FSTabOptions: "defaults",
-						FSTabFreq:    0,
-						FSTabPassNo:  0,
-					},
-				},
-				{
-					Size:     2 * datasizes.MebiByte,
-					Bootable: true,
-					Type:     disk.BIOSBootPartitionGUID,
-					UUID:     disk.BIOSBootPartitionUUID,
-				},
-				{
-					Type: disk.LVMPartitionGUID,
-					UUID: disk.RootPartitionUUID,
-					Payload: &disk.LVMVolumeGroup{
-						Name:        "rootvg",
-						Description: "built with lvm2 and osbuild",
-						LogicalVolumes: []disk.LVMLogicalVolume{
-							{
-								Size: 1 * datasizes.GibiByte,
-								Name: "homelv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "home",
-									Mountpoint:   "/home",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 2 * datasizes.GibiByte,
-								Name: "rootlv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "root",
-									Mountpoint:   "/",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 2 * datasizes.GibiByte,
-								Name: "tmplv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "tmp",
-									Mountpoint:   "/tmp",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 10 * datasizes.GibiByte,
-								Name: "usrlv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "usr",
-									Mountpoint:   "/usr",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 10 * datasizes.GibiByte,
-								Name: "varlv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "var",
-									Mountpoint:   "/var",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-						},
-					},
-				},
-			},
-		}, true
-
-	case arch.ARCH_AARCH64.String():
-		return disk.PartitionTable{
-			UUID: "D209C89E-EA5E-4FBD-B161-B461CCE297E0",
-			Type: disk.PT_GPT,
-			Size: 64 * datasizes.GibiByte,
-			Partitions: []disk.Partition{
-				{
-					Size: 500 * datasizes.MebiByte,
-					Type: disk.EFISystemPartitionGUID,
-					UUID: disk.EFISystemPartitionUUID,
-					Payload: &disk.Filesystem{
-						Type:         "vfat",
-						UUID:         disk.EFIFilesystemUUID,
-						Mountpoint:   "/boot/efi",
-						FSTabOptions: "defaults,uid=0,gid=0,umask=077,shortname=winnt",
-						FSTabFreq:    0,
-						FSTabPassNo:  2,
-					},
-				},
-				{
-					Size: 500 * datasizes.MebiByte,
-					Type: disk.FilesystemDataGUID,
-					UUID: disk.DataPartitionUUID,
-					Payload: &disk.Filesystem{
-						Type:         "xfs",
-						Mountpoint:   "/boot",
-						FSTabOptions: "defaults",
-						FSTabFreq:    0,
-						FSTabPassNo:  0,
-					},
-				},
-				{
-					Type: disk.LVMPartitionGUID,
-					UUID: disk.RootPartitionUUID,
-					Payload: &disk.LVMVolumeGroup{
-						Name:        "rootvg",
-						Description: "built with lvm2 and osbuild",
-						LogicalVolumes: []disk.LVMLogicalVolume{
-							{
-								Size: 1 * datasizes.GibiByte,
-								Name: "homelv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "home",
-									Mountpoint:   "/home",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 2 * datasizes.GibiByte,
-								Name: "rootlv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "root",
-									Mountpoint:   "/",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 2 * datasizes.GibiByte,
-								Name: "tmplv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "tmp",
-									Mountpoint:   "/tmp",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 10 * datasizes.GibiByte,
-								Name: "usrlv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "usr",
-									Mountpoint:   "/usr",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-							{
-								Size: 10 * datasizes.GibiByte,
-								Name: "varlv",
-								Payload: &disk.Filesystem{
-									Type:         "xfs",
-									Label:        "var",
-									Mountpoint:   "/var",
-									FSTabOptions: "defaults",
-									FSTabFreq:    0,
-									FSTabPassNo:  0,
-								},
-							},
-						},
-					},
-				},
-			},
-		}, true
-
-	default:
-		return disk.PartitionTable{}, false
-	}
-}
-
-// based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_rhel_8_on_microsoft_azure/assembly_deploying-a-rhel-image-as-a-virtual-machine-on-microsoft-azure_cloud-content-azure#making-configuration-changes_configure-the-image-azure
-var defaultAzureImageConfig = &distro.ImageConfig{
-	Timezone: common.ToPtr("Etc/UTC"),
-	Locale:   common.ToPtr("en_US.UTF-8"),
-	Keyboard: &osbuild.KeymapStageOptions{
-		Keymap: "us",
-		X11Keymap: &osbuild.X11KeymapOptions{
-			Layouts: []string{"us"},
-		},
-	},
-	DefaultKernel:       common.ToPtr("kernel-core"),
-	UpdateDefaultKernel: common.ToPtr(true),
-	Sysconfig: &distro.Sysconfig{
-		Networking: true,
-		NoZeroConf: true,
-	},
-	EnabledServices: []string{
-		"nm-cloud-setup.service",
-		"nm-cloud-setup.timer",
-		"sshd",
-		"waagent",
-	},
-	SshdConfig: &osbuild.SshdConfigStageOptions{
-		Config: osbuild.SshdConfigConfig{
-			ClientAliveInterval: common.ToPtr(180),
-		},
-	},
-	Modprobe: []*osbuild.ModprobeStageOptions{
-		{
-			Filename: "blacklist-amdgpu.conf",
-			Commands: osbuild.ModprobeConfigCmdList{
-				osbuild.NewModprobeConfigCmdBlacklist("amdgpu"),
-			},
-		},
-		{
-			Filename: "blacklist-intel-cstate.conf",
-			Commands: osbuild.ModprobeConfigCmdList{
-				osbuild.NewModprobeConfigCmdBlacklist("intel_cstate"),
-			},
-		},
-		{
-			Filename: "blacklist-floppy.conf",
-			Commands: osbuild.ModprobeConfigCmdList{
-				osbuild.NewModprobeConfigCmdBlacklist("floppy"),
-			},
-		},
-		{
-			Filename: "blacklist-nouveau.conf",
-			Commands: osbuild.ModprobeConfigCmdList{
-				osbuild.NewModprobeConfigCmdBlacklist("nouveau"),
-				osbuild.NewModprobeConfigCmdBlacklist("lbm-nouveau"),
-			},
-		},
-		{
-			Filename: "blacklist-skylake-edac.conf",
-			Commands: osbuild.ModprobeConfigCmdList{
-				osbuild.NewModprobeConfigCmdBlacklist("skx_edac"),
-			},
-		},
-	},
-	CloudInit: []*osbuild.CloudInitStageOptions{
-		{
-			Filename: "10-azure-kvp.cfg",
-			Config: osbuild.CloudInitConfigFile{
-				Reporting: &osbuild.CloudInitConfigReporting{
-					Logging: &osbuild.CloudInitConfigReportingHandlers{
-						Type: "log",
-					},
-					Telemetry: &osbuild.CloudInitConfigReportingHandlers{
-						Type: "hyperv",
-					},
-				},
-			},
-		},
-		{
-			Filename: "91-azure_datasource.cfg",
-			Config: osbuild.CloudInitConfigFile{
-				Datasource: &osbuild.CloudInitConfigDatasource{
-					Azure: &osbuild.CloudInitConfigDatasourceAzure{
-						ApplyNetworkConfig: false,
-					},
-				},
-				DatasourceList: []string{
-					"Azure",
-				},
-			},
-		},
-	},
-	PwQuality: &osbuild.PwqualityConfStageOptions{
-		Config: osbuild.PwqualityConfConfig{
-			Minlen:   common.ToPtr(6),
-			Minclass: common.ToPtr(3),
-			Dcredit:  common.ToPtr(0),
-			Ucredit:  common.ToPtr(0),
-			Lcredit:  common.ToPtr(0),
-			Ocredit:  common.ToPtr(0),
-		},
-	},
-	WAAgentConfig: &osbuild.WAAgentConfStageOptions{
-		Config: osbuild.WAAgentConfig{
-			RDFormat:     common.ToPtr(false),
-			RDEnableSwap: common.ToPtr(false),
-		},
-	},
-	Grub2Config: &osbuild.GRUB2Config{
-		DisableRecovery: common.ToPtr(true),
-		DisableSubmenu:  common.ToPtr(true),
-		Distributor:     "$(sed 's, release .*$,,g' /etc/system-release)",
-		Terminal:        []string{"serial", "console"},
-		Serial:          "serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1",
-		Timeout:         10,
-		TimeoutStyle:    osbuild.GRUB2ConfigTimeoutStyleCountdown,
-	},
-	UdevRules: &osbuild.UdevRulesStageOptions{
-		Filename: "/etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules",
-		Rules: osbuild.UdevRules{
-			osbuild.UdevRuleComment{
-				Comment: []string{
-					"Accelerated Networking on Azure exposes a new SRIOV interface to the VM.",
-					"This interface is transparently bonded to the synthetic interface,",
-					"so NetworkManager should just ignore any SRIOV interfaces.",
-				},
-			},
-			osbuild.NewUdevRule(
-				[]osbuild.UdevKV{
-					{K: "SUBSYSTEM", O: "==", V: "net"},
-					{K: "DRIVERS", O: "==", V: "hv_pci"},
-					{K: "ACTION", O: "==", V: "add"},
-					{K: "ENV", A: "NM_UNMANAGED", O: "=", V: "1"},
-				},
-			),
-		},
-	},
-	SystemdDropin: []*osbuild.SystemdUnitStageOptions{
-		{
-			Unit:   "nm-cloud-setup.service",
-			Dropin: "10-rh-enable-for-azure.conf",
-			Config: osbuild.SystemdServiceUnitDropin{
-				Service: &osbuild.SystemdUnitServiceSection{
-					Environment: []osbuild.EnvironmentVariable{{Key: "NM_CLOUD_SETUP_AZURE", Value: "yes"}},
-				},
-			},
-		},
-	},
-	DefaultTarget: common.ToPtr("multi-user.target"),
-}
-
-// Diff of the default Image Config compare to the `defaultAzureImageConfig`
-// The configuration for non-RHUI images does not touch the RHSM configuration at all.
-// https://issues.redhat.com/browse/COMPOSER-2157
-var defaultAzureByosImageConfig = &distro.ImageConfig{
-	GPGKeyFiles: []string{
-		"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
-	},
-}
-
-// Diff of the default Image Config compare to the `defaultAzureImageConfig`
-var defaultAzureRhuiImageConfig = &distro.ImageConfig{
-	GPGKeyFiles: []string{
-		"/etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release",
-		"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
-	},
-	RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
-		subscription.RHSMConfigNoSubscription: {
-			DnfPlugins: subscription.SubManDNFPluginsConfig{
-				SubscriptionManager: subscription.DNFPluginConfig{
-					Enabled: common.ToPtr(false),
-				},
-			},
-			SubMan: subscription.SubManConfig{
-				Rhsmcertd: subscription.SubManRHSMCertdConfig{
-					AutoRegistration: common.ToPtr(true),
-				},
-				Rhsm: subscription.SubManRHSMConfig{
-					ManageRepos: common.ToPtr(false),
-				},
-			},
-		},
-		subscription.RHSMConfigWithSubscription: {
-			SubMan: subscription.SubManConfig{
-				Rhsmcertd: subscription.SubManRHSMCertdConfig{
-					AutoRegistration: common.ToPtr(true),
-				},
-				// do not disable the redhat.repo management if the user
-				// explicitly request the system to be subscribed
-			},
-		},
-	},
-}
-
-const wildflyPath = "/opt/rh/eap7/root/usr/share/wildfly"
-
-var defaultAzureEapImageConfig = &distro.ImageConfig{
-	// shell env vars for EAP
-	ShellInit: []shell.InitFile{
-		{
-			Filename: "eap_env.sh",
-			Variables: []shell.EnvironmentVariable{
-				{
-					Key:   "EAP_HOME",
-					Value: wildflyPath,
-				},
-				{
-					Key:   "JBOSS_HOME",
-					Value: wildflyPath,
-				},
-			},
-		},
-	},
-}
-
-func defaultVhdImageConfig() *distro.ImageConfig {
-	imageConfig := &distro.ImageConfig{
-		EnabledServices: append(defaultAzureImageConfig.EnabledServices, "firewalld"),
-	}
-	return imageConfig.InheritFrom(defaultAzureImageConfig)
-}
-
-func sapAzureImageConfig(rd *rhel.Distribution) *distro.ImageConfig {
-	return sapImageConfig(rd).InheritFrom(defaultVhdImageConfig())
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/distro.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/distro.go
@ -80,8 +80,8 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				QCOW2Compat: "0.10",
 			},
 		},
-		mkQcow2ImgType(rd),
-		mkOCIImgType(rd),
+		mkQcow2ImgType(rd, arch.ARCH_X86_64),
+		mkOCIImgType(rd, arch.ARCH_X86_64),
 	)

 	x86_64.AddImageTypes(
@ -92,7 +92,7 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				ImageFormat: platform.FORMAT_QCOW2,
 			},
 		},
-		mkOpenstackImgType(),
+		mkOpenstackImgType(rd, arch.ARCH_X86_64),
 	)

 	ec2X86Platform := &platform.X86{
@ -113,7 +113,7 @@ func newDistro(name string, minor int) *rhel.Distribution {

 	x86_64.AddImageTypes(
 		ec2X86Platform,
-		mkAmiImgTypeX86_64(),
+		mkAmiImgTypeX86_64(rd),
 	)

 	bareMetalX86Platform := &platform.X86{
@ -138,9 +138,9 @@ func newDistro(name string, minor int) *rhel.Distribution {

 	x86_64.AddImageTypes(
 		bareMetalX86Platform,
-		mkEdgeOCIImgType(rd),
-		mkEdgeCommitImgType(rd),
-		mkEdgeInstallerImgType(rd),
+		mkEdgeOCIImgType(rd, arch.ARCH_X86_64),
+		mkEdgeCommitImgType(rd, arch.ARCH_X86_64),
+		mkEdgeInstallerImgType(rd, arch.ARCH_X86_64),
 		mkImageInstaller(),
 	)

@ -153,7 +153,7 @@ func newDistro(name string, minor int) *rhel.Distribution {

 	x86_64.AddImageTypes(
 		gceX86Platform,
-		mkGceImgType(rd),
+		mkGceImgType(rd, arch.ARCH_X86_64),
 	)

 	x86_64.AddImageTypes(
@ -164,7 +164,7 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				ImageFormat: platform.FORMAT_VMDK,
 			},
 		},
-		mkVmdkImgType(),
+		mkVmdkImgType(rd, arch.ARCH_X86_64),
 	)

 	x86_64.AddImageTypes(
@ -175,13 +175,13 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				ImageFormat: platform.FORMAT_OVA,
 			},
 		},
-		mkOvaImgType(),
+		mkOvaImgType(rd, arch.ARCH_X86_64),
 	)

 	x86_64.AddImageTypes(
 		&platform.X86{},
 		mkTarImgType(),
-		mkWslImgType(),
+		mkWslImgType(rd, arch.ARCH_X86_64),
 	)

 	aarch64.AddImageTypes(
@ -192,7 +192,7 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				QCOW2Compat: "0.10",
 			},
 		},
-		mkQcow2ImgType(rd),
+		mkQcow2ImgType(rd, arch.ARCH_AARCH64),
 	)

 	aarch64.AddImageTypes(
@ -202,13 +202,13 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				ImageFormat: platform.FORMAT_QCOW2,
 			},
 		},
-		mkOpenstackImgType(),
+		mkOpenstackImgType(rd, arch.ARCH_X86_64),
 	)

 	aarch64.AddImageTypes(
 		&platform.Aarch64{},
 		mkTarImgType(),
-		mkWslImgType(),
+		mkWslImgType(rd, arch.ARCH_AARCH64),
 	)

 	bareMetalAarch64Platform := &platform.Aarch64{
@ -218,9 +218,9 @@ func newDistro(name string, minor int) *rhel.Distribution {

 	aarch64.AddImageTypes(
 		bareMetalAarch64Platform,
-		mkEdgeOCIImgType(rd),
-		mkEdgeCommitImgType(rd),
-		mkEdgeInstallerImgType(rd),
+		mkEdgeOCIImgType(rd, arch.ARCH_X86_64),
+		mkEdgeCommitImgType(rd, arch.ARCH_X86_64),
+		mkEdgeInstallerImgType(rd, arch.ARCH_X86_64),
 		mkImageInstaller(),
 	)

@ -233,8 +233,8 @@ func newDistro(name string, minor int) *rhel.Distribution {

 	aarch64.AddImageTypes(
 		rawAarch64Platform,
-		mkAmiImgTypeAarch64(),
-		mkMinimalRawImgType(),
+		mkAmiImgTypeAarch64(rd),
+		mkMinimalRawImgType(rd, arch.ARCH_X86_64),
 	)

 	ppc64le.AddImageTypes(
@ -245,7 +245,7 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				QCOW2Compat: "0.10",
 			},
 		},
-		mkQcow2ImgType(rd),
+		mkQcow2ImgType(rd, arch.ARCH_PPC64LE),
 	)

 	ppc64le.AddImageTypes(
@ -261,7 +261,7 @@ func newDistro(name string, minor int) *rhel.Distribution {
 				QCOW2Compat: "0.10",
 			},
 		},
-		mkQcow2ImgType(rd),
+		mkQcow2ImgType(rd, arch.ARCH_S390X),
 	)

 	s390x.AddImageTypes(
@ -294,48 +294,50 @@ func newDistro(name string, minor int) *rhel.Distribution {

 	x86_64.AddImageTypes(
 		rawUEFIx86Platform,
-		mkMinimalRawImgType(),
+		mkMinimalRawImgType(rd, arch.ARCH_X86_64),
 	)

+	// XXX: note that this is reduandant and the else part can be dropped,
+	// we have only rhel8 based images, no centos or others
 	if rd.IsRHEL() {
 		if common.VersionGreaterThanOrEqual(rd.OsVersion(), "8.6") {
 			// image types only available on 8.6 and later on RHEL
 			// These edge image types require FDO which aren't available on older versions
 			x86_64.AddImageTypes(
 				bareMetalX86Platform,
-				mkEdgeRawImgType(),
+				mkEdgeRawImgType(rd, arch.ARCH_X86_64),
 			)

 			x86_64.AddImageTypes(
 				rawUEFIx86Platform,
-				mkEdgeSimplifiedInstallerImgType(rd),
+				mkEdgeSimplifiedInstallerImgType(rd, arch.ARCH_X86_64),
 			)

 			x86_64.AddImageTypes(
 				azureX64Platform,
-				mkAzureEap7RhuiImgType(),
+				mkAzureEap7RhuiImgType(rd, arch.ARCH_X86_64),
 			)

 			aarch64.AddImageTypes(
 				rawAarch64Platform,
-				mkEdgeRawImgType(),
-				mkEdgeSimplifiedInstallerImgType(rd),
+				mkEdgeRawImgType(rd, arch.ARCH_AARCH64),
+				mkEdgeSimplifiedInstallerImgType(rd, arch.ARCH_AARCH64),
 			)

 			// The Azure image types require hyperv-daemons which isn't available on older versions
 			aarch64.AddImageTypes(
 				azureAarch64Platform,
-				mkAzureRhuiImgType(),
-				mkAzureByosImgType(),
+				mkAzureRhuiImgType(rd, arch.ARCH_AARCH64),
+				mkAzureByosImgType(rd, arch.ARCH_AARCH64),
 			)
 		}

 		// add azure to RHEL distro only
 		x86_64.AddImageTypes(
 			azureX64Platform,
-			mkAzureRhuiImgType(),
-			mkAzureByosImgType(),
-			mkAzureSapRhuiImgType(rd),
+			mkAzureRhuiImgType(rd, arch.ARCH_X86_64),
+			mkAzureByosImgType(rd, arch.ARCH_X86_64),
+			mkAzureSapRhuiImgType(rd, arch.ARCH_X86_64),
 		)

 		// add ec2 image types to RHEL distro only
@ -362,7 +364,7 @@ func newDistro(name string, minor int) *rhel.Distribution {
 		// add GCE RHUI image to RHEL only
 		x86_64.AddImageTypes(
 			gceX86Platform,
-			mkGceRhuiImgType(rd),
+			mkGceRhuiImgType(rd, arch.ARCH_X86_64),
 		)

 		// add s390x to RHEL distro only
@ -370,28 +372,28 @@ func newDistro(name string, minor int) *rhel.Distribution {
 	} else {
 		x86_64.AddImageTypes(
 			bareMetalX86Platform,
-			mkEdgeRawImgType(),
+			mkEdgeRawImgType(rd, arch.ARCH_X86_64),
 		)

 		x86_64.AddImageTypes(
 			rawUEFIx86Platform,
-			mkEdgeSimplifiedInstallerImgType(rd),
+			mkEdgeSimplifiedInstallerImgType(rd, arch.ARCH_X86_64),
 		)

 		x86_64.AddImageTypes(
 			azureX64Platform,
-			mkAzureImgType(),
+			mkAzureImgType(rd, arch.ARCH_X86_64),
 		)

 		aarch64.AddImageTypes(
 			rawAarch64Platform,
-			mkEdgeRawImgType(),
-			mkEdgeSimplifiedInstallerImgType(rd),
+			mkEdgeRawImgType(rd, arch.ARCH_AARCH64),
+			mkEdgeSimplifiedInstallerImgType(rd, arch.ARCH_AARCH64),
 		)

 		aarch64.AddImageTypes(
 			azureAarch64Platform,
-			mkAzureImgType(),
+			mkAzureImgType(rd, arch.ARCH_AARCH64),
 		)
 	}
 	rd.AddArches(x86_64, aarch64, ppc64le)
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/edge.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/edge.go
@ -1,16 +1,14 @@
 package rhel8

 import (
-	"github.com/osbuild/images/internal/common"
-	"github.com/osbuild/images/pkg/customizations/fsnode"
+	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/datasizes"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 )

-func mkEdgeCommitImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkEdgeCommitImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"edge-commit",
 		"commit.tar",
@ -23,16 +21,13 @@ func mkEdgeCommitImgType(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.NameAliases = []string{"rhel-edge-commit"}
-	it.DefaultImageConfig = &distro.ImageConfig{
-		EnabledServices: edgeServices(rd),
-		DracutConf:      []*osbuild.DracutConfStageOptions{osbuild.FIPSDracutConfStageOptions},
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "edge-commit")
 	it.RPMOSTree = true

 	return it
 }

-func mkEdgeOCIImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkEdgeOCIImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"edge-container",
 		"container.tar",
@ -45,16 +40,13 @@ func mkEdgeOCIImgType(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.NameAliases = []string{"rhel-edge-container"}
-	it.DefaultImageConfig = &distro.ImageConfig{
-		EnabledServices: edgeServices(rd),
-		DracutConf:      []*osbuild.DracutConfStageOptions{osbuild.FIPSDracutConfStageOptions},
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "edge-container")
 	it.RPMOSTree = true

 	return it
 }

-func mkEdgeRawImgType() *rhel.ImageType {
+func mkEdgeRawImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"edge-raw-image",
 		"image.raw.xz",
@ -68,14 +60,7 @@ func mkEdgeRawImgType() *rhel.ImageType {

 	it.NameAliases = []string{"rhel-edge-raw-image"}
 	it.Compression = "xz"
-	it.DefaultImageConfig = &distro.ImageConfig{
-		Keyboard: &osbuild.KeymapStageOptions{
-			Keymap: "us",
-		},
-		Locale:        common.ToPtr("C.UTF-8"),
-		LockRootUser:  common.ToPtr(true),
-		KernelOptions: []string{"modprobe.blacklist=vc4"},
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "edge-raw-image")
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.RPMOSTree = true
 	it.Bootable = true
@ -88,7 +73,7 @@ func mkEdgeRawImgType() *rhel.ImageType {
 	return it
 }

-func mkEdgeInstallerImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkEdgeInstallerImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"edge-installer",
 		"installer.iso",
@ -101,9 +86,7 @@ func mkEdgeInstallerImgType(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.NameAliases = []string{"rhel-edge-installer"}
-	it.DefaultImageConfig = &distro.ImageConfig{
-		EnabledServices: edgeServices(rd),
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "edge-installer")
 	it.DefaultInstallerConfig = &distro.InstallerConfig{
 		AdditionalDracutModules: []string{
 			"ifcfg",
@ -116,7 +99,7 @@ func mkEdgeInstallerImgType(rd *rhel.Distribution) *rhel.ImageType {
 	return it
 }

-func mkEdgeSimplifiedInstallerImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkEdgeSimplifiedInstallerImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"edge-simplified-installer",
 		"simplified-installer.iso",
@ -129,15 +112,7 @@ func mkEdgeSimplifiedInstallerImgType(rd *rhel.Distribution) *rhel.ImageType {
 	)

 	it.NameAliases = []string{"rhel-edge-simplified-installer"}
-	it.DefaultImageConfig = &distro.ImageConfig{
-		EnabledServices: edgeServices(rd),
-		Keyboard: &osbuild.KeymapStageOptions{
-			Keymap: "us",
-		},
-		Locale:        common.ToPtr("C.UTF-8"),
-		LockRootUser:  common.ToPtr(true),
-		KernelOptions: []string{"modprobe.blacklist=vc4"},
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "edge-simplified-installer")
 	it.DefaultInstallerConfig = &distro.InstallerConfig{
 		AdditionalDracutModules: []string{
 			"prefixdevname",
@ -158,7 +133,7 @@ func mkEdgeSimplifiedInstallerImgType(rd *rhel.Distribution) *rhel.ImageType {
 	return it
 }

-func mkMinimalRawImgType() *rhel.ImageType {
+func mkMinimalRawImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"minimal-raw",
 		"disk.raw.xz",
@ -171,61 +146,10 @@ func mkMinimalRawImgType() *rhel.ImageType {
 	)

 	it.Compression = "xz"
-	it.DefaultImageConfig = &distro.ImageConfig{
-		EnabledServices: minimalrawServices,
-		// NOTE: temporary workaround for a bug in initial-setup that
-		// requires a kickstart file in the root directory.
-		Files:         []*fsnode.File{initialSetupKickstart()},
-		KernelOptions: []string{"ro"},
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "minimal-raw")
 	it.Bootable = true
 	it.DefaultSize = 2 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables

 	return it
 }
-
-func edgeServices(rd *rhel.Distribution) []string {
-	// Common Services
-	var edgeServices = []string{"NetworkManager.service", "firewalld.service", "sshd.service"}
-
-	if rd.OsVersion() == "8.4" {
-		// greenboot services aren't enabled by default in 8.4
-		edgeServices = append(edgeServices,
-			"greenboot-grub2-set-counter",
-			"greenboot-grub2-set-success",
-			"greenboot-healthcheck",
-			"greenboot-rpm-ostree-grub2-check-fallback",
-			"greenboot-status",
-			"greenboot-task-runner",
-			"redboot-auto-reboot",
-			"redboot-task-runner")
-
-	}
-
-	if !(rd.IsRHEL() && common.VersionLessThan(rd.OsVersion(), "8.6")) {
-		// enable fdo-client only on RHEL 8.6+ and CS8
-
-		// TODO(runcom): move fdo-client-linuxapp.service to presets?
-		edgeServices = append(edgeServices, "fdo-client-linuxapp.service")
-	}
-
-	return edgeServices
-}
-
-var minimalrawServices = []string{
-	"NetworkManager.service",
-	"firewalld.service",
-	"sshd.service",
-	"initial-setup.service",
-}
-
-// initialSetupKickstart returns the File configuration for a kickstart file
-// that's required to enable initial-setup to run on first boot.
-func initialSetupKickstart() *fsnode.File {
-	file, err := fsnode.NewFile("/root/anaconda-ks.cfg", nil, "root", "root", []byte("# Run initial-setup on first boot\n# Created by osbuild\nfirstboot --reconfig\nlang en_US.UTF-8\n"))
-	if err != nil {
-		panic(err)
-	}
-	return file
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/gce.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/gce.go
@ -1,15 +1,12 @@
 package rhel8

 import (
-	"github.com/osbuild/images/internal/common"
-	"github.com/osbuild/images/pkg/customizations/subscription"
+	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/datasizes"
-	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 )

-func mkGceImgType(rd distro.Distro) *rhel.ImageType {
+func mkGceImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"gce",
 		"image.tar.gz",
@ -21,7 +18,7 @@ func mkGceImgType(rd distro.Distro) *rhel.ImageType {
 		[]string{"archive"},
 	)

-	it.DefaultImageConfig = defaultGceByosImageConfig(rd)
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "gce")
 	it.Bootable = true
 	it.DefaultSize = 20 * datasizes.GibiByte
 	// TODO: the base partition table still contains the BIOS boot partition, but the image is UEFI-only
@ -30,7 +27,7 @@ func mkGceImgType(rd distro.Distro) *rhel.ImageType {
 	return it
 }

-func mkGceRhuiImgType(rd distro.Distro) *rhel.ImageType {
+func mkGceRhuiImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"gce-rhui",
 		"image.tar.gz",
@ -42,7 +39,7 @@ func mkGceRhuiImgType(rd distro.Distro) *rhel.ImageType {
 		[]string{"archive"},
 	)

-	it.DefaultImageConfig = defaultGceRhuiImageConfig(rd)
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "gce-rhui")
 	it.Bootable = true
 	it.DefaultSize = 20 * datasizes.GibiByte
 	// TODO: the base partition table still contains the BIOS boot partition, but the image is UEFI-only
@ -50,143 +47,3 @@ func mkGceRhuiImgType(rd distro.Distro) *rhel.ImageType {

 	return it
 }
-
-// The configuration for non-RHUI images does not touch the RHSM configuration at all.
-// https://issues.redhat.com/browse/COMPOSER-2157
-func defaultGceByosImageConfig(rd distro.Distro) *distro.ImageConfig {
-	ic := &distro.ImageConfig{
-		Timezone: common.ToPtr("UTC"),
-		TimeSynchronization: &osbuild.ChronyStageOptions{
-			Servers: []osbuild.ChronyConfigServer{{Hostname: "metadata.google.internal"}},
-		},
-		Firewall: &osbuild.FirewallStageOptions{
-			DefaultZone: "trusted",
-		},
-		EnabledServices: []string{
-			"sshd",
-			"rngd",
-			"dnf-automatic.timer",
-		},
-		DisabledServices: []string{
-			"sshd-keygen@",
-			"reboot.target",
-		},
-		DefaultTarget: common.ToPtr("multi-user.target"),
-		Locale:        common.ToPtr("en_US.UTF-8"),
-		Keyboard: &osbuild.KeymapStageOptions{
-			Keymap: "us",
-		},
-		DNFConfig: &distro.DNFConfig{
-			Options: []*osbuild.DNFConfigStageOptions{
-				{
-					Config: &osbuild.DNFConfig{
-						Main: &osbuild.DNFConfigMain{
-							IPResolve: "4",
-						},
-					},
-				},
-			},
-		},
-		DNFAutomaticConfig: &osbuild.DNFAutomaticConfigStageOptions{
-			Config: &osbuild.DNFAutomaticConfig{
-				Commands: &osbuild.DNFAutomaticConfigCommands{
-					ApplyUpdates: common.ToPtr(true),
-					UpgradeType:  osbuild.DNFAutomaticUpgradeTypeSecurity,
-				},
-			},
-		},
-		YUMRepos: []*osbuild.YumReposStageOptions{
-			{
-				Filename: "google-cloud.repo",
-				Repos: []osbuild.YumRepository{
-					{
-						Id:           "google-compute-engine",
-						Name:         "Google Compute Engine",
-						BaseURLs:     []string{"https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable"},
-						Enabled:      common.ToPtr(true),
-						GPGCheck:     common.ToPtr(true),
-						RepoGPGCheck: common.ToPtr(false),
-						GPGKey: []string{
-							"https://packages.cloud.google.com/yum/doc/yum-key.gpg",
-							"https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg",
-						},
-					},
-				},
-			},
-		},
-		SshdConfig: &osbuild.SshdConfigStageOptions{
-			Config: osbuild.SshdConfigConfig{
-				PasswordAuthentication: common.ToPtr(false),
-				ClientAliveInterval:    common.ToPtr(420),
-				PermitRootLogin:        osbuild.PermitRootLoginValueNo,
-			},
-		},
-		DefaultKernel:       common.ToPtr("kernel-core"),
-		UpdateDefaultKernel: common.ToPtr(true),
-		// XXX: ensure the "old" behavior is preserved (that is
-		// likely a bug) where for GCE the sysconfig network
-		// options are not set because the merge of imageConfig
-		// is shallow and the previous setup was changing the
-		// kernel without also changing the network options.
-		Sysconfig: &distro.Sysconfig{},
-		Modprobe: []*osbuild.ModprobeStageOptions{
-			{
-				Filename: "blacklist-floppy.conf",
-				Commands: osbuild.ModprobeConfigCmdList{
-					osbuild.NewModprobeConfigCmdBlacklist("floppy"),
-				},
-			},
-		},
-		GCPGuestAgentConfig: &osbuild.GcpGuestAgentConfigOptions{
-			ConfigScope: osbuild.GcpGuestAgentConfigScopeDistro,
-			Config: &osbuild.GcpGuestAgentConfig{
-				InstanceSetup: &osbuild.GcpGuestAgentConfigInstanceSetup{
-					SetBotoConfig: common.ToPtr(false),
-				},
-			},
-		},
-		KernelOptions: []string{"net.ifnames=0", "biosdevname=0", "scsi_mod.use_blk_mq=Y", "crashkernel=auto", "console=ttyS0,38400n8d"},
-	}
-	if rd.OsVersion() == "8.4" {
-		// NOTE(akoutsou): these are enabled in the package preset, but for
-		// some reason do not get enabled on 8.4.
-		// the reason is unknown and deeply mysterious
-		ic.EnabledServices = append(ic.EnabledServices,
-			"google-oslogin-cache.timer",
-			"google-guest-agent.service",
-			"google-shutdown-scripts.service",
-			"google-startup-scripts.service",
-			"google-osconfig-agent.service",
-		)
-	}
-
-	return ic
-}
-
-func defaultGceRhuiImageConfig(rd distro.Distro) *distro.ImageConfig {
-	ic := &distro.ImageConfig{
-		RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
-			subscription.RHSMConfigNoSubscription: {
-				SubMan: subscription.SubManConfig{
-					Rhsmcertd: subscription.SubManRHSMCertdConfig{
-						AutoRegistration: common.ToPtr(true),
-					},
-					Rhsm: subscription.SubManRHSMConfig{
-						ManageRepos: common.ToPtr(false),
-					},
-				},
-			},
-			subscription.RHSMConfigWithSubscription: {
-				SubMan: subscription.SubManConfig{
-					Rhsmcertd: subscription.SubManRHSMCertdConfig{
-						AutoRegistration: common.ToPtr(true),
-					},
-					// do not disable the redhat.repo management if the user
-					// explicitly request the system to be subscribed
-				},
-			},
-		},
-	}
-	ic = ic.InheritFrom(defaultGceByosImageConfig(rd))
-	return ic
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/package_sets.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/package_sets.go
@ -3,6 +3,8 @@ package rhel8
 // This file defines package sets that are used by more than one image type.

 import (
+	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/defs"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/rpmmd"
@ -11,3 +13,7 @@ import (
 func packageSetLoader(t *rhel.ImageType) (map[string]rpmmd.PackageSet, error) {
 	return defs.PackageSets(t)
 }
+
+func imageConfig(d *rhel.Distribution, archName, imageType string) *distro.ImageConfig {
+	return common.Must(defs.ImageConfig(d.Name(), archName, imageType))
+}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go
@ -1,14 +1,12 @@
 package rhel8

 import (
-	"github.com/osbuild/images/internal/common"
-	"github.com/osbuild/images/pkg/customizations/subscription"
+	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/datasizes"
-	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 )

-func mkQcow2ImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkQcow2ImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"qcow2",
 		"disk.qcow2",
@ -20,7 +18,7 @@ func mkQcow2ImgType(rd *rhel.Distribution) *rhel.ImageType {
 		[]string{"qcow2"},
 	)

-	it.DefaultImageConfig = qcowImageConfig(rd)
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "qcow2")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -28,7 +26,7 @@ func mkQcow2ImgType(rd *rhel.Distribution) *rhel.ImageType {
 	return it
 }

-func mkOCIImgType(rd *rhel.Distribution) *rhel.ImageType {
+func mkOCIImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"oci",
 		"disk.qcow2",
@ -40,7 +38,7 @@ func mkOCIImgType(rd *rhel.Distribution) *rhel.ImageType {
 		[]string{"qcow2"},
 	)

-	it.DefaultImageConfig = qcowImageConfig(rd)
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "oci")
 	it.Bootable = true
 	it.DefaultSize = 10 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -48,7 +46,7 @@ func mkOCIImgType(rd *rhel.Distribution) *rhel.ImageType {
 	return it
 }

-func mkOpenstackImgType() *rhel.ImageType {
+func mkOpenstackImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"openstack",
 		"disk.qcow2",
@ -59,34 +57,10 @@ func mkOpenstackImgType() *rhel.ImageType {
 		[]string{"os", "image", "qcow2"},
 		[]string{"qcow2"},
 	)
-	it.DefaultImageConfig = &distro.ImageConfig{
-		KernelOptions: []string{"ro", "net.ifnames=0"},
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "openstack")
 	it.DefaultSize = 4 * datasizes.GibiByte
 	it.Bootable = true
 	it.BasePartitionTables = partitionTables

 	return it
 }
-
-func qcowImageConfig(d *rhel.Distribution) *distro.ImageConfig {
-	ic := &distro.ImageConfig{
-		DefaultTarget: common.ToPtr("multi-user.target"),
-		KernelOptions: []string{"console=tty0", "console=ttyS0,115200n8", "no_timer_check", "net.ifnames=0", "crashkernel=auto"},
-	}
-	if d.IsRHEL() {
-		ic.RHSMConfig = map[subscription.RHSMStatus]*subscription.RHSMConfig{
-			subscription.RHSMConfigNoSubscription: {
-				DnfPlugins: subscription.SubManDNFPluginsConfig{
-					ProductID: subscription.DNFPluginConfig{
-						Enabled: common.ToPtr(false),
-					},
-					SubscriptionManager: subscription.DNFPluginConfig{
-						Enabled: common.ToPtr(false),
-					},
-				},
-			},
-		}
-	}
-	return ic
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/sap.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/sap.go
@ -1,117 +0,0 @@
-package rhel8
-
-import (
-	"github.com/osbuild/images/internal/common"
-	"github.com/osbuild/images/pkg/distro"
-	"github.com/osbuild/images/pkg/osbuild"
-)
-
-// sapImageConfig returns the SAP specific ImageConfig data
-func sapImageConfig(rd distro.Distro) *distro.ImageConfig {
-	ic := &distro.ImageConfig{
-		SELinuxConfig: &osbuild.SELinuxConfigStageOptions{
-			State: osbuild.SELinuxStatePermissive,
-		},
-		// RHBZ#1960617
-		Tuned: osbuild.NewTunedStageOptions("sap-hana"),
-		// RHBZ#1959979
-		Tmpfilesd: []*osbuild.TmpfilesdStageOptions{
-			osbuild.NewTmpfilesdStageOptions("sap.conf",
-				[]osbuild.TmpfilesdConfigLine{
-					{
-						Type: "x",
-						Path: "/tmp/.sap*",
-					},
-					{
-						Type: "x",
-						Path: "/tmp/.hdb*lock",
-					},
-					{
-						Type: "x",
-						Path: "/tmp/.trex*lock",
-					},
-				},
-			),
-		},
-		// RHBZ#1959963
-		PamLimitsConf: []*osbuild.PamLimitsConfStageOptions{
-			osbuild.NewPamLimitsConfStageOptions("99-sap.conf",
-				[]osbuild.PamLimitsConfigLine{
-					{
-						Domain: "@sapsys",
-						Type:   osbuild.PamLimitsTypeHard,
-						Item:   osbuild.PamLimitsItemNofile,
-						Value:  osbuild.PamLimitsValueInt(1048576),
-					},
-					{
-						Domain: "@sapsys",
-						Type:   osbuild.PamLimitsTypeSoft,
-						Item:   osbuild.PamLimitsItemNofile,
-						Value:  osbuild.PamLimitsValueInt(1048576),
-					},
-					{
-						Domain: "@dba",
-						Type:   osbuild.PamLimitsTypeHard,
-						Item:   osbuild.PamLimitsItemNofile,
-						Value:  osbuild.PamLimitsValueInt(1048576),
-					},
-					{
-						Domain: "@dba",
-						Type:   osbuild.PamLimitsTypeSoft,
-						Item:   osbuild.PamLimitsItemNofile,
-						Value:  osbuild.PamLimitsValueInt(1048576),
-					},
-					{
-						Domain: "@sapsys",
-						Type:   osbuild.PamLimitsTypeHard,
-						Item:   osbuild.PamLimitsItemNproc,
-						Value:  osbuild.PamLimitsValueUnlimited,
-					},
-					{
-						Domain: "@sapsys",
-						Type:   osbuild.PamLimitsTypeSoft,
-						Item:   osbuild.PamLimitsItemNproc,
-						Value:  osbuild.PamLimitsValueUnlimited,
-					},
-					{
-						Domain: "@dba",
-						Type:   osbuild.PamLimitsTypeHard,
-						Item:   osbuild.PamLimitsItemNproc,
-						Value:  osbuild.PamLimitsValueUnlimited,
-					},
-					{
-						Domain: "@dba",
-						Type:   osbuild.PamLimitsTypeSoft,
-						Item:   osbuild.PamLimitsItemNproc,
-						Value:  osbuild.PamLimitsValueUnlimited,
-					},
-				},
-			),
-		},
-		// RHBZ#1959962
-		Sysctld: []*osbuild.SysctldStageOptions{
-			osbuild.NewSysctldStageOptions("sap.conf",
-				[]osbuild.SysctldConfigLine{
-					{
-						Key:   "kernel.pid_max",
-						Value: "4194304",
-					},
-					{
-						Key:   "vm.max_map_count",
-						Value: "2147483647",
-					},
-				},
-			),
-		},
-	}
-
-	if common.VersionLessThan(rd.OsVersion(), "8.10") {
-		// E4S/EUS
-		if ic.DNFConfig == nil {
-			ic.DNFConfig = &distro.DNFConfig{}
-		}
-		ic.DNFConfig.SetReleaseVerVar = common.ToPtr(true)
-	}
-
-	return ic
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/ubi.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/ubi.go
@ -1,30 +0,0 @@
-package rhel8
-
-import (
-	"github.com/osbuild/images/internal/common"
-	"github.com/osbuild/images/pkg/distro"
-	"github.com/osbuild/images/pkg/distro/rhel"
-)
-
-func mkWslImgType() *rhel.ImageType {
-	it := rhel.NewImageType(
-		"wsl",
-		"disk.tar.gz",
-		"application/x-tar",
-		packageSetLoader,
-		rhel.TarImage,
-		[]string{"build"},
-		[]string{"os", "archive"},
-		[]string{"archive"},
-	)
-
-	it.DefaultImageConfig = &distro.ImageConfig{
-		Locale:    common.ToPtr("en_US.UTF-8"),
-		NoSElinux: common.ToPtr(true),
-		WSLConfig: &distro.WSLConfig{
-			BootSystemd: true,
-		},
-	}
-
-	return it
-}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/vmdk.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/vmdk.go
@ -1,16 +1,12 @@
 package rhel8

 import (
+	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/datasizes"
-	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 )

-func vmdkKernelOptions() []string {
-	return []string{"ro", "net.ifnames=0"}
-}
-
-func mkVmdkImgType() *rhel.ImageType {
+func mkVmdkImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"vmdk",
 		"disk.vmdk",
@ -21,9 +17,7 @@ func mkVmdkImgType() *rhel.ImageType {
 		[]string{"os", "image", "vmdk"},
 		[]string{"vmdk"},
 	)
-	it.DefaultImageConfig = &distro.ImageConfig{
-		KernelOptions: vmdkKernelOptions(),
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "vmdk")
 	it.Bootable = true
 	it.DefaultSize = 4 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
@ -31,7 +25,7 @@ func mkVmdkImgType() *rhel.ImageType {
 	return it
 }

-func mkOvaImgType() *rhel.ImageType {
+func mkOvaImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
 	it := rhel.NewImageType(
 		"ova",
 		"image.ova",
@ -42,9 +36,7 @@ func mkOvaImgType() *rhel.ImageType {
 		[]string{"os", "image", "vmdk", "ovf", "archive"},
 		[]string{"archive"},
 	)
-	it.DefaultImageConfig = &distro.ImageConfig{
-		KernelOptions: vmdkKernelOptions(),
-	}
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "ova")
 	it.Bootable = true
 	it.DefaultSize = 4 * datasizes.GibiByte
 	it.BasePartitionTables = partitionTables
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/wsl.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/wsl.go
@ -0,0 +1,23 @@
+package rhel8
+
+import (
+	"github.com/osbuild/images/pkg/arch"
+	"github.com/osbuild/images/pkg/distro/rhel"
+)
+
+func mkWslImgType(rd *rhel.Distribution, a arch.Arch) *rhel.ImageType {
+	it := rhel.NewImageType(
+		"wsl",
+		"image.wsl",
+		"application/x-tar",
+		packageSetLoader,
+		rhel.TarImage,
+		[]string{"build"},
+		[]string{"os", "archive"},
+		[]string{"archive"},
+	)
+	it.DefaultImageConfig = imageConfig(rd, a.String(), "wsl")
+	it.Compression = "xz"
+
+	return it
+}
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/azure.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/azure.go
@ -342,7 +342,7 @@ func defaultAzureKernelOptions(rd *rhel.Distribution, a arch.Arch) []string {
 	case arch.ARCH_X86_64:
 		kargs = append(kargs, "console=tty1", "console=ttyS0", "earlyprintk=ttyS0", "rootdelay=300")
 	}
-	if rd.IsRHEL() && common.VersionGreaterThanOrEqual(rd.OsVersion(), "9.6") {
+	if rd.Name() == "centos-9" || common.VersionGreaterThanOrEqual(rd.OsVersion(), "9.6") {
 		kargs = append(kargs, "nvme_core.io_timeout=240")
 	}
 	return kargs
@ -549,7 +549,7 @@ func defaultAzureImageConfig(rd *rhel.Distribution) *distro.ImageConfig {
 		},
 	}

-	if rd.IsRHEL() && common.VersionGreaterThanOrEqual(rd.OsVersion(), "9.6") {
+	if rd.Name() == "centos-9" || common.VersionGreaterThanOrEqual(rd.OsVersion(), "9.6") {
 		ic.TimeSynchronization = &osbuild.ChronyStageOptions{
 			Refclocks: []osbuild.ChronyConfigRefclock{
 				{
--- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/wsl.go
+++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/wsl.go
@ -2,6 +2,7 @@ package rhel9

 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/wsl"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
@ -10,7 +11,7 @@ import (
 func mkWSLImgType() *rhel.ImageType {
 	it := rhel.NewImageType(
 		"wsl",
-		"disk.tar.gz",
+		"image.wsl",
 		"application/x-tar",
 		packageSetLoader,
 		rhel.TarImage,
@ -19,6 +20,7 @@ func mkWSLImgType() *rhel.ImageType {
 		[]string{"archive"},
 	)

+	it.Compression = "xz"
 	it.DefaultImageConfig = &distro.ImageConfig{
 		CloudInit: []*osbuild.CloudInitStageOptions{
 			{
@ -36,8 +38,10 @@ func mkWSLImgType() *rhel.ImageType {
 		},
 		Locale:    common.ToPtr("en_US.UTF-8"),
 		NoSElinux: common.ToPtr(true),
-		WSLConfig: &distro.WSLConfig{
-			BootSystemd: true,
+		WSL: &wsl.WSL{
+			Config: &wsl.WSLConfig{
+				BootSystemd: true,
+			},
 		},
 	}

--- a/vendor/github.com/osbuild/images/pkg/image/archive.go
+++ b/vendor/github.com/osbuild/images/pkg/image/archive.go
@ -1,12 +1,14 @@
 package image

 import (
+	"fmt"
 	"math/rand"

 	"github.com/osbuild/images/internal/environment"
 	"github.com/osbuild/images/internal/workload"
 	"github.com/osbuild/images/pkg/artifact"
 	"github.com/osbuild/images/pkg/manifest"
+	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/platform"
 	"github.com/osbuild/images/pkg/rpmmd"
 	"github.com/osbuild/images/pkg/runner"
@ -19,6 +21,9 @@ type Archive struct {
 	Environment      environment.Environment
 	Workload         workload.Workload
 	Filename         string
+	Compression      string
+
+	OSVersion string
 }

 func NewArchive() *Archive {
@ -38,9 +43,26 @@ func (img *Archive) InstantiateManifest(m *manifest.Manifest,
 	osPipeline.OSCustomizations = img.OSCustomizations
 	osPipeline.Environment = img.Environment
 	osPipeline.Workload = img.Workload
+	osPipeline.OSVersion = img.OSVersion

 	tarPipeline := manifest.NewTar(buildPipeline, osPipeline, "archive")
 	tarPipeline.SetFilename(img.Filename)
+
+	switch img.Compression {
+	case "xz":
+		tarPipeline.Compression = osbuild.TarArchiveCompressionXz
+	case "gzip":
+		tarPipeline.Compression = osbuild.TarArchiveCompressionGzip
+	case "zstd":
+		tarPipeline.Compression = osbuild.TarArchiveCompressionZstd
+	case "":
+		// this defaults to automatic compression based on filename which
+		// has already been set
+	default:
+		// panic on unknown strings
+		panic(fmt.Sprintf("unsupported compression type %q", img.Compression))
+	}
+
 	artifact := tarPipeline.Export()

 	return artifact, nil
--- a/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go
@ -200,6 +200,20 @@ func (p *AnacondaInstallerISOTree) getBuildPackages(_ Distro) []string {
 	return packages
 }

+// Exclude most of the /boot files inside the rootfs to save space
+// These are not needed on the running system
+// The kernel and kernel .hmac are left for use with FIPS systems
+// Used by NewSquashfsStage and NewErofsStage
+var installerBootExcludePaths = []string{
+	"boot/efi/.*",
+	"boot/grub2/.*",
+	"boot/config-.*",
+	"boot/initramfs-.*",
+	"boot/loader/.*",
+	"boot/symvers-.*",
+	"boot/System.map-.*",
+}
+
 // NewSquashfsStage returns an osbuild stage configured to build
 // the squashfs root filesystem for the ISO.
 func (p *AnacondaInstallerISOTree) NewSquashfsStage() *osbuild.Stage {
@ -228,6 +242,9 @@ func (p *AnacondaInstallerISOTree) NewSquashfsStage() *osbuild.Stage {
 		}
 	}

+	// Clean up the root filesystem's /boot to save space
+	squashfsOptions.ExcludePaths = installerBootExcludePaths
+
 	// The iso's rootfs can either be an ext4 filesystem compressed with squashfs, or
 	// a squashfs of the plain directory tree
 	if p.RootfsType == SquashfsExt4Rootfs && p.rootfsPipeline != nil {
@ -263,6 +280,9 @@ func (p *AnacondaInstallerISOTree) NewErofsStage() *osbuild.Stage {
 	erofsOptions.ExtendedOptions = []string{"all-fragments", "dedupe"}
 	erofsOptions.ClusterSize = common.ToPtr(131072)

+	// Clean up the root filesystem's /boot to save space
+	erofsOptions.ExcludePaths = installerBootExcludePaths
+
 	return osbuild.NewErofsStage(&erofsOptions, p.anacondaPipeline.Name())
 }

--- a/vendor/github.com/osbuild/images/pkg/manifest/os.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/os.go
@ -99,37 +99,38 @@ type OSCustomizations struct {
 	ShellInit []shell.InitFile

 	// TODO: drop osbuild types from the API
-	Firewall             *osbuild.FirewallStageOptions
-	Grub2Config          *osbuild.GRUB2Config
-	Sysconfig            []*osbuild.SysconfigStageOptions
-	SystemdLogind        []*osbuild.SystemdLogindStageOptions
-	CloudInit            []*osbuild.CloudInitStageOptions
-	Modprobe             []*osbuild.ModprobeStageOptions
-	DracutConf           []*osbuild.DracutConfStageOptions
-	SystemdDropin        []*osbuild.SystemdUnitStageOptions
-	SystemdUnit          []*osbuild.SystemdUnitCreateStageOptions
-	Authselect           *osbuild.AuthselectStageOptions
-	SELinuxConfig        *osbuild.SELinuxConfigStageOptions
-	Tuned                *osbuild.TunedStageOptions
-	Tmpfilesd            []*osbuild.TmpfilesdStageOptions
-	PamLimitsConf        []*osbuild.PamLimitsConfStageOptions
-	Sysctld              []*osbuild.SysctldStageOptions
-	DNFConfig            []*osbuild.DNFConfigStageOptions
-	DNFAutomaticConfig   *osbuild.DNFAutomaticConfigStageOptions
-	YUMConfig            *osbuild.YumConfigStageOptions
-	YUMRepos             []*osbuild.YumReposStageOptions
-	SshdConfig           *osbuild.SshdConfigStageOptions
-	GCPGuestAgentConfig  *osbuild.GcpGuestAgentConfigOptions
-	AuthConfig           *osbuild.AuthconfigStageOptions
-	PwQuality            *osbuild.PwqualityConfStageOptions
-	ChronyConfig         *osbuild.ChronyStageOptions
-	WAAgentConfig        *osbuild.WAAgentConfStageOptions
-	UdevRules            *osbuild.UdevRulesStageOptions
-	WSLConfig            *osbuild.WSLConfStageOptions
-	InsightsClientConfig *osbuild.InsightsClientConfigStageOptions
-	NetworkManager       *osbuild.NMConfStageOptions
-	Presets              []osbuild.Preset
-	ContainersStorage    *string
+	Firewall              *osbuild.FirewallStageOptions
+	Grub2Config           *osbuild.GRUB2Config
+	Sysconfig             []*osbuild.SysconfigStageOptions
+	SystemdLogind         []*osbuild.SystemdLogindStageOptions
+	CloudInit             []*osbuild.CloudInitStageOptions
+	Modprobe              []*osbuild.ModprobeStageOptions
+	DracutConf            []*osbuild.DracutConfStageOptions
+	SystemdDropin         []*osbuild.SystemdUnitStageOptions
+	SystemdUnit           []*osbuild.SystemdUnitCreateStageOptions
+	Authselect            *osbuild.AuthselectStageOptions
+	SELinuxConfig         *osbuild.SELinuxConfigStageOptions
+	Tuned                 *osbuild.TunedStageOptions
+	Tmpfilesd             []*osbuild.TmpfilesdStageOptions
+	PamLimitsConf         []*osbuild.PamLimitsConfStageOptions
+	Sysctld               []*osbuild.SysctldStageOptions
+	DNFConfig             []*osbuild.DNFConfigStageOptions
+	DNFAutomaticConfig    *osbuild.DNFAutomaticConfigStageOptions
+	YUMConfig             *osbuild.YumConfigStageOptions
+	YUMRepos              []*osbuild.YumReposStageOptions
+	SshdConfig            *osbuild.SshdConfigStageOptions
+	GCPGuestAgentConfig   *osbuild.GcpGuestAgentConfigOptions
+	AuthConfig            *osbuild.AuthconfigStageOptions
+	PwQuality             *osbuild.PwqualityConfStageOptions
+	ChronyConfig          *osbuild.ChronyStageOptions
+	WAAgentConfig         *osbuild.WAAgentConfStageOptions
+	UdevRules             *osbuild.UdevRulesStageOptions
+	WSLConfig             *osbuild.WSLConfStageOptions
+	WSLDistributionConfig *osbuild.WSLDistributionConfStageOptions
+	InsightsClientConfig  *osbuild.InsightsClientConfigStageOptions
+	NetworkManager        *osbuild.NMConfStageOptions
+	Presets               []osbuild.Preset
+	ContainersStorage     *string

 	// OpenSCAP config
 	OpenSCAPRemediationConfig *oscap.RemediationConfig
@ -381,7 +382,7 @@ func (p *OS) getBuildPackages(distro Distro) []string {
 			packages = append(packages, "python3-pyyaml")
 		}
 	}
-	if len(p.OSCustomizations.DNFConfig) > 0 || p.OSCustomizations.RHSMConfig != nil || p.OSCustomizations.WSLConfig != nil {
+	if len(p.OSCustomizations.DNFConfig) > 0 || p.OSCustomizations.RHSMConfig != nil || p.OSCustomizations.WSLConfig != nil || p.OSCustomizations.WSLDistributionConfig != nil {
 		packages = append(packages, "python3-iniparse")
 	}

@ -852,6 +853,17 @@ func (p *OS) serialize() osbuild.Pipeline {
 		pipeline.AddStage(osbuild.NewWSLConfStage(p.OSCustomizations.WSLConfig))
 	}

+	if p.OSCustomizations.WSLDistributionConfig != nil {
+		// We format in our version string into the name field, if there's no %s in there nothing
+		// special will happen.
+		p.OSCustomizations.WSLDistributionConfig.OOBE.DefaultName = fmt.Sprintf(
+			p.OSCustomizations.WSLDistributionConfig.OOBE.DefaultName,
+			p.OSVersion,
+		)
+
+		pipeline.AddStage(osbuild.NewWSLDistributionConfStage(p.OSCustomizations.WSLDistributionConfig))
+	}
+
 	if p.OSCustomizations.FIPS {
 		pipeline.AddStages(osbuild.GenFIPSStages()...)
 		p.addInlineDataAndStages(&pipeline, osbuild.GenFIPSFiles())
--- a/vendor/github.com/osbuild/images/pkg/manifest/subscription.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/subscription.go
@ -126,8 +126,6 @@ func subscriptionService(subscriptionOptions subscription.ImageOptions, serviceO
 			rhcConnect += fmt.Sprintf(" --content-template %s", subscriptionOptions.TemplateName)
 		}
 		commands = append(commands, rhcConnect)
-		// insights-client creates the .gnupg directory during boot process, and is labeled incorrectly
-		commands = append(commands, "restorecon -R /root/.gnupg")
 		// execute the rhc post install script as the selinuxenabled check doesn't work in the buildroot container
 		commands = append(commands, "/usr/sbin/semanage permissive --add rhcd_t")
 		// register to template if template uuid is specified
@ -149,8 +147,6 @@ func subscriptionService(subscriptionOptions subscription.ImageOptions, serviceO
 		// Insights is optional when using subscription-manager
 		if subscriptionOptions.Insights {
 			commands = append(commands, "/usr/bin/insights-client --register")
-			// insights-client creates the .gnupg directory during boot process, and is labeled incorrectly
-			commands = append(commands, "restorecon -R /root/.gnupg")
 			// register to template if template is specified
 			if subscriptionOptions.TemplateUUID != "" {
 				curlToAssociateSystem := getCurlToAssociateSystem(subscriptionOptions)
--- a/vendor/github.com/osbuild/images/pkg/osbuild/erofs_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/erofs_stage.go
@ -6,7 +6,8 @@ type ErofsCompression struct {
 }

 type ErofsStageOptions struct {
-	Filename string `json:"filename"`
+	Filename     string   `json:"filename"`
+	ExcludePaths []string `json:"exclude_paths,omitempty"`

 	Compression     *ErofsCompression `json:"compression,omitempty"`
 	ExtendedOptions []string          `json:"options,omitempty"`
--- a/vendor/github.com/osbuild/images/pkg/osbuild/grub2_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/grub2_stage.go
@ -16,6 +16,7 @@ import (
 // Note that it is the role of an assembler to install any necessary
 // bootloaders that are stored in the image outside of any filesystem.
 type GRUB2StageOptions struct {
+	CompatVersion      int          `json:"compat_version,omitempty"`
 	RootFilesystemUUID uuid.UUID    `json:"root_fs_uuid"`
 	BootFilesystemUUID *uuid.UUID   `json:"boot_fs_uuid,omitempty"`
 	KernelOptions      string       `json:"kernel_opts,omitempty"`
@ -48,8 +49,8 @@ type GRUB2Config struct {
 	DisableSubmenu  *bool                   `json:"disable_submenu,omitempty" yaml:"disable_submenu,omitempty"`
 	Distributor     string                  `json:"distributor,omitempty"`
 	Terminal        []string                `json:"terminal,omitempty"`
-	TerminalInput   []string                `json:"terminal_input,omitempty"`
-	TerminalOutput  []string                `json:"terminal_output,omitempty"`
+	TerminalInput   []string                `json:"terminal_input,omitempty" yaml:"terminal_input,omitempty"`
+	TerminalOutput  []string                `json:"terminal_output,omitempty" yaml:"terminal_output,omitempty"`
 	Timeout         int                     `json:"timeout,omitempty"`
 	TimeoutStyle    GRUB2ConfigTimeoutStyle `json:"timeout_style,omitempty" yaml:"timeout_style,omitempty"`
 	Serial          string                  `json:"serial,omitempty"`
@ -85,6 +86,7 @@ func NewGrub2StageOptions(pt *disk.PartitionTable,
 	// to override the kernel options in /etc/kernel/cmdline if the file has
 	// older timestamp than /etc/default/grub.
 	stageOptions := GRUB2StageOptions{
+		CompatVersion:      2, // always set to the highest version available
 		RootFilesystemUUID: uuid.MustParse(rootFs.GetFSSpec().UUID),
 		Legacy:             legacy,
 		KernelOptions:      kernelOptions,
--- a/vendor/github.com/osbuild/images/pkg/osbuild/squashfs_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/squashfs_stage.go
@ -1,7 +1,8 @@
 package osbuild

 type SquashfsStageOptions struct {
-	Filename string `json:"filename"`
+	Filename     string   `json:"filename"`
+	ExcludePaths []string `json:"exclude_paths,omitempty"`

 	Compression FSCompression `json:"compression"`
 }
--- a/vendor/github.com/osbuild/images/pkg/osbuild/wsl_conf_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/wsl_conf_stage.go
@ -1,5 +1,9 @@
 package osbuild

+import (
+	"github.com/osbuild/images/pkg/customizations/wsl"
+)
+
 type WSLConfStageOptions struct {
 	Boot WSLConfBootOptions `json:"boot"`
 }
@ -16,3 +20,15 @@ func NewWSLConfStage(options *WSLConfStageOptions) *Stage {
 		Options: options,
 	}
 }
+
+func NewWSLConfStageOptions(config *wsl.WSLConfig) *WSLConfStageOptions {
+	if config == nil {
+		return nil
+	}
+
+	return &WSLConfStageOptions{
+		Boot: WSLConfBootOptions{
+			Systemd: config.BootSystemd,
+		},
+	}
+}
--- a/vendor/github.com/osbuild/images/pkg/osbuild/wsl_distribution_conf_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/wsl_distribution_conf_stage.go
@ -0,0 +1,53 @@
+package osbuild
+
+import (
+	"github.com/osbuild/images/pkg/customizations/wsl"
+)
+
+type WSLDistributionConfStageOptions struct {
+	OOBE     WSLDistributionConfOOBEOptions     `json:"oobe,omitempty"`
+	Shortcut WSLDistributionConfShortcutOptions `json:"shortcut,omitempty"`
+}
+
+type WSLDistributionConfOOBEOptions struct {
+	DefaultUID  *int   `json:"default_uid,omitempty"`
+	DefaultName string `json:"default_name,omitempty"`
+}
+
+type WSLDistributionConfShortcutOptions struct {
+	Enabled bool   `json:"enabled,omitempty"`
+	Icon    string `json:"icon,omitempty"`
+}
+
+func (WSLDistributionConfStageOptions) isStageOptions() {}
+
+func NewWSLDistributionConfStage(options *WSLDistributionConfStageOptions) *Stage {
+	return &Stage{
+		Type:    "org.osbuild.wsl-distribution.conf",
+		Options: options,
+	}
+}
+
+func NewWSLDistributionConfStageOptions(config *wsl.WSLDistributionConfig) *WSLDistributionConfStageOptions {
+	if config == nil {
+		return nil
+	}
+
+	options := &WSLDistributionConfStageOptions{}
+
+	if config.OOBE != nil {
+		options.OOBE = WSLDistributionConfOOBEOptions{
+			DefaultUID:  config.OOBE.DefaultUID,
+			DefaultName: config.OOBE.DefaultName,
+		}
+	}
+
+	if config.Shortcut != nil {
+		options.Shortcut = WSLDistributionConfShortcutOptions{
+			Enabled: config.Shortcut.Enabled,
+			Icon:    config.Shortcut.Icon,
+		}
+	}
+
+	return options
+}
--- a/vendor/github.com/osbuild/images/pkg/osbuild/yum_config_stage.go
+++ b/vendor/github.com/osbuild/images/pkg/osbuild/yum_config_stage.go
@ -5,7 +5,7 @@ import (
 )

 type YumConfigConfig struct {
-	HttpCaching *string `json:"http_caching,omitempty"`
+	HttpCaching *string `json:"http_caching,omitempty" yaml:"http_caching,omitempty"`
 }

 type YumConfigPlugins struct {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1049,8 +1049,8 @@ github.com/oracle/oci-go-sdk/v54/workrequests
 ## explicit; go 1.22.8
 github.com/osbuild/blueprint/internal/common
 github.com/osbuild/blueprint/pkg/blueprint
-# github.com/osbuild/images v0.151.0
-## explicit; go 1.22.8
+# github.com/osbuild/images v0.154.0
+## explicit; go 1.23.9
 github.com/osbuild/images/data/dependencies
 github.com/osbuild/images/data/repositories
 github.com/osbuild/images/internal/common
@ -1072,6 +1072,7 @@ github.com/osbuild/images/pkg/customizations/oscap
 github.com/osbuild/images/pkg/customizations/shell
 github.com/osbuild/images/pkg/customizations/subscription
 github.com/osbuild/images/pkg/customizations/users
+github.com/osbuild/images/pkg/customizations/wsl
 github.com/osbuild/images/pkg/datasizes
 github.com/osbuild/images/pkg/disk
 github.com/osbuild/images/pkg/distro