build(deps): bump the go-deps group across 1 directory with 14 updates

Bumps the go-deps group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/compute](https://github.com/googleapis/google-cloud-go) | `1.25.1` | `1.26.0` |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.5.1` | `1.5.2` |
| [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5](https://github.com/Azure/azure-sdk-for-go) | `5.5.0` | `5.7.0` |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.51.25` | `1.52.0` |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.26.0` | `0.27.0` |
| [github.com/gophercloud/gophercloud](https://github.com/gophercloud/gophercloud) | `1.10.0` | `1.11.0` |
| [github.com/jackc/pgtype](https://github.com/jackc/pgtype) | `1.14.1` | `1.14.3` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.11.4` | `4.12.0` |
| [github.com/openshift-online/ocm-sdk-go](https://github.com/openshift-online/ocm-sdk-go) | `0.1.398` | `0.1.418` |
| [github.com/osbuild/images](https://github.com/osbuild/images) | `0.56.0` | `0.58.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.0` |



Updates `cloud.google.com/go/compute` from 1.25.1 to 1.26.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.1...sdk/internal/v1.5.2)

Updates `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5` from 5.5.0 to 5.7.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/resourcemanager/compute/armcompute/v5.5.0...sdk/resourcemanager/compute/armcompute/v5.7.0)

Updates `github.com/aws/aws-sdk-go` from 1.51.25 to 1.52.0
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.51.25...v1.52.0)

Updates `github.com/getsentry/sentry-go` from 0.26.0 to 0.27.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.26.0...v0.27.0)

Updates `github.com/gophercloud/gophercloud` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/gophercloud/gophercloud/releases)
- [Changelog](https://github.com/gophercloud/gophercloud/blob/v1.11.0/CHANGELOG.md)
- [Commits](https://github.com/gophercloud/gophercloud/compare/v1.10.0...v1.11.0)

Updates `github.com/jackc/pgtype` from 1.14.1 to 1.14.3
- [Changelog](https://github.com/jackc/pgtype/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgtype/compare/v1.14.1...v1.14.3)

Updates `github.com/jackc/pgx/v4` from 4.18.1 to 4.18.2
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v4.18.1...v4.18.2)

Updates `github.com/labstack/echo/v4` from 4.11.4 to 4.12.0
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/labstack/echo/compare/v4.11.4...v4.12.0)

Updates `github.com/openshift-online/ocm-sdk-go` from 0.1.398 to 0.1.418
- [Release notes](https://github.com/openshift-online/ocm-sdk-go/releases)
- [Changelog](https://github.com/openshift-online/ocm-sdk-go/blob/main/CHANGES.md)
- [Commits](https://github.com/openshift-online/ocm-sdk-go/compare/v0.1.398...v0.1.418)

Updates `github.com/osbuild/images` from 0.56.0 to 0.58.0
- [Release notes](https://github.com/osbuild/images/releases)
- [Commits](https://github.com/osbuild/images/compare/v0.56.0...v0.58.0)

Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0)

Updates `golang.org/x/sync` from 0.6.0 to 0.7.0
- [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0)

Updates `google.golang.org/api` from 0.175.0 to 0.177.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.175.0...v0.177.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/compute
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/getsentry/sentry-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/gophercloud/gophercloud
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/jackc/pgtype
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/labstack/echo/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/openshift-online/ocm-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/osbuild/images
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>

vendor/github.com/osbuild/images/pkg/container/client.go

@@ -14,6 +14,7 @@ import (
 	_ "github.com/containers/image/v5/docker/archive"
 	_ "github.com/containers/image/v5/oci/archive"
 	_ "github.com/containers/image/v5/oci/layout"
+	"github.com/containers/storage"
 	"golang.org/x/sys/unix"
 
 	"github.com/containers/common/pkg/retry"
@@ -110,6 +111,8 @@ type Client struct {
 	// internal state
 	policy *signature.Policy
 	sysCtx *types.SystemContext
+
+	store string // another store location other than the main one, useful for testing
 }
 
 // NewClient constructs a new Client for target with default options.
@@ -153,6 +156,7 @@ func NewClient(target string) (*Client, error) {
 			AuthFilePath: GetDefaultAuthFile(),
 		},
 		policy: policy,
+		store:  "/var/lib/containers/storage",
 	}
 
 	return &client, nil
@@ -343,44 +347,78 @@ func (m RawManifest) Digest() (digest.Digest, error) {
 	return manifest.Digest(m.Data)
 }
 
-func getImageRef(target reference.Named, local bool) (types.ImageReference, error) {
+func (cl *Client) getImageRef(id string, local bool) (types.ImageReference, error) {
 	if local {
-		return alltransports.ParseImageName(fmt.Sprintf("containers-storage:%s", target))
+		imageName := cl.Target.String()
+		if id != "" {
+			imageName = id
+		}
+		options := fmt.Sprintf("containers-storage:[overlay@%s+/run/containers/storage]%s", cl.store, imageName)
+		return alltransports.ParseImageName(options)
 	}
 
-	return docker.NewReference(target)
+	return docker.NewReference(cl.Target)
+}
+
+func (cl *Client) resolveContainerImageArch(ctx context.Context, ref types.ImageReference) (*arch.Arch, error) {
+	img, err := ref.NewImage(ctx, cl.sysCtx)
+	if err != nil {
+		return nil, err
+	}
+	defer img.Close()
+	info, err := img.Inspect(ctx)
+	if err != nil {
+		return nil, err
+	}
+	a := arch.FromString(info.Architecture)
+	return &a, nil
+}
+
+func (cl *Client) getLocalImageIDFromDigest(instance digest.Digest) (string, error) {
+	store, err := storage.GetStore(storage.StoreOptions{GraphRoot: cl.store})
+	if err != nil {
+		return "", err
+	}
+	images, err := store.ImagesByDigest(instance)
+	if err != nil {
+		return "", err
+	}
+	if len(images) == 0 {
+		return "", fmt.Errorf("Unable to find image id for digest: %v", instance)
+	}
+	// the `ImagesByDigest` function always returns a list
+	// of images. The list could be larger than 1 in the case
+	// since it searches all stores for the matching digest,
+	// so it is okay to return the first item.
+	return images[0].ID, nil
 }
 
 // GetManifest fetches the raw manifest data from the server. If digest is not empty
 // it will override any given tag for the Client's Target.
-func (cl *Client) GetManifest(ctx context.Context, digest digest.Digest, local bool) (r RawManifest, err error) {
-	target := cl.Target
+func (cl *Client) GetManifest(ctx context.Context, instanceDigest digest.Digest, local bool) (r RawManifest, err error) {
+	var localId string
+	var overrideDigest *digest.Digest
 
-	if digest != "" {
-		t := reference.TrimNamed(cl.Target)
-		t, err = reference.WithDigest(t, digest)
-		if err != nil {
-			return
+	if instanceDigest != "" {
+		if local {
+			localId, err = cl.getLocalImageIDFromDigest(instanceDigest)
+			if err != nil {
+				return r, err
+			}
+		} else {
+			// We can pass the instance digest, if it is nil, then this is the primary manifest.
+			// If it is not nil, then this is the instance digest and the primary manifest is a
+			// manifest list. The `GetManifest` call will then retrieve the manifest for the
+			// desired instance, see:
+			// https://github.com/containers/image/blob/cdb2f596a95018444f4dee0993e321d3d8bc328d/types/types.go#L252C2-L253C121
+			overrideDigest = &instanceDigest
 		}
-
-		target = t
 	}
 
-	ref, err := getImageRef(target, local)
+	ref, err := cl.getImageRef(localId, local)
 	if err != nil {
 		return
 	}
-	img, err := ref.NewImage(ctx, cl.sysCtx)
-	if err != nil {
-		return r, err
-	}
-	defer img.Close()
-
-	info, err := img.Inspect(ctx)
-	if err != nil {
-		return r, err
-	}
-	r.Arch = arch.FromString(info.Architecture)
 
 	src, err := ref.NewImageSource(ctx, cl.sysCtx)
 	if err != nil {
@@ -398,8 +436,23 @@ func (cl *Client) GetManifest(ctx context.Context, digest digest.Digest, local b
 	}
 
 	if err = retry.RetryIfNecessary(ctx, func() error {
-		r.Data, r.MimeType, err = src.GetManifest(ctx, nil)
-		return err
+		r.Data, r.MimeType, err = src.GetManifest(ctx, overrideDigest)
+		if err != nil {
+			return err
+		}
+
+		// getting the container image arch doesn't work with local manifest lists
+		if local && (r.MimeType == imgspecv1.MediaTypeImageIndex || r.MimeType == manifest.DockerV2ListMediaType) {
+			return nil
+		}
+
+		imageArch, err := cl.resolveContainerImageArch(ctx, ref)
+		if err != nil {
+			return err
+		}
+		r.Arch = *imageArch
+
+		return nil
 	}, &retryOpts); err != nil {
 		return
 	}
@@ -417,26 +470,26 @@ type resolvedIds struct {
 	ListManifest digest.Digest
 }
 
-func (cl *Client) resolveManifestList(ctx context.Context, list manifestList) (resolvedIds, error) {
+func (cl *Client) resolveManifestList(ctx context.Context, list manifestList, local bool) (resolvedIds, *arch.Arch, error) {
 	digest, err := list.ChooseInstance(cl.sysCtx)
 	if err != nil {
-		return resolvedIds{}, err
+		return resolvedIds{}, nil, err
 	}
 
-	raw, err := cl.GetManifest(ctx, digest, false)
+	raw, err := cl.GetManifest(ctx, digest, local)
 	if err != nil {
-		return resolvedIds{}, fmt.Errorf("error getting manifest: %w", err)
+		return resolvedIds{}, nil, fmt.Errorf("error getting manifest: %w", err)
 	}
 
-	ids, err := cl.resolveRawManifest(ctx, raw)
+	ids, _, err := cl.resolveRawManifest(ctx, raw, local)
 	if err != nil {
-		return resolvedIds{}, err
+		return resolvedIds{}, nil, err
 	}
 
-	return ids, err
+	return ids, &raw.Arch, err
 }
 
-func (cl *Client) resolveRawManifest(ctx context.Context, rm RawManifest) (resolvedIds, error) {
+func (cl *Client) resolveRawManifest(ctx context.Context, rm RawManifest, local bool) (resolvedIds, *arch.Arch, error) {
 
 	var imageID digest.Digest
 
@@ -444,37 +497,37 @@ func (cl *Client) resolveRawManifest(ctx context.Context, rm RawManifest) (resol
 	case manifest.DockerV2ListMediaType:
 		list, err := manifest.Schema2ListFromManifest(rm.Data)
 		if err != nil {
-			return resolvedIds{}, err
+			return resolvedIds{}, nil, err
 		}
 
 		// Save digest of the manifest list as well.
-		ids, err := cl.resolveManifestList(ctx, list)
+		ids, imageArch, err := cl.resolveManifestList(ctx, list, local)
 		if err != nil {
-			return resolvedIds{}, err
+			return resolvedIds{}, nil, err
 		}
 		// NOTE: Comment in Digest() source says this should never fail. Ignore the error.
 		ids.ListManifest, _ = rm.Digest()
-		return ids, nil
+		return ids, imageArch, nil
 
 	case imgspecv1.MediaTypeImageIndex:
 		index, err := manifest.OCI1IndexFromManifest(rm.Data)
 		if err != nil {
-			return resolvedIds{}, err
+			return resolvedIds{}, nil, err
 		}
 
 		// Save digest of the manifest list as well.
-		ids, err := cl.resolveManifestList(ctx, index)
+		ids, imageArch, err := cl.resolveManifestList(ctx, index, local)
 		if err != nil {
-			return resolvedIds{}, err
+			return resolvedIds{}, nil, err
 		}
 		// NOTE: Comment in Digest() source says this should never fail. Ignore the error.
 		ids.ListManifest, _ = rm.Digest()
-		return ids, nil
+		return ids, imageArch, nil
 
 	case imgspecv1.MediaTypeImageManifest:
 		m, err := manifest.OCI1FromManifest(rm.Data)
 		if err != nil {
-			return resolvedIds{}, nil
+			return resolvedIds{}, nil, nil
 		}
 		imageID = m.ConfigInfo().Digest
 
@@ -482,25 +535,25 @@ func (cl *Client) resolveRawManifest(ctx context.Context, rm RawManifest) (resol
 		m, err := manifest.Schema2FromManifest(rm.Data)
 
 		if err != nil {
-			return resolvedIds{}, nil
+			return resolvedIds{}, nil, nil
 		}
 
 		imageID = m.ConfigInfo().Digest
 
 	default:
-		return resolvedIds{}, fmt.Errorf("unsupported manifest format '%s'", rm.MimeType)
+		return resolvedIds{}, nil, fmt.Errorf("unsupported manifest format '%s'", rm.MimeType)
 	}
 
 	dg, err := rm.Digest()
 
 	if err != nil {
-		return resolvedIds{}, err
+		return resolvedIds{}, nil, err
 	}
 
 	return resolvedIds{
 		Manifest: dg,
 		Config:   imageID,
-	}, nil
+	}, nil, nil
 }
 
 // Resolve the Client's Target to the manifest digest and the corresponding image id
@@ -514,7 +567,7 @@ func (cl *Client) Resolve(ctx context.Context, name string, local bool) (Spec, e
 		return Spec{}, fmt.Errorf("error getting manifest: %w", err)
 	}
 
-	ids, err := cl.resolveRawManifest(ctx, raw)
+	ids, imageArch, err := cl.resolveRawManifest(ctx, raw, local)
 	if err != nil {
 		return Spec{}, err
 	}
@@ -528,7 +581,12 @@ func (cl *Client) Resolve(ctx context.Context, name string, local bool) (Spec, e
 		name,
 		local,
 	)
-	spec.Arch = raw.Arch
+
+	if imageArch != nil {
+		spec.Arch = *imageArch
+	} else {
+		spec.Arch = raw.Arch
+	}
 
 	return spec, nil
 }

vendor/github.com/osbuild/images/pkg/container/resolver.go

@@ -20,6 +20,8 @@ type Resolver struct {
 
 	Arch         string
 	AuthFilePath string
+
+	newClient func(string) (*Client, error)
 }
 
 type SourceSpec struct {
@@ -36,11 +38,13 @@ func NewResolver(arch string) *Resolver {
 		ctx:   context.Background(),
 		queue: make(chan resolveResult, 2),
 		Arch:  arch,
+
+		newClient: NewClient,
 	}
 }
 
 func (r *Resolver) Add(spec SourceSpec) {
-	client, err := NewClient(spec.Source)
+	client, err := r.newClient(spec.Source)
 	r.jobs += 1
 
 	if err != nil {

vendor/github.com/osbuild/images/pkg/distro/distro.go

@@ -148,11 +148,11 @@ type ImageType interface {
 
 // The ImageOptions specify options for a specific image build
 type ImageOptions struct {
-	Size             uint64
-	OSTree           *ostree.ImageOptions
-	Subscription     *subscription.ImageOptions
-	Facts            *facts.ImageOptions
-	PartitioningMode disk.PartitioningMode
+	Size             uint64                     `json:"size"`
+	OSTree           *ostree.ImageOptions       `json:"ostree,omitempty"`
+	Subscription     *subscription.ImageOptions `json:"subscription,omitempty"`
+	Facts            *facts.ImageOptions        `json:"facts,omitempty"`
+	PartitioningMode disk.PartitioningMode      `json:"partitioning-mode,omitempty"`
 }
 
 type BasePartitionTableMap map[string]disk.PartitionTable

vendor/github.com/osbuild/images/pkg/distro/fedora/package_sets.go

@@ -582,7 +582,7 @@ func containerPackageSet(t *imageType) rpmmd.PackageSet {
 		Include: []string{
 			"bash",
 			"coreutils",
-			"dnf-yum",
+			"yum",
 			"dnf",
 			"fedora-release-container",
 			"glibc-minimal-langpack",

vendor/github.com/osbuild/images/pkg/manifest/os.go

@@ -558,16 +558,27 @@ func (p *OS) serialize() osbuild.Pipeline {
 	// - Register with subscription-manager, no Insights or rhc
 	// - Register with subscription-manager and enable Insights, no rhc
 	if p.Subscription != nil {
+		// Write a key file that will contain the org ID and activation key to be sourced in the systemd service.
+		// The file will also act as the ConditionFirstBoot file.
+		subkeyFilepath := "/etc/osbuild-subscription-register.env"
+		subkeyContent := fmt.Sprintf("ORG_ID=%s\nACTIVATION_KEY=%s", p.Subscription.Organization, p.Subscription.ActivationKey)
+		if subkeyFile, err := fsnode.NewFile(subkeyFilepath, nil, "root", "root", []byte(subkeyContent)); err == nil {
+			p.Files = append(p.Files, subkeyFile)
+		} else {
+			panic(err)
+		}
+
 		var commands []string
 		if p.Subscription.Rhc {
+			// TODO: replace org ID and activation key with env vars
 			// Use rhc for registration instead of subscription manager
-			commands = []string{fmt.Sprintf("/usr/bin/rhc connect -o=%s -a=%s --server %s", p.Subscription.Organization, p.Subscription.ActivationKey, p.Subscription.ServerUrl)}
+			commands = []string{fmt.Sprintf("/usr/bin/rhc connect --organization=${ORG_ID} --activation-key=${ACTIVATION_KEY} --server %s", p.Subscription.ServerUrl)}
 			// insights-client creates the .gnupg directory during boot process, and is labeled incorrectly
 			commands = append(commands, "restorecon -R /root/.gnupg")
 			// execute the rhc post install script as the selinuxenabled check doesn't work in the buildroot container
 			commands = append(commands, "/usr/sbin/semanage permissive --add rhcd_t")
 		} else {
-			commands = []string{fmt.Sprintf("/usr/sbin/subscription-manager register --org=%s --activationkey=%s --serverurl %s --baseurl %s", p.Subscription.Organization, p.Subscription.ActivationKey, p.Subscription.ServerUrl, p.Subscription.BaseUrl)}
+			commands = []string{fmt.Sprintf("/usr/sbin/subscription-manager register --org=${ORG_ID} --activationkey=${ACTIVATION_KEY} --serverurl %s --baseurl %s", p.Subscription.ServerUrl, p.Subscription.BaseUrl)}
 
 			// Insights is optional when using subscription-manager
 			if p.Subscription.Insights {
@@ -577,10 +588,33 @@ func (p *OS) serialize() osbuild.Pipeline {
 			}
 		}
 
-		pipeline.AddStage(osbuild.NewFirstBootStage(&osbuild.FirstBootStageOptions{
-			Commands:       commands,
-			WaitForNetwork: true,
-		}))
+		commands = append(commands, fmt.Sprintf("/usr/bin/rm %s", subkeyFilepath))
+
+		subscribeServiceFile := "osbuild-subscription-register.service"
+		regServiceStageOptions := &osbuild.SystemdUnitCreateStageOptions{
+			Filename: subscribeServiceFile,
+			UnitType: "system",
+			UnitPath: osbuild.Usr,
+			Config: osbuild.SystemdServiceUnit{
+				Unit: &osbuild.Unit{
+					Description:         "First-boot service for registering with Red Hat subscription manager and/or insights",
+					ConditionPathExists: []string{subkeyFilepath},
+					Wants:               []string{"network-online.target"},
+					After:               []string{"network-online.target"},
+				},
+				Service: &osbuild.Service{
+					Type:            osbuild.Oneshot,
+					RemainAfterExit: false,
+					ExecStart:       commands,
+					EnvironmentFile: []string{subkeyFilepath},
+				},
+				Install: &osbuild.Install{
+					WantedBy: []string{"default.target"},
+				},
+			},
+		}
+		pipeline.AddStage(osbuild.NewSystemdUnitCreateStage(regServiceStageOptions))
+		p.EnabledServices = append(p.EnabledServices, subscribeServiceFile)
 
 		if rhsmConfig, exists := p.RHSMConfig[subscription.RHSMConfigWithSubscription]; exists {
 			pipeline.AddStage(osbuild.NewRHSMStage(rhsmConfig))

vendor/github.com/osbuild/images/pkg/manifest/ostree_deployment.go

@@ -370,7 +370,7 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
 		// issue # https://github.com/osbuild/images/issues/352
 		if len(p.CustomFileSystems) != 0 {
 			serviceName := "osbuild-ostree-mountpoints.service"
-			stageOption := osbuild.NewSystemdUnitCreateStageOptions(createMountpointService(serviceName, p.CustomFileSystems))
+			stageOption := osbuild.NewSystemdUnitCreateStage(createMountpointService(serviceName, p.CustomFileSystems))
 			stageOption.MountOSTree(p.osName, ref, 0)
 			pipeline.AddStage(stageOption)
 			p.EnabledServices = append(p.EnabledServices, serviceName)

vendor/github.com/osbuild/images/pkg/osbuild/systemd_unit_create_stage.go

@@ -28,6 +28,7 @@ type Unit struct {
 	ConditionPathIsDirectory []string `json:"ConditionPathIsDirectory,omitempty"`
 	Requires                 []string `json:"Requires,omitempty"`
 	Wants                    []string `json:"Wants,omitempty"`
+	After                    []string `json:"After,omitempty"`
 }
 
 type Service struct {
@@ -61,6 +62,15 @@ type SystemdUnitCreateStageOptions struct {
 func (SystemdUnitCreateStageOptions) isStageOptions() {}
 
 func (o *SystemdUnitCreateStageOptions) validate() error {
+	fre := regexp.MustCompile(filenameRegex)
+	if !fre.MatchString(o.Filename) {
+		return fmt.Errorf("filename %q doesn't conform to schema (%s)", o.Filename, filenameRegex)
+	}
+
+	if o.Config.Install == nil {
+		return fmt.Errorf("Install section of systemd unit is required")
+	}
+
 	vre := regexp.MustCompile(envVarRegex)
 	if service := o.Config.Service; service != nil {
 		for _, envVar := range service.Environment {
@@ -72,7 +82,7 @@ func (o *SystemdUnitCreateStageOptions) validate() error {
 	return nil
 }
 
-func NewSystemdUnitCreateStageOptions(options *SystemdUnitCreateStageOptions) *Stage {
+func NewSystemdUnitCreateStage(options *SystemdUnitCreateStageOptions) *Stage {
 	if err := options.validate(); err != nil {
 		panic(err)
 	}

vendor/github.com/osbuild/images/pkg/subscription/subscription.go

@@ -4,12 +4,12 @@ package subscription
 // ServerUrl denotes the host to register the system with
 // BaseUrl specifies the repository URL for DNF
 type ImageOptions struct {
-	Organization  string
-	ActivationKey string
-	ServerUrl     string
-	BaseUrl       string
-	Insights      bool
-	Rhc           bool
+	Organization  string `json:"organization"`
+	ActivationKey string `json:"activation_key"`
+	ServerUrl     string `json:"server_url"`
+	BaseUrl       string `json:"base_url"`
+	Insights      bool   `json:"insights"`
+	Rhc           bool   `json:"rhc"`
 }
 
 type RHSMStatus string