deps: bump

vendor/github.com/osbuild/images/pkg/blueprint/installer_customizations.go

@@ -1,6 +1,6 @@
 package blueprint
 
 type InstallerCustomization struct {
-	Unattended        bool `json:"unattended,omitempty" toml:"unattended,omitempty"`
-	WheelSudoNopasswd bool `json:"wheel-sudo-nopasswd,omitempty" toml:"wheel-sudo-nopasswd,omitempty"`
+	Unattended   bool     `json:"unattended,omitempty" toml:"unattended,omitempty"`
+	SudoNopasswd []string `json:"sudo-nopasswd,omitempty" toml:"sudo-nopasswd,omitempty"`
 }

vendor/github.com/osbuild/images/pkg/distro/fedora/images.go

@@ -353,7 +353,7 @@ func imageInstallerImage(workload workload.Workload,
 	img := image.NewAnacondaTarInstaller()
 
 	if instCust := customizations.GetInstaller(); instCust != nil {
-		img.WheelNoPasswd = instCust.WheelSudoNopasswd
+		img.NoPasswd = instCust.SudoNopasswd
 		img.UnattendedKickstart = instCust.Unattended
 	}
 
@@ -541,7 +541,7 @@ func iotInstallerImage(workload workload.Workload,
 	}
 
 	if instCust := customizations.GetInstaller(); instCust != nil {
-		img.WheelNoPasswd = instCust.WheelSudoNopasswd
+		img.NoPasswd = instCust.SudoNopasswd
 		img.UnattendedKickstart = instCust.Unattended
 	}
 

vendor/github.com/osbuild/images/pkg/distro/fedora/package_sets.go

@@ -182,6 +182,12 @@ func iotCommitPackageSet(t *imageType) rpmmd.PackageSet {
 				"podman-plugins", // deprecated in podman 5
 			},
 		})
+	} else {
+		ps = ps.Append(rpmmd.PackageSet{
+			Include: []string{
+				"bootupd", // added in F40+
+			},
+		})
 	}
 
 	return ps
@@ -546,7 +552,7 @@ func liveInstallerPackageSet(t *imageType) rpmmd.PackageSet {
 		},
 	}
 
-	if common.VersionGreaterThanOrEqual(t.arch.distro.osVersion, "41") {
+	if common.VersionGreaterThanOrEqual(t.arch.distro.osVersion, VERSION_RAWHIDE) {
 		ps = ps.Append(rpmmd.PackageSet{
 			Include: []string{
 				"anaconda-webui",
@@ -560,7 +566,7 @@ func liveInstallerPackageSet(t *imageType) rpmmd.PackageSet {
 func imageInstallerPackageSet(t *imageType) rpmmd.PackageSet {
 	ps := anacondaPackageSet(t)
 
-	if common.VersionGreaterThanOrEqual(t.arch.distro.osVersion, "41") {
+	if common.VersionGreaterThanOrEqual(t.arch.distro.osVersion, VERSION_RAWHIDE) {
 		ps = ps.Append(rpmmd.PackageSet{
 			Include: []string{
 				"anaconda-webui",

vendor/github.com/osbuild/images/pkg/distro/fedora/version.go

@@ -0,0 +1,3 @@
+package fedora
+
+const VERSION_RAWHIDE = "41"

vendor/github.com/osbuild/images/pkg/distro/rhel8/images.go

@@ -333,7 +333,7 @@ func imageInstallerImage(workload workload.Workload,
 	img.AdditionalAnacondaModules = []string{"org.fedoraproject.Anaconda.Modules.Users"}
 
 	if instCust := customizations.GetInstaller(); instCust != nil {
-		img.WheelNoPasswd = instCust.WheelSudoNopasswd
+		img.NoPasswd = instCust.SudoNopasswd
 		img.UnattendedKickstart = instCust.Unattended
 	}
 
@@ -449,7 +449,7 @@ func edgeInstallerImage(workload workload.Workload,
 	img.Timezone, _ = customizations.GetTimezoneSettings()
 
 	if instCust := customizations.GetInstaller(); instCust != nil {
-		img.WheelNoPasswd = instCust.WheelSudoNopasswd
+		img.NoPasswd = instCust.SudoNopasswd
 		img.UnattendedKickstart = instCust.Unattended
 	}
 

vendor/github.com/osbuild/images/pkg/distro/rhel9/ami.go

@@ -296,10 +296,9 @@ func ec2BuildPackageSet(t *imageType) rpmmd.PackageSet {
 }
 
 func ec2CommonPackageSet(t *imageType) rpmmd.PackageSet {
-	return rpmmd.PackageSet{
+	ps := rpmmd.PackageSet{
 		Include: []string{
 			"@core",
-			"authselect-compat",
 			"chrony",
 			"cloud-init",
 			"cloud-utils-growpart",
@@ -350,6 +349,12 @@ func ec2CommonPackageSet(t *imageType) rpmmd.PackageSet {
 			"qemu-guest-agent",
 		},
 	}.Append(distroSpecificPackageSet(t))
+
+	if t.arch.distro.releaseVersion == "9" {
+		ps.Include = append(ps.Include, "authselect-compat")
+	}
+
+	return ps
 }
 
 // common rhel ec2 RHUI image package set

vendor/github.com/osbuild/images/pkg/distro/rhel9/azure.go

@@ -30,25 +30,6 @@ var (
 		basePartitionTables: defaultBasePartitionTables,
 	}
 
-	// Azure BYOS image type
-	azureByosImgType = imageType{
-		name:     "vhd",
-		filename: "disk.vhd",
-		mimeType: "application/x-vhd",
-		packageSets: map[string]packageSetFunc{
-			osPkgsKey: azurePackageSet,
-		},
-		defaultImageConfig:  defaultAzureByosImageConfig.InheritFrom(defaultAzureImageConfig),
-		kernelOptions:       defaultAzureKernelOptions,
-		bootable:            true,
-		defaultSize:         4 * common.GibiByte,
-		image:               diskImage,
-		buildPipelines:      []string{"build"},
-		payloadPipelines:    []string{"os", "image", "vpc"},
-		exports:             []string{"vpc"},
-		basePartitionTables: defaultBasePartitionTables,
-	}
-
 	// Azure RHUI image type
 	azureRhuiImgType = imageType{
 		name:        "azure-rhui",
@@ -70,6 +51,27 @@ var (
 	}
 )
 
+// Azure BYOS image type
+func azureByosImgType(rd distribution) imageType {
+	return imageType{
+		name:     "vhd",
+		filename: "disk.vhd",
+		mimeType: "application/x-vhd",
+		packageSets: map[string]packageSetFunc{
+			osPkgsKey: azurePackageSet,
+		},
+		defaultImageConfig:  defaultAzureByosImageConfig(rd).InheritFrom(defaultAzureImageConfig),
+		kernelOptions:       defaultAzureKernelOptions,
+		bootable:            true,
+		defaultSize:         4 * common.GibiByte,
+		image:               diskImage,
+		buildPipelines:      []string{"build"},
+		payloadPipelines:    []string{"os", "image", "vpc"},
+		exports:             []string{"vpc"},
+		basePartitionTables: defaultBasePartitionTables,
+	}
+}
+
 func azureSapRhuiImgType(rd distribution) imageType {
 	return imageType{
 		name:        "azure-sap-rhui",
@@ -574,10 +576,18 @@ var defaultAzureImageConfig = &distro.ImageConfig{
 // Diff of the default Image Config compare to the `defaultAzureImageConfig`
 // The configuration for non-RHUI images does not touch the RHSM configuration at all.
 // https://issues.redhat.com/browse/COMPOSER-2157
-var defaultAzureByosImageConfig = &distro.ImageConfig{
-	GPGKeyFiles: []string{
-		"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
-	},
+func defaultAzureByosImageConfig(rd distribution) *distro.ImageConfig {
+	ic := &distro.ImageConfig{}
+	// NOTE RHEL 10 content is currently unsigned - remove this when GPG keys get added to the repos
+	if rd.Releasever() == "9" {
+		ic = &distro.ImageConfig{
+			GPGKeyFiles: []string{
+				"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
+			},
+		}
+	}
+	return ic
+
 }
 
 // Diff of the default Image Config compare to the `defaultAzureImageConfig`

vendor/github.com/osbuild/images/pkg/distro/rhel9/bare_metal.go

@@ -3,6 +3,7 @@ package rhel9
 import (
 	"fmt"
 
+	"github.com/osbuild/images/internal/common"
 	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/rpmmd"
 )
@@ -48,7 +49,6 @@ func bareMetalPackageSet(t *imageType) rpmmd.PackageSet {
 	ps := rpmmd.PackageSet{
 		Include: []string{
 			"@core",
-			"authselect-compat",
 			"chrony",
 			"cockpit-system",
 			"cockpit-ws",
@@ -90,6 +90,10 @@ func bareMetalPackageSet(t *imageType) rpmmd.PackageSet {
 		},
 	}.Append(distroBuildPackageSet(t))
 
+	if common.VersionLessThan(t.arch.distro.osVersion, "10.0") {
+		ps.Include = append(ps.Include, "authselect-compat")
+	}
+
 	// Ensure to not pull in subscription-manager on non-RHEL distro
 	if t.arch.distro.isRHEL() {
 		ps = ps.Append(rpmmd.PackageSet{

vendor/github.com/osbuild/images/pkg/distro/rhel9/distro.go

@@ -125,10 +125,10 @@ func (d *distribution) getDefaultImageConfig() *distro.ImageConfig {
 	return d.defaultImageConfig
 }
 
-func newDistro(name string, minor int) *distribution {
+func newDistro(name string, major, minor int) *distribution {
 	var rd distribution
-	switch name {
-	case "rhel":
+	switch fmt.Sprintf("%s-%d", name, major) {
+	case "rhel-9":
 		rd = distribution{
 			name:               fmt.Sprintf("rhel-9.%d", minor),
 			product:            "Red Hat Enterprise Linux",
@@ -141,7 +141,20 @@ func newDistro(name string, minor int) *distribution {
 			runner:             &runner.RHEL{Major: uint64(9), Minor: uint64(minor)},
 			defaultImageConfig: defaultDistroImageConfig,
 		}
-	case "centos":
+	case "rhel-10":
+		rd = distribution{
+			name:               fmt.Sprintf("rhel-10.%d", minor),
+			product:            "Red Hat Enterprise Linux",
+			osVersion:          fmt.Sprintf("10.%d", minor),
+			releaseVersion:     "10",
+			modulePlatformID:   "platform:el10",
+			vendor:             "redhat",
+			ostreeRefTmpl:      "rhel/10/%s/edge",
+			isolabelTmpl:       fmt.Sprintf("RHEL-10-%d-0-BaseOS-%%s", minor),
+			runner:             &runner.RHEL{Major: uint64(10), Minor: uint64(minor)},
+			defaultImageConfig: defaultDistroImageConfig,
+		}
+	case "centos-9":
 		rd = distribution{
 			name:               "centos-9",
 			product:            "CentOS Stream",
@@ -154,8 +167,21 @@ func newDistro(name string, minor int) *distribution {
 			runner:             &runner.CentOS{Version: uint64(9)},
 			defaultImageConfig: defaultDistroImageConfig,
 		}
+	case "centos-10":
+		rd = distribution{
+			name:               "centos-10",
+			product:            "CentOS Stream",
+			osVersion:          "10-stream",
+			releaseVersion:     "10",
+			modulePlatformID:   "platform:el10",
+			vendor:             "centos",
+			ostreeRefTmpl:      "centos/10/%s/edge",
+			isolabelTmpl:       "CentOS-Stream-10-BaseOS-%s",
+			runner:             &runner.CentOS{Version: uint64(10)},
+			defaultImageConfig: defaultDistroImageConfig,
+		}
 	default:
-		panic(fmt.Sprintf("unknown distro name: %s", name))
+		panic(fmt.Sprintf("unknown distro name: %s and major: %d", name, major))
 	}
 
 	// Architecture definitions
@@ -207,21 +233,6 @@ func newDistro(name string, minor int) *distribution {
 		openstackImgType,
 	)
 
-	azureX64Platform := &platform.X86{
-		BIOS:       true,
-		UEFIVendor: rd.vendor,
-		BasePlatform: platform.BasePlatform{
-			ImageFormat: platform.FORMAT_VHD,
-		},
-	}
-
-	azureAarch64Platform := &platform.Aarch64{
-		UEFIVendor: rd.vendor,
-		BasePlatform: platform.BasePlatform{
-			ImageFormat: platform.FORMAT_VHD,
-		},
-	}
-
 	x86_64.addImageTypes(
 		&platform.X86{
 			BIOS:       true,
@@ -244,80 +255,6 @@ func newDistro(name string, minor int) *distribution {
 		ovaImgType,
 	)
 
-	ec2X86Platform := &platform.X86{
-		BIOS:       true,
-		UEFIVendor: rd.vendor,
-		BasePlatform: platform.BasePlatform{
-			ImageFormat: platform.FORMAT_RAW,
-		},
-	}
-	x86_64.addImageTypes(
-		ec2X86Platform,
-		mkAMIImgTypeX86_64(),
-	)
-
-	gceX86Platform := &platform.X86{
-		UEFIVendor: rd.vendor,
-		BasePlatform: platform.BasePlatform{
-			ImageFormat: platform.FORMAT_GCE,
-		},
-	}
-	x86_64.addImageTypes(
-		gceX86Platform,
-		mkGCEImageType(),
-	)
-
-	x86_64.addImageTypes(
-		&platform.X86{
-			BasePlatform: platform.BasePlatform{
-				FirmwarePackages: []string{
-					"microcode_ctl", // ??
-					"iwl1000-firmware",
-					"iwl100-firmware",
-					"iwl105-firmware",
-					"iwl135-firmware",
-					"iwl2000-firmware",
-					"iwl2030-firmware",
-					"iwl3160-firmware",
-					"iwl5000-firmware",
-					"iwl5150-firmware",
-					"iwl6050-firmware",
-				},
-			},
-			BIOS:       true,
-			UEFIVendor: rd.vendor,
-		},
-		edgeOCIImgType,
-		edgeCommitImgType,
-		edgeInstallerImgType,
-		edgeRawImgType,
-		imageInstaller,
-		edgeAMIImgType,
-	)
-
-	x86_64.addImageTypes(
-		&platform.X86{
-			BasePlatform: platform.BasePlatform{
-				ImageFormat: platform.FORMAT_VMDK,
-			},
-			BIOS:       true,
-			UEFIVendor: rd.vendor,
-		},
-		edgeVsphereImgType,
-	)
-
-	x86_64.addImageTypes(
-		&platform.X86{
-			BasePlatform: platform.BasePlatform{
-				ImageFormat: platform.FORMAT_RAW,
-			},
-			BIOS:       false,
-			UEFIVendor: rd.vendor,
-		},
-		edgeSimplifiedInstallerImgType,
-		minimalrawImgType,
-	)
-
 	x86_64.addImageTypes(
 		&platform.X86{},
 		tarImgType,
@@ -340,40 +277,6 @@ func newDistro(name string, minor int) *distribution {
 		wslImgType,
 	)
 
-	aarch64.addImageTypes(
-		&platform.Aarch64{
-			BasePlatform: platform.BasePlatform{},
-			UEFIVendor:   rd.vendor,
-		},
-		edgeCommitImgType,
-		edgeOCIImgType,
-		edgeInstallerImgType,
-		edgeSimplifiedInstallerImgType,
-		imageInstaller,
-		edgeAMIImgType,
-	)
-
-	aarch64.addImageTypes(
-		&platform.Aarch64{
-			BasePlatform: platform.BasePlatform{
-				ImageFormat: platform.FORMAT_VMDK,
-			},
-			UEFIVendor: rd.vendor,
-		},
-		edgeVsphereImgType,
-	)
-
-	aarch64.addImageTypes(
-		&platform.Aarch64{
-			BasePlatform: platform.BasePlatform{
-				ImageFormat: platform.FORMAT_RAW,
-			},
-			UEFIVendor: rd.vendor,
-		},
-		edgeRawImgType,
-		minimalrawImgType,
-	)
-
 	aarch64.addImageTypes(
 		&platform.Aarch64{
 			UEFIVendor: rd.vendor,
@@ -384,15 +287,6 @@ func newDistro(name string, minor int) *distribution {
 		},
 		qcow2ImgType,
 	)
-	aarch64.addImageTypes(
-		&platform.Aarch64{
-			UEFIVendor: rd.vendor,
-			BasePlatform: platform.BasePlatform{
-				ImageFormat: platform.FORMAT_RAW,
-			},
-		},
-		mkAMIImgTypeAarch64(),
-	)
 
 	ppc64le.addImageTypes(
 		&platform.PPC64LE{
@@ -424,42 +318,187 @@ func newDistro(name string, minor int) *distribution {
 		tarImgType,
 	)
 
-	if rd.isRHEL() {
-		// add azure to RHEL distro only
-		x86_64.addImageTypes(azureX64Platform, azureRhuiImgType, azureByosImgType)
-		aarch64.addImageTypes(azureAarch64Platform, azureRhuiImgType, azureByosImgType)
+	ec2X86Platform := &platform.X86{
+		BIOS:       true,
+		UEFIVendor: rd.vendor,
+		BasePlatform: platform.BasePlatform{
+			ImageFormat: platform.FORMAT_RAW,
+		},
+	}
+	x86_64.addImageTypes(
+		ec2X86Platform,
+		mkAMIImgTypeX86_64(),
+	)
 
-		x86_64.addImageTypes(azureX64Platform, azureSapRhuiImgType(rd))
-
-		// keep the RHEL EC2 x86_64 images before 9.3 BIOS-only for backward compatibility
-		if common.VersionLessThan(rd.osVersion, "9.3") {
-			ec2X86Platform = &platform.X86{
-				BIOS: true,
-				BasePlatform: platform.BasePlatform{
-					ImageFormat: platform.FORMAT_RAW,
-				},
-			}
-		}
-
-		// add ec2 image types to RHEL distro only
-		x86_64.addImageTypes(ec2X86Platform, mkEc2ImgTypeX86_64(rd.osVersion, rd.isRHEL()), mkEc2HaImgTypeX86_64(rd.osVersion, rd.isRHEL()), mkEC2SapImgTypeX86_64(rd.osVersion, rd.isRHEL()))
-
-		aarch64.addImageTypes(
-			&platform.Aarch64{
-				UEFIVendor: rd.vendor,
-				BasePlatform: platform.BasePlatform{
-					ImageFormat: platform.FORMAT_RAW,
-				},
+	aarch64.addImageTypes(
+		&platform.Aarch64{
+			UEFIVendor: rd.vendor,
+			BasePlatform: platform.BasePlatform{
+				ImageFormat: platform.FORMAT_RAW,
 			},
-			mkEC2ImgTypeAarch64(rd.osVersion, rd.isRHEL()),
-		)
+		},
+		mkAMIImgTypeAarch64(),
+	)
 
-		// add GCE RHUI image to RHEL only
-		x86_64.addImageTypes(gceX86Platform, mkGCERHUIImageType())
+	azureX64Platform := &platform.X86{
+		BIOS:       true,
+		UEFIVendor: rd.vendor,
+		BasePlatform: platform.BasePlatform{
+			ImageFormat: platform.FORMAT_VHD,
+		},
+	}
+
+	azureAarch64Platform := &platform.Aarch64{
+		UEFIVendor: rd.vendor,
+		BasePlatform: platform.BasePlatform{
+			ImageFormat: platform.FORMAT_VHD,
+		},
+	}
+
+	if rd.isRHEL() { // RHEL-only (non-CentOS) image types
+		x86_64.addImageTypes(azureX64Platform, azureByosImgType(rd))
+		aarch64.addImageTypes(azureAarch64Platform, azureByosImgType(rd))
 	} else {
 		x86_64.addImageTypes(azureX64Platform, azureImgType)
 		aarch64.addImageTypes(azureAarch64Platform, azureImgType)
 	}
+
+	// NOTE: This condition is a temporary separation of EL9 and EL10 while we
+	// add support for all image types on EL10.  Currently only a small subset
+	// is supported on EL10 because of package availability.  This big
+	// conditional separation should be removed when most image types become
+	// available in EL10.
+	if major == 9 {
+		gceX86Platform := &platform.X86{
+			UEFIVendor: rd.vendor,
+			BasePlatform: platform.BasePlatform{
+				ImageFormat: platform.FORMAT_GCE,
+			},
+		}
+		x86_64.addImageTypes(
+			gceX86Platform,
+			mkGCEImageType(),
+		)
+
+		x86_64.addImageTypes(
+			&platform.X86{
+				BasePlatform: platform.BasePlatform{
+					FirmwarePackages: []string{
+						"microcode_ctl", // ??
+						"iwl1000-firmware",
+						"iwl100-firmware",
+						"iwl105-firmware",
+						"iwl135-firmware",
+						"iwl2000-firmware",
+						"iwl2030-firmware",
+						"iwl3160-firmware",
+						"iwl5000-firmware",
+						"iwl5150-firmware",
+						"iwl6050-firmware",
+					},
+				},
+				BIOS:       true,
+				UEFIVendor: rd.vendor,
+			},
+			edgeOCIImgType,
+			edgeCommitImgType,
+			edgeInstallerImgType,
+			edgeRawImgType,
+			imageInstaller,
+			edgeAMIImgType,
+		)
+
+		x86_64.addImageTypes(
+			&platform.X86{
+				BasePlatform: platform.BasePlatform{
+					ImageFormat: platform.FORMAT_VMDK,
+				},
+				BIOS:       true,
+				UEFIVendor: rd.vendor,
+			},
+			edgeVsphereImgType,
+		)
+
+		x86_64.addImageTypes(
+			&platform.X86{
+				BasePlatform: platform.BasePlatform{
+					ImageFormat: platform.FORMAT_RAW,
+				},
+				BIOS:       false,
+				UEFIVendor: rd.vendor,
+			},
+			edgeSimplifiedInstallerImgType,
+			minimalrawImgType,
+		)
+
+		aarch64.addImageTypes(
+			&platform.Aarch64{
+				BasePlatform: platform.BasePlatform{},
+				UEFIVendor:   rd.vendor,
+			},
+			edgeCommitImgType,
+			edgeOCIImgType,
+			edgeInstallerImgType,
+			edgeSimplifiedInstallerImgType,
+			imageInstaller,
+			edgeAMIImgType,
+		)
+
+		aarch64.addImageTypes(
+			&platform.Aarch64{
+				BasePlatform: platform.BasePlatform{
+					ImageFormat: platform.FORMAT_VMDK,
+				},
+				UEFIVendor: rd.vendor,
+			},
+			edgeVsphereImgType,
+		)
+
+		aarch64.addImageTypes(
+			&platform.Aarch64{
+				BasePlatform: platform.BasePlatform{
+					ImageFormat: platform.FORMAT_RAW,
+				},
+				UEFIVendor: rd.vendor,
+			},
+			edgeRawImgType,
+			minimalrawImgType,
+		)
+
+		if rd.isRHEL() { // RHEL-only (non-CentOS) image types
+			x86_64.addImageTypes(azureX64Platform, azureRhuiImgType, azureByosImgType(rd))
+			aarch64.addImageTypes(azureAarch64Platform, azureRhuiImgType, azureByosImgType(rd))
+
+			x86_64.addImageTypes(azureX64Platform, azureSapRhuiImgType(rd))
+
+			// keep the RHEL EC2 x86_64 images before 9.3 BIOS-only for backward compatibility
+			if common.VersionLessThan(rd.osVersion, "9.3") {
+				ec2X86Platform = &platform.X86{
+					BIOS: true,
+					BasePlatform: platform.BasePlatform{
+						ImageFormat: platform.FORMAT_RAW,
+					},
+				}
+			}
+
+			// add ec2 image types to RHEL distro only
+			x86_64.addImageTypes(ec2X86Platform, mkEc2ImgTypeX86_64(rd.osVersion, rd.isRHEL()), mkEc2HaImgTypeX86_64(rd.osVersion, rd.isRHEL()), mkEC2SapImgTypeX86_64(rd.osVersion, rd.isRHEL()))
+
+			aarch64.addImageTypes(
+				&platform.Aarch64{
+					UEFIVendor: rd.vendor,
+					BasePlatform: platform.BasePlatform{
+						ImageFormat: platform.FORMAT_RAW,
+					},
+				},
+				mkEC2ImgTypeAarch64(rd.osVersion, rd.isRHEL()),
+			)
+
+			// add GCE RHUI image to RHEL only
+			x86_64.addImageTypes(gceX86Platform, mkGCERHUIImageType())
+		}
+	}
+
 	rd.addArches(x86_64, aarch64, ppc64le, s390x)
 	return &rd
 }
@@ -510,5 +549,41 @@ func DistroFactory(idStr string) distro.Distro {
 		return nil
 	}
 
-	return newDistro(id.Name, id.MinorVersion)
+	return newDistro(id.Name, 9, id.MinorVersion)
+}
+
+func ParseIDEl10(idStr string) (*distro.ID, error) {
+	id, err := distro.ParseID(idStr)
+	if err != nil {
+		return nil, err
+	}
+
+	if id.Name != "rhel" && id.Name != "centos" {
+		return nil, fmt.Errorf("invalid distro name: %s", id.Name)
+	}
+
+	if id.MajorVersion != 10 {
+		return nil, fmt.Errorf("invalid distro major version: %d", id.MajorVersion)
+	}
+
+	// CentOS does not use minor version
+	if id.Name == "centos" && id.MinorVersion != -1 {
+		return nil, fmt.Errorf("centos does not use minor version, but got: %d", id.MinorVersion)
+	}
+
+	// RHEL uses minor version
+	if id.Name == "rhel" && id.MinorVersion == -1 {
+		return nil, fmt.Errorf("rhel requires minor version, but got: %d", id.MinorVersion)
+	}
+
+	return id, nil
+}
+
+func DistroFactoryEl10(idStr string) distro.Distro {
+	id, err := ParseIDEl10(idStr)
+	if err != nil {
+		return nil
+	}
+
+	return newDistro(id.Name, 10, id.MinorVersion)
 }

vendor/github.com/osbuild/images/pkg/distro/rhel9/images.go

@@ -397,7 +397,7 @@ func edgeInstallerImage(workload workload.Workload,
 	img.Timezone, _ = customizations.GetTimezoneSettings()
 
 	if instCust := customizations.GetInstaller(); instCust != nil {
-		img.WheelNoPasswd = instCust.WheelSudoNopasswd
+		img.NoPasswd = instCust.SudoNopasswd
 		img.UnattendedKickstart = instCust.Unattended
 	}
 
@@ -607,7 +607,7 @@ func imageInstallerImage(workload workload.Workload,
 	img.AdditionalAnacondaModules = []string{"org.fedoraproject.Anaconda.Modules.Users"}
 
 	if instCust := customizations.GetInstaller(); instCust != nil {
-		img.WheelNoPasswd = instCust.WheelSudoNopasswd
+		img.NoPasswd = instCust.SudoNopasswd
 		img.UnattendedKickstart = instCust.Unattended
 	}
 

vendor/github.com/osbuild/images/pkg/distro/rhel9/imagetype.go

@@ -267,7 +267,14 @@ func (t *imageType) Manifest(bp *blueprint.Blueprint,
 		return nil, nil, err
 	}
 	mf := manifest.New()
-	mf.Distro = manifest.DISTRO_EL9
+	switch t.arch.distro.releaseVersion {
+	case "9":
+		mf.Distro = manifest.DISTRO_EL9
+	case "10":
+		mf.Distro = manifest.DISTRO_EL10
+	default:
+		return nil, nil, fmt.Errorf("unsupported distro release version %s", t.arch.distro.releaseVersion)
+	}
 	_, err = img.InstantiateManifest(&mf, repos, t.arch.distro.runner, rng)
 	if err != nil {
 		return nil, nil, err

vendor/github.com/osbuild/images/pkg/distro/rhel9/qcow2.go

@@ -34,7 +34,6 @@ func qcow2CommonPackageSet(t *imageType) rpmmd.PackageSet {
 	ps := rpmmd.PackageSet{
 		Include: []string{
 			"@core",
-			"authselect-compat",
 			"chrony",
 			"cloud-init",
 			"cloud-utils-growpart",
@@ -94,6 +93,10 @@ func qcow2CommonPackageSet(t *imageType) rpmmd.PackageSet {
 		},
 	}.Append(distroSpecificPackageSet(t))
 
+	if t.arch.distro.releaseVersion == "9" {
+		ps.Include = append(ps.Include, "authselect-compat")
+	}
+
 	// Ensure to not pull in subscription-manager on non-RHEL distro
 	if t.arch.distro.isRHEL() {
 		ps = ps.Append(rpmmd.PackageSet{

vendor/github.com/osbuild/images/pkg/distrofactory/distrofactory.go

@@ -112,6 +112,7 @@ func NewDefault() *Factory {
 		rhel7.DistroFactory,
 		rhel8.DistroFactory,
 		rhel9.DistroFactory,
+		rhel9.DistroFactoryEl10,
 	)
 }
 

vendor/github.com/osbuild/images/pkg/distroidparser/idparser.go

@@ -66,5 +66,6 @@ func NewDefaultParser() *Parser {
 		rhel7.ParseID,
 		rhel8.ParseID,
 		rhel9.ParseID,
+		rhel9.ParseIDEl10,
 	)
 }

vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go

@@ -27,8 +27,9 @@ type AnacondaOSTreeInstaller struct {
 	Keyboard *string
 	Timezone *string
 
-	// Create a sudoers drop-in file for wheel group with NOPASSWD option
-	WheelNoPasswd bool
+	// Create a sudoers drop-in file for each user or group to enable the
+	// NOPASSWD option
+	NoPasswd []string
 
 	// Add kickstart options to make the installation fully unattended
 	UnattendedKickstart bool
@@ -128,7 +129,7 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest,
 	isoTreePipeline.Remote = img.Remote
 	isoTreePipeline.Users = img.Users
 	isoTreePipeline.Groups = img.Groups
-	isoTreePipeline.WheelNoPasswd = img.WheelNoPasswd
+	isoTreePipeline.NoPasswd = img.NoPasswd
 	isoTreePipeline.UnattendedKickstart = img.UnattendedKickstart
 	isoTreePipeline.SquashfsCompression = img.SquashfsCompression
 	isoTreePipeline.Language = img.Language

vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go

@@ -56,8 +56,9 @@ type AnacondaTarInstaller struct {
 	// defaults.
 	ISORootKickstart bool
 
-	// Create a sudoers drop-in file for wheel group with NOPASSWD option
-	WheelNoPasswd bool
+	// Create a sudoers drop-in file for each user or group to enable the
+	// NOPASSWD option
+	NoPasswd []string
 
 	// Add kickstart options to make the installation fully unattended.
 	// Enabling this option also automatically enables the ISORootKickstart
@@ -193,7 +194,7 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest,
 		isoTreePipeline.KSPath = kspath
 	}
 
-	isoTreePipeline.WheelNoPasswd = img.WheelNoPasswd
+	isoTreePipeline.NoPasswd = img.NoPasswd
 	isoTreePipeline.UnattendedKickstart = img.UnattendedKickstart
 	isoTreePipeline.SquashfsCompression = img.SquashfsCompression
 

vendor/github.com/osbuild/images/pkg/image/bootc_disk.go

@@ -4,10 +4,9 @@ import (
 	"fmt"
 	"math/rand"
 
-	"github.com/osbuild/images/pkg/artifact"
 	"github.com/osbuild/images/pkg/container"
 	"github.com/osbuild/images/pkg/manifest"
-	"github.com/osbuild/images/pkg/platform"
+	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/runner"
 )
 
@@ -32,41 +31,41 @@ func NewBootcDiskImage(container container.SourceSpec) *BootcDiskImage {
 func (img *BootcDiskImage) InstantiateManifestFromContainers(m *manifest.Manifest,
 	containers []container.SourceSpec,
 	runner runner.Runner,
-	rng *rand.Rand) (*artifact.Artifact, error) {
+	rng *rand.Rand) error {
 
 	buildPipeline := manifest.NewBuildFromContainer(m, runner, containers, &manifest.BuildOptions{ContainerBuildable: true})
 	buildPipeline.Checkpoint()
 
-	// don't support compressing non-raw images
-	imgFormat := img.Platform.GetImageFormat()
-	if imgFormat == platform.FORMAT_UNSET {
-		// treat unset as raw for this check
-		imgFormat = platform.FORMAT_RAW
-	}
-	if imgFormat != platform.FORMAT_RAW && img.Compression != "" {
-		panic(fmt.Sprintf("no compression is allowed with %q format for %q", imgFormat, img.name))
-	}
+	// In the bootc flow, we reuse the host container context for tools;
+	// this is signified by passing nil to the below pipelines.
+	var hostPipeline manifest.Build
 
 	opts := &baseRawOstreeImageOpts{useBootupd: true}
-	baseImage := baseRawOstreeImage(img.OSTreeDiskImage, buildPipeline, opts)
-	switch imgFormat {
-	case platform.FORMAT_QCOW2:
-		// qcow2 runs without a build pipeline directly from "bib"
-		qcow2Pipeline := manifest.NewQCOW2(nil, baseImage)
-		qcow2Pipeline.Compat = img.Platform.GetQCOW2Compat()
-		qcow2Pipeline.SetFilename(img.Filename)
-		return qcow2Pipeline.Export(), nil
-	}
 
-	switch img.Compression {
-	case "xz":
-		compressedImage := manifest.NewXZ(buildPipeline, baseImage)
-		compressedImage.SetFilename(img.Filename)
-		return compressedImage.Export(), nil
-	case "":
-		baseImage.SetFilename(img.Filename)
-		return baseImage.Export(), nil
-	default:
-		panic(fmt.Sprintf("unsupported compression type %q on %q", img.Compression, img.name))
+	fileBasename := img.Filename
+
+	// In BIB, we export multiple images from the same pipeline so we use the
+	// filename as the basename for each export and set the extensions based on
+	// each file format.
+	baseImage := baseRawOstreeImage(img.OSTreeDiskImage, buildPipeline, opts)
+	baseImage.SetFilename(fmt.Sprintf("%s.raw", fileBasename))
+
+	qcow2Pipeline := manifest.NewQCOW2(hostPipeline, baseImage)
+	qcow2Pipeline.Compat = img.Platform.GetQCOW2Compat()
+	qcow2Pipeline.SetFilename(fmt.Sprintf("%s.qcow2", fileBasename))
+
+	vmdkPipeline := manifest.NewVMDK(hostPipeline, baseImage)
+	vmdkPipeline.SetFilename(fmt.Sprintf("%s.vmdk", fileBasename))
+
+	ovfPipeline := manifest.NewOVF(hostPipeline, vmdkPipeline)
+	tarPipeline := manifest.NewTar(hostPipeline, ovfPipeline, "archive")
+	tarPipeline.Format = osbuild.TarArchiveFormatUstar
+	tarPipeline.SetFilename(fmt.Sprintf("%s.tar", fileBasename))
+	// The .ovf descriptor needs to be the first file in the archive
+	tarPipeline.Paths = []string{
+		fmt.Sprintf("%s.ovf", fileBasename),
+		fmt.Sprintf("%s.mf", fileBasename),
+		fmt.Sprintf("%s.vmdk", fileBasename),
 	}
+	return nil
 }

vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer_iso_tree.go

@@ -3,6 +3,8 @@ package manifest
 import (
 	"fmt"
 	"path"
+	"sort"
+	"strings"
 
 	"github.com/osbuild/images/internal/common"
 	"github.com/osbuild/images/pkg/container"
@@ -32,8 +34,9 @@ type AnacondaInstallerISOTree struct {
 	Keyboard *string
 	Timezone *string
 
-	// Create a sudoers drop-in file for wheel group with NOPASSWD option
-	WheelNoPasswd bool
+	// Create a sudoers drop-in file for each user or group to enable the
+	// NOPASSWD option
+	NoPasswd []string
 
 	// Add kickstart options to make the installation fully unattended
 	UnattendedKickstart bool
@@ -532,16 +535,10 @@ func (p *AnacondaInstallerISOTree) makeKickstartStages(kickstartOptions *osbuild
 
 	stages = append(stages, osbuild.NewKickstartStage(kickstartOptions))
 
-	if p.WheelNoPasswd {
+	hardcodedKickstartBits := makeKickstartSudoersPost(p.NoPasswd)
+	if hardcodedKickstartBits != "" {
 		// Because osbuild core only supports a subset of options,
 		// we append to the base here with hardcoded wheel group with NOPASSWD option
-		hardcodedKickstartBits := `
-%post
-echo -e "%wheel\tALL=(ALL)\tNOPASSWD: ALL" > "/etc/sudoers.d/wheel"
-chmod 0440 /etc/sudoers.d/wheel
-restorecon -rvF /etc/sudoers.d
-%end
-`
 		kickstartFile, err := kickstartOptions.IncludeRaw(hardcodedKickstartBits)
 		if err != nil {
 			panic(err)
@@ -560,3 +557,31 @@ func makeISORootPath(p string) string {
 	fullpath := path.Join("/run/install/repo", p)
 	return fmt.Sprintf("file://%s", fullpath)
 }
+
+func makeKickstartSudoersPost(names []string) string {
+	if len(names) == 0 {
+		return ""
+	}
+	echoLineFmt := `echo -e "%[1]s\tALL=(ALL)\tNOPASSWD: ALL" > "/etc/sudoers.d/%[1]s"
+chmod 0440 /etc/sudoers.d/%[1]s`
+
+	filenames := make(map[string]bool)
+	sort.Strings(names)
+	entries := make([]string, 0, len(names))
+	for _, name := range names {
+		if filenames[name] {
+			continue
+		}
+		entries = append(entries, fmt.Sprintf(echoLineFmt, name))
+		filenames[name] = true
+	}
+
+	kickstartSudoersPost := `
+%%post
+%s
+restorecon -rvF /etc/sudoers.d
+%%end
+`
+	return fmt.Sprintf(kickstartSudoersPost, strings.Join(entries, "\n"))
+
+}

vendor/github.com/osbuild/images/pkg/manifest/manifest.go

@@ -34,6 +34,7 @@ type Distro uint64
 
 const (
 	DISTRO_NULL = iota
+	DISTRO_EL10
 	DISTRO_EL9
 	DISTRO_EL8
 	DISTRO_EL7

vendor/github.com/osbuild/images/pkg/manifest/os.go

@@ -298,6 +298,7 @@ func (p *OS) getBuildPackages(distro Distro) []string {
 			switch distro {
 			case DISTRO_EL8:
 				packages = append(packages, "python3-pytoml")
+			case DISTRO_EL10:
 			default:
 				packages = append(packages, "python3-toml")
 			}

vendor/github.com/osbuild/images/pkg/manifest/ovf.go

@@ -14,12 +14,17 @@ type OVF struct {
 }
 
 // NewOVF creates a new OVF pipeline. imgPipeline is the pipeline producing the vmdk image.
-func NewOVF(buidPipeline Build, imgPipeline *VMDK) *OVF {
+func NewOVF(buildPipeline Build, imgPipeline *VMDK) *OVF {
 	p := &OVF{
-		Base:        NewBase("ovf", buidPipeline),
+		Base:        NewBase("ovf", buildPipeline),
 		imgPipeline: imgPipeline,
 	}
-	buidPipeline.addDependent(p)
+	// See similar logic in qcow2 to run on the host
+	if buildPipeline != nil {
+		buildPipeline.addDependent(p)
+	} else {
+		imgPipeline.Manifest().addPipeline(p)
+	}
 	return p
 }
 

vendor/github.com/osbuild/images/pkg/manifest/raw.go

@@ -1,6 +1,8 @@
 package manifest
 
 import (
+	"fmt"
+
 	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/artifact"
 	"github.com/osbuild/images/pkg/osbuild"
@@ -59,6 +61,38 @@ func (p *RawImage) serialize() osbuild.Pipeline {
 	copyInputs := osbuild.NewPipelineTreeInputs(inputName, p.treePipeline.Name())
 	pipeline.AddStage(osbuild.NewCopyStage(copyOptions, copyInputs, copyDevices, copyMounts))
 
+	bootFiles := p.treePipeline.platform.GetBootFiles()
+	if len(bootFiles) > 0 {
+		// we ignore the bootcopyoptions as they contain a full tree copy instead we make our own, we *do* still want all the other
+		// information such as mountpoints and devices
+		_, bootCopyDevices, bootCopyMounts := osbuild.GenCopyFSTreeOptions(inputName, p.treePipeline.Name(), p.Filename(), pt)
+		bootCopyOptions := &osbuild.CopyStageOptions{}
+		bootCopyInputs := osbuild.NewPipelineTreeInputs(inputName, p.treePipeline.Name())
+
+		// Find the FS root mount name to use as the destination root
+		// for the target when copying the boot files.
+		var fsRootMntName string
+		for _, mnt := range bootCopyMounts {
+			if mnt.Target == "/" {
+				fsRootMntName = mnt.Name
+				break
+			}
+		}
+
+		if fsRootMntName == "" {
+			panic("no mount found for the filesystem root")
+		}
+
+		for _, paths := range bootFiles {
+			bootCopyOptions.Paths = append(bootCopyOptions.Paths, osbuild.CopyStagePath{
+				From: fmt.Sprintf("input://root-tree%s", paths[0]),
+				To:   fmt.Sprintf("mount://%s%s", fsRootMntName, paths[1]),
+			})
+		}
+
+		pipeline.AddStage(osbuild.NewCopyStage(bootCopyOptions, bootCopyInputs, bootCopyDevices, bootCopyMounts))
+	}
+
 	for _, stage := range osbuild.GenImageFinishStages(pt, p.Filename()) {
 		pipeline.AddStage(stage)
 	}

vendor/github.com/osbuild/images/pkg/manifest/tar.go

@@ -37,7 +37,12 @@ func NewTar(buildPipeline Build, inputPipeline Pipeline, pipelinename string) *T
 		inputPipeline: inputPipeline,
 		filename:      "image.tar",
 	}
-	buildPipeline.addDependent(p)
+	// See similar logic in qcow2 to run on the host
+	if buildPipeline != nil {
+		buildPipeline.addDependent(p)
+	} else {
+		inputPipeline.Manifest().addPipeline(p)
+	}
 	return p
 }
 

vendor/github.com/osbuild/images/pkg/manifest/vmdk.go

@@ -31,7 +31,12 @@ func NewVMDK(buildPipeline Build, imgPipeline FilePipeline) *VMDK {
 		imgPipeline: imgPipeline,
 		filename:    "image.vmdk",
 	}
-	buildPipeline.addDependent(p)
+	// See similar logic in qcow2 to run on the host
+	if buildPipeline != nil {
+		buildPipeline.addDependent(p)
+	} else {
+		imgPipeline.Manifest().addPipeline(p)
+	}
 	return p
 }
 

vendor/github.com/osbuild/images/pkg/platform/platform.go

@@ -1,6 +1,8 @@
 package platform
 
 import (
+	"fmt"
+
 	"github.com/osbuild/images/pkg/arch"
 )
 
@@ -19,6 +21,8 @@ const ( // image format enum
 
 func (f ImageFormat) String() string {
 	switch f {
+	case FORMAT_UNSET:
+		return "unset"
 	case FORMAT_RAW:
 		return "raw"
 	case FORMAT_ISO:
@@ -34,7 +38,7 @@ func (f ImageFormat) String() string {
 	case FORMAT_OVA:
 		return "ova"
 	default:
-		panic("invalid image format")
+		panic(fmt.Errorf("unknown image format %d", f))
 	}
 }