Update osbuild/images to v0.75.0

Signed-off-by: Tomáš Hozza <thozza@redhat.com>

vendor/github.com/osbuild/images/pkg/blueprint/customizations.go

@@ -31,6 +31,7 @@ type Customizations struct {
 	ContainersStorage  *ContainerStorageCustomization `json:"containers-storage,omitempty" toml:"containers-storage,omitempty"`
 	Installer          *InstallerCustomization        `json:"installer,omitempty" toml:"installer,omitempty"`
 	RPM                *RPMCustomization              `json:"rpm,omitempty" toml:"rpm,omitempty"`
+	RHSM               *RHSMCustomization             `json:"rhsm,omitempty" toml:"rhsm,omitempty"`
 }
 
 type IgnitionCustomization struct {
@@ -431,3 +432,10 @@ func (c *Customizations) GetRPM() *RPMCustomization {
 	}
 	return c.RPM
 }
+
+func (c *Customizations) GetRHSM() *RHSMCustomization {
+	if c == nil {
+		return nil
+	}
+	return c.RHSM
+}

vendor/github.com/osbuild/images/pkg/blueprint/rhsm_customizations.go

@@ -0,0 +1,35 @@
+package blueprint
+
+// Subscription Manager [rhsm] configuration
+type SubManRHSMConfig struct {
+	ManageRepos *bool `json:"manage_repos,omitempty" toml:"manage_repos,omitempty"`
+}
+
+// Subscription Manager [rhsmcertd] configuration
+type SubManRHSMCertdConfig struct {
+	AutoRegistration *bool `json:"auto_registration,omitempty" toml:"auto_registration,omitempty"`
+}
+
+// Subscription Manager 'rhsm.conf' configuration
+type SubManConfig struct {
+	RHSMConfig      *SubManRHSMConfig      `json:"rhsm,omitempty" toml:"rhsm,omitempty"`
+	RHSMCertdConfig *SubManRHSMCertdConfig `json:"rhsmcertd,omitempty" toml:"rhsmcertd,omitempty"`
+}
+
+type DNFPluginConfig struct {
+	Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"`
+}
+
+type SubManDNFPluginsConfig struct {
+	ProductID           *DNFPluginConfig `json:"product_id,omitempty" toml:"product_id,omitempty"`
+	SubscriptionManager *DNFPluginConfig `json:"subscription_manager,omitempty" toml:"subscription_manager,omitempty"`
+}
+
+type RHSMConfig struct {
+	DNFPlugins          *SubManDNFPluginsConfig `json:"dnf_plugins,omitempty" toml:"dnf_plugins,omitempty"`
+	SubscriptionManager *SubManConfig           `json:"subscription_manager,omitempty" toml:"subscription_manager,omitempty"`
+}
+
+type RHSMCustomization struct {
+	Config *RHSMConfig `json:"config,omitempty" toml:"config,omitempty"`
+}

vendor/github.com/osbuild/images/pkg/customizations/subscription/subscription.go

@@ -0,0 +1,158 @@
+package subscription
+
+import (
+	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/blueprint"
+)
+
+// The ImageOptions specify subscription-specific image options
+// ServerUrl denotes the host to register the system with
+// BaseUrl specifies the repository URL for DNF
+type ImageOptions struct {
+	Organization  string `json:"organization"`
+	ActivationKey string `json:"activation_key"`
+	ServerUrl     string `json:"server_url"`
+	BaseUrl       string `json:"base_url"`
+	Insights      bool   `json:"insights"`
+	Rhc           bool   `json:"rhc"`
+}
+
+type RHSMStatus string
+
+const (
+	RHSMConfigWithSubscription RHSMStatus = "with-subscription"
+	RHSMConfigNoSubscription   RHSMStatus = "no-subscription"
+)
+
+// Subscription Manager [rhsm] configuration
+type SubManRHSMConfig struct {
+	ManageRepos *bool
+}
+
+// Subscription Manager [rhsmcertd] configuration
+type SubManRHSMCertdConfig struct {
+	AutoRegistration *bool
+}
+
+// Subscription Manager 'rhsm.conf' configuration
+type SubManConfig struct {
+	Rhsm      SubManRHSMConfig
+	Rhsmcertd SubManRHSMCertdConfig
+}
+
+type DNFPluginConfig struct {
+	Enabled *bool
+}
+
+type SubManDNFPluginsConfig struct {
+	ProductID           DNFPluginConfig
+	SubscriptionManager DNFPluginConfig
+}
+
+type RHSMConfig struct {
+	DnfPlugins SubManDNFPluginsConfig
+	YumPlugins SubManDNFPluginsConfig
+	SubMan     SubManConfig
+}
+
+// Clone returns a new instance of RHSMConfig with the same values.
+// The returned instance is a deep copy of the original.
+func (c *RHSMConfig) Clone() *RHSMConfig {
+	if c == nil {
+		return nil
+	}
+
+	clone := &RHSMConfig{}
+
+	if c.DnfPlugins.ProductID.Enabled != nil {
+		clone.DnfPlugins.ProductID.Enabled = common.ToPtr(*c.DnfPlugins.ProductID.Enabled)
+	}
+	if c.DnfPlugins.SubscriptionManager.Enabled != nil {
+		clone.DnfPlugins.SubscriptionManager.Enabled = common.ToPtr(*c.DnfPlugins.SubscriptionManager.Enabled)
+	}
+
+	if c.YumPlugins.ProductID.Enabled != nil {
+		clone.YumPlugins.ProductID.Enabled = common.ToPtr(*c.YumPlugins.ProductID.Enabled)
+	}
+	if c.YumPlugins.SubscriptionManager.Enabled != nil {
+		clone.YumPlugins.SubscriptionManager.Enabled = common.ToPtr(*c.YumPlugins.SubscriptionManager.Enabled)
+	}
+
+	if c.SubMan.Rhsm.ManageRepos != nil {
+		clone.SubMan.Rhsm.ManageRepos = common.ToPtr(*c.SubMan.Rhsm.ManageRepos)
+	}
+	if c.SubMan.Rhsmcertd.AutoRegistration != nil {
+		clone.SubMan.Rhsmcertd.AutoRegistration = common.ToPtr(*c.SubMan.Rhsmcertd.AutoRegistration)
+	}
+
+	return clone
+}
+
+// Update returns a new instance of RHSMConfig with updated values
+// from the new RHSMConfig. The original RHSMConfig is not modified and
+// the new instance does not share any memory with the original.
+func (c *RHSMConfig) Update(new *RHSMConfig) *RHSMConfig {
+	c = c.Clone()
+
+	if new == nil {
+		return c
+	}
+
+	if c == nil {
+		c = &RHSMConfig{}
+	}
+
+	if new.DnfPlugins.ProductID.Enabled != nil {
+		c.DnfPlugins.ProductID.Enabled = common.ToPtr(*new.DnfPlugins.ProductID.Enabled)
+	}
+	if new.DnfPlugins.SubscriptionManager.Enabled != nil {
+		c.DnfPlugins.SubscriptionManager.Enabled = common.ToPtr(*new.DnfPlugins.SubscriptionManager.Enabled)
+	}
+
+	if new.YumPlugins.ProductID.Enabled != nil {
+		c.YumPlugins.ProductID.Enabled = common.ToPtr(*new.YumPlugins.ProductID.Enabled)
+	}
+	if new.YumPlugins.SubscriptionManager.Enabled != nil {
+		c.YumPlugins.SubscriptionManager.Enabled = common.ToPtr(*new.YumPlugins.SubscriptionManager.Enabled)
+	}
+
+	if new.SubMan.Rhsm.ManageRepos != nil {
+		c.SubMan.Rhsm.ManageRepos = common.ToPtr(*new.SubMan.Rhsm.ManageRepos)
+	}
+	if new.SubMan.Rhsmcertd.AutoRegistration != nil {
+		c.SubMan.Rhsmcertd.AutoRegistration = common.ToPtr(*new.SubMan.Rhsmcertd.AutoRegistration)
+	}
+
+	return c
+}
+
+// RHSMConfigFromBP creates a RHSMConfig from a blueprint RHSMCustomization
+func RHSMConfigFromBP(bpRHSM *blueprint.RHSMCustomization) *RHSMConfig {
+	if bpRHSM == nil || bpRHSM.Config == nil {
+		return nil
+	}
+
+	c := &RHSMConfig{}
+
+	if plugins := bpRHSM.Config.DNFPlugins; plugins != nil {
+		if plugins.ProductID != nil && plugins.ProductID.Enabled != nil {
+			c.DnfPlugins.ProductID.Enabled = common.ToPtr(*plugins.ProductID.Enabled)
+		}
+		if plugins.SubscriptionManager != nil && plugins.SubscriptionManager.Enabled != nil {
+			c.DnfPlugins.SubscriptionManager.Enabled = common.ToPtr(*plugins.SubscriptionManager.Enabled)
+		}
+	}
+
+	// NB: YUMPlugins are not exposed to end users as a customization
+
+	if subMan := bpRHSM.Config.SubscriptionManager; subMan != nil {
+		if subMan.RHSMConfig != nil && subMan.RHSMConfig.ManageRepos != nil {
+			c.SubMan.Rhsm.ManageRepos = common.ToPtr(*subMan.RHSMConfig.ManageRepos)
+		}
+		if subMan.RHSMCertdConfig != nil && subMan.RHSMCertdConfig.AutoRegistration != nil {
+			c.SubMan.Rhsmcertd.AutoRegistration = common.ToPtr(*subMan.RHSMCertdConfig.AutoRegistration)
+		}
+	}
+
+	return c
+}

vendor/github.com/osbuild/images/pkg/distro/distro.go

@@ -2,12 +2,12 @@ package distro
 
 import (
 	"github.com/osbuild/images/pkg/blueprint"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/manifest"
 	"github.com/osbuild/images/pkg/ostree"
 	"github.com/osbuild/images/pkg/rhsm/facts"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 type BootMode uint64

vendor/github.com/osbuild/images/pkg/distro/image_config.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/osbuild/images/pkg/customizations/fsnode"
 	"github.com/osbuild/images/pkg/customizations/shell"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/osbuild"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 // ImageConfig represents a (default) configuration applied to the image payload.
@@ -39,7 +39,7 @@ type ImageConfig struct {
 
 	// for RHSM configuration, we need to potentially distinguish the case
 	// when the user want the image to be subscribed on first boot and when not
-	RHSMConfig          map[subscription.RHSMStatus]*osbuild.RHSMStageOptions
+	RHSMConfig          map[subscription.RHSMStatus]*subscription.RHSMConfig
 	SystemdLogind       []*osbuild.SystemdLogindStageOptions
 	CloudInit           []*osbuild.CloudInitStageOptions
 	Modprobe            []*osbuild.ModprobeStageOptions

vendor/github.com/osbuild/images/pkg/distro/rhel/images.go

@@ -13,6 +13,7 @@ import (
 	"github.com/osbuild/images/pkg/customizations/ignition"
 	"github.com/osbuild/images/pkg/customizations/kickstart"
 	"github.com/osbuild/images/pkg/customizations/oscap"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/customizations/users"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/image"
@@ -223,8 +224,21 @@ func osCustomizations(
 		osc.OpenSCAPRemediationConfig = remediationConfig
 	}
 
-	osc.ShellInit = imageConfig.ShellInit
+	var subscriptionStatus subscription.RHSMStatus
+	if options.Subscription != nil {
+		subscriptionStatus = subscription.RHSMConfigWithSubscription
+	} else {
+		subscriptionStatus = subscription.RHSMConfigNoSubscription
+	}
+	if rhsmConfig, exists := imageConfig.RHSMConfig[subscriptionStatus]; exists {
+		osc.RHSMConfig = rhsmConfig
+	}
 
+	if bpRhsmConfig := subscription.RHSMConfigFromBP(c.GetRHSM()); bpRhsmConfig != nil {
+		osc.RHSMConfig = osc.RHSMConfig.Update(bpRhsmConfig)
+	}
+
+	osc.ShellInit = imageConfig.ShellInit
 	osc.Grub2Config = imageConfig.Grub2Config
 	osc.Sysconfig = imageConfig.Sysconfig
 	osc.SystemdLogind = imageConfig.SystemdLogind
@@ -244,7 +258,6 @@ func osCustomizations(
 	osc.SshdConfig = imageConfig.SshdConfig
 	osc.AuthConfig = imageConfig.Authconfig
 	osc.PwQuality = imageConfig.PwQuality
-	osc.RHSMConfig = imageConfig.RHSMConfig
 	osc.Subscription = options.Subscription
 	osc.WAAgentConfig = imageConfig.WAAgentConfig
 	osc.UdevRules = imageConfig.UdevRules
@@ -455,6 +468,11 @@ func EdgeInstallerImage(workload workload.Workload,
 	img.Platform = t.platform
 	img.ExtraBasePackages = packageSets[InstallerPkgsKey]
 
+	if t.Arch().Distro().Releasever() == "8" {
+		// NOTE: RHEL 8 only supports the older Anaconda configs
+		img.UseLegacyAnacondaConfig = true
+	}
+
 	img.Kickstart, err = kickstart.New(customizations)
 	if err != nil {
 		return nil, err
@@ -653,6 +671,11 @@ func ImageInstallerImage(workload workload.Workload,
 
 	img.ExtraBasePackages = packageSets[InstallerPkgsKey]
 
+	if t.Arch().Distro().Releasever() == "8" {
+		// NOTE: RHEL 8 only supports the older Anaconda configs
+		img.UseLegacyAnacondaConfig = true
+	}
+
 	img.Kickstart, err = kickstart.New(customizations)
 	if err != nil {
 		return nil, err

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/ami.go

@@ -58,19 +58,6 @@ func baseEc2ImageConfig() *distro.ImageConfig {
 					Networking: true,
 					NoZeroConf: true,
 				},
-				NetworkScripts: &osbuild.NetworkScriptsOptions{
-					IfcfgFiles: map[string]osbuild.IfcfgFile{
-						"eth0": {
-							Device:    "eth0",
-							Bootproto: osbuild.IfcfgBootprotoDHCP,
-							OnBoot:    common.ToPtr(true),
-							Type:      osbuild.IfcfgTypeEthernet,
-							UserCtl:   common.ToPtr(true),
-							PeerDNS:   common.ToPtr(true),
-							IPv6Init:  common.ToPtr(false),
-						},
-					},
-				},
 			},
 		},
 		SystemdLogind: []*osbuild.SystemdLogindStageOptions{

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel10/qcow2.go

@@ -2,11 +2,10 @@ package rhel10
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 func mkQcow2ImgType(d *rhel.Distribution) *rhel.ImageType {
@@ -182,19 +181,18 @@ func qcowImageConfig(d *rhel.Distribution) *distro.ImageConfig {
 		DefaultTarget: common.ToPtr("multi-user.target"),
 	}
 	if d.IsRHEL() {
-		ic.RHSMConfig = map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		ic.RHSMConfig = map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
-				DnfPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-					ProductID: &osbuild.RHSMStageOptionsDnfPlugin{
-						Enabled: false,
+				DnfPlugins: subscription.SubManDNFPluginsConfig{
+					ProductID: subscription.DNFPluginConfig{
+						Enabled: common.ToPtr(false),
 					},
-					SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-						Enabled: false,
+					SubscriptionManager: subscription.DNFPluginConfig{
+						Enabled: common.ToPtr(false),
 					},
 				},
 			},
 		}
-
 	}
 	return ic
 }

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel7/azure.go

@@ -3,12 +3,12 @@ package rhel7
 import (
 	"github.com/osbuild/images/internal/common"
 	"github.com/osbuild/images/pkg/arch"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 func mkAzureRhuiImgType() *rhel.ImageType {
@@ -161,25 +161,25 @@ var azureDefaultImgConfig = &distro.ImageConfig{
 			RDEnableSwap: common.ToPtr(false),
 		},
 	},
-	RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+	RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 		subscription.RHSMConfigNoSubscription: {
-			YumPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-				SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-					Enabled: false,
+			YumPlugins: subscription.SubManDNFPluginsConfig{
+				SubscriptionManager: subscription.DNFPluginConfig{
+					Enabled: common.ToPtr(false),
 				},
 			},
-			SubMan: &osbuild.RHSMStageOptionsSubMan{
-				Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+			SubMan: subscription.SubManConfig{
+				Rhsmcertd: subscription.SubManRHSMCertdConfig{
 					AutoRegistration: common.ToPtr(true),
 				},
-				Rhsm: &osbuild.SubManConfigRHSMSection{
+				Rhsm: subscription.SubManRHSMConfig{
 					ManageRepos: common.ToPtr(false),
 				},
 			},
 		},
 		subscription.RHSMConfigWithSubscription: {
-			SubMan: &osbuild.RHSMStageOptionsSubMan{
-				Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+			SubMan: subscription.SubManConfig{
+				Rhsmcertd: subscription.SubManRHSMCertdConfig{
 					AutoRegistration: common.ToPtr(true),
 				},
 				// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel7/qcow2.go

@@ -2,11 +2,11 @@ package rhel7
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 func mkQcow2ImgType() *rhel.ImageType {
@@ -63,14 +63,14 @@ var qcow2DefaultImgConfig = &distro.ImageConfig{
 			},
 		},
 	},
-	RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+	RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 		subscription.RHSMConfigNoSubscription: {
-			YumPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-				ProductID: &osbuild.RHSMStageOptionsDnfPlugin{
-					Enabled: false,
+			YumPlugins: subscription.SubManDNFPluginsConfig{
+				ProductID: subscription.DNFPluginConfig{
+					Enabled: common.ToPtr(false),
 				},
-				SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-					Enabled: false,
+				SubscriptionManager: subscription.DNFPluginConfig{
+					Enabled: common.ToPtr(false),
 				},
 			},
 		},

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/ami.go

@@ -2,11 +2,11 @@ package rhel8
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 const (
@@ -293,7 +293,7 @@ func defaultEc2ImageConfig(rd *rhel.Distribution) *distro.ImageConfig {
 		ic = appendRHSM(ic)
 		// Disable RHSM redhat.repo management
 		rhsmConf := ic.RHSMConfig[subscription.RHSMConfigNoSubscription]
-		rhsmConf.SubMan.Rhsm = &osbuild.SubManConfigRHSMSection{ManageRepos: common.ToPtr(false)}
+		rhsmConf.SubMan.Rhsm = subscription.SubManRHSMConfig{ManageRepos: common.ToPtr(false)}
 		ic.RHSMConfig[subscription.RHSMConfigNoSubscription] = rhsmConf
 	}
 
@@ -433,11 +433,11 @@ func rhelEc2SapPackageSet(t *rhel.ImageType) rpmmd.PackageSet {
 // Used for RHEL distros.
 func appendRHSM(ic *distro.ImageConfig) *distro.ImageConfig {
 	rhsm := &distro.ImageConfig{
-		RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
 				// RHBZ#1932802
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
 					// Don't disable RHSM redhat.repo management on the AMI
@@ -451,8 +451,8 @@ func appendRHSM(ic *distro.ImageConfig) *distro.ImageConfig {
 			},
 			subscription.RHSMConfigWithSubscription: {
 				// RHBZ#1932802
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
 					// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/azure.go

@@ -4,12 +4,12 @@ import (
 	"github.com/osbuild/images/internal/common"
 	"github.com/osbuild/images/pkg/arch"
 	"github.com/osbuild/images/pkg/customizations/shell"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 // use loglevel=3 as described in the RHEL documentation and used in existing RHEL images built by MSFT
@@ -671,25 +671,25 @@ var defaultAzureRhuiImageConfig = &distro.ImageConfig{
 		"/etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release",
 		"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
 	},
-	RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+	RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 		subscription.RHSMConfigNoSubscription: {
-			DnfPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-				SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-					Enabled: false,
+			DnfPlugins: subscription.SubManDNFPluginsConfig{
+				SubscriptionManager: subscription.DNFPluginConfig{
+					Enabled: common.ToPtr(false),
 				},
 			},
-			SubMan: &osbuild.RHSMStageOptionsSubMan{
-				Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+			SubMan: subscription.SubManConfig{
+				Rhsmcertd: subscription.SubManRHSMCertdConfig{
 					AutoRegistration: common.ToPtr(true),
 				},
-				Rhsm: &osbuild.SubManConfigRHSMSection{
+				Rhsm: subscription.SubManRHSMConfig{
 					ManageRepos: common.ToPtr(false),
 				},
 			},
 		},
 		subscription.RHSMConfigWithSubscription: {
-			SubMan: &osbuild.RHSMStageOptionsSubMan{
-				Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+			SubMan: subscription.SubManConfig{
+				Rhsmcertd: subscription.SubManRHSMCertdConfig{
 					AutoRegistration: common.ToPtr(true),
 				},
 				// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/gce.go

@@ -2,11 +2,11 @@ package rhel8
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 const gceKernelOptions = "net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8d"
@@ -170,20 +170,20 @@ func defaultGceByosImageConfig(rd distro.Distro) *distro.ImageConfig {
 
 func defaultGceRhuiImageConfig(rd distro.Distro) *distro.ImageConfig {
 	ic := &distro.ImageConfig{
-		RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
-					Rhsm: &osbuild.SubManConfigRHSMSection{
+					Rhsm: subscription.SubManRHSMConfig{
 						ManageRepos: common.ToPtr(false),
 					},
 				},
 			},
 			subscription.RHSMConfigWithSubscription: {
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
 					// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go

@@ -2,11 +2,10 @@ package rhel8
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 func mkQcow2ImgType(rd *rhel.Distribution) *rhel.ImageType {
@@ -187,14 +186,14 @@ func qcowImageConfig(d *rhel.Distribution) *distro.ImageConfig {
 		DefaultTarget: common.ToPtr("multi-user.target"),
 	}
 	if d.IsRHEL() {
-		ic.RHSMConfig = map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		ic.RHSMConfig = map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
-				DnfPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-					ProductID: &osbuild.RHSMStageOptionsDnfPlugin{
-						Enabled: false,
+				DnfPlugins: subscription.SubManDNFPluginsConfig{
+					ProductID: subscription.DNFPluginConfig{
+						Enabled: common.ToPtr(false),
 					},
-					SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-						Enabled: false,
+					SubscriptionManager: subscription.DNFPluginConfig{
+						Enabled: common.ToPtr(false),
 					},
 				},
 			},

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/ami.go

@@ -2,11 +2,11 @@ package rhel9
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 // TODO: move these to the EC2 environment
@@ -148,7 +148,7 @@ func defaultEc2ImageConfig(osVersion string, rhsm bool) *distro.ImageConfig {
 		ic = appendRHSM(ic)
 		// Disable RHSM redhat.repo management
 		rhsmConf := ic.RHSMConfig[subscription.RHSMConfigNoSubscription]
-		rhsmConf.SubMan.Rhsm = &osbuild.SubManConfigRHSMSection{ManageRepos: common.ToPtr(false)}
+		rhsmConf.SubMan.Rhsm = subscription.SubManRHSMConfig{ManageRepos: common.ToPtr(false)}
 		ic.RHSMConfig[subscription.RHSMConfigNoSubscription] = rhsmConf
 	}
 	return ic
@@ -450,11 +450,11 @@ func mkEC2ImgTypeAarch64(osVersion string, rhsm bool) *rhel.ImageType {
 // Used for RHEL distros.
 func appendRHSM(ic *distro.ImageConfig) *distro.ImageConfig {
 	rhsm := &distro.ImageConfig{
-		RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
 				// RHBZ#1932802
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
 					// Don't disable RHSM redhat.repo management on the AMI
@@ -468,8 +468,8 @@ func appendRHSM(ic *distro.ImageConfig) *distro.ImageConfig {
 			},
 			subscription.RHSMConfigWithSubscription: {
 				// RHBZ#1932802
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
 					// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/azure.go

@@ -3,12 +3,12 @@ package rhel9
 import (
 	"github.com/osbuild/images/internal/common"
 	"github.com/osbuild/images/pkg/arch"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 // Azure non-RHEL image type
@@ -622,25 +622,25 @@ var defaultAzureRhuiImageConfig = &distro.ImageConfig{
 		"/etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release",
 		"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release",
 	},
-	RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+	RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 		subscription.RHSMConfigNoSubscription: {
-			DnfPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-				SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-					Enabled: false,
+			DnfPlugins: subscription.SubManDNFPluginsConfig{
+				SubscriptionManager: subscription.DNFPluginConfig{
+					Enabled: common.ToPtr(false),
 				},
 			},
-			SubMan: &osbuild.RHSMStageOptionsSubMan{
-				Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+			SubMan: subscription.SubManConfig{
+				Rhsmcertd: subscription.SubManRHSMCertdConfig{
 					AutoRegistration: common.ToPtr(true),
 				},
-				Rhsm: &osbuild.SubManConfigRHSMSection{
+				Rhsm: subscription.SubManRHSMConfig{
 					ManageRepos: common.ToPtr(false),
 				},
 			},
 		},
 		subscription.RHSMConfigWithSubscription: {
-			SubMan: &osbuild.RHSMStageOptionsSubMan{
-				Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+			SubMan: subscription.SubManConfig{
+				Rhsmcertd: subscription.SubManRHSMCertdConfig{
 					AutoRegistration: common.ToPtr(true),
 				},
 				// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/gce.go

@@ -2,11 +2,11 @@ package rhel9
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
 	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 const gceKernelOptions = "net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y console=ttyS0,38400n8d"
@@ -160,20 +160,20 @@ func baseGCEImageConfig() *distro.ImageConfig {
 
 func defaultGceRhuiImageConfig() *distro.ImageConfig {
 	ic := &distro.ImageConfig{
-		RHSMConfig: map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		RHSMConfig: map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
-					Rhsm: &osbuild.SubManConfigRHSMSection{
+					Rhsm: subscription.SubManRHSMConfig{
 						ManageRepos: common.ToPtr(false),
 					},
 				},
 			},
 			subscription.RHSMConfigWithSubscription: {
-				SubMan: &osbuild.RHSMStageOptionsSubMan{
-					Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{
+				SubMan: subscription.SubManConfig{
+					Rhsmcertd: subscription.SubManRHSMCertdConfig{
 						AutoRegistration: common.ToPtr(true),
 					},
 					// do not disable the redhat.repo management if the user

vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/qcow2.go

@@ -2,11 +2,10 @@ package rhel9
 
 import (
 	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/distro"
 	"github.com/osbuild/images/pkg/distro/rhel"
-	"github.com/osbuild/images/pkg/osbuild"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 func mkQcow2ImgType(d *rhel.Distribution) *rhel.ImageType {
@@ -183,19 +182,18 @@ func qcowImageConfig(d *rhel.Distribution) *distro.ImageConfig {
 		DefaultTarget: common.ToPtr("multi-user.target"),
 	}
 	if d.IsRHEL() {
-		ic.RHSMConfig = map[subscription.RHSMStatus]*osbuild.RHSMStageOptions{
+		ic.RHSMConfig = map[subscription.RHSMStatus]*subscription.RHSMConfig{
 			subscription.RHSMConfigNoSubscription: {
-				DnfPlugins: &osbuild.RHSMStageOptionsDnfPlugins{
-					ProductID: &osbuild.RHSMStageOptionsDnfPlugin{
-						Enabled: false,
+				DnfPlugins: subscription.SubManDNFPluginsConfig{
+					ProductID: subscription.DNFPluginConfig{
+						Enabled: common.ToPtr(false),
 					},
-					SubscriptionManager: &osbuild.RHSMStageOptionsDnfPlugin{
-						Enabled: false,
+					SubscriptionManager: subscription.DNFPluginConfig{
+						Enabled: common.ToPtr(false),
 					},
 				},
 			},
 		}
-
 	}
 	return ic
 }

vendor/github.com/osbuild/images/pkg/image/anaconda_container_installer.go

@@ -46,6 +46,10 @@ type AnacondaContainerInstaller struct {
 	Kickstart *kickstart.Options
 
 	UseRHELLoraxTemplates bool
+
+	// Uses the old, deprecated, Anaconda config option "kickstart-modules".
+	// Only for RHEL 8.
+	UseLegacyAnacondaConfig bool
 }
 
 func NewAnacondaContainerInstaller(container container.SourceSpec, ref string) *AnacondaContainerInstaller {
@@ -75,6 +79,7 @@ func (img *AnacondaContainerInstaller) InstantiateManifest(m *manifest.Manifest,
 	)
 
 	anacondaPipeline.UseRHELLoraxTemplates = img.UseRHELLoraxTemplates
+	anacondaPipeline.UseLegacyAnacondaConfig = img.UseLegacyAnacondaConfig
 
 	anacondaPipeline.ExtraPackages = img.ExtraBasePackages.Include
 	anacondaPipeline.ExcludePackages = img.ExtraBasePackages.Exclude

vendor/github.com/osbuild/images/pkg/image/anaconda_ostree_installer.go

@@ -42,6 +42,10 @@ type AnacondaOSTreeInstaller struct {
 	DisabledAnacondaModules   []string
 	AdditionalDrivers         []string
 	FIPS                      bool
+
+	// Uses the old, deprecated, Anaconda config option "kickstart-modules".
+	// Only for RHEL 8.
+	UseLegacyAnacondaConfig bool
 }
 
 func NewAnacondaOSTreeInstaller(commit ostree.SourceSpec) *AnacondaOSTreeInstaller {
@@ -80,6 +84,8 @@ func (img *AnacondaOSTreeInstaller) InstantiateManifest(m *manifest.Manifest,
 	anacondaPipeline.Variant = img.Variant
 	anacondaPipeline.Biosdevname = (img.Platform.GetArch() == arch.ARCH_X86_64)
 	anacondaPipeline.Checkpoint()
+
+	anacondaPipeline.UseLegacyAnacondaConfig = img.UseLegacyAnacondaConfig
 	anacondaPipeline.AdditionalDracutModules = img.AdditionalDracutModules
 	anacondaPipeline.AdditionalAnacondaModules = img.AdditionalAnacondaModules
 	if img.FIPS {

vendor/github.com/osbuild/images/pkg/image/anaconda_tar_installer.go

@@ -72,6 +72,10 @@ type AnacondaTarInstaller struct {
 	DisabledAnacondaModules   []string
 	AdditionalDracutModules   []string
 	AdditionalDrivers         []string
+
+	// Uses the old, deprecated, Anaconda config option "kickstart-modules".
+	// Only for RHEL 8.
+	UseLegacyAnacondaConfig bool
 }
 
 func NewAnacondaTarInstaller() *AnacondaTarInstaller {
@@ -127,6 +131,8 @@ func (img *AnacondaTarInstaller) InstantiateManifest(m *manifest.Manifest,
 	}
 	anacondaPipeline.Variant = img.Variant
 	anacondaPipeline.Biosdevname = (img.Platform.GetArch() == arch.ARCH_X86_64)
+
+	anacondaPipeline.UseLegacyAnacondaConfig = img.UseLegacyAnacondaConfig
 	anacondaPipeline.AdditionalAnacondaModules = img.AdditionalAnacondaModules
 	if img.OSCustomizations.FIPS {
 		anacondaPipeline.AdditionalAnacondaModules = append(

vendor/github.com/osbuild/images/pkg/manifest/anaconda_installer.go

@@ -80,6 +80,10 @@ type AnacondaInstaller struct {
 
 	// Temporary
 	UseRHELLoraxTemplates bool
+
+	// Uses the old, deprecated, Anaconda config option "kickstart-modules".
+	// Only for RHEL 8.
+	UseLegacyAnacondaConfig bool
 }
 
 func NewAnacondaInstaller(installerType AnacondaInstallerType,
@@ -271,7 +275,14 @@ func (p *AnacondaInstaller) payloadStages() []*osbuild.Stage {
 		LoraxPath = "99-generic/runtime-postinstall.tmpl"
 	}
 
-	stages = append(stages, osbuild.NewAnacondaStage(osbuild.NewAnacondaStageOptions(p.AdditionalAnacondaModules, p.DisabledAnacondaModules)))
+	var anacondaStageOptions *osbuild.AnacondaStageOptions
+	if p.UseLegacyAnacondaConfig {
+		anacondaStageOptions = osbuild.NewAnacondaStageOptionsLegacy(p.AdditionalAnacondaModules, p.DisabledAnacondaModules)
+	} else {
+		anacondaStageOptions = osbuild.NewAnacondaStageOptions(p.AdditionalAnacondaModules, p.DisabledAnacondaModules)
+	}
+	stages = append(stages, osbuild.NewAnacondaStage(anacondaStageOptions))
+
 	stages = append(stages, osbuild.NewLoraxScriptStage(&osbuild.LoraxScriptStageOptions{
 		Path:     LoraxPath,
 		BaseArch: p.platform.GetArch().String(),

vendor/github.com/osbuild/images/pkg/manifest/os.go

@@ -14,6 +14,7 @@ import (
 	"github.com/osbuild/images/pkg/customizations/fsnode"
 	"github.com/osbuild/images/pkg/customizations/oscap"
 	"github.com/osbuild/images/pkg/customizations/shell"
+	"github.com/osbuild/images/pkg/customizations/subscription"
 	"github.com/osbuild/images/pkg/customizations/users"
 	"github.com/osbuild/images/pkg/disk"
 	"github.com/osbuild/images/pkg/osbuild"
@@ -21,7 +22,6 @@ import (
 	"github.com/osbuild/images/pkg/platform"
 	"github.com/osbuild/images/pkg/rhsm/facts"
 	"github.com/osbuild/images/pkg/rpmmd"
-	"github.com/osbuild/images/pkg/subscription"
 )
 
 // OSCustomizations encapsulates all configuration applied to the base
@@ -132,7 +132,8 @@ type OSCustomizations struct {
 	OpenSCAPRemediationConfig *oscap.RemediationConfig
 
 	Subscription *subscription.ImageOptions
-	RHSMConfig   map[subscription.RHSMStatus]*osbuild.RHSMStageOptions
+	// The final RHSM config to be applied to the image
+	RHSMConfig *subscription.RHSMConfig
 
 	// Custom directories and files to create in the image
 	Directories []*fsnode.Directory
@@ -254,7 +255,7 @@ func (p *OS) getPackageSetChain(Distro) []rpmmd.PackageSet {
 		// should already have the required packages, but some minimal image
 		// types, like 'tar' don't, so let's add them for the stage to run and
 		// to enable user management in the image.
-		packages = append(packages, "shadow-utils", "pam")
+		packages = append(packages, "shadow-utils", "pam", "passwd")
 
 	}
 
@@ -306,7 +307,7 @@ func (p *OS) getBuildPackages(distro Distro) []string {
 			packages = append(packages, "python3-pyyaml")
 		}
 	}
-	if len(p.DNFConfig) > 0 || len(p.RHSMConfig) > 0 || p.WSLConfig != nil {
+	if len(p.DNFConfig) > 0 || p.RHSMConfig != nil || p.WSLConfig != nil {
 		packages = append(packages, "python3-iniparse")
 	}
 
@@ -647,22 +648,18 @@ func (p *OS) serialize() osbuild.Pipeline {
 		}
 		pipeline.AddStage(osbuild.NewSystemdUnitCreateStage(regServiceStageOptions))
 		p.EnabledServices = append(p.EnabledServices, subscribeServiceFile)
-
-		if rhsmConfig, exists := p.RHSMConfig[subscription.RHSMConfigWithSubscription]; exists {
-			pipeline.AddStage(osbuild.NewRHSMStage(rhsmConfig))
-		}
-	} else {
-		if rhsmConfig, exists := p.RHSMConfig[subscription.RHSMConfigNoSubscription]; exists {
-			pipeline.AddStage(osbuild.NewRHSMStage(rhsmConfig))
-		}
 	}
 
-	if waConfig := p.WAAgentConfig; waConfig != nil {
-		pipeline.AddStage(osbuild.NewWAAgentConfStage(waConfig))
+	if p.RHSMConfig != nil {
+		pipeline.AddStage(osbuild.NewRHSMStage(osbuild.NewRHSMStageOptions(p.RHSMConfig)))
 	}
 
-	if udevRules := p.UdevRules; udevRules != nil {
-		pipeline.AddStage(osbuild.NewUdevRulesStage(udevRules))
+	if p.WAAgentConfig != nil {
+		pipeline.AddStage(osbuild.NewWAAgentConfStage(p.WAAgentConfig))
+	}
+
+	if p.UdevRules != nil {
+		pipeline.AddStage(osbuild.NewUdevRulesStage(p.UdevRules))
 	}
 
 	if pt := p.PartitionTable; pt != nil {
@@ -795,8 +792,8 @@ func (p *OS) serialize() osbuild.Pipeline {
 		pipeline.AddStage(osbuild.GenShellInitStage(p.ShellInit))
 	}
 
-	if wslConf := p.WSLConfig; wslConf != nil {
-		pipeline.AddStage(osbuild.NewWSLConfStage(wslConf))
+	if p.WSLConfig != nil {
+		pipeline.AddStage(osbuild.NewWSLConfStage(p.WSLConfig))
 	}
 
 	if p.FIPS {

vendor/github.com/osbuild/images/pkg/osbuild/anaconda_stage.go

@@ -7,7 +7,25 @@ import (
 
 type AnacondaStageOptions struct {
 	// Kickstart modules to enable
-	KickstartModules []string `json:"kickstart-modules"`
+	//
+	// Deprecated:
+	//  RHEL 9:  Available but marked deprecated
+	//  RHEL 10: Removed
+	//  Fedora:  Removed
+	//
+	// https://bugzilla.redhat.com/show_bug.cgi?id=2023855#c10
+	KickstartModules []string `json:"kickstart-modules,omitempty"`
+
+	// Kickstart modules to activate
+	//
+	// Replaced kickstart-modules in newer versions.
+	ActivatableModules []string `json:"activatable-modules,omitempty"`
+
+	// Kickstart modules to forbid
+	ForbiddenModules []string `json:"forbidden-modules,omitempty"`
+
+	// Kickstart modules to activate but are allowed to fail
+	OptionalModules []string `json:"optional-modules,omitempty"`
 }
 
 func (AnacondaStageOptions) isStageOptions() {}
@@ -56,7 +74,7 @@ func filterEnabledModules(moduleStates map[string]bool) []string {
 	return enabled
 }
 
-func NewAnacondaStageOptions(enableModules, disableModules []string) *AnacondaStageOptions {
+func NewAnacondaStageOptionsLegacy(enableModules, disableModules []string) *AnacondaStageOptions {
 	states := defaultModuleStates()
 	setModuleStates(states, enableModules, disableModules)
 
@@ -64,3 +82,12 @@ func NewAnacondaStageOptions(enableModules, disableModules []string) *AnacondaSt
 		KickstartModules: filterEnabledModules(states),
 	}
 }
+
+func NewAnacondaStageOptions(enableModules, disableModules []string) *AnacondaStageOptions {
+	states := defaultModuleStates()
+	setModuleStates(states, enableModules, disableModules)
+
+	return &AnacondaStageOptions{
+		ActivatableModules: filterEnabledModules(states),
+	}
+}

vendor/github.com/osbuild/images/pkg/osbuild/rhsm_stage.go

@@ -1,5 +1,10 @@
 package osbuild
 
+import (
+	"github.com/osbuild/images/internal/common"
+	"github.com/osbuild/images/pkg/customizations/subscription"
+)
+
 // RHSMStageOptions describes configuration of the RHSM stage.
 //
 // The RHSM stage allows configuration of Red Hat Subscription Manager (RHSM)
@@ -52,3 +57,61 @@ type SubManConfigRHSMCERTDSection struct {
 	// Automatic system registration
 	AutoRegistration *bool `json:"auto_registration,omitempty"`
 }
+
+func NewRHSMStageOptions(config *subscription.RHSMConfig) *RHSMStageOptions {
+	if config == nil {
+		return nil
+	}
+
+	options := &RHSMStageOptions{}
+
+	dnfPlugProductIdEnabled := config.DnfPlugins.ProductID.Enabled
+	dnfPlugSubManEnabled := config.DnfPlugins.SubscriptionManager.Enabled
+	if dnfPlugProductIdEnabled != nil || dnfPlugSubManEnabled != nil {
+		options.DnfPlugins = &RHSMStageOptionsDnfPlugins{}
+		if dnfPlugProductIdEnabled != nil {
+			options.DnfPlugins.ProductID = &RHSMStageOptionsDnfPlugin{
+				Enabled: *dnfPlugProductIdEnabled,
+			}
+		}
+		if dnfPlugSubManEnabled != nil {
+			options.DnfPlugins.SubscriptionManager = &RHSMStageOptionsDnfPlugin{
+				Enabled: *dnfPlugSubManEnabled,
+			}
+		}
+	}
+
+	yumPlugProductIdEnabled := config.YumPlugins.ProductID.Enabled
+	yumPlugSubManEnabled := config.YumPlugins.SubscriptionManager.Enabled
+	if yumPlugProductIdEnabled != nil || yumPlugSubManEnabled != nil {
+		options.YumPlugins = &RHSMStageOptionsDnfPlugins{}
+		if yumPlugProductIdEnabled != nil {
+			options.YumPlugins.ProductID = &RHSMStageOptionsDnfPlugin{
+				Enabled: *yumPlugProductIdEnabled,
+			}
+		}
+		if yumPlugSubManEnabled != nil {
+			options.YumPlugins.SubscriptionManager = &RHSMStageOptionsDnfPlugin{
+				Enabled: *yumPlugSubManEnabled,
+			}
+		}
+	}
+
+	subManConfRhsmManageRepos := config.SubMan.Rhsm.ManageRepos
+	subManConfRhsmcertdAutoReg := config.SubMan.Rhsmcertd.AutoRegistration
+	if subManConfRhsmcertdAutoReg != nil || subManConfRhsmManageRepos != nil {
+		options.SubMan = &RHSMStageOptionsSubMan{}
+		if subManConfRhsmManageRepos != nil {
+			options.SubMan.Rhsm = &SubManConfigRHSMSection{
+				ManageRepos: common.ToPtr(*subManConfRhsmManageRepos),
+			}
+		}
+		if subManConfRhsmcertdAutoReg != nil {
+			options.SubMan.Rhsmcertd = &SubManConfigRHSMCERTDSection{
+				AutoRegistration: common.ToPtr(*subManConfRhsmcertdAutoReg),
+			}
+		}
+	}
+
+	return options
+}

vendor/github.com/osbuild/images/pkg/subscription/subscription.go

@@ -1,20 +0,0 @@
-package subscription
-
-// The ImageOptions specify subscription-specific image options
-// ServerUrl denotes the host to register the system with
-// BaseUrl specifies the repository URL for DNF
-type ImageOptions struct {
-	Organization  string `json:"organization"`
-	ActivationKey string `json:"activation_key"`
-	ServerUrl     string `json:"server_url"`
-	BaseUrl       string `json:"base_url"`
-	Insights      bool   `json:"insights"`
-	Rhc           bool   `json:"rhc"`
-}
-
-type RHSMStatus string
-
-const (
-	RHSMConfigWithSubscription RHSMStatus = "with-subscription"
-	RHSMConfigNoSubscription   RHSMStatus = "no-subscription"
-)