diff --git a/osbuild/util/ostree.py b/osbuild/util/ostree.py
index 8d08c3a1..732698a7 100644
--- a/osbuild/util/ostree.py
+++ b/osbuild/util/ostree.py
@@ -9,6 +9,8 @@ import typing
 # pylint doesn't understand the string-annotation below
 from typing import Any, List  # pylint: disable=unused-import
 
+from osbuild.util.rhsm import Subscriptions
+
 from .types import PathLike
 
 
@@ -111,6 +113,32 @@ class Treefile:
                 os.unlink(name)
 
 
+def setup_remote(repo, name, remote):
+    """Configure an OSTree remote in a given repo"""
+
+    url = remote["url"]
+    gpg = remote.get("gpgkeys", [])
+
+    remote_add_args = []
+    if not gpg:
+        remote_add_args = ["--no-gpg-verify"]
+
+    if "contenturl" in remote:
+        remote_add_args.append(f"--contenturl={remote['contenturl']}")
+
+    if remote.get("secrets", {}).get("name") == "org.osbuild.rhsm.consumer":
+        secrets = Subscriptions.get_consumer_secrets()
+        remote_add_args.append(f"--set=tls-client-key-path={secrets['consumer_key']}")
+        remote_add_args.append(f"--set=tls-client-cert-path={secrets['consumer_cert']}")
+
+    cli("remote", "add", name, url,
+        *remote_add_args, repo=repo)
+
+    for key in gpg:
+        cli("remote", "gpg-import", "--stdin",
+            name, repo=repo, _input=key)
+
+
 def rev_parse(repo: PathLike, ref: str) -> str:
     """Resolve an OSTree reference `ref` in the repository at `repo`"""
 
diff --git a/sources/org.osbuild.ostree b/sources/org.osbuild.ostree
index 725005fe..f6b5a378 100755
--- a/sources/org.osbuild.ostree
+++ b/sources/org.osbuild.ostree
@@ -13,7 +13,6 @@ import uuid
 
 from osbuild import sources
 from osbuild.util import ostree
-from osbuild.util.rhsm import Subscriptions
 
 SCHEMA = """
 "additionalProperties": false,
@@ -91,37 +90,17 @@ class OSTreeSource(sources.SourceService):
     def fetch_one(self, checksum, desc):
         commit = checksum
         remote = desc["remote"]
-        url = remote["url"]
-        gpg = remote.get("gpgkeys", [])
-        uid = str(uuid.uuid4())
+        # This is a temporary remote so we'll just use a random name
+        name = str(uuid.uuid4())
 
-        remote_add_args = []
-        if not gpg:
-            remote_add_args = ["--no-gpg-verify"]
-
-        if "contenturl" in remote:
-            remote_add_args.append(f"--contenturl={remote['contenturl']}")
-
-        if remote.get("secrets", {}).get("name") == "org.osbuild.rhsm.consumer":
-            secrets = Subscriptions.get_consumer_secrets()
-            remote_add_args.append(f"--set=tls-client-key-path={secrets['consumer_key']}")
-            remote_add_args.append(f"--set=tls-client-cert-path={secrets['consumer_cert']}")
-
-        ostree.cli("remote", "add",
-                   uid, url,
-                   *remote_add_args,
-                   repo=self.repo)
-
-        for key in gpg:
-            ostree("remote", "gpg-import", "--stdin", uid,
-                   repo=self.repo, _input=key)
+        ostree.setup_remote(self.repo, name, remote)
 
         # Transfer the commit: remote → cache
         print(f"pulling {commit}", file=sys.stderr)
-        ostree.cli("pull", uid, commit, repo=self.repo)
+        ostree.cli("pull", name, commit, repo=self.repo)
 
         # Remove the temporary remote again
-        ostree.cli("remote", "delete", uid, repo=self.repo)
+        ostree.cli("remote", "delete", name, repo=self.repo)
 
     def setup(self, args):
         super().setup(args)