diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index fab2fc9..b1450bf 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -18,6 +18,8 @@ jobs:
             version: stream9
           - os: centos
             version: stream10
+          - os: fedora
+            version: 40
 
     steps:
       - name: Update podman
diff --git a/.tekton/centos-bootc-pull-request.yaml b/.tekton/centos-bootc-pull-request.yaml
index 29305cb..c9e8c0e 100644
--- a/.tekton/centos-bootc-pull-request.yaml
+++ b/.tekton/centos-bootc-pull-request.yaml
@@ -19,7 +19,7 @@ metadata:
 spec:
   params:
     - name: image-file
-      value: centos-bootc.yaml
+      value: centos-stream-9-tier1.yaml
     - name: git-url
       value: "{{repo_url}}"
     - name: output-image
diff --git a/.tekton/centos-bootc-push.yaml b/.tekton/centos-bootc-push.yaml
index f40de21..4db955a 100644
--- a/.tekton/centos-bootc-push.yaml
+++ b/.tekton/centos-bootc-push.yaml
@@ -19,7 +19,7 @@ metadata:
 spec:
   params:
     - name: image-file
-      value: centos-bootc.yaml
+      value: centos-stream-9-tier1.yaml
     - name: git-url
       value: "{{repo_url}}"
     - name: output-image
diff --git a/Containerfile.centos-stream10 b/Containerfile.centos-stream10
index e80a854..1524953 100644
--- a/Containerfile.centos-stream10
+++ b/Containerfile.centos-stream10
@@ -12,8 +12,9 @@ COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg
 # rpm-ostree doesn't honor /etc/dnf/vars right now
 RUN for n in $(ls /etc/dnf/vars); do v=$(cat /etc/dnf/vars/$n); sed -ie s,\$${n},$v, c10s.repo; done
 RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
-    cp -a /buildcontext /src && rm -vf /src/*.repo && cp -a c10s.repo /src && ls -al /src  &&\
-    rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive
+    cp -a /buildcontext /src && rm -vf /src/*.repo && cp -a c10s.repo /src && ls -al /src && \
+    rpm-ostree compose image --image-config /buildcontext/centos-bootc-config.json \
+     --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive
 
 FROM oci-archive:./out.ociarchive
 # Need to reference builder here to force ordering. But since we have to run
diff --git a/Containerfile.centos-stream9 b/Containerfile.centos-stream9
index 556bced..8ca6fca 100644
--- a/Containerfile.centos-stream9
+++ b/Containerfile.centos-stream9
@@ -26,14 +26,15 @@
 FROM quay.io/centos/centos:stream9 as repos
 
 FROM quay.io/centos-bootc/bootc-image-builder:latest as builder
-ARG MANIFEST=centos-bootc.yaml
+ARG MANIFEST=centos-stream-9-tier1.yaml
 # XXX: we should just make sure our in-tree c9s repo points to the c9s paths and doesn't require vars to avoid these steps entirely
 COPY --from=repos /etc/dnf/vars /etc/dnf/vars
 COPY --from=repos /etc/yum.repos.d/centos.repo c9s.repo
 COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg
 # rpm-ostree doesn't honor /etc/dnf/vars right now
 RUN for n in $(ls /etc/dnf/vars); do v=$(cat /etc/dnf/vars/$n); sed -ie s,\$${n},$v, c9s.repo; done
-RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize /buildcontext/${MANIFEST} /buildcontext/out.ociarchive
+RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
+    rpm-ostree compose image --image-config /buildcontext/centos-bootc-config.json --cachedir=/workdir --format=ociarchive --initialize /buildcontext/${MANIFEST} /buildcontext/out.ociarchive
 
 FROM oci-archive:./out.ociarchive
 # Need to reference builder here to force ordering. But since we have to run
diff --git a/Containerfile.fedora-40 b/Containerfile.fedora-40
new file mode 100644
index 0000000..bf17e0f
--- /dev/null
+++ b/Containerfile.fedora-40
@@ -0,0 +1,41 @@
+# This container build uses some special features of podman that allow
+# a process executing as part of a container build to generate a new container
+# image "from scratch".
+#
+# This container build uses nested containerization, so you must build with e.g.
+# podman build --security-opt=label=disable --cap-add=all --device /dev/fuse <...>
+#
+# # Why are we doing this?
+#
+# Today this base image build process uses rpm-ostree.  There is a lot of things that
+# rpm-ostree does when generating a container image...but important parts include:
+#
+# - auto-updating labels in the container metadata
+# - Generating "chunked" content-addressed reproducible image layers (notice
+#   how there are ~60 layers in the generated image)
+#
+# The latter bit in particular is currently impossible to do from Containerfile.
+# A future goal is adding some support for this in a way that can be honored by
+# buildah (xref https://github.com/containers/podman/discussions/12605)
+#
+# # Why does this build process require additional privileges?
+#
+# Because it's generating a base image and uses containerbuildcontextization features itself.
+# In the future some of this can be lifted.
+
+FROM quay.io/fedora/fedora:40 as repos
+
+FROM quay.io/centos-bootc/bootc-image-builder:latest as builder
+ARG MANIFEST=fedora-bootc.yaml
+COPY --from=repos /etc/dnf/vars /etc/dnf/vars
+COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-* /etc/pki/rpm-gpg
+COPY . /src
+RUN rm -vf /src/*.repo
+COPY --from=repos /etc/yum.repos.d/*.repo /src
+RUN --mount=type=cache,target=/workdir --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rpm-ostree compose image \
+ --image-config /buildcontext/fedora-bootc-config.json --cachedir=/workdir --format=ociarchive --initialize /src/${MANIFEST} /buildcontext/out.ociarchive
+
+FROM oci-archive:./out.ociarchive
+# Need to reference builder here to force ordering. But since we have to run
+# something anyway, we might as well cleanup after ourselves.
+RUN --mount=type=bind,from=builder,src=.,target=/var/tmp --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rm /buildcontext/out.ociarchive
diff --git a/c9s-devel-compose.repo b/c9s-devel-compose.repo
deleted file mode 100644
index c7062e5..0000000
--- a/c9s-devel-compose.repo
+++ /dev/null
@@ -1,35 +0,0 @@
-[baseos-devel]
-name=CentOS Stream 9 development - BaseOS
-baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/BaseOS/$basearch/os
-gpgcheck=0
-repo_gpgcheck=0
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing
-priority=1000
-
-[appstream-devel]
-name=CentOS Stream 9 development - AppStream
-baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/AppStream/$basearch/os
-gpgcheck=0
-repo_gpgcheck=0
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing
-priority=1000
-
-[nfv-devel]
-name=CentOS Stream 9 development - NFV
-baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/NFV/$basearch/os
-gpgcheck=0
-repo_gpgcheck=0
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing
-priority=1000
-
-[rt-devel]
-name=CentOS Stream 9 development - RT
-baseurl=https://composes.stream.centos.org/development/CentOS-Stream-9-20240304.d.0/compose/RT/$basearch/os
-gpgcheck=0
-repo_gpgcheck=0
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Testing
-priority=1000
diff --git a/c9s.repo b/c9s.repo
index 0becf9c..67e8ab8 100644
--- a/c9s.repo
+++ b/c9s.repo
@@ -1,6 +1,6 @@
 [baseos]
 name=CentOS Stream 9 - BaseOS
-baseurl=http://mirror.stream.centos.org/9-stream/BaseOS/$basearch/os
+baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/BaseOS/$basearch/os
 gpgcheck=1
 repo_gpgcheck=0
 enabled=1
@@ -8,7 +8,7 @@ gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Officia
 
 [appstream]
 name=CentOS Stream 9 - AppStream
-baseurl=http://mirror.stream.centos.org/9-stream/AppStream/$basearch/os
+baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/AppStream/$basearch/os
 gpgcheck=1
 repo_gpgcheck=0
 enabled=1
@@ -16,7 +16,7 @@ gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Officia
 
 [nfv]
 name=CentOS Stream 9 - NFV
-baseurl=http://mirror.stream.centos.org/9-stream/NFV/$basearch/os
+baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/NFV/$basearch/os
 gpgcheck=1
 repo_gpgcheck=0
 enabled=1
@@ -24,7 +24,7 @@ gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Officia
 
 [rt]
 name=CentOS Stream 9 - RT
-baseurl=http://mirror.stream.centos.org/9-stream/RT/$basearch/os
+baseurl=https://composes.stream.centos.org/production/CentOS-Stream-9-20240415.0/compose/RT/$basearch/os
 gpgcheck=1
 repo_gpgcheck=0
 enabled=1
diff --git a/centos-stream-10.yaml b/centos-stream-10.yaml
index 124acb8..899ed3e 100644
--- a/centos-stream-10.yaml
+++ b/centos-stream-10.yaml
@@ -2,6 +2,5 @@ releasever: stream10
 variables:
   distro: "stream10"
 
-repos:
-  - baseos
-  - appstream
+include:
+  - centos-stream-common.yaml
diff --git a/centos-bootc.yaml b/centos-stream-9-tier1.yaml
similarity index 100%
rename from centos-bootc.yaml
rename to centos-stream-9-tier1.yaml
diff --git a/centos-stream-9.yaml b/centos-stream-9.yaml
index d378478..744f873 100644
--- a/centos-stream-9.yaml
+++ b/centos-stream-9.yaml
@@ -2,18 +2,5 @@ releasever: stream9
 variables:
   distro: "stream9"
 
-repos:
-  - baseos
-  - appstream
-  # And pull in the devel composes optionally to faster track things;
-  # TODO make a container that tracks this too
-  - baseos-devel
-  - appstream-devel
-  # ONLY things here to be faster than the devel composes
-  - copr-fedora-bootc-fasttracks
-
-repo-packages:
-  - repo: appstream-devel
-    packages:
-      - bootc
-      - bootupd
+include:
+  - centos-stream-common.yaml
diff --git a/centos-stream-common.yaml b/centos-stream-common.yaml
new file mode 100644
index 0000000..16c0981
--- /dev/null
+++ b/centos-stream-common.yaml
@@ -0,0 +1,14 @@
+repos:
+  - baseos
+  - appstream
+
+# Configuration for bootc
+postprocess:
+  # XFS is our default filesystem
+  - |
+    #!/usr/bin/env bash
+    mkdir -p /usr/lib/bootc/install/
+    cat > /usr/lib/bootc/install/20-rhel.toml << EOF
+    [install]
+    root-fs-type = "xfs"
+    EOF
diff --git a/copr-walters-fasttracks.repo b/copr-walters-fasttracks.repo
deleted file mode 100644
index 2023322..0000000
--- a/copr-walters-fasttracks.repo
+++ /dev/null
@@ -1,10 +0,0 @@
-[copr-fedora-bootc-fasttracks]
-name=Copr repo for fedora-bootc-fasttracks owned by walters
-baseurl=https://download.copr.fedorainfracloud.org/results/walters/fedora-bootc-fasttracks/centos-stream-9-$basearch/
-type=rpm-md
-skip_if_unavailable=True
-gpgcheck=1
-gpgkey=https://download.copr.fedorainfracloud.org/results/walters/fedora-bootc-fasttracks/pubkey.gpg
-repo_gpgcheck=0
-enabled=1
-enabled_metadata=1
diff --git a/fedora-bootc-config.json b/fedora-bootc-config.json
new file mode 100644
index 0000000..f5429f9
--- /dev/null
+++ b/fedora-bootc-config.json
@@ -0,0 +1,9 @@
+{
+    "Labels": {
+        "containers.bootc": "1",
+        "bootc.diskimage-builder": "quay.io/centos-bootc/bootc-image-builder",
+        "redhat.id": "fedora",
+        "redhat.version-id": "40"
+    },
+    "StopSignal": "SIGRTMIN+3"
+}
diff --git a/fedora-bootc.yaml b/fedora-bootc.yaml
index e4cabcd..bef362d 100644
--- a/fedora-bootc.yaml
+++ b/fedora-bootc.yaml
@@ -3,8 +3,8 @@ variables:
   distro: "fedora"
 
 repos:
-  - fedora-devel
-  - fedora-updates
+  - fedora
+  - updates
 
 metadata:
   name: fedora-boot-tier1
diff --git a/fedora.repo b/fedora.repo
index 6450124..373d78c 100644
--- a/fedora.repo
+++ b/fedora.repo
@@ -100,4 +100,3 @@ type=rpm
 gpgcheck=1
 gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-$releasever-primary
 skip_if_unavailable=False
-
diff --git a/renovate.json b/renovate.json
index 09edc9c..c707360 100644
--- a/renovate.json
+++ b/renovate.json
@@ -5,7 +5,7 @@
   ],
   "customDatasources": {
     "c9s-compose": {
-      "defaultRegistryUrlTemplate": "https://composes.stream.centos.org/development/",
+      "defaultRegistryUrlTemplate": "https://composes.stream.centos.org/production/",
       "format": "html"
     }
   },
@@ -13,11 +13,11 @@
     {
       "customType": "regex",
       "fileMatch": [
-        "c9s-devel-compose.repo",
+        "c9s.repo",
         "centos-bootc-config.json"
       ],
       "matchStrings": [
-        "https://composes.stream.centos.org/development/(?<currentValue>.*)/compose/(.*)",
+        "https://composes.stream.centos.org/production/(?<currentValue>.*)/compose/(.*)",
         "\"redhat.compose-id\": \"(?<currentValue>.*)\""
       ],
       "datasourceTemplate": "custom.c9s-compose",
diff --git a/tier-0/bootc-config.yaml b/tier-0/bootc-config.yaml
index f885d91..e69de29 100644
--- a/tier-0/bootc-config.yaml
+++ b/tier-0/bootc-config.yaml
@@ -1,10 +0,0 @@
-# Configuration for bootc
-postprocess:
-  # XFS is our default filesystem
-  - |
-    #!/usr/bin/env bash
-    mkdir -p /usr/lib/bootc/install/
-    cat > /usr/lib/bootc/install/20-rhel.toml << EOF
-    [install]
-    root-fs-type = "xfs"
-    EOF
diff --git a/tier-0/manifest.yaml b/tier-0/manifest.yaml
index 007f6d7..8da4235 100644
--- a/tier-0/manifest.yaml
+++ b/tier-0/manifest.yaml
@@ -51,7 +51,6 @@ remove-from-packages:
 include:
   - bootc.yaml
   - ostree.yaml
-  - bootc-config.yaml
   - initramfs.yaml
   - autoupdates.yaml
   - basic-fixes.yaml