but basically the easiest thing to do is do a derived container build (see GitHub - coreos/layering-examples) and then rebase the system to that container. When you push new updates to the container registry you can then rpm-ostree upgrade and the system will get the update. You can automate the update with a systemd unit on a timer.