diff --git a/SOURCES/ostree-readonly-sysroot-migration b/SOURCES/ostree-readonly-sysroot-migration
new file mode 100644
index 0000000..946ca0d
--- /dev/null
+++ b/SOURCES/ostree-readonly-sysroot-migration
@@ -0,0 +1,74 @@
+#!/bin/bash
+# Update an existing system to use a read only sysroot
+# and https://bugzilla.redhat.com/show_bug.cgi?id=2060976
+ 
+set -euo pipefail
+ 
+main() {
+    # Used to condition execution of this unit at the systemd level
+    local -r stamp_file="/var/lib/.ostree-readonly-sysroot"
+ 
+    if [[ -f "${stamp_file}" ]]; then
+        exit 0
+    fi
+ 
+    local -r ostree_sysroot_readonly="$(ostree config --repo=/sysroot/ostree/repo get "sysroot.readonly" &> /dev/null || echo "false")"
+    if [[ "${ostree_sysroot_readonly}" == "true" ]]; then
+        # Nothing to do
+        touch "${stamp_file}"
+        exit 0
+    fi
+ 
+    local -r boot_entries="$(ls -A /boot/loader/entries/ | wc -l)"
+ 
+    # Ensure that we can read BLS entries to avoid touching systems where /boot
+    # is not mounted
+    if [[ "${boot_entries}" -eq 0 ]]; then
+        echo "No BLS entry found: Maybe /boot is not mounted?" 1>&2
+        echo "This is unexpected thus no migration will be performed" 1>&2
+        touch "${stamp_file}"
+        exit 0
+    fi
+ 
+    # Check if any existing deployment is still missing the rw karg
+    local rw_kargs_found=0
+    local count=0
+    for f in "/boot/loader/entries/"*; do
+        count="$(grep -c "^options .* rw" "${f}" || true)"
+        if [[ "${count}" -ge 1 ]]; then
+            rw_kargs_found=$((rw_kargs_found + 1))
+        fi
+    done
+ 
+    # Some deployments are still missing the rw karg. Let's try to update them
+    if [[ "${boot_entries}" -ne "${rw_kargs_found}" ]]; then
+        ostree admin kargs edit-in-place --append-if-missing=rw || \
+            echo "Failed to edit kargs in place with ostree" 1>&2
+    fi
+ 
+    # Re-check if any existing deployment is still missing the rw karg
+    rw_kargs_found=0
+    count=0
+    for f in "/boot/loader/entries/"*; do
+        count="$(grep -c "^options .* rw" "${f}" || true)"
+        if [[ "${count}" -ge 1 ]]; then
+            rw_kargs_found=$((rw_kargs_found + 1))
+        fi
+    done
+    unset count
+ 
+    # If all deployments are good, then we can set the sysroot.readonly option
+    # in the ostree repo config
+    if [[ "${boot_entries}" -eq "${rw_kargs_found}" ]]; then
+        echo "Setting up the sysroot.readonly option in the ostree repo config"
+        ostree config --repo=/sysroot/ostree/repo set "sysroot.readonly" "true"
+        touch "${stamp_file}"
+        exit 0
+    fi
+ 
+    # If anything else before failed, we will retry on next boot
+    echo "Will retry next boot" 1>&2
+    exit 0
+}
+ 
+main "${@}"
diff --git a/SOURCES/ostree-readonly-sysroot-migration.service b/SOURCES/ostree-readonly-sysroot-migration.service
new file mode 100644
index 0000000..e702f31
--- /dev/null
+++ b/SOURCES/ostree-readonly-sysroot-migration.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Read-Only Sysroot Migration
+Documentation=https://ostreedev.github.io/ostree
+ConditionPathExists=!/var/lib/.ostree-readonly-sysroot
+ConditionPathExists=/run/ostree-booted
+RequiresMountsFor=/sysroot /boot
+ConditionPathIsReadWrite=/sysroot
+ 
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/ostree-readonly-sysroot-migration
+RemainAfterExit=yes
+ 
+[Install]
+WantedBy=multi-user.target
diff --git a/SPECS/ostree.spec b/SPECS/ostree.spec
index 83034d6..1cdcfa3 100644
--- a/SPECS/ostree.spec
+++ b/SPECS/ostree.spec
@@ -8,8 +8,11 @@
 Summary: Tool for managing bootable, immutable filesystem trees
 Name: ostree
 Version: 2022.6
-Release: 1%{?dist}
+Release: 3%{?dist}
 Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libostree-%{version}.tar.xz
+Source1: ostree-readonly-sysroot-migration
+Source2: ostree-readonly-sysroot-migration.service
+
 License: LGPLv2+
 URL: https://ostree.readthedocs.io/en/latest/
 
@@ -109,6 +112,10 @@ env NOCONFIGURE=1 ./autogen.sh
 %make_build
 
 %install
+install -m 644 -D %{SOURCE2} %{buildroot}/usr/lib/systemd/system/ostree-readonly-sysroot-migration.service
+install -m 755 -D %{SOURCE1} %{buildroot}/usr/libexec/ostree-readonly-sysroot-migration
+install -dm0755 %{buildroot}%{_unitdir}/multi-user.target.wants/
+ln -sf ../ostree-readonly-sysroot-migration.service %{buildroot}%{_unitdir}/multi-user.target.wants/
 %make_install INSTALL="install -p -c"
 find %{buildroot} -name '*.la' -delete
 
@@ -139,6 +146,9 @@ find %{buildroot} -name '*.la' -delete
 %{_prefix}/lib/ostree
 # Moved in git master
 %{_libexecdir}/libostree/*
+%{_prefix}/lib/systemd/system/ostree-readonly-sysroot-migration.service
+%{_libexecdir}/ostree-readonly-sysroot-migration
+%{_unitdir}/multi-user.target.wants/ostree-readonly-sysroot-migration.service
 
 %files libs
 %{_sysconfdir}/ostree
@@ -168,6 +178,12 @@ find %{buildroot} -name '*.la' -delete
 %endif
 
 %changelog
+* Thu Feb 9 2023 Sayan Paul <saypaul@redhat.com> - 2022.6-3
+- Resolves: rhbz#2167344
+
+* Wed Dec 14 2022 Sayan Paul <saypaul@redhat.com> - 2022.6-2
+- Resolves: rhbz#2060976
+
 * Thu Oct 13 2022 Luca BRUNO <lucab@redhat.com> - 2022.6-1
 - New upstream version
   https://github.com/ostreedev/ostree/releases/tag/v2022.6