diff --git a/_service b/_service
index 21621dc..b28c4b0 100644
--- a/_service
+++ b/_service
@@ -2,7 +2,7 @@
   <service name="obs_scm" mode="manual">
     <param name="url">https://github.com/warewulf/warewulf.git</param>
     <param name="scm">git</param>
-    <param name="revision">v4.6.2</param>
+    <param name="revision">v4.6.4</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
diff --git a/fix-CVE-2025-58058.patch b/fix-CVE-2025-58058.patch
new file mode 100644
index 0000000..17ff5c8
--- /dev/null
+++ b/fix-CVE-2025-58058.patch
@@ -0,0 +1,56 @@
+From 8e6c115089c0cbea4347ed252aba7cfe575c9456 Mon Sep 17 00:00:00 2001
+From: Christian Goll <cgoll@suse.com>
+Date: Mon, 8 Sep 2025 15:33:28 +0200
+Subject: [PATCH] fix CVE-2025-58058
+
+---
+ CHANGELOG.md | 3 +++
+ go.mod       | 2 +-
+ go.sum       | 4 ++--
+ 3 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 26c5994c..41fd92bf 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+ 
+ ## v4.6.5, unreleased
+ 
++### Fixed
++- updated github.com/ulikunitz/xz to 0.5.14 whiche fixes CVE-2025-58058
++
+ ## v4.6.4, 2025-09-05
+ 
+ ### Added
+diff --git a/go.mod b/go.mod
+index bdd4ef25..55b9642a 100644
+--- a/go.mod
++++ b/go.mod
+@@ -135,7 +135,7 @@ require (
+ 	github.com/swaggest/jsonschema-go v0.3.73 // indirect
+ 	github.com/swaggest/refl v1.3.0 // indirect
+ 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+-	github.com/ulikunitz/xz v0.5.12 // indirect
++	github.com/ulikunitz/xz v0.5.14 // indirect
+ 	github.com/urfave/cli v1.22.16 // indirect
+ 	github.com/vbatts/go-mtree v0.5.0 // indirect
+ 	github.com/vbatts/tar-split v0.11.7 // indirect
+diff --git a/go.sum b/go.sum
+index c5a19894..878b35c5 100644
+--- a/go.sum
++++ b/go.sum
+@@ -399,8 +399,8 @@ github.com/tj/assert v0.0.3/go.mod h1:Ne6X72Q+TB1AteidzQncjw9PabbMp4PBMZ1k+vd1Pv
+ github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0=
+ github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao=
+ github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4=
+-github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+-github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
++github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg=
++github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+ github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+ github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
+ github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
+-- 
+2.51.0
+
diff --git a/switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch b/switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
new file mode 100644
index 0000000..9b4a867
--- /dev/null
+++ b/switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
@@ -0,0 +1,102 @@
+From 9e39845bda60e006936c8b6e34a02325d31448b3 Mon Sep 17 00:00:00 2001
+From: Christian Goll <cgoll@suse.com>
+Date: Fri, 18 Jul 2025 16:29:37 +0200
+Subject: [PATCH] switched to dnsmasq as default dhcp and tftp service
+
+---
+ CHANGELOG.md                |  1 +
+ etc/warewulf.conf           |  4 ++--
+ userdocs/server/dnsmasq.rst | 33 ++-------------------------------
+ warewulf.spec.in            |  2 +-
+ 4 files changed, 6 insertions(+), 34 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 26c5994c..0c6378e9 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -61,6 +61,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+ - Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays. #1950
+ - Fixed a race condition in `wwctl overlay edit`. #1947
+ - Fixed a syntax error in the RPM specfile.
++- switched to dnsmasq as default tftp and dhcp service
+ 
+ ## v4.6.2, 2025-07-09
+ 
+diff --git a/etc/warewulf.conf b/etc/warewulf.conf
+index 33cec64c..6e68047c 100644
+--- a/etc/warewulf.conf
++++ b/etc/warewulf.conf
+@@ -10,11 +10,11 @@ dhcp:
+   enabled: true
+   range start: 10.0.1.1
+   range end: 10.0.1.255
+-  systemd name: dhcpd
++  systemd name: dnsmasq
+   template: default
+ tftp:
+   enabled: true
+-  systemd name: tftp
++  systemd name: dnsmasq
+   ipxe:
+     00:09: ipxe-snponly-x86_64.efi
+     00:00: undionly.kpxe
+diff --git a/userdocs/server/dnsmasq.rst b/userdocs/server/dnsmasq.rst
+index b182ee8d..ba6037a0 100644
+--- a/userdocs/server/dnsmasq.rst
++++ b/userdocs/server/dnsmasq.rst
+@@ -2,37 +2,8 @@
+ Using dnsmasq
+ =============
+ 
+-As an experimental feature, it is possible to use ``dnsmasq`` instead of the ISC
+-``dhcpd`` server and ``TFTP`` server.
+-
+-In order to keep the file ``/etc/dnsmasq.d/ww4-hosts.conf`` is created and must
+-be included in the main ``dnsmasq.conf`` via the ``conf-dir=/etc/dnsmasq.d``
+-option.
+-
+-Installation
+-============
+-
+-Before the installation, make sure that ``dhcpd`` and ``tftp`` are disabled.
+-You can do that with the commands:
+-
+-.. code-block:: shell
+-
+-   systemctl disable --now dhcpd
+-   systemctl disable --now tftp
+-
+-Now you can install ``dnsmasq``.
+-
+-.. code-block:: shell
+-
+-   # Rocky Linux
+-   dnf install dnsmasq
+-
+-   # SUSE
+-   zypper install dnsmasq
+-
+-After the installation, instruct ``warewulf`` to use ``dnsmasq`` as its
+-``dhcpd`` and ``tftp`` service. This is done in the server configuration file,
+-typically at ``/etc/warewulf/warewulf.conf``:
++``dnsmasq`` is the default  ``dhcpd`` and ``tftp`` service. This can be configured
++in the server configuration file, typically at ``/etc/warewulf/warewulf.conf``:
+ 
+ .. code-block:: yaml
+ 
+diff --git a/warewulf.spec.in b/warewulf.spec.in
+index f32585db..ae5f098c 100644
+--- a/warewulf.spec.in
++++ b/warewulf.spec.in
+@@ -69,7 +69,7 @@ Requires: ipxe-bootimgs-aarch64
+ Requires: dnsmasq
+ %else
+ %if 0%{?rhel} >= 8 || 0%{?suse_version} || 0%{?fedora}
+-Requires: dhcp-server
++Requires: dnsmasq
+ %else
+ # rhel < 8 and others
+ Requires: dhcp
+-- 
+2.51.0
+
diff --git a/vendor.tar.xz b/vendor.tar.xz
index 9618996..9116b80 100644
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cb9dcd150f40c388fbea0f33691c33da61f2daeddeecfcb61820340af18d373e
-size 6156844
+oid sha256:629cfae88716e34aa4e99e7b45ab770eee3a44e1bf83bd24ccfaecf8c2d270fd
+size 6489812
diff --git a/warewulf-4.6.2.obscpio b/warewulf-4.6.2.obscpio
deleted file mode 100644
index 6169881..0000000
--- a/warewulf-4.6.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:64cfc3c2cfa8c1ef352915726fa55fee85b58f48e583b2acf123d2a09128ee5f
-size 4636684
diff --git a/warewulf-4.6.4.obscpio b/warewulf-4.6.4.obscpio
new file mode 100644
index 0000000..ac877a6
--- /dev/null
+++ b/warewulf-4.6.4.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b080ebcb0fcdeb3da9cb1e69a0053e7c0ffa0d1bd43d9e6bf8e58908bdda887e
+size 4748300
diff --git a/warewulf.obsinfo b/warewulf.obsinfo
index 39753f7..094a340 100644
--- a/warewulf.obsinfo
+++ b/warewulf.obsinfo
@@ -1,4 +1,4 @@
 name: warewulf
-version: 4.6.2
-mtime: 1752075635
-commit: 0cb9354364433a67b610278632cf46e3388f7045
+version: 4.6.4
+mtime: 1757112751
+commit: 4b9e2f0282ff82c31b20d65507dd02989210aaf2
diff --git a/warewulf4-rpmlintrc b/warewulf4-rpmlintrc
index e240abf..9a15886 100644
--- a/warewulf4-rpmlintrc
+++ b/warewulf4-rpmlintrc
@@ -1,8 +1,8 @@
 # ignore hidden files and executable bits in overlay
 # directories, as this files are meant to be run on
 # compute nodes
-addFilter("hidden-file-or-dir /var/lib/warewulf/overlays/,*")
-addFilter("non-executable-script /var/lib/warewulf/overlays/.*")
+#addFilter("hidden-file-or-dir /var/lib/warewulf/overlays/,*")
+#addFilter("non-executable-script /var/lib/warewulf/overlays/.*")
 # wwclient is called on a compute node *before* systemd in
 # order to provision the system, so it *must* be statically linked
 addFilter("statically-linked-binary .*/wwclient")
@@ -17,4 +17,4 @@ addFilter("no-version-in-last-changelog")
 addFilter("unused-rpmlintrc-filter")
 # ignore the binary in /usr/share as this binary will to the nodes and not run on
 # the host where the rpm is installed.
-# addFilter("arch-dependent-file-in-usr-share")
+addFilter("arch-dependent-file-in-usr-share")
diff --git a/warewulf4.changes b/warewulf4.changes
index e85c6a7..6097752 100644
--- a/warewulf4.changes
+++ b/warewulf4.changes
@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Mon Sep 08 09:45:51 UTC 2025 - Christian Goll <cgoll@suse.com>
+
+- Update to version 4.6.4:
+  * v4.6.4 release updates
+  * Convert disk booleans from wwbool to *bool which allows bools in 
+    disk to be set to false via command line (bsc#1248768)
+  * Update NetworkManager Overlay
+    * Disable ipv4 in NetworkManager if no address or route is specified
+  * fix(wwctl): Create overlay edit tempfile in tmpdir
+  * Add default for systemd name for warewulf in warewulf.conf
+  * Atomic overlay file application in wwclient
+  * Simpler names for overlay methods
+  * Fix warewulfd api behavior when deleting distribution overlay
+- renamed siwtched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
+  to switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
+- added fix-CVE-2025-58058.patch (bsc#1248906)
+
+-------------------------------------------------------------------
+Mon Aug 04 07:55:28 UTC 2025 - Christian Goll <cgoll@suse.com>
+
+- Update to version 4.6.3:
+  * v4.6.3 release
+  * IPv6 iPXE support
+  * Fix a syntax error in the RPM specfile
+  * Fix a race condition in wwctl overlay edit
+  * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays
+  * Move reexec.Init() to beginning of wwctl
+  * Add documentation for using tmpfs to distribute across numa nodes
+  * added warewuld configure option
+  * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465)
+  * Address copilot review from #1945
+  * Refactor wwapi tests for proper isolation
+  * Bugfix: cloning a site overlay when parent dir does not exist
+  * Clone to a site overlay when adding files in wwapi
+  * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile
+  * Support for creating and updating overlay file in wwapi
+  * Only return overlay files that refer to a path within the overlay
+  * add overlay file deletion support
+  * DELETE /api/overlays/{id}?force=true can delete overlays in use
+  * Restore idempotency of PUT /api/nodes/{id}
+  * Simplify overlay mtime api and add tests
+  * add node overlay buildtime
+  * Improved netplan support
+  * Rebuild overlays for discovered nodes
+  * Restrict userdocs from building during pr when not modified
+  * Update to v4.6.2 GitHub release notes
+
+-------------------------------------------------------------------
+Thu Jul 24 15:06:07 UTC 2025 - Christian Goll <cgoll@suse.com>
+
+- moved project provided overlays to /usr/share/warewulf/overlays,
+  user created overlays go to /var/lib/warewulf/overlays
+- added switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
+  which switches to dnsmasq as default dhcp and tftp provider
+- warewulf.conf will now be replaced, as old dhcpd config won't work 
+  any more
+
 -------------------------------------------------------------------
 Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com
 
@@ -10,7 +68,7 @@ Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com
   * security-fixes.patch
   * udev-regression.patch
 - marked slurm as recommeneded in the warewulf4-overlay-slurm
-  package bsc#124608
+  package bsc#1246082
 
 -------------------------------------------------------------------
 Fri Mar 28 09:59:27 UTC 2025 - Christian Goll <cgoll@suse.com>
diff --git a/warewulf4.spec b/warewulf4.spec
index ffe0010..9a9377c 100644
--- a/warewulf4.spec
+++ b/warewulf4.spec
@@ -16,6 +16,7 @@
 #
 
 
+%global ww4dir %{_localstatedir}/lib
 %global tftpdir /srv/tftpboot
 %global srvdir %{_sharedstatedir}
 #%%global githash fd49254ac592d325056aa58a564933a008539607
@@ -28,7 +29,7 @@
 ExclusiveArch:  x86_64 aarch64
 
 Name:           warewulf4
-Version:        4.6.2
+Version:        4.6.4
 Release:        0
 Summary:        A suite of tools for clustering
 License:        BSD-3-Clause
@@ -41,6 +42,10 @@ Source10:       config-ww4.sh
 Source11:       adjust_overlays.sh
 Source20:       README.dnsmasq
 Source21:       README.RKE2.md
+Patch0:         switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch
+Patch1:         fix-CVE-2025-58058.patch
+#Patch1:         overlay.patch
+#Patch2:         upstream.patch
 
 BuildRequires:  %{python_module Sphinx-latex}
 BuildRequires:  distribution-release
@@ -66,9 +71,9 @@ Requires:       iproute2
 Requires:       ipxe-bootimgs
 Requires:       logrotate
 Requires:       pigz
-Requires:       tftp
 Requires:       ( dhcp-server or dnsmasq )
-Suggests:       dhcp-server
+Requires:       ( tftp or dnsmasq )
+Suggests:       dnsmasq
 Recommends:     bash-completion
 Recommends:     ipmitool
 Recommends:     nfs-kernel-server
@@ -152,9 +157,9 @@ make defaults \
     PREFIX=%{_prefix} \
     BINDIR=%{_bindir} \
     SYSCONFDIR=%{_sysconfdir} \
-    DATADIR=%{_datadir} \
-    LOCALSTATEDIR=%{_sharedstatedir} \
-    SHAREDSTATEDIR=%{_sharedstatedir} \
+    DATADIR=%{ww4dir} \
+    LOCALSTATEDIR=%{_localstatedir}/lib \
+    SHAREDSTATEDIR=%{_localstatedir}/lib \
     MANDIR=%{_mandir} \
     INFODIR=%{_infodir} \
     DOCDIR=%{_docdir} \
@@ -164,6 +169,7 @@ make defaults \
     BASHCOMPDIR=/etc/bash_completion.d/ \
     FIREWALLDDIR=/usr/lib/firewalld/services \
     WWCLIENTDIR=/warewulf \
+    WWOVERLAYDIR=%{_sysconfdir}/warewulf/overlays/ \
     %{nil}
 make %{?_smp_mflags} build
 make %{?_smp_mflags} latexpdf
@@ -184,13 +190,12 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcwarewulfd
 mkdir -p %{buildroot}%{_datadir}/bash-completion/completions
 mv -v %{buildroot}%{_sysconfdir}/bash_completion.d/wwctl \
   %{buildroot}%{_datadir}/bash-completion/completions/wwctl
-# copy the LICESNSE.md via %%doc
+# copy the LICENSE.md via %%doc
 rm -f %{buildroot}/usr/share/doc/packages/warewulf/LICENSE.md
 cp %{S:20} %{S:21} .
 
 # use ipxe-bootimgs images from distribution
 yq e '
-  .tftp.["systemd name"] = "tftp.socket" |
   .tftp.ipxe."00:00" = "undionly.kpxe" |
   .tftp.ipxe."00:07" = "ipxe-x86_64.efi" |
   .tftp.ipxe."00:09" = "ipxe-x86_64.efi" |
@@ -201,33 +206,32 @@ yq e '
 # SUSE starts user UIDs at 1000
 #sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww
 # fix dhcp for SUSE
-mv %{buildroot}%{_prefix}/share/warewulf/overlays %{buildroot}%{_localstatedir}/lib/warewulf/
-mv %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww
-rmdir %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp
+mv %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww
+rmdir %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/dhcp
 
 # create systemuser
 echo "u warewulf -" > system-user-%{name}.conf
 echo "g warewulf -" >> system-user-%{name}.conf
 %sysusers_generate_pre system-user-%{name}.conf %{name} system-user-%{name}.conf
 install -D -m 644 system-user-%{name}.conf %{buildroot}%{_sysusersdir}/system-user-%{name}.conf
-install -D -m 755 %{S:10} %{buildroot}%{_datadir}/warewulf/scripts/config-warewulf.sh
-install -D -m 755 %{S:11} %{buildroot}%{_datadir}/warewulf/scripts/%{basename:S:11}
+install -D -m 755 %{S:10} %{buildroot}%{ww4dir}/warewulf/scripts/config-warewulf.sh
+install -D -m 755 %{S:11} %{buildroot}%{ww4dir}/warewulf/scripts/adjust_overlays.sh
 
 # get the slurm package ready
-mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
-mv %{buildroot}%{_sysconfdir}/warewulf/examples/slurm.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
-mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
-cat >  %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww <<EOF
+mkdir -p %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/slurm
+mv %{buildroot}%{_sysconfdir}/warewulf/examples/slurm.conf.ww %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/slurm
+mkdir -p %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge
+cat >  %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge/munge.key.ww <<EOF
 {{ Include "/etc/munge/munge.key" -}}
 EOF
-chmod 600 %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww
-mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm
-cat >  %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm/slurm.conf.ww <<EOF
+chmod 600 %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge/munge.key.ww
+mkdir -p %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/slurm
+cat >  %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/slurm/slurm.conf.ww <<EOF
 {{ Include "/etc/slurm/slurm.conf" }}
 EOF
 # prepare RKE2 configuration template
-mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2
-cat > %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww <<EOF
+mkdir -p %{buildroot}%{ww4dir}/warewulf/overlays/rke2-config/etc/rancher/rke2
+cat > %{buildroot}%{ww4dir}/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww <<EOF
 {{ if ne (index .Tags "server") "" -}}
 server: https://{{ index .Tags "server" }}:9345
 {{ end -}}
@@ -235,7 +239,7 @@ server: https://{{ index .Tags "server" }}:9345
 token: {{ index .Tags "connectiontoken" }}
 {{ end -}}
 EOF
-chmod 600 %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
+chmod 600 %{buildroot}%{ww4dir}/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
 # move the other example templates for client overlays to package documentation
 mkdir -p %{buildroot}/%{_defaultdocdir}/%{name}
 mv %{buildroot}/%{_sysconfdir}/warewulf/examples %{buildroot}%{_defaultdocdir}/%{name}/example-templates
@@ -255,7 +259,7 @@ if [ $1 -eq 1 ] ; then
     %{_bindir}/wwctl upgrade nodes --replace-overlay --add-defaults
     %{_bindir}/wwctl upgrade config
 else
-    %{_datadir}/warewulf/scripts/config-warewulf.sh
+    %{ww4dir}/warewulf/scripts/config-warewulf.sh
 fi
 
 %preun
@@ -264,34 +268,33 @@ fi
 %postun
 %service_del_postun warewulfd.service
 
-%posttrans overlay
-%{_datadir}/warewulf/scripts/%{basename:S:11}
+#%%posttrans overlay
+#%{ww4dir}/warewulf/scripts/adjust_overlays.sh
 
 %files
 %defattr(-,root,root)
-%doc README.md
-%doc README.dnsmasq
+%doc README.md README.dnsmasq
 %license LICENSE.md
 %{_datadir}/bash-completion/completions/wwctl
 %attr(0755, root, warewulf) %dir %{_sysconfdir}/warewulf
 %attr(0755, root, warewulf) %dir %{_defaultdocdir}/%{name}/example-templates
+%config %{_sysconfdir}/warewulf/warewulf.conf
 %config(noreplace) %{_sysconfdir}/warewulf/nodes.conf
-%config(noreplace) %{_sysconfdir}/warewulf/warewulf.conf
 %config(noreplace) %{_sysconfdir}/warewulf/grub
 %config(noreplace) %{_sysconfdir}/warewulf/ipxe
 %config(noreplace) %{_sysconfdir}/warewulf/auth.conf
 %config %{_sysconfdir}/logrotate.d/warewulf4
 %{_defaultdocdir}/%{name}/example-templates
 %{_prefix}/lib/firewalld/services/warewulf.xml
-%exclude %{_datadir}/warewulf/overlays
-%exclude %{_datadir}/warewulf/scripts/%{basename:S:11}
 %{_bindir}/wwctl
 %{_sbindir}/rcwarewulfd
 %{_unitdir}/warewulfd.service
 %{_sysusersdir}/system-user-%{name}.conf
-%{_datadir}/warewulf
+%{ww4dir}/warewulf/bmc
+%{ww4dir}/warewulf/scripts
 %ghost %{_sysconfdir}/profile.d/ssh_setup.sh
 %ghost %{_sysconfdir}/profile.d/ssh_setup.csh
+%dir %{ww4dir}/warewulf
 
 %files man
 %{_mandir}/man1/wwctl*1.gz
@@ -301,32 +304,26 @@ fi
 # The configuration files in this location are for the compute
 # nodes, so when modified we do not replace them as sensible
 # admin will read the changelog
-%{_localstatedir}/lib/warewulf/overlays
-%dir %{_localstatedir}/lib/warewulf
-%config(noreplace) %{_localstatedir}/lib/warewulf/overlays
-%{_datadir}/warewulf/scripts/%{basename:S:11}
-%exclude %{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
-%exclude %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm
-%exclude %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
-%exclude %{_localstatedir}/lib/warewulf/overlays/rke2-config
+%{ww4dir}/warewulf/overlays
+%exclude %{ww4dir}/warewulf/overlays/host/rootfs/etc/slurm
+%exclude %{ww4dir}/warewulf/overlays/slurm/rootfs/etc/slurm
+%exclude %{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge
+%exclude %{ww4dir}/warewulf/overlays/rke2-config
 
 %files overlay-slurm
-%dir %{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
-%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm/slurm.conf.ww
-%dir %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm
-%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm/slurm.conf.ww
-%dir %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
-%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww
-%dir %attr(0700,munge,munge) %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
-%attr(0600,munge,munge) %config(noreplace) %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww
+%dir %{ww4dir}/warewulf/overlays/host/rootfs/etc/slurm
+%{ww4dir}/warewulf/overlays/host/rootfs/etc/slurm/slurm.conf.ww
+%{ww4dir}/warewulf/overlays/slurm
+%dir %attr(0700,munge,munge) %{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge
+%attr(0600,munge,munge) %config(noreplace) %{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge/munge.key.ww
 
 %files overlay-rke2
 %doc README.RKE2.md
-%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config
-%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc
-%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher
-%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2
-%attr(0600,root,root) %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
+%dir %{ww4dir}/warewulf/overlays/rke2-config
+%dir %{ww4dir}/warewulf/overlays/rke2-config/etc
+%dir %{ww4dir}/warewulf/overlays/rke2-config/etc/rancher
+%dir %{ww4dir}/warewulf/overlays/rke2-config/etc/rancher/rke2
+%attr(0600,root,root) %{ww4dir}/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
 
 %files dracut
 %defattr(-, root, root)