diff --git a/src/moby/build.go b/src/moby/build.go
index aae38f308..13a8c1878 100644
--- a/src/moby/build.go
+++ b/src/moby/build.go
@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
@@ -121,6 +122,26 @@ func enforceContentTrust(fullImageName string, config *TrustConfig) bool {
 	return false
 }
 
+func outputImage(image Image, section string, prefix string, m Moby, idMap map[string]uint32, pull bool, iw *tar.Writer) error {
+	log.Infof("  Create OCI config for %s", image.Image)
+	useTrust := enforceContentTrust(image.Image, &m.Trust)
+	oci, err := ConfigToOCI(image, useTrust, idMap)
+	if err != nil {
+		return fmt.Errorf("Failed to create OCI spec for %s: %v", image.Image, err)
+	}
+	config, err := json.MarshalIndent(oci, "", "    ")
+	if err != nil {
+		return fmt.Errorf("Failed to create config for %s: %v", image.Image, err)
+	}
+	path := filepath.Join("containers", section, prefix+image.Name)
+	readonly := oci.Root.Readonly
+	err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
+	if err != nil {
+		return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+	}
+	return nil
+}
+
 // Build performs the actual build process
 func Build(m Moby, w io.Writer, pull bool, tp string) error {
 	if MobyDir == "" {
@@ -178,18 +199,9 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error {
 		log.Infof("Add onboot containers:")
 	}
 	for i, image := range m.Onboot {
-		log.Infof("  Create OCI config for %s", image.Image)
-		useTrust := enforceContentTrust(image.Image, &m.Trust)
-		config, err := ConfigToOCI(image, useTrust, idMap)
-		if err != nil {
-			return fmt.Errorf("Failed to create config.json for %s: %v", image.Image, err)
-		}
 		so := fmt.Sprintf("%03d", i)
-		path := "containers/onboot/" + so + "-" + image.Name
-		readonly := image.Readonly != nil && *image.Readonly
-		err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
-		if err != nil {
-			return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+		if err := outputImage(image, "onboot", so+"-", m, idMap, pull, iw); err != nil {
+			return err
 		}
 	}
 
@@ -197,18 +209,9 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error {
 		log.Infof("Add onshutdown containers:")
 	}
 	for i, image := range m.Onshutdown {
-		log.Infof("  Create OCI config for %s", image.Image)
-		useTrust := enforceContentTrust(image.Image, &m.Trust)
-		config, err := ConfigToOCI(image, useTrust, idMap)
-		if err != nil {
-			return fmt.Errorf("Failed to create config.json for %s: %v", image.Image, err)
-		}
 		so := fmt.Sprintf("%03d", i)
-		path := "containers/onshutdown/" + so + "-" + image.Name
-		readonly := image.Readonly != nil && *image.Readonly
-		err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
-		if err != nil {
-			return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+		if err := outputImage(image, "onshutdown", so+"-", m, idMap, pull, iw); err != nil {
+			return err
 		}
 	}
 
@@ -216,17 +219,8 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error {
 		log.Infof("Add service containers:")
 	}
 	for _, image := range m.Services {
-		log.Infof("  Create OCI config for %s", image.Image)
-		useTrust := enforceContentTrust(image.Image, &m.Trust)
-		config, err := ConfigToOCI(image, useTrust, idMap)
-		if err != nil {
-			return fmt.Errorf("Failed to create config.json for %s: %v", image.Image, err)
-		}
-		path := "containers/services/" + image.Name
-		readonly := image.Readonly != nil && *image.Readonly
-		err = ImageBundle(path, image.Image, config, iw, useTrust, pull, readonly)
-		if err != nil {
-			return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err)
+		if err := outputImage(image, "services", "", m, idMap, pull, iw); err != nil {
+			return err
 		}
 	}
 
diff --git a/src/moby/config.go b/src/moby/config.go
index 131557450..abf1d80fe 100644
--- a/src/moby/config.go
+++ b/src/moby/config.go
@@ -1,7 +1,6 @@
 package moby
 
 import (
-	"encoding/json"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -263,25 +262,25 @@ func NewImage(config []byte) (Image, error) {
 }
 
 // ConfigToOCI converts a config specification to an OCI config file
-func ConfigToOCI(image Image, trust bool, idMap map[string]uint32) ([]byte, error) {
+func ConfigToOCI(image Image, trust bool, idMap map[string]uint32) (specs.Spec, error) {
 
 	// TODO pass through same docker client to all functions
 	cli, err := dockerClient()
 	if err != nil {
-		return []byte{}, err
+		return specs.Spec{}, err
 	}
 
 	inspect, err := dockerInspectImage(cli, image.Image, trust)
 	if err != nil {
-		return []byte{}, err
+		return specs.Spec{}, err
 	}
 
 	oci, err := ConfigInspectToOCI(image, inspect, idMap)
 	if err != nil {
-		return []byte{}, err
+		return specs.Spec{}, err
 	}
 
-	return json.MarshalIndent(oci, "", "    ")
+	return oci, nil
 }
 
 func defaultMountpoint(tp string) string {