diff --git a/sdk_container/src/third_party/coreos-overlay/acct-group/tang/metadata.xml b/sdk_container/src/third_party/coreos-overlay/acct-group/tang/metadata.xml
new file mode 100644
index 00000000000..97ba7c28bbb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/acct-group/tang/metadata.xml
@@ -0,0 +1,8 @@
+
+
+
+
+ julien@jroy.ca
+ Julien Roy
+
+
diff --git a/sdk_container/src/third_party/coreos-overlay/acct-group/tang/tang-0.ebuild b/sdk_container/src/third_party/coreos-overlay/acct-group/tang/tang-0.ebuild
new file mode 100644
index 00000000000..c48b2ad8f54
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/acct-group/tang/tang-0.ebuild
@@ -0,0 +1,10 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit acct-group
+
+DESCRIPTION="Group for tang daemon"
+
+ACCT_GROUP_ID=-1
diff --git a/sdk_container/src/third_party/coreos-overlay/acct-user/tang/metadata.xml b/sdk_container/src/third_party/coreos-overlay/acct-user/tang/metadata.xml
new file mode 100644
index 00000000000..97ba7c28bbb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/acct-user/tang/metadata.xml
@@ -0,0 +1,8 @@
+
+
+
+
+ julien@jroy.ca
+ Julien Roy
+
+
diff --git a/sdk_container/src/third_party/coreos-overlay/acct-user/tang/tang-0.ebuild b/sdk_container/src/third_party/coreos-overlay/acct-user/tang/tang-0.ebuild
new file mode 100644
index 00000000000..e76b2a09263
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/acct-user/tang/tang-0.ebuild
@@ -0,0 +1,13 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit acct-user
+
+DESCRIPTION="User for tang daemon"
+
+ACCT_USER_ID=-1
+ACCT_USER_GROUPS=( ${PN} )
+
+acct-user_add_deps
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest
new file mode 100644
index 00000000000..ead9af1f716
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/Manifest
@@ -0,0 +1 @@
+DIST clevis-19.tar.gz 81324 BLAKE2B 75323940d0b53e307f5dbc197e3117e7ddc900d76ae1043bac3d17cc3af0264ba00a5f840c5c9dd3c2dd9c8fbde2cf05934b8ab3e89cd403ad8a8eb28609bb78 SHA512 dee19354c908c3843fc295a84b431780d5d6062c77766ee7ce9550636d3623d92b0cd1f6d4c40d57bef14debddc161da2b72289a5d6185cdd17b09a1ef67409a
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild
new file mode 100644
index 00000000000..3dbe616a328
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/clevis-19-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit meson
+
+DESCRIPTION="Automated Encryption Framework"
+HOMEPAGE="https://github.com/latchset/clevis"
+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+IUSE="+luks +tpm"
+
+DEPEND="
+ dev-libs/jose
+ sys-fs/cryptsetup
+ luks? (
+ app-misc/jq
+ dev-libs/libpwquality
+ dev-libs/luksmeta
+ )
+ tpm? ( app-crypt/tpm2-tools )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+ # From https://github.com/latchset/clevis/pull/347
+ # Allows using dracut without systemd
+ "${FILESDIR}/clevis-dracut.patch"
+ # Fix for systemd on Gentoo
+ "${FILESDIR}/clevis-meson.patch"
+)
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch
new file mode 100644
index 00000000000..60873b84e44
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-dracut.patch
@@ -0,0 +1,216 @@
+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build
+rename to src/dracut/clevis-pin-sss/meson.build
+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in
+rename to src/dracut/clevis-pin-sss/module-setup.sh.in
+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build
+rename to src/dracut/clevis-pin-tang/meson.build
+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in
+rename to src/dracut/clevis-pin-tang/module-setup.sh.in
+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build
+rename to src/dracut/clevis-pin-tpm2/meson.build
+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in
+rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in
+diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in
+new file mode 100755
+index 0000000..91ff2bd
+--- /dev/null
++++ b/src/dracut/clevis/clevis-hook.sh.in
+@@ -0,0 +1,3 @@
++#!/bin/bash
++
++@libexecdir@/clevis-luks-generic-unlocker -l
+diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker
+new file mode 100755
+index 0000000..a3b9d62
+--- /dev/null
++++ b/src/dracut/clevis/clevis-luks-generic-unlocker
+@@ -0,0 +1,70 @@
++#!/bin/bash
++set -eu
++# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
++#
++# Copyright (c) 2020-2021 Red Hat, Inc.
++# Author: Sergio Correia
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see .
++#
++
++. clevis-luks-common-functions
++
++# Make sure to exit cleanly if SIGTERM is received.
++trap 'echo "Exiting due to SIGTERM" && exit 0' TERM
++
++loop=
++while getopts ":l" o; do
++ case "${o}" in
++ l) loop=true;;
++ *) ;;
++ esac
++done
++
++to_unlock() {
++ local _devices='' _d _uuid
++ for _d in $(lsblk -o PATH,FSTYPE,RM \
++ | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u);
++ do
++ if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \
++ || [ -z "${bindings}" ]; then
++ continue
++ fi
++ _uuid="$(cryptsetup luksUUID "${_d}")"
++ if clevis_is_luks_device_by_uuid_open "${_uuid}"; then
++ continue
++ fi
++ _devices="$(printf '%s\n%s' "${_devices}" "${_d}")"
++ done
++ echo "${_devices}" | sed -e 's/^\n$//'
++}
++
++while true; do
++ for d in $(to_unlock); do
++ uuid="$(cryptsetup luksUUID "${d}")"
++ if ! clevis luks unlock -d "${d}"; then
++ echo "Unable to unlock ${d} (UUID=${uuid})" >&2
++ continue
++ fi
++ echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2
++ done
++
++ [ "${loop}" != true ] && break
++ # Checking for pending devices to be unlocked.
++ if remaining=$(to_unlock) && [ -z "${remaining}" ]; then
++ break;
++ fi
++
++ sleep 0.5
++done
+diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build
+similarity index 87%
+rename from src/luks/systemd/dracut/clevis/meson.build
+rename to src/dracut/clevis/meson.build
+index 167e708..224e27f 100644
+--- a/src/luks/systemd/dracut/clevis/meson.build
++++ b/src/dracut/clevis/meson.build
+@@ -16,6 +16,7 @@ if dracut.found()
+ install_dir: dracutdir,
+ configuration: data,
+ )
++ install_data('clevis-luks-generic-unlocker', install_dir: libexecdir)
+ else
+ warning('Will not install dracut module due to missing dependencies!')
+ endif
+diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in
+similarity index 76%
+rename from src/luks/systemd/dracut/clevis/module-setup.sh.in
+rename to src/dracut/clevis/module-setup.sh.in
+index bfe657c..dbce790 100755
+--- a/src/luks/systemd/dracut/clevis/module-setup.sh.in
++++ b/src/dracut/clevis/module-setup.sh.in
+@@ -19,7 +19,11 @@
+ #
+
+ depends() {
+- echo crypt systemd
++ local __depends=crypt
++ if dracut_module_included "systemd"; then
++ __depends=$(printf '%s systemd' "${_depends}")
++ fi
++ echo "${__depends}"
+ return 255
+ }
+
+@@ -27,17 +31,24 @@ install() {
+ if dracut_module_included "systemd"; then
+ inst_multiple \
+ $systemdsystemunitdir/clevis-luks-askpass.service \
+- $systemdsystemunitdir/clevis-luks-askpass.path
++ $systemdsystemunitdir/clevis-luks-askpass.path \
++ @SYSTEMD_REPLY_PASS@ \
++ @libexecdir@/clevis-luks-askpass
+ systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
+ else
+ inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
+ inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"
++
++ inst_multiple \
++ @libexecdir@/clevis-luks-generic-unlocker \
++ clevis-luks-unlock \
++ lsblk \
++ sort \
++ awk
+ fi
+
+ inst_multiple \
+ /etc/services \
+- @SYSTEMD_REPLY_PASS@ \
+- @libexecdir@/clevis-luks-askpass \
+ clevis-luks-common-functions \
+ grep sed cut \
+ clevis-decrypt \
+diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build
+similarity index 78%
+rename from src/luks/systemd/dracut/meson.build
+rename to src/dracut/meson.build
+index 7ad5b14..fdb264b 100644
+--- a/src/luks/systemd/dracut/meson.build
++++ b/src/dracut/meson.build
+@@ -2,4 +2,3 @@ subdir('clevis')
+ subdir('clevis-pin-tang')
+ subdir('clevis-pin-tpm2')
+ subdir('clevis-pin-sss')
+-subdir('clevis-pin-null')
+diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in
+deleted file mode 100755
+index cb257c9..0000000
+--- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in
++++ /dev/null
+@@ -1,2 +0,0 @@
+-#!/bin/bash
+-@libexecdir@/clevis-luks-askpass
+diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build
+index e3b3d91..b10494e 100644
+--- a/src/luks/systemd/meson.build
++++ b/src/luks/systemd/meson.build
+@@ -10,7 +10,6 @@ sd_reply_pass = find_program(
+
+ if systemd.found() and sd_reply_pass.found()
+ data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path())
+- subdir('dracut')
+
+ unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir')
+
+diff --git a/src/meson.build b/src/meson.build
+index c4e696f..a0dff5b 100644
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -1,6 +1,7 @@
+ subdir('bash')
+ subdir('luks')
+ subdir('pins')
++subdir('dracut')
+ subdir('initramfs-tools')
+
+ bins += join_paths(meson.current_source_dir(), 'clevis-decrypt')
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch
new file mode 100644
index 00000000000..bfd517d3e11
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/files/clevis-meson.patch
@@ -0,0 +1,11 @@
+diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build
+index b10494e3ca4d620437aee0d5e440eecf323b03d9..09f7fb51e7320aa71e275c34baa0561233821d69 100644
+--- a/src/luks/systemd/meson.build
++++ b/src/luks/systemd/meson.build
+@@ -5,6 +5,7 @@ sd_reply_pass = find_program(
+ join_paths(get_option('prefix'), 'lib', 'systemd', 'systemd-reply-password'),
+ join_paths('/', 'usr', get_option('libdir'), 'systemd', 'systemd-reply-password'),
+ join_paths('/', 'usr', 'lib', 'systemd', 'systemd-reply-password'),
++ join_paths('/', 'lib', 'systemd', 'systemd-reply-password'),
+ required: false
+ )
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml
new file mode 100644
index 00000000000..18fcd69367f
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/clevis/metadata.xml
@@ -0,0 +1,15 @@
+
+
+
+
+ kjain7@u.rochester.edu
+ Krish Jain (based off Julien Roy's work)
+
+
+ latchset/clevis
+
+
+
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/Manifest
new file mode 100644
index 00000000000..dca30c608a0
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/Manifest
@@ -0,0 +1,2 @@
+DIST tang-13.tar.gz 41537 BLAKE2B 23c7ebb0e74d56c712200e0bcbf048d32e82f08c91eece19337fc9725a6de48240958435c560a32f47fe506e607b38fc29c2b05635f232f713c8af6066a33ac0 SHA512 c8e99498b31a45bb97092d764bbe5f13f9152a8128ef774de6ac99bd44f15d5895b462ecefc504f37142fdacafc86a39059204514aa509db257b342553e00641
+DIST tang-14.tar.gz 41616 BLAKE2B a26091108b16342f51cf05745ae68b56fab5ffac6d9f9191b4d6952a5c88afcbad8bbcfc0e4754b8d9c5ebf659874026a2020c1ad305f4f7393d2487ec5f95d5 SHA512 3b0872f51d9aa8dfd232fa328a326503800a1eedfe7cf9d73f8e10a3cfb97f667996708a18ea04c982c3ca477fe36961045649437b953c593fce544d8dee8048
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd
new file mode 100644
index 00000000000..3bca6e1b81f
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd
@@ -0,0 +1,8 @@
+# Address for tang to listen to (default: 0.0.0.0)
+ADDRESS=0.0.0.0
+
+# Port for tang to listen to (default: 8888)
+PORT=8888
+
+# Directory where keys will be stored (default: /var/db/tang)
+TANGDIR=/var/db/tang
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd.initd b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd.initd
new file mode 100644
index 00000000000..fc3c25c03cb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd.initd
@@ -0,0 +1,11 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="tang daemon"
+description="Tang binding daemon"
+command=/usr/bin/socat
+pidfile="/var/run/${RC_SVCNAME}.pid"
+command_user="tang"
+command_args="TCP-LISTEN:${PORT},bind=${ADDRESS},fork SYSTEM:'/usr/libexec/tangd ${TANGDIR}'"
+command_background=true
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd.service b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd.service
new file mode 100644
index 00000000000..59625d9741b
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/files/tangd.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Tang Server
+
+[Service]
+ExecStart=/usr/bin/socat TCP-LISTEN:8888,bind=0.0.0.0,fork SYSTEM:'/usr/libexec/tangd /var/db/tang'
+User=tang
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/metadata.xml
new file mode 100644
index 00000000000..89293a302d7
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/metadata.xml
@@ -0,0 +1,11 @@
+
+
+
+
+ julien@jroy.ca
+ Julien Roy
+
+
+ latchset/tang
+
+
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/tang-13.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/tang-13.ebuild
new file mode 100644
index 00000000000..1b055c35e18
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/tang-13.ebuild
@@ -0,0 +1,35 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit meson systemd
+
+DESCRIPTION="Tang binding daemon"
+HOMEPAGE="https://github.com/latchset/tang"
+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+DEPEND="acct-user/tang
+ net-misc/socat
+ >=net-libs/http-parser-2.8.0
+ >=dev-libs/jose-8"
+RDEPEND="${DEPEND}"
+BDEPEND="app-text/asciidoc"
+
+src_install(){
+ meson_install
+ newinitd "${FILESDIR}"/tangd.initd tangd
+ systemd_dounit "${FILESDIR}"/tangd.service
+
+ doconfd "${FILESDIR}"/tangd
+
+ dodir /var/db/tang
+ keepdir /var/db/tang
+ fowners tang:tang /var/db/tang
+ fperms 770 /var/db/tang
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/tang-14.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/tang-14.ebuild
new file mode 100644
index 00000000000..1b055c35e18
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tang/tang-14.ebuild
@@ -0,0 +1,35 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit meson systemd
+
+DESCRIPTION="Tang binding daemon"
+HOMEPAGE="https://github.com/latchset/tang"
+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+DEPEND="acct-user/tang
+ net-misc/socat
+ >=net-libs/http-parser-2.8.0
+ >=dev-libs/jose-8"
+RDEPEND="${DEPEND}"
+BDEPEND="app-text/asciidoc"
+
+src_install(){
+ meson_install
+ newinitd "${FILESDIR}"/tangd.initd tangd
+ systemd_dounit "${FILESDIR}"/tangd.service
+
+ doconfd "${FILESDIR}"/tangd
+
+ dodir /var/db/tang
+ keepdir /var/db/tang
+ fowners tang:tang /var/db/tang
+ fperms 770 /var/db/tang
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
index a215fdea4b0..75e51bbfa71 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@@ -100,6 +100,7 @@ RDEPEND="${RDEPEND}
app-arch/zip
app-arch/ncompress
app-crypt/adcli
+ app-crypt/clevis
app-crypt/gnupg
app-crypt/go-tspi
app-crypt/tpmpolicy
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/Manifest
new file mode 100644
index 00000000000..e93f6475fb7
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/Manifest
@@ -0,0 +1 @@
+DIST jose-11.tar.gz 841374 BLAKE2B 5ffe35ebd48ed72d140e1dbf3ad37fcc3b4fd5534a5e1a5d9c43e82ad1901f989610baee2e2eb17209fd72f73c4f17227bed01d168bb4d243f067ec25051f913 SHA512 ffe09000837f79cefa549734d13c5d5d51042a42a055867241777ccbff3a127bac86a6155638fdf5ee52aad3598829e19724fd4e7de541117ed9b1c77c2ce457
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/jose-11-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/jose-11-r1.ebuild
new file mode 100644
index 00000000000..98b90658fa7
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/jose-11-r1.ebuild
@@ -0,0 +1,20 @@
+# Copyright 2022-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit meson
+
+DESCRIPTION="C-language implementation of Javascript Object Signing and Encryption"
+HOMEPAGE="https://github.com/latchset/jose"
+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+
+DEPEND="dev-libs/jansson"
+RDEPEND="${DEPEND}
+ dev-libs/openssl:=
+"
+BDEPEND=""
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/metadata.xml b/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/metadata.xml
new file mode 100644
index 00000000000..bfb2fba0b95
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/jose/metadata.xml
@@ -0,0 +1,11 @@
+
+
+
+
+ julien@jroy.ca
+ Julien Roy
+
+
+ latchset/jose
+
+
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/Manifest
new file mode 100644
index 00000000000..95c5937c649
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/Manifest
@@ -0,0 +1 @@
+DIST luksmeta-9.tar.gz 27650 BLAKE2B e55796929410e9a3124c3f28066bac42b46e71df98ab7a1e58c1f973d4fda41d7c8d64b735ae0d1e192054297932951407083f89a7f255c09d22dce370865036 SHA512 874331988fe2648d4924779b348f190ed5c6e4d71da4ad027f176e3f8dcbc78fc26e9f9b8402a97437db5b884db31b72598afc70e025cd8533168a5986417a76
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/files/luksmeta-tests.patch b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/files/luksmeta-tests.patch
new file mode 100644
index 00000000000..aeca5886197
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/files/luksmeta-tests.patch
@@ -0,0 +1,137 @@
+# Closes Gentoo bug 837308
+# This patch backports the master branch's test-lm-{big,one,two}.c and test-luksmeta.c
+# due to failing tests on v9 tag (see https://bugs.gentoo.org/837308)
+
+diff --git a/test-lm-assumptions.c b/test-lm-assumptions.c
+index d9ff20b..b4f293f 100644
+--- a/test-lm-assumptions.c
++++ b/test-lm-assumptions.c
+@@ -28,7 +28,8 @@ main(int argc, char *argv[])
+ /* Test the layout state. */
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- END(1024), /* Rest of the file */
++ { 1024, 3072, true }, /* Keyslot Area */
++ { 0, 0 },
+ }));
+
+ unlink(filename);
+diff --git a/test-lm-big.c b/test-lm-big.c
+index 6098e59..eb94d3b 100644
+--- a/test-lm-big.c
++++ b/test-lm-big.c
+@@ -111,7 +111,7 @@ main(int argc, char *argv[])
+
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ { offset + 4096, 4096 }, /* luksmeta slot 0 */
+ { offset + 8192, 4096 }, /* luksmeta slot 0 (cont) */
+@@ -127,7 +127,7 @@ main(int argc, char *argv[])
+
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ END(offset + 4096), /* Rest of the file */
+ }));
+diff --git a/test-lm-init.c b/test-lm-init.c
+index 2a6cb45..b16d597 100644
+--- a/test-lm-init.c
++++ b/test-lm-init.c
+@@ -57,7 +57,7 @@ main(int argc, char *argv[])
+ /* Test the layout state. */
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ END(offset + 4096), /* Rest of the file */
+ }));
+@@ -106,7 +106,7 @@ main(int argc, char *argv[])
+ assert(luksmeta_test(cd) == -ENOENT);
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ END(offset), /* Rest of the file */
+ }));
+
+diff --git a/test-lm-one.c b/test-lm-one.c
+index 8deb70a..18613e0 100644
+--- a/test-lm-one.c
++++ b/test-lm-one.c
+@@ -49,7 +49,7 @@ main(int argc, char *argv[])
+ /* Test the layout state. */
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ { offset + 4096, 4096 }, /* luksmeta slot 0 */
+ END(offset + 8192), /* Rest of the file */
+@@ -68,7 +68,7 @@ main(int argc, char *argv[])
+ /* Test the layout state. */
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ END(offset + 4096), /* Rest of the file */
+ }));
+diff --git a/test-lm-two.c b/test-lm-two.c
+index 78fea5b..9f0b1c5 100644
+--- a/test-lm-two.c
++++ b/test-lm-two.c
+@@ -53,7 +53,7 @@ main(int argc, char *argv[])
+
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ { offset + 4096, 4096 }, /* luksmeta slot 0 */
+ END(offset + 8192), /* Rest of the file */
+@@ -70,7 +70,7 @@ main(int argc, char *argv[])
+
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ { offset + 4096, 4096 }, /* luksmeta slot 0 */
+ { offset + 8192, 4096 }, /* luksmeta slot 1 */
+@@ -88,7 +88,7 @@ main(int argc, char *argv[])
+ assert(luksmeta_wipe(cd, 0, UUID0) == 0);
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ { offset + 4096, 4096, true }, /* luksmeta slot 0 */
+ { offset + 8192, 4096 }, /* luksmeta slot 1 */
+@@ -99,7 +99,7 @@ main(int argc, char *argv[])
+ assert(luksmeta_wipe(cd, 1, UUID1) == 0);
+ assert(test_layout((range_t[]) {
+ { 0, 1024 }, /* LUKS header */
+- { 1024, offset - 1024, true }, /* Keyslot Area */
++ { 1024, 3072, true }, /* Keyslot Area */
+ { offset, 4096 }, /* luksmeta header */
+ END(offset + 4096), /* Rest of the file */
+ }));
+diff --git a/test-luksmeta b/test-luksmeta
+index fd17ead..f1e8b2e 100755
+--- a/test-luksmeta
++++ b/test-luksmeta
+@@ -11,7 +11,7 @@ function onexit() {
+ trap 'onexit' EXIT
+
+ truncate -s 4M $tmp
+-echo -n foo | cryptsetup luksFormat $tmp -
++echo -n foo | cryptsetup luksFormat --type luks1 $tmp -
+
+ ! ./luksmeta test -d $tmp
+
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/luksmeta-9.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/luksmeta-9.ebuild
new file mode 100644
index 00000000000..84bc7c39384
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/luksmeta-9.ebuild
@@ -0,0 +1,34 @@
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="LUKSMeta is a simple library for storing metadata in the LUKSv1 header"
+HOMEPAGE="https://github.com/latchset/luksmeta"
+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+IUSE="+man"
+
+DEPEND="sys-fs/cryptsetup"
+RDEPEND="${DEPEND}"
+BDEPEND="man? ( app-text/asciidoc )
+ sys-devel/libtool"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-tests.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/metadata.xml b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/metadata.xml
new file mode 100644
index 00000000000..4a0695b777b
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/luksmeta/metadata.xml
@@ -0,0 +1,11 @@
+
+
+
+
+ julien@jroy.ca
+ Julien Roy
+
+
+ latchset/luksmeta
+
+
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask
index 7f198c44e90..928924c2ccc 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/prod/package.mask
@@ -4,7 +4,6 @@
# We don't want to support interpreted languages, changes/updates we make
# would have a high risk of breaking users.
dev-lang/perl
-dev-lang/python
dev-lang/ruby
# We do not configure/install grub like other distros so shipping the user
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild
index b8c81c0245c..24319b5ffa3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild
@@ -2,7 +2,7 @@
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-CROS_WORKON_PROJECT="flatcar/bootengine"
+CROS_WORKON_PROJECT="krishjainx/bootengine"
CROS_WORKON_LOCALNAME="bootengine"
CROS_WORKON_OUTOFTREE_BUILD=1
CROS_WORKON_REPO="https://github.com"
@@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com"
if [[ "${PV}" == 9999 ]]; then
KEYWORDS="~amd64 ~arm ~arm64 ~x86"
else
- CROS_WORKON_COMMIT="cc0fdec0cc6c5692acac95a928984ea8a5eb8f08" # flatcar-master
+ CROS_WORKON_COMMIT="6a286c04e4d0cccf70808ff5a9d9fb0f0aa76521" # flatcar-master
KEYWORDS="amd64 arm arm64 x86"
fi
@@ -41,7 +41,6 @@ src_install() {
"${D}"/usr/lib/dracut/modules.d/99setup-root/initrd-setup-root \
"${D}"/usr/lib/dracut/modules.d/99setup-root/initrd-setup-root-after-ignition \
"${D}"/usr/lib/dracut/modules.d/99setup-root/gpg-agent-wrapper \
- "${D}"/usr/lib/dracut/modules.d/30ignition/coreos-metadata-wrapper \
- "${D}"/usr/lib/dracut/modules.d/30ignition/ignition-wrapper \
+ "${D}"/usr/lib/dracut/modules.d/30ignition/*-wrapper \
|| die chmod
}
diff --git a/sdk_container/src/third_party/gentoo b/sdk_container/src/third_party/gentoo
new file mode 160000
index 00000000000..8a26e0f2f02
--- /dev/null
+++ b/sdk_container/src/third_party/gentoo
@@ -0,0 +1 @@
+Subproject commit 8a26e0f2f02cfbf5c9bbf35d814fdaaf575fa91e
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest
new file mode 100644
index 00000000000..f9743f21037
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/Manifest
@@ -0,0 +1,3 @@
+DIST tpm2-tools-5.2.tar.gz 1072078 BLAKE2B 27d035e0f44029db57477a1fd10e1cee9b470ad54411297985cb7f33ba7bbb7a94ac392815e32287d69abf928dce0c361703542b812ae88b208ddca645bb3be2 SHA512 9fb5dc298717a8a57c89d286e3590370a096c81b14d2d8d4eb5fca140d66148a8e24727ee04fb02057bbfcc3ede50e93ba0ef22396888c9df48bf6f42a5d6e6b
+DIST tpm2-tools-5.4.tar.gz 1241132 BLAKE2B 21406ec61de19db49f1dd1ff9648e1b0a9ae2647df2ce290acca40c2fc54464e3c8a744afdbc9314ca731869ac974a7863e2bea3c70df844a972501a5b7973f2 SHA512 8d7802b85bd26b6efa0ed6be73b917b907bb7b424ff7d07e46e5574dfdd9d46ea2d7727904ebaba4651c8d1249cd52a7dc6dff8e9635666c8d97ca7c337a0396
+DIST tpm2-tools-5.5.tar.gz 1241390 BLAKE2B 2225f9e0835988351f84ed06f914616e25fd65bacaa93b51d0bb04185314efb9a6f60eb3539b250f54b2c2ba590f1b76594df3e625e45c8d37e38d13371bea26 SHA512 24f72a3e9840d531d900e96771a863baae1c71a76fcad0fda8020dff06acd8e3b65b86401ace21f034766403caf9ae97ce710ff6013bb7ed25657a6ecf325470
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch
new file mode 100644
index 00000000000..25f3ef43fe3
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.1.1-no-efivar-automagic.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/812047
+
+From 0cea7f0f78f1a9e8dca789eb5f2ece052e026bed Mon Sep 17 00:00:00 2001
+From: Christopher Byrne
+Date: Tue, 7 Sep 2021 20:22:27 -0500
+Subject: [PATCH] configure.ac: Fix automagic depency on libefivar
+
+Signed-off-by: Christopher Byrne
+---
+ configure.ac | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f1c17116..bdb4abda 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -62,8 +62,12 @@ PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0])
+ PKG_CHECK_MODULES([CURL], [libcurl])
+
+ # pretty print of devicepath if efivar library is present
+-PKG_CHECK_MODULES([EFIVAR], [efivar],,[true])
+-AC_CHECK_HEADERS([efivar/efivar.h])
++AC_ARG_WITH([efivar], AS_HELP_STRING([--without-efivar], [Build without efivar library (default: test)]))
++
++AS_IF([test "x$with_efivar" != "xno"], [
++ PKG_CHECK_MODULES([EFIVAR], [efivar])
++ AC_CHECK_HEADERS([efivar/efivar.h])
++])
+
+ # backwards compat with older pkg-config
+ # - pull in AC_DEFUN from pkg.m4
+--
+2.32.0
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch
new file mode 100644
index 00000000000..e1094647bdf
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/files/tpm2-tools-5.2-testparms-fix-condition-for-negative-test.patch
@@ -0,0 +1,33 @@
+From 3d80fad66694ad14a58dd89204a25e9248c4ab0c Mon Sep 17 00:00:00 2001
+From: Jonas Witschel
+Date: Wed, 29 Sep 2021 17:08:07 +0200
+Subject: [PATCH] testparms: fix condition for negative test
+
+Commit e858dec76686bb4c42e74e0984b433231e530f93 ("testparms: ensure curve not
+supported before negative test") is supposed to ensure that the negative test
+is run only if ecc521 is *not* supported, but instead it runs the negative test
+if ecc521 is *available*. This worked anyway for libtpms < 0.9.0 because camellia
+was not supported, but since libtpms 0.9.0 added support for this algorithm, the
+test suite fails now with swtpm.
+
+Signed-off-by: Jonas Witschel
+---
+ test/integration/tests/testparms.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/integration/tests/testparms.sh b/test/integration/tests/testparms.sh
+index 8c3548e5..a587a60a 100644
+--- a/test/integration/tests/testparms.sh
++++ b/test/integration/tests/testparms.sh
+@@ -63,7 +63,7 @@ else
+ fi
+
+ # Attempt to specify a suite that is not supported (error from TPM)
+-if tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then
++if ! tpm2 getcap ecc-curves | grep -q TPM2_ECC_NIST_P521; then
+ if tpm2 testparms "ecc521:ecdsa:camellia" &>/dev/null; then
+ echo "tpm2 testparms succeeded while it shouldn't or TPM failed"
+ exit 1
+--
+2.32.0
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml
new file mode 100644
index 00000000000..655f63bb3df
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/metadata.xml
@@ -0,0 +1,18 @@
+
+
+
+
+ salah.coronya@gmail.com
+ Christopher Byrne
+
+
+ proxy-maint@gentoo.org
+ Proxy Maintainers
+
+
+
+ tpm2-software/tpm2-tools
+
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.2-r1.ebuild
new file mode 100644
index 00000000000..b51e5b4b83e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.2-r1.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit autotools bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+ dev-libs/openssl:=
+ net-misc/curl
+ sys-libs/efivar:="
+DEPEND="${RDEPEND}
+ test? (
+ app-crypt/swtpm
+ app-crypt/tpm2-abrmd
+ dev-util/cmocka
+ )"
+BDEPEND="virtual/pkgconfig
+ sys-devel/autoconf-archive
+ test? (
+ app-editors/vim-core
+ dev-tcltk/expect
+ $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+ )
+ ${PYTHON_DEPS}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-5.1.1-no-efivar-automagic.patch"
+ "${FILESDIR}/${PN}-5.2-testparms-fix-condition-for-negative-test.patch"
+)
+
+python_check_deps() {
+ python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+ sed -i \
+ "s/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/" \
+ "configure.ac" || die
+ "./scripts/utils/man_to_bashcompletion.sh" || die
+ eautoreconf
+}
+
+src_configure() {
+ # tests fail with LTO enabbled. See bug 865275 and 865277
+ filter-lto
+ econf \
+ $(use_enable fapi) \
+ $(use_enable test unit) \
+ --with-bashcompdir=$(get_bashcompdir) \
+ --enable-hardening
+}
+
+src_install() {
+ default
+ mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+ local utils=( "${ED}"/usr/bin/tpm2_* )
+ bashcomp_alias tpm2 "${utils[@]##*/}"
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.4.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.4.ebuild
new file mode 100644
index 00000000000..c6a8bf53eeb
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.4.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+ dev-libs/openssl:=
+ net-misc/curl
+ sys-libs/efivar:="
+DEPEND="${RDEPEND}
+ test? (
+ app-crypt/swtpm
+ app-crypt/tpm2-abrmd
+ dev-util/cmocka
+ )"
+BDEPEND="virtual/pkgconfig
+ sys-devel/autoconf-archive
+ test? (
+ app-editors/vim-core
+ dev-tcltk/expect
+ $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+ )
+ ${PYTHON_DEPS}"
+
+python_check_deps() {
+ python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_configure() {
+ # tests fail with LTO enabbled. See bug 865275 and 865277
+ filter-lto
+ econf \
+ $(use_enable fapi) \
+ $(use_enable test unit) \
+ --with-bashcompdir=$(get_bashcompdir) \
+ --enable-hardening
+}
+
+src_install() {
+ default
+ mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+ local utils=( "${ED}"/usr/bin/tpm2_* )
+ bashcomp_alias tpm2 "${utils[@]##*/}"
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild
new file mode 100644
index 00000000000..98c2668e4dd
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tools/tpm2-tools-5.5.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit bash-completion-r1 flag-o-matic python-any-r1
+
+DESCRIPTION="Tools for the TPM 2.0 TSS"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tools"
+SRC_URI="https://github.com/tpm2-software/tpm2-tools/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ppc64 x86"
+IUSE="+fapi test"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=app-crypt/tpm2-tss-3.0.1:=[fapi?]
+ dev-libs/openssl:=
+ net-misc/curl
+ sys-libs/efivar:="
+DEPEND="${RDEPEND}
+ test? (
+ app-crypt/swtpm
+ app-crypt/tpm2-abrmd
+ dev-util/cmocka
+ )"
+BDEPEND="virtual/pkgconfig
+ sys-devel/autoconf-archive
+ test? (
+ app-editors/vim-core
+ dev-tcltk/expect
+ $(python_gen_any_dep 'dev-python/pyyaml[${PYTHON_USEDEP}]')
+ )
+ ${PYTHON_DEPS}"
+
+python_check_deps() {
+ python_has_version "dev-python/pyyaml[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_configure() {
+ # tests fail with LTO enabbled. See bug 865275 and 865277
+ filter-lto
+ econf \
+ $(use_enable fapi) \
+ $(use_enable test unit) \
+ --with-bashcompdir=$(get_bashcompdir) \
+ --enable-hardening
+}
+
+src_install() {
+ default
+ mv "${ED}"/$(get_bashcompdir)/tpm2{_completion.bash,} || die
+ local utils=( "${ED}"/usr/bin/tpm2_* )
+ utils=("${utils[@]##*/}")
+ # these utiltites don't have bash completions
+ local nobashcomp=( tpm2_encodeobject tpm2_getpolicydigest tpm2_sessionconfig )
+ mapfile -d $'\0' -t utils < <(printf '%s\0' "${utils[@]}" | grep -Ezvw "${nobashcomp[@]/#/-e}")
+ bashcomp_alias tpm2 "${utils[@]}"
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest
new file mode 100644
index 00000000000..e5a285d2b76
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/Manifest
@@ -0,0 +1 @@
+DIST tpm2-tss-4.0.1.tar.gz 1787139 BLAKE2B 627cdefeff6c64148f9da1425922a0a7a72debcee4930ffab208a3b9b66127c2d4f923e3e105bfd45410cdb13c19cb40cc15a720e9a05dd32ff622dabf5fcc32 SHA512 ed6ddc52cb0e8c1082a4bb001e1225eb9905fd2380da88db5fd69ff5b5d9d43a93eb67b634e49d53eb5d586832da3aef2c4c7e5f18d51bb730481f8913319d7d
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch
new file mode 100644
index 00000000000..ca51ab7f938
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.0-Dont-install-files-into-run.patch
@@ -0,0 +1,26 @@
+diff --git a/Makefile.am b/Makefile.am
+index 2c81cfa9..2673995c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -767,13 +767,11 @@ define set_tss_permissions
+ endef
+
+ define make_fapi_dirs
+- ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \
+ ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/))
+ endef
+
+ define set_fapi_permissions
+ if test -z "${DESTDIR}"; then \ e
+- ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \
+ ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \
+ fi
+ endef
+@@ -784,7 +782,6 @@ endef
+
+ define check_fapi_dirs
+ if test -z "${DESTDIR}"; then \
+- ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \
+ ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \
+ fi;
+ endef
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch
new file mode 100644
index 00000000000..d93fcf9ef2d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/files/tpm2-tss-4.0.1-Make-sysusers-and-tmpfiles-optional.patch
@@ -0,0 +1,50 @@
+From 75f53cf7eab591870ce735203995d01d2f577187 Mon Sep 17 00:00:00 2001
+From: Christopher Byrne
+Date: Tue, 13 Jun 2023 21:40:56 -0500
+Subject: [PATCH] configure.ac: Make sysusers and tmpfiles optional
+
+Signed-off-by: Christopher Byrne
+---
+ Makefile.am | 6 +++++-
+ configure.ac | 4 ++--
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 2c81cfa9..98965fa7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -563,10 +563,14 @@ fapi-config.json: dist/fapi-config.json.in
+ -e 's|[@]sysmeasurements@|$(sysmeasurements)|g' \
+ < "$<" > "$@"
+
++if SYSD_SYSUSERS
+ sysusers_DATA = dist/sysusers.d/tpm2-tss.conf
+-tmpfiles_DATA = tpm2-tss-fapi.conf
++endif
+
++if SYSD_TMPFILES
++tmpfiles_DATA = tpm2-tss-fapi.conf
+ CLEANFILES += tpm2-tss-fapi.conf
++endif
+
+ # We have to do this ourselves, in order to get absolute paths
+ tpm2-tss-fapi.conf: dist/tmpfiles.d/tpm2-tss-fapi.conf.in
+diff --git a/configure.ac b/configure.ac
+index b6550278..2d478147 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -550,9 +550,9 @@ AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_cer
+
+ # Check for systemd helper tools used by make install
+ AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes)
+-AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes")
++AM_CONDITIONAL([SYSD_SYSUSERS], [test "x$systemd_sysusers" = "xyes" && test "x$sysusersdir" != "xno"])
+ AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes)
+-AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes")
++AM_CONDITIONAL([SYSD_TMPFILES], [test "x$systemd_tmpfiles" = "xyes" && test "x$tmpfilesdir" != "xno"])
+
+ # Check all tools used by make install
+ AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"],
+--
+2.39.3
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml
new file mode 100644
index 00000000000..ada5791c33d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/metadata.xml
@@ -0,0 +1,21 @@
+
+
+
+
+ salah.coronya@gmail.com
+ Christopher Byrne
+
+
+ proxy-maint@gentoo.org
+ Proxy Maintainers
+
+
+
+ tpm2-software/tpm2-tss
+
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild
new file mode 100644
index 00000000000..3e27adc524f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm2-tss/tpm2-tss-4.0.1.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic linux-info multilib-minimal tmpfiles udev
+
+DESCRIPTION="TCG Trusted Platform Module 2.0 Software Stack"
+HOMEPAGE="https://github.com/tpm2-software/tpm2-tss"
+SRC_URI="https://github.com/tpm2-software/${PN}/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0/4"
+KEYWORDS="amd64 arm arm64 ~loong ppc64 ~riscv x86"
+IUSE="doc +fapi +openssl mbedtls +policy static-libs test"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( mbedtls openssl )
+ fapi? ( openssl !mbedtls )
+ policy? ( openssl !mbedtls )"
+
+RDEPEND="acct-group/tss
+ acct-user/tss
+ sys-apps/util-linux:=[${MULTILIB_USEDEP}]
+ fapi? ( dev-libs/json-c:=[${MULTILIB_USEDEP}]
+ >=net-misc/curl-7.80.0[${MULTILIB_USEDEP}] )
+ mbedtls? ( net-libs/mbedtls:=[${MULTILIB_USEDEP}] )
+ openssl? ( dev-libs/openssl:=[${MULTILIB_USEDEP}] )"
+
+DEPEND="${RDEPEND}
+ test? ( app-crypt/swtpm
+ dev-libs/uthash
+ dev-util/cmocka
+ fapi? ( >=net-misc/curl-7.80.0 ) )"
+BDEPEND="sys-apps/acl
+ virtual/pkgconfig
+ doc? ( app-doc/doxygen )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-4.0.0-Dont-install-files-into-run.patch"
+ "${FILESDIR}/${PN}-4.0.1-Make-sysusers-and-tmpfiles-optional.patch"
+ )
+
+pkg_setup() {
+ local CONFIG_CHECK=" \
+ ~TCG_TPM
+ "
+ linux-info_pkg_setup
+ kernel_is ge 4 12 0 || ewarn "At least kernel 4.12.0 is required"
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # tests fail with LTO enabbled. See bug 865275 and 865279
+ filter-lto
+
+ ECONF_SOURCE=${S} econf \
+ --localstatedir=/var \
+ $(multilib_native_use_enable doc doxygen-doc) \
+ $(use_enable fapi) \
+ $(use_enable policy) \
+ $(use_enable static-libs static) \
+ $(multilib_native_use_enable test unit) \
+ $(multilib_native_use_enable test integration) \
+ $(multilib_native_use_enable test self-generated-certificate) \
+ --disable-tcti-libtpms \
+ --disable-defaultflags \
+ --disable-weakcrypto \
+ --with-crypto="$(usex mbedtls mbed ossl)" \
+ --with-runstatedir=/run \
+ --with-udevrulesdir="$(get_udevdir)/rules.d" \
+ --with-udevrulesprefix=60- \
+ --without-sysusersdir \
+ --with-tmpfilesdir="/usr/lib/tmpfiles.d"
+}
+
+multilib_src_install() {
+ default
+ keepdir /var/lib/tpm2-tss/system/keystore
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ tmpfiles_process tpm2-tss-fapi.conf
+ udev_reload
+}
+
+pkg_postrm() {
+ udev_reload
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest
new file mode 100644
index 00000000000..fc6fc6b74d9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/Manifest
@@ -0,0 +1,2 @@
+DIST libatasmart_0.19-5.debian.tar.xz 6452 BLAKE2B 09bde3d5d79062d4df82e5582e932b6b566a91607086ddd805925d1966cdee4cb4ba43863f4b7d26a98588479b117841050f762d23c6719448635bf1e681b315 SHA512 434b6ef3ea377485ce745e147da8bb72851b2eeabe6f418379511650f0161f15a9ee21f4f0b5f9beb218b99eb417c1aeafdea4640995efbaf45024f40ce71802
+DIST libatasmart_0.19.orig.tar.xz 251204 BLAKE2B 7e2a9823c27eee5a41f93464b28236239891349639162c5fdc114c241a70fb39a3046c3de16ce402787cd86e13609fff0578bd26f7a2c994fefe3c9756d45968 SHA512 ec9edb019c477873b01289ba365ad0ed0946505d651c1f6f83a63ef61b3976a5db6439c8a0c74d9a55325db9a3a587ad6f655f8d1af9387b0d08356eccabdb62
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild
new file mode 100644
index 00000000000..488991a7698
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/libatasmart-0.19_p5.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit toolchain-funcs
+
+DESCRIPTION="A small and lightweight parser library for ATA S.M.A.R.T. hard disks"
+HOMEPAGE="https://salsa.debian.org/utopia-team/libatasmart"
+SRC_URI="mirror://debian/pool/main/liba/${PN}/${PN}_${PV/_p*}.orig.tar.xz
+ mirror://debian/pool/main/liba/${PN}/${PN}_${PV/_p/-}.debian.tar.xz"
+
+LICENSE="LGPL-2.1"
+SLOT="0/4"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
+IUSE="static-libs"
+
+RDEPEND="virtual/libudev:="
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+S="${WORKDIR}/${P/_p*}"
+
+src_prepare() {
+ # https://bugs.gentoo.org/470874
+ local d="${WORKDIR}/debian/patches"
+ sed -i -e '/#/d' \
+ -e "s|^|${d}/|" "${d}"/series || die
+ eapply $(<"${d}"/series)
+ eapply_user
+}
+
+src_configure() {
+ econf $(use_enable static-libs static)
+}
+
+src_compile() {
+ if tc-is-cross-compiler; then
+ tc-export_build_env
+ emake -C strpool strpool \
+ CFLAGS="${BUILD_CFLAGS}" \
+ CPPFLAGS="${BUILD_CPPFLAGS}" \
+ LDFLAGS="${BUILD_LDFLAGS}"
+ fi
+ emake
+}
+
+src_install() {
+ default
+ find "${ED}" -type f -name "*.la" -delete || die
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml
new file mode 100644
index 00000000000..d0b58801b31
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libatasmart/metadata.xml
@@ -0,0 +1,7 @@
+
+
+
+
+ freedesktop-bugs@gentoo.org
+
+
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest
new file mode 100644
index 00000000000..9e66847c10a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/Manifest
@@ -0,0 +1,3 @@
+DIST libbytesize-2.7.tar.gz 445367 BLAKE2B de5e48b4e17364308c19bbf8e8d68f88ee9e79c9b99d77a81f9f7a1b65e09c2af0ca1ae28ac30ad1b1820335afc1aa4a2596cff487cfd770f04fda0fb38258cd SHA512 3f2bdebad1e145227d7c81b25b8832ab9f984513c35d81254f68c0cb50b1883f3b96fbb258d7c8223fb284d79dc4ec8b01beae3f7687cded629b269ef5b7210e
+DIST libbytesize-2.8.tar.gz 458581 BLAKE2B 55726f5a83ecda96be58bd5fe650555b0ebd210d73673b7ced6476689c7d37a5d9107f917ac8b0b15b4e2e8cee0a0da8711e718baa07de166979f44287432a14 SHA512 96543b75dd5a3409e0316b46725409bc5b04acb0d6c85875bbc2eb8cfd842c543ace99ffe84c09c16daa3fd1346d2aa64df20ed171bb4540642fdba7499922ca
+DIST libbytesize-2.9.tar.gz 458737 BLAKE2B d2e47b520cf2669131816f069d8ebeb946be02bc04acc676579f12e798fcb2aa176fd25e6bb77dd1e6b274ec0762498df5df18d88c627653accc426a7e268f36 SHA512 6def6bebe33344e6d6ce1a636bcd200a9d28ed5c4e5ce5dfbfd94c4d92ba37512ef1ee4f12716af0d6a402d5285e60df1ee629ecf31cf7d0b59990c524384fd1
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch
new file mode 100644
index 00000000000..827bebe3ec9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/files/libbytesize-2.4-no_Werror.patch
@@ -0,0 +1,24 @@
+https://bugs.gentoo.org/744286
+
+--- libbytesize-2.4/configure.ac
++++ libbytesize-2.4/configure.ac
+@@ -6,7 +6,7 @@
+ # This needs to be set before initializing automake
+ AC_DISABLE_STATIC
+
+-AM_INIT_AUTOMAKE([foreign -Wall -Werror -Wno-syntax -Wno-portability])
++AM_INIT_AUTOMAKE([foreign -Wall -Wno-syntax -Wno-portability])
+ AC_CONFIG_MACRO_DIR([m4])
+
+ # Check for the gettext programs
+--- libbytesize-2.4/src/Makefile.am
++++ libbytesize-2.4/src/Makefile.am
+@@ -2,7 +2,7 @@
+ LDADD = $(LIBINTL)
+
+ lib_LTLIBRARIES = libbytesize.la
+-libbytesize_la_CFLAGS = -Wall -Wextra -Werror -Wno-overflow -D_GNU_SOURCE
++libbytesize_la_CFLAGS = -Wall -Wextra -Wno-overflow -D_GNU_SOURCE
+ libbytesize_la_LIBADD = -lgmp -lmpfr $(PCRE2_LIBS)
+ libbytesize_la_LDFLAGS = -version-info 1:0:0
+ libbytesize_la_SOURCES = bs_size.c bs_size.h gettext.h
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.7.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.7.ebuild
new file mode 100644
index 00000000000..737c248ce56
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.7.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit autotools python-r1
+
+DESCRIPTION="Tiny library providing a C \"class\" for working with arbitrary big sizes in bytes"
+HOMEPAGE="https://github.com/storaged-project/libbytesize"
+SRC_URI="https://github.com/storaged-project/libbytesize/releases/download/${PV}/${P}.tar.gz"
+LICENSE="LGPL-2+"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
+IUSE="doc python test tools"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ tools? ( python )
+"
+
+RDEPEND="
+ dev-libs/gmp:0=
+ dev-libs/mpfr:=
+ dev-libs/libpcre2:=
+ python? ( ${PYTHON_DEPS} )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ sys-devel/gettext
+ doc? (
+ dev-util/gtk-doc
+ virtual/pkgconfig
+ )
+ test? (
+ dev-python/pocketlint[${PYTHON_USEDEP}]
+ dev-python/polib[${PYTHON_USEDEP}]
+ )
+"
+
+DOCS=( README.md )
+
+RESTRICT="test"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.4-no_Werror.patch"
+)
+
+python_do() {
+ if use python ; then
+ python_foreach_impl run_in_build_dir "$@"
+ else
+ "$@"
+ fi
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_with doc gtk-doc)
+ $(use_with python python3)
+ $(use_with tools)
+ )
+ local ECONF_SOURCE="${S}"
+ python_do econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ python_do emake
+}
+
+src_test() {
+ python_do emake check
+}
+
+install_helper() {
+ emake DESTDIR="${D}" install
+ use python && python_optimize
+}
+
+src_install() {
+ python_do install_helper
+ einstalldocs
+ find "${ED}" -name "*.la" -type f -delete || die
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.8.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.8.ebuild
new file mode 100644
index 00000000000..0bddf4681e6
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.8.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+
+inherit autotools python-r1
+
+DESCRIPTION="Tiny library providing a C \"class\" for working with arbitrary big sizes in bytes"
+HOMEPAGE="https://github.com/storaged-project/libbytesize"
+SRC_URI="https://github.com/storaged-project/libbytesize/releases/download/${PV}/${P}.tar.gz"
+LICENSE="LGPL-2+"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ~ppc ppc64 ~riscv sparc x86"
+IUSE="doc python test tools"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ tools? ( python )
+"
+
+RDEPEND="
+ dev-libs/gmp:0=
+ dev-libs/mpfr:=
+ dev-libs/libpcre2:=
+ python? ( ${PYTHON_DEPS} )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ sys-devel/gettext
+ doc? (
+ dev-util/gtk-doc
+ virtual/pkgconfig
+ )
+ test? (
+ dev-python/pocketlint[${PYTHON_USEDEP}]
+ dev-python/polib[${PYTHON_USEDEP}]
+ )
+"
+
+DOCS=( README.md )
+
+RESTRICT="test"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.4-no_Werror.patch"
+)
+
+python_do() {
+ if use python ; then
+ python_foreach_impl run_in_build_dir "$@"
+ else
+ "$@"
+ fi
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_with doc gtk-doc)
+ $(use_with python python3)
+ $(use_with tools)
+ )
+ local ECONF_SOURCE="${S}"
+ python_do econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ python_do emake
+}
+
+src_test() {
+ python_do emake check
+}
+
+install_helper() {
+ emake DESTDIR="${D}" install
+ use python && python_optimize
+}
+
+src_install() {
+ python_do install_helper
+ einstalldocs
+ find "${ED}" -name "*.la" -type f -delete || die
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild
new file mode 100644
index 00000000000..b9242faf34f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/libbytesize-2.9.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+
+inherit autotools python-r1
+
+DESCRIPTION="Tiny library providing a C \"class\" for working with arbitrary big sizes in bytes"
+HOMEPAGE="https://github.com/storaged-project/libbytesize"
+SRC_URI="https://github.com/storaged-project/libbytesize/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="LGPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="doc python test tools"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+ tools? ( python )
+"
+
+RDEPEND="
+ dev-libs/gmp:=
+ dev-libs/mpfr:=
+ dev-libs/libpcre2:=
+ python? ( ${PYTHON_DEPS} )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ sys-devel/gettext
+ doc? (
+ dev-util/gtk-doc
+ virtual/pkgconfig
+ )
+ test? (
+ dev-python/pocketlint[${PYTHON_USEDEP}]
+ dev-python/polib[${PYTHON_USEDEP}]
+ )
+"
+
+DOCS=( README.md )
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.4-no_Werror.patch"
+)
+
+python_do() {
+ if use python ; then
+ python_foreach_impl run_in_build_dir "$@"
+ else
+ "$@"
+ fi
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_with doc gtk-doc)
+ $(use_with python python3)
+ $(use_with tools)
+ )
+ local ECONF_SOURCE="${S}"
+ python_do econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ python_do emake
+}
+
+src_test() {
+ python_do emake check
+}
+
+install_helper() {
+ emake DESTDIR="${D}" install
+ use python && python_optimize
+}
+
+src_install() {
+ python_do install_helper
+ einstalldocs
+ find "${ED}" -name "*.la" -type f -delete || die
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml
new file mode 100644
index 00000000000..aca3155bc46
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libbytesize/metadata.xml
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+ storaged-project/libbytesize
+
+
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest
new file mode 100644
index 00000000000..d8d7cbc1d4e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/Manifest
@@ -0,0 +1 @@
+DIST libgudev-237.tar.xz 29060 BLAKE2B 5d39d4d26d8c8b3fa877319c294036294dbda96b340d2d04d7a35449d91b58de876b96b5e3d9423cdf3e1d3e2a94f5a861b1ac1e74a610637e0fc66248c68309 SHA512 2d68981e3ba5c58ee080b6ed5cd5152c1c352b2bdb3ecb5eaf2b91f6800d3369121222a7fe4f82630aabd164069ee7276c52082b2fc2ff5f318481b85b25abc6
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/files/libgudev-test-double.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/files/libgudev-test-double.patch
new file mode 100644
index 00000000000..5d0eb3dab18
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/files/libgudev-test-double.patch
@@ -0,0 +1,30 @@
+From 6f0503b1930a0776ef45fa7bc87a87e9dc69dacf Mon Sep 17 00:00:00 2001
+From: Mike Gilbert
+Date: Sat, 21 Aug 2021 15:09:58 -0400
+Subject: [PATCH] Skip test-double if the fr_FR.UTF-8 locale is not available
+
+Bug: https://bugs.gentoo.org/809359
+---
+ tests/test-double.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tests/test-double.c b/tests/test-double.c
+index 0092d8b..7ba3abe 100644
+--- a/tests/test-double.c
++++ b/tests/test-double.c
+@@ -54,7 +54,11 @@ test_double (void)
+ int main(int argc, char **argv)
+ {
+ setlocale (LC_ALL, NULL);
+- setlocale (LC_NUMERIC, "fr_FR.UTF-8");
++ if (!setlocale (LC_NUMERIC, "fr_FR.UTF-8"))
++ /* Skip the test if fr_FR.UTF-8 is not available */
++ /* https://mesonbuild.com/Unit-tests.html#skipped-tests-and-hard-errors */
++ return 77;
++
+ g_test_init (&argc, &argv, NULL);
+
+ g_test_add_func ("/gudev/double", test_double);
+--
+2.33.0
+
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-237-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-237-r1.ebuild
new file mode 100644
index 00000000000..f2d327e4352
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/libgudev-237-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 2015-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson-multilib
+
+DESCRIPTION="GObject bindings for libudev"
+HOMEPAGE="https://wiki.gnome.org/Projects/libgudev"
+SRC_URI="https://download.gnome.org/sources/libgudev/${PV}/${P}.tar.xz"
+
+LICENSE="LGPL-2.1+"
+SLOT="0/0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+IUSE="introspection test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ >=dev-libs/glib-2.38.0:2[${MULTILIB_USEDEP}]
+ >=virtual/libudev-199:=[${MULTILIB_USEDEP}]
+ introspection? ( >=dev-libs/gobject-introspection-1.31.1 )
+"
+DEPEND="${RDEPEND}
+ test? ( dev-util/umockdev[${MULTILIB_USEDEP}] )
+"
+BDEPEND="
+ dev-util/glib-utils
+ virtual/pkgconfig
+"
+
+PATCHES=(
+ # https://gitlab.gnome.org/GNOME/libgudev/-/merge_requests/19
+ "${FILESDIR}/libgudev-test-double.patch"
+)
+
+multilib_src_configure() {
+ local emesonargs=(
+ $(meson_native_use_feature introspection)
+ -Dgtk_doc=false
+ $(meson_feature test tests)
+ -Dvapi=disabled
+ )
+ meson_src_configure
+}
+
+src_test() {
+ # libsandbox interferes somehow.
+ # There are no access violations, but tests fail.
+ # https://bugs.gentoo.org/805449
+ local -x SANDBOX_ON=0
+ meson-multilib_src_test
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml
new file mode 100644
index 00000000000..3631e95872f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libgudev/metadata.xml
@@ -0,0 +1,14 @@
+
+
+
+
+ gnome@gentoo.org
+ Gentoo GNOME Desktop
+
+
+ systemd@gentoo.org
+
+
+ GNOME/libgudev
+
+
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest
new file mode 100644
index 00000000000..231099aa891
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/Manifest
@@ -0,0 +1 @@
+DIST libpwquality-1.4.5.tar.bz2 433961 BLAKE2B f5326996ab607bf9d24de446d9714987ad259fd2222bc54983769abc298969e2e9a4cee78f2a5c5d963bd0e5f57ea3aa346b0ce108b465a8da82810486b37e36 SHA512 91a6febbf40047e553b6051df727857df7932c816638f15118a46b8286527a80446ca4f6a050d2b1f4e33335bf4b75290751ce358fa477cb9d06fe89a450d647
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch
new file mode 100644
index 00000000000..2ed638c1e34
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/files/libpwquality-1.4.4-pam_pwquality-include.patch
@@ -0,0 +1,35 @@
+https://github.com/libpwquality/libpwquality/pull/62
+
+From 27057c6cbf528108c35df934280c7dd83e8d5ce9 Mon Sep 17 00:00:00 2001
+From: Sam James
+Date: Wed, 7 Sep 2022 05:42:17 +0100
+Subject: [PATCH] pam_pwquality: add include for
+ pam_modutil_check_user_in_passwd
+
+After 9084c1b032161cdb53d5f66132a91bdc207faecf, one gets:
+```
+pam_pwquality.c: In function 'check_local_user':
+pam_pwquality.c:102:16: error: implicit declaration of function 'pam_modutil_check_user_in_passwd' [-Werror=implicit-function-declaration]
+ 102 | return pam_modutil_check_user_in_passwd(pamh, user, NULL) == PAM_SUCCESS;
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: some warnings being treated as errors
+make[2]: *** [Makefile:634: pam_pwquality.lo] Error 1
+make[2]: *** Waiting for unfinished jobs....
+```
+
+We need to include security/pam_modutil.h when appropriate.
+
+Signed-off-by: Sam James
+--- a/src/pam_pwquality.c
++++ b/src/pam_pwquality.c
+@@ -34,6 +34,10 @@
+ #include
+ #include
+
++#ifdef HAVE_PAM_CHECK_USER_IN_PASSWD
++#include
++#endif
++
+ /* argument parsing */
+ #define PAM_DEBUG_ARG 0x0001
+
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild
new file mode 100644
index 00000000000..87db7e77e81
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/libpwquality-1.4.5.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit pam python-r1 usr-ldscript
+
+DESCRIPTION="Library for password quality checking and generating random passwords"
+HOMEPAGE="https://github.com/libpwquality/libpwquality"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.bz2"
+
+LICENSE="|| ( BSD GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+IUSE="pam python static-libs"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+BDEPEND="
+ >=sys-devel/gettext-0.18.2
+ virtual/pkgconfig
+"
+RDEPEND="
+ >=sys-libs/cracklib-2.8:=[static-libs(+)?]
+ pam? ( sys-libs/pam )
+ python? ( ${PYTHON_DEPS} )
+"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.4.4-pam_pwquality-include.patch
+)
+
+src_prepare() {
+ default
+ # ensure pkgconfig files go in /usr
+ sed -e "s:\(pkgconfigdir *=\).*:\1 ${EPREFIX}/usr/$(get_libdir)/pkgconfig:" \
+ -i src/Makefile.{am,in} || die "sed failed"
+
+ if use python ; then
+ # bug #830397
+ export SETUPTOOLS_USE_DISTUTILS=stdlib
+ python_copy_sources
+ fi
+}
+
+src_configure() {
+ # Install library in /lib for pam
+ configuring() {
+ local sitedir
+ econf \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ $(use_enable pam) \
+ --with-securedir="${EPREFIX}/$(getpam_mod_dir)" \
+ $(use_enable python python-bindings) \
+ $(usex python "--with-pythonsitedir=$(use python && python_get_sitedir)" "") \
+ $(use_enable static-libs static)
+ }
+ if_use_python_python_foreach_impl configuring
+}
+
+src_compile() {
+ if_use_python_python_foreach_impl default
+}
+
+src_test() {
+ if_use_python_python_foreach_impl default
+}
+
+src_install() {
+ if_use_python_python_foreach_impl default
+ if use static-libs; then
+ # Do not install static libs in /lib
+ mkdir -p "${ED}/usr/$(get_libdir)"
+ mv "${ED}/$(get_libdir)/libpwquality.a" "${ED}/usr/$(get_libdir)/" || die
+ gen_usr_ldscript libpwquality.so
+ fi
+ find "${ED}" -name '*.la' -delete || die
+}
+
+if_use_python_python_foreach_impl() {
+ if use python; then
+ python_foreach_impl run_in_build_dir "$@"
+ else
+ "$@"
+ fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml
new file mode 100644
index 00000000000..362c8aacbdb
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpwquality/metadata.xml
@@ -0,0 +1,11 @@
+
+
+
+
+ gnome@gentoo.org
+ Gentoo GNOME Desktop
+
+
+ libpwquality/libpwquality
+
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest
new file mode 100644
index 00000000000..a4690bb3014
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/Manifest
@@ -0,0 +1 @@
+DIST keyutils-1.6.3.tar.gz 137022 BLAKE2B b5620b1b6109415fec1268963c2c65d774f3ef7a69eb1ce8d5d8e78b4b807e4fdfda861662a1b5556975ef867add8f985362a31b6608ac2dc198c8d0395d516b SHA512 f65965b8566037078b8eeffa66c6fdbe121c8c2bea7fa5bce04cf7ba5ccc50d5b48e51f4a67ca91e4d5d9a12469e7e3eb3036c920ab25e3feba6e93b4c149cf9
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch
new file mode 100644
index 00000000000..fa82792cddb
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.10-disable-tests.patch
@@ -0,0 +1,51 @@
+disable tests that mess with system wide settings
+
+https://bugs.gentoo.org/519062
+
+--- keyutils-1.5.10/tests/bugzillas/bz1031154/runtest.sh
++++ keyutils-1.5.10/tests/bugzillas/bz1031154/runtest.sh
+@@ -27,6 +27,8 @@
+
+ echo "++++ BEGINNING TEST" >$OUTPUTFILE
+
++if false ; then
++
+ # we need a reference time to scan the audit log from so as not to pick up old
+ # results from this test.
+ base_date=`date +"%x@%X"`
+@@ -97,6 +99,10 @@
+ fi
+ fi
+
++else
++marker "Gentoo: skipping test due to system wide modifications"
++fi
++
+ echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
+
+ # --- then report the results in the database ---
+
+https://bugs.gentoo.org/522050
+
+--- keyutils-1.5.10/tests/keyctl/padd/useradd/runtest.sh
++++ keyutils-1.5.10/tests/keyctl/padd/useradd/runtest.sh
+@@ -40,6 +40,8 @@
+ marker "UNLINK KEY"
+ unlink_key $keyid @s
+
++if false ; then
++
+ if [ $skip_root_required = 0 ] && {
+ [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 ||
+ keyutils_at_or_later_than 1.5.6 ;
+@@ -85,6 +87,10 @@
+ fi
+ fi
+
++else
++marker "Gentoo: skipping test due to system wide modifications"
++fi
++
+ echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
+
+ # --- then report the results in the database ---
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch
new file mode 100644
index 00000000000..c7a4c1034c9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.5.9-header-extern-c.patch
@@ -0,0 +1,43 @@
+sent upstream
+
+From 1f15000ad21c301a51f7746eb561659348060f45 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger
+Date: Wed, 25 Jan 2017 14:06:55 -1000
+Subject: [PATCH keyutils] add extern C markings to header file for C++ users
+
+If people try to use keyutils from C++ code, the header doesn't work
+properly because the compiler mangles the keyutils symbols. Add the
+right extern markings so it works out of the box.
+
+Signed-off-by: Mike Frysinger
+---
+ keyutils.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/keyutils.h b/keyutils.h
+index a69fa7aaa11d..d50d19d3e929 100644
+--- a/keyutils.h
++++ b/keyutils.h
+@@ -15,6 +15,10 @@
+ #include
+ #include
+
++#ifdef __cplusplus
++extern "C" {
++#endif
++
+ extern const char keyutils_version_string[];
+ extern const char keyutils_build_string[];
+
+@@ -180,4 +184,8 @@ extern int recursive_session_key_scan(recursive_key_scanner_t func, void *data);
+ extern key_serial_t find_key_by_type_and_desc(const char *type, const char *desc,
+ key_serial_t destringid);
+
++#ifdef __cplusplus
++}
++#endif
++
+ #endif /* KEYUTILS_H */
+--
+2.11.0
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch
new file mode 100644
index 00000000000..25dcdeb5fc3
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6-makefile-fixup.patch
@@ -0,0 +1,25 @@
+From d1a02ed81c86fe7140f93b9a160fbb53be148446 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger
+Date: Fri, 16 Nov 2018 12:39:12 +0100
+Subject: [PATCH] depend on $(DEVELLIB) not -lkeyutils
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 33a451e..845b8fe 100644
+--- a/Makefile
++++ b/Makefile
+@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0)
+ $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
+ $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
+ mkdir -p $(DESTDIR)$(USRLIBDIR)
+- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
++ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
+ sed \
+ -e 's,@VERSION\@,$(VERSION),g' \
+ -e 's,@prefix\@,$(PREFIX),g' \
+--
+2.19.1
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch
new file mode 100644
index 00000000000..3fb659712ae
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/files/keyutils-1.6.3-fix-rpmspec-check.patch
@@ -0,0 +1,38 @@
+https://bugs.gentoo.org/760633
+
+From 41077f8901b642d36b63f94b0fc62377a07fc0b2 Mon Sep 17 00:00:00 2001
+From: Adrian Ratiu
+Date: Tue, 4 Jan 2022 03:51:10 +0200
+Subject: [PATCH] Makefile: only run rpmspec if it exists
+
+keyutils is built on many distros which do not use rpm like
+Gentoo, ChromeOS or Arch. Older versions of bash silently
+ignored the fact that rpmspec was missing, but newer bash
+like v5.1 issue a new error:
+
+/bin/sh: line 1: rpmspec: command not found
+
+This happens every time the Makefile is parsed, including
+for a simple "make" invocation or "make install" even if
+a rpm package is not desired.
+
+Arch Linux simply ignores this new error but Gentoo and
+ChromeOS fail because portage actively monitors the build
+log for errors like this. See bug report [1].
+
+Fix this by calling rpmspec only if it exists.
+
+[1] https://bugs.gentoo.org/760633
+
+Signed-off-by: Adrian Ratiu
+--- a/Makefile
++++ b/Makefile
+@@ -285,7 +285,7 @@ SRCBALL := rpmbuild/SOURCES/$(TARBALL)
+ ZSRCBALL := rpmbuild/SOURCES/$(ZTARBALL)
+
+ BUILDID := .local
+-rpmver0 := $(shell rpmspec -q ./keyutils.spec --define "buildid $(BUILDID)")
++rpmver0 := $(shell if which rpmspec >/dev/null 2>&1; then rpmspec -q ./keyutils.spec --define "buildid $(BUILDID)"; fi)
+ rpmver1 := $(word 1,$(rpmver0))
+ rpmver2 := $(subst ., ,$(rpmver1))
+ rpmver3 := $(lastword $(rpmver2))
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3.ebuild
new file mode 100644
index 00000000000..9e79ba6b0e8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/keyutils-1.6.3.ebuild
@@ -0,0 +1,121 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit toolchain-funcs linux-info multilib-minimal usr-ldscript
+
+DESCRIPTION="Linux Key Management Utilities"
+HOMEPAGE="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git"
+SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/${P}.tar.gz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0/1.9"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux"
+IUSE="static static-libs test"
+RESTRICT="!test? ( test )"
+
+RDEPEND=""
+DEPEND="!prefix? ( >=sys-kernel/linux-headers-2.6.11 )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.6-makefile-fixup.patch
+ "${FILESDIR}"/${PN}-1.5.10-disable-tests.patch #519062 #522050
+ "${FILESDIR}"/${PN}-1.5.9-header-extern-c.patch
+ "${FILESDIR}"/${PN}-1.6.3-fix-rpmspec-check.patch
+)
+
+pkg_setup() {
+ # To prevent a failure in test phase and false positive bug reports
+ # we are enforcing the following options because testsuite expects
+ # that these options are available. I.e. testsuite only decides based
+ # on kernel version which tests will be called, no feature checking.
+ if use test ; then
+ CONFIG_CHECK="KEYS"
+ ERROR_KEYS="You must have CONFIG_KEYS to run the package testsuite!"
+
+ if kernel_is -ge 2 6 10 && kernel_is -lt 4 0 0 ; then
+ CONFIG_CHECK="${CONFIG_CHECK} KEYS_DEBUG_PROC_KEYS"
+ ERROR_KEYS_DEBUG_PROC_KEYS="You must have CONFIG_KEYS_DEBUG_PROC_KEYS to run the package testsuite!"
+ fi
+
+ if kernel_is -ge 4 7 ; then
+ CONFIG_CHECK="${CONFIG_CHECK} KEY_DH_OPERATIONS"
+ ERROR_KEY_DH_OPERATIONS="You must have CONFIG_KEY_DH_OPERATIONS to run the package testsuite!"
+ fi
+ else
+ CONFIG_CHECK="~KEYS"
+ ERROR_KEYS="You will be unable to use this package on this system because CONFIG_KEYS is not set!"
+
+ if kernel_is -ge 4 7 ; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~KEY_DH_OPERATIONS"
+ ERROR_KEY_DH_OPERATIONS="You will be unable to use Diffie-Hellman on this system because CONFIG_KEY_DH_OPERATIONS is not set!"
+ fi
+ fi
+
+ linux-info_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # The lsb check is useless, so avoid spurious command not found messages.
+ sed -i -e 's,lsb_release,:,' tests/prepare.inc.sh || die
+ # All the test files are bash, but try to execute via `sh`.
+ sed -i -r \
+ -e 's:([[:space:]])sh([[:space:]]):\1bash\2:' \
+ tests/{Makefile*,*.sh} || die
+ find tests/ -name '*.sh' -exec sed -i '1s:/sh$:/bash:' {} + || die
+ # Some tests call the kernel which calls userspace, but that will
+ # run the install keyutils rather than the locally compiled one,
+ # so disable round trip tests.
+ rm -rf tests/keyctl/requesting/{bad-args,piped,valid}
+
+ multilib_copy_sources
+}
+
+multilib_src_compile() {
+ tc-export AR CC CXX
+ sed -i \
+ -e "1iRPATH = $(usex static -static '')" \
+ -e '/^C.*FLAGS/s|:=|+=|' \
+ -e 's:-Werror::' \
+ -e '/^BUILDFOR/s:=.*:=:' \
+ -e "/^LIBDIR/s:=.*:= /usr/$(get_libdir):" \
+ -e '/^USRLIBDIR/s:=.*:=$(LIBDIR):' \
+ -e "s: /: ${EPREFIX}/:g" \
+ -e '/^NO_ARLIB/d' \
+ Makefile || die
+
+ # We need the static lib in order to statically link programs.
+ if use static ; then
+ export NO_ARLIB=0
+ # Hack the progs to depend on the static lib instead.
+ sed -i \
+ -e '/^.*:.*[$](DEVELLIB)$/s:$(DEVELLIB):$(ARLIB) $(SONAME):' \
+ Makefile || die
+ else
+ export NO_ARLIB=$(usex static-libs 0 1)
+ fi
+ emake
+}
+
+multilib_src_test() {
+ # Execute the locally compiled code rather than the
+ # older versions already installed in the system.
+ LD_LIBRARY_PATH=${BUILD_DIR} \
+ PATH="${BUILD_DIR}:${PATH}" \
+ emake test
+}
+
+multilib_src_install() {
+ # Possibly undo the setting for USE=static (see src_compile).
+ export NO_ARLIB=$(usex static-libs 0 1)
+
+ default
+ use static || gen_usr_ldscript -a keyutils
+}
+
+multilib_src_install_all() {
+ dodoc README
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml
new file mode 100644
index 00000000000..f16b3424c61
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/keyutils/metadata.xml
@@ -0,0 +1,17 @@
+
+
+
+
+ robbat2@gentoo.org
+
+
+ base-system@gentoo.org
+ Gentoo Base System
+
+
+ cpe:/a:keyutils_project:keyutils
+
+
+ Reflect ABI compatibility for libkeyutils.so.
+
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest
new file mode 100644
index 00000000000..bc135558b20
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/Manifest
@@ -0,0 +1 @@
+DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch
new file mode 100644
index 00000000000..d96b4bc4bde
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/files/polkit-122-libs-only-postinstall.patch
@@ -0,0 +1,39 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/149
+
+From bef75fb8291b3871894d8ffe19f7242448cdb4a8 Mon Sep 17 00:00:00 2001
+From: Sam James
+Date: Wed, 7 Dec 2022 13:18:09 +0000
+Subject: [PATCH] meson.build: fix install with libs_only
+
+Bug: https://bugs.gentoo.org/884701
+Signed-off-by: Sam James
+--- a/meson.build
++++ b/meson.build
+@@ -360,14 +360,17 @@ configure_file(
+ configuration: config_h,
+ )
+
+-meson.add_install_script(
+- 'meson_post_install.py',
+- get_option('bindir'),
+- pk_pkgdatadir,
+- pk_libprivdir,
+- pk_pkgsysconfdir,
+- polkitd_user,
+-)
++
++if not libs_only
++ meson.add_install_script(
++ 'meson_post_install.py',
++ get_option('bindir'),
++ pk_pkgdatadir,
++ pk_libprivdir,
++ pk_pkgsysconfdir,
++ polkitd_user,
++ )
++endif
+
+ output = '\n ' + meson.project_name() + ' ' + meson.project_version() + '\n'
+ output += ' ============\n\n'
+--
+GitLab
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml
new file mode 100644
index 00000000000..e4fe842bbae
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/metadata.xml
@@ -0,0 +1,15 @@
+
+
+
+
+ freedesktop-bugs@gentoo.org
+
+
+
+ polkit/polkit
+
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-122-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-122-r1.ebuild
new file mode 100644
index 00000000000..fc80a36e0f1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-auth/polkit/polkit-122-r1.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+# RESTRICT="!test? ( test )"
+#else
+# # Tests currently don't work with meson in the dist tarballs. See
+# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+# RESTRICT="test"
+#fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ dev-libs/glib:2
+ dev-libs/expat
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:102[-debug] )
+ )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-122-libs-only-postinstall.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest
index 05710fd7092..8cbaeb90089 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest
@@ -1 +1,2 @@
DIST cryptsetup-2.4.3.tar.xz 11242152 BLAKE2B f5859d794d626cb19426a2c9afc4655fac3a1bae462daa42b37b925882804d5146aadff8733799dea89dcfdc311e628e5b806754495824705709ba105f91682f SHA512 2d52498497be37a837126d9cdc9b6331236eccf857c3482fe3347eb88fccc3cd0fd3d8b4490569603e18cfaa462431ae194bce0328f3eafa8bfe3e02e135a26e
+DIST cryptsetup-2.6.1.tar.xz 11402380 BLAKE2B efd7a64d89d863876de68ff3e89d8c94ad5eca6a8d2236c52c234fbe51e9d9ee303a0c7fe7dac7df10e0062003b9c0aeddc8dc342582106c157ab2d1e742155e SHA512 0cbddbf33cbac2b834ed7e2dd47a9fc787131031a1c729f373f5c974600a838097e9cc0555f13719fc79c384a2a34b404f94ba4cc2f35f0bb1d70aef2233fd18
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3-r2.ebuild
similarity index 92%
rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3-r2.ebuild
index f2ac3491ef6..ff673fe9aa9 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -6,20 +6,22 @@ EAPI=7
inherit linux-info tmpfiles
DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup"
SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
LICENSE="GPL-2+"
SLOT="0/12" # libcryptsetup.so version
[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
# we don't support nss since it doesn't allow cryptsetup to be built statically
# and it's missing ripemd160 support so it can't provide full backward compatibility
IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality reencrypt ssh static static-libs test +udev urandom"
RESTRICT="!test? ( test )"
REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !ssh !udev !fips )" # 496612, 832711
+ static? ( !gcrypt !ssh !udev !fips )
+ fips? ( !kernel !nettle )
+" # 496612, 832711, 843863
LIB_DEPEND="
dev-libs/json-c:=[static-libs(+)]
@@ -75,7 +77,7 @@ src_configure() {
local myeconfargs=(
--disable-internal-argon2
--enable-shared
- --sbindir=/sbin
+ --sbindir="${EPREFIX}"/sbin
# for later use
--with-default-luks-format=LUKS2
--with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.6.1.ebuild
similarity index 77%
rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.6.1.ebuild
index 79282c022d7..07d4351b691 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.6.1.ebuild
@@ -1,25 +1,32 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
inherit linux-info tmpfiles
DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup"
SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
+S="${WORKDIR}"/${P/_/-}
LICENSE="GPL-2+"
SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+if [[ ${PV} != *_rc* ]] ; then
+ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+fi
+
CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
# we don't support nss since it doesn't allow cryptsetup to be built statically
# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs test +udev urandom"
+IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality ssh static static-libs test +udev urandom"
RESTRICT="!test? ( test )"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !ssh !udev )" # 496612, 832711
+# bug #496612, bug #832711, bug #843863
+REQUIRED_USE="
+ ^^ ( ${CRYPTO_BACKENDS//+/} )
+ static? ( !gcrypt !ssh !udev !fips )
+ fips? ( !kernel !nettle )
+"
LIB_DEPEND="
dev-libs/json-c:=[static-libs(+)]
@@ -34,23 +41,26 @@ LIB_DEPEND="
openssl? ( dev-libs/openssl:0=[static-libs(+)] )
pwquality? ( dev-libs/libpwquality[static-libs(+)] )
ssh? ( net-libs/libssh[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]"
+ sys-fs/lvm2[static-libs(+)]
+"
# We have to always depend on ${LIB_DEPEND} rather than put behind
# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
+# these other packages. bug #414665
+RDEPEND="
+ static-libs? ( ${LIB_DEPEND} )
${LIB_DEPEND//\[static-libs\([+-]\)\]}
- udev? ( virtual/libudev:= )"
-# vim-core needed for xxd in tests
-DEPEND="${RDEPEND}
+ udev? ( virtual/libudev:= )
+"
+DEPEND="
+ ${RDEPEND}
static? ( ${LIB_DEPEND} )
- test? ( app-editors/vim-core )"
+"
+# vim-core needed for xxd in tests
BDEPEND="
virtual/pkgconfig
+ test? ( app-editors/vim-core )
"
-S="${WORKDIR}/${P/_/-}"
-
pkg_setup() {
local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
@@ -61,21 +71,17 @@ pkg_setup() {
}
src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
default
+
+ sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
}
src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
local myeconfargs=(
--disable-internal-argon2
+ --disable-asciidoc
--enable-shared
- --sbindir=/sbin
+ --sbindir="${EPREFIX}"/sbin
# for later use
--with-default-luks-format=LUKS2
--with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
@@ -83,15 +89,16 @@ src_configure() {
$(use_enable argon2 libargon2)
$(use_enable nls)
$(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
$(use_enable !static external-tokens)
$(use_enable static static-cryptsetup)
$(use_enable static-libs static)
$(use_enable udev)
$(use_enable !urandom dev-random)
$(use_enable ssh ssh-token)
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
+ $(usev !argon2 '--with-luks2-pbkdf=pbkdf2')
+ $(use_enable fips)
)
+
econf "${myeconfargs[@]}"
}
@@ -116,21 +123,26 @@ src_install() {
mv "${ED}"/sbin/cryptsetup{.static,} || die
mv "${ED}"/sbin/veritysetup{.static,} || die
mv "${ED}"/sbin/integritysetup{.static,} || die
+
if use ssh ; then
mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
fi
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
fi
+
find "${ED}" -type f -name "*.la" -delete || die
dodoc docs/v*ReleaseNotes
- newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt
+ newconfd "${FILESDIR}"/2.4.3-dmcrypt.confd dmcrypt
+ newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt
}
pkg_postinst() {
tmpfiles_process cryptsetup.conf
+
+ if use kernel ; then
+ ewarn "Note that kernel backend is very slow for this type of operation"
+ ewarn "and is provided mainly for embedded systems wanting to avoid"
+ ewarn "userspace crypto libraries."
+ fi
}
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd
deleted file mode 100644
index 96c523e0f95..00000000000
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd
+++ /dev/null
@@ -1,112 +0,0 @@
-# /etc/conf.d/dmcrypt
-
-# For people who run dmcrypt on top of some other layer (like raid),
-# use rc_need to specify that requirement. See the runscript(8) man
-# page for more information.
-
-#--------------------
-# Instructions
-#--------------------
-
-# Note regarding the syntax of this file. This file is *almost* bash,
-# but each line is evaluated separately. Separate swaps/targets can be
-# specified. The init-script which reads this file assumes that a
-# swap= or target= line starts a new section, similar to lilo or grub
-# configuration.
-
-# Note when using gpg keys and /usr on a separate partition, you will
-# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
-# and ensure that gpg has been compiled statically.
-# See http://bugs.gentoo.org/90482 for more information.
-
-# Note that the init-script which reads this file detects whether your
-# partition is LUKS or not. No mkfs is run unless you specify a makefs
-# option.
-
-# Global options:
-#----------------
-
-# How long to wait for each timeout (in seconds).
-dmcrypt_key_timeout=1
-
-# Max number of checks to perform (see dmcrypt_key_timeout).
-#dmcrypt_max_timeout=300
-
-# Number of password retries.
-dmcrypt_retries=5
-
-# Arguments:
-#-----------
-# target= == Mapping name for partition.
-# swap= == Mapping name for swap partition.
-# source='' == Real device for partition.
-# Note: You can (and should) specify a tag like UUID
-# for blkid (see -t option). This is safer than using
-# the full path to the device.
-# key='[:]' == Fullpath from / or from inside removable media.
-# remdev='' == Device that will be assigned to removable media.
-# gpg_options='' == Default are --quiet --decrypt
-# options='' == cryptsetup, for LUKS you can only use --readonly
-# loop_file='' == Loopback file.
-# Note: If you omit $source, then a free loopback will
-# be looked up automatically.
-# pre_mount='cmds' == commands to execute before mounting partition.
-# post_mount='cmds' == commands to execute after mounting partition.
-# wait=5 == wait given amount of seconds for source to appear
-#-----------
-# Supported Modes
-# gpg == decrypt and pipe key into cryptsetup.
-# Note: new-line character must not be part of key.
-# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
-
-#--------------------
-# dm-crypt examples
-#--------------------
-
-## swap
-# Swap partitions. These should come first so that no keys make their
-# way into unencrypted swap.
-# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
-# If no makefs is given then mkswap will be assumed
-#swap=crypt-swap
-#source='/dev/hda2'
-
-## /home with passphrase
-#target=crypt-home
-#source='/dev/hda5'
-
-## /home with regular keyfile
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-
-## /home with gpg protected key
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-
-## /home with regular keyfile on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-#remdev='/dev/sda1'
-
-## /home with gpg protected key on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-#remdev='/dev/sda1'
-
-## /tmp with regular keyfile
-#target=crypt-tmp
-#source='/dev/hda6'
-#key='/full/path/to/tmpkey'
-#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
-#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
-
-## Loopback file example
-#target='crypt-loop-home'
-#source='/dev/loop0'
-#loop_file='/mnt/crypt/home'
-
-# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc
deleted file mode 100644
index 10257650951..00000000000
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc
+++ /dev/null
@@ -1,350 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- use modules
- before checkfs fsck
-
- if grep -qs ^swap= "${conf_file}" ; then
- before swap
- fi
-}
-
-# We support multiple dmcrypt instances based on $SVCNAME
-conf_file="/etc/conf.d/${SVCNAME}"
-
-# Get splash helpers if available.
-if [ -e /sbin/splash-functions.sh ] ; then
- . /sbin/splash-functions.sh
-fi
-
-# Setup mappings for an individual target/swap
-# Note: This relies on variables localized in the main body below.
-dm_crypt_execute() {
- local dev ret mode foo source_dev
-
- if [ -z "${target}" -a -z "${swap}" ] ; then
- return
- fi
-
- # Set up default values.
- : ${dmcrypt_key_timeout:=1}
- : ${dmcrypt_max_timeout:=300}
- : ${dmcrypt_retries:=5}
- : ${wait:=5}
-
- # Handle automatic look up of the source path.
- if [ -z "${source}" -a -n "${loop_file}" ] ; then
- source=$(losetup --show -f "${loop_file}")
- fi
- case ${source} in
- *=*)
- i=0
- while [ ${i} -lt ${wait} ]; do
- if source_dev="$(blkid -l -t "${source}" -o device)"; then
- source="${source_dev}"
- break
- fi
- : $((i += 1))
- einfo "waiting for source \"${source}\" for ${target}..."
- sleep 1
- done
- ;;
- esac
- if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
- ewarn "source \"${source}\" for ${target} missing, skipping..."
- return
- fi
-
- if [ -n "${target}" ] ; then
- # let user set options, otherwise leave empty
- : ${options:=' '}
- elif [ -n "${swap}" ] ; then
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
- return
- fi
- target=${swap}
- # swap contents do not need to be preserved between boots, luks not required.
- # suspend2 users should have initramfs's init handling their swap partition either way.
- : ${options:='-c aes -h sha1 -d /dev/urandom'}
- : ${pre_mount:='mkswap ${dev}'}
- fi
-
- if [ -n "${loop_file}" ] ; then
- dev="/dev/mapper/${target}"
- ebegin " Setting up loop device ${source}"
- losetup ${source} ${loop_file}
- fi
-
- # cryptsetup:
- # open # is $source
- # create # is $target
- local arg1="create" arg2="${target}" arg3="${source}"
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- arg1="open"
- arg2="${source}"
- arg3="${target}"
- fi
-
- # Older versions reported:
- # ${target} is active:
- # Newer versions report:
- # ${target} is active[ and is in use.]
- if cryptsetup status ${target} | egrep -q ' is active' ; then
- einfo "dm-crypt mapping ${target} is already configured"
- return
- fi
- splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
-
- # Handle keys
- if [ -n "${key}" ] ; then
- read_abort() {
- # some colors
- local ans savetty resettty
- [ -z "${NORMAL}" ] && eval $(eval_ecolors)
- einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
- shift
- # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
- # we end up having to implement our own crap with stty/etc...
- savetty=$(stty -g)
- resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
- trap 'eval "${resettty}"' EXIT HUP INT TERM
- stty -icanon
- stty min 0 time "$(( $2 * 10 ))"
- ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
- eval "${resettty}"
- if [ -z "${ans}" ] ; then
- printf '\r'
- else
- echo
- fi
- case ${ans} in
- [yY]) return 0;;
- *) return 1;;
- esac
- }
-
- # Notes: sed not used to avoid case where /usr partition is encrypted.
- mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
- key=${key%:*}
- case "${mode}" in
- gpg|reg)
- # handle key on removable device
- if [ -n "${remdev}" ] ; then
- # temp directory to mount removable device
- local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
- if [ ! -d "${mntrem}" ] ; then
- if ! mkdir -p "${mntrem}" ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: Unable to create temporary mount point '${mntrem}'"
- return
- fi
- fi
- i=0
- einfo "Please insert removable device for ${target}"
- while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
- foo=""
- if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
- # keyfile exists?
- if [ ! -e "${mntrem}${key}" ] ; then
- umount -n "${mntrem}"
- rmdir "${mntrem}"
- einfo "Cannot find ${key} on removable media."
- read_abort "Abort" ${dmcrypt_key_timeout} && return
- else
- key="${mntrem}${key}"
- break
- fi
- else
- [ -e "${remdev}" ] \
- && foo="mount failed" \
- || foo="mount source not found"
- fi
- : $((i += 1))
- read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
- done
- else # keyfile ! on removable device
- if [ ! -e "${key}" ] ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: keyfile ${key} does not exist."
- return
- fi
- fi
- ;;
- *)
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: mode ${mode} is invalid."
- return
- ;;
- esac
- else
- mode=none
- fi
- ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
- if [ "${mode}" = "gpg" ] ; then
- : ${gpg_options:='-q -d'}
- # gpg available ?
- if command -v gpg >/dev/null ; then
- i=0
- while [ ${i} -lt ${dmcrypt_retries} ] ; do
- # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
- # save stdin stdout stderr "values"
- timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
- cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- # The timeout command exits 124 when it times out.
- [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
- : $(( i += 1 ))
- done
- eend ${ret} "failure running cryptsetup"
- else
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: cannot find gpg application."
- einfo "You have to install app-crypt/gnupg first."
- einfo "If you have /usr on its own partition, try copying gpg to /bin ."
- fi
- else
- if [ "${mode}" = "reg" ] ; then
- cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- else
- cryptsetup ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- fi
- fi
- if [ -d "${mntrem}" ] ; then
- umount -n ${mntrem} 2>/dev/null >/dev/null
- rmdir ${mntrem} 2>/dev/null >/dev/null
- fi
- splash svc_input_end ${SVCNAME} >/dev/null 2>&1
-
- if [ ${ret} -ne 0 ] ; then
- cryptfs_status=1
- else
- if [ -n "${pre_mount}" ] ; then
- dev="/dev/mapper/${target}"
- eval ebegin \"" pre_mount: ${pre_mount}"\"
- eval "${pre_mount}" > /dev/null
- ewend $? || cryptfs_status=1
- fi
- fi
-}
-
-# Lookup optional bootparams
-get_bootparam_val() {
- # We're given something like:
- # foo=bar=cow
- # Return the "bar=cow" part.
- case $1 in
- *=*)
- echo "${1#*=}"
- ;;
- esac
-}
-
-start() {
- local header=true cryptfs_status=0
- local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
-
- local x
- for x in $(cat /proc/cmdline) ; do
- case "${x}" in
- key_timeout=*)
- dmcrypt_key_timeout=$(get_bootparam_val "${x}")
- ;;
- esac
- done
-
- while read targetline <&3 ; do
- case ${targetline} in
- # skip comments and blank lines
- ""|"#"*) continue ;;
- # skip service-specific openrc configs #377927
- rc_*) continue ;;
- esac
-
- ${header} && ebegin "Setting up dm-crypt mappings"
- header=false
-
- # check for the start of a new target/swap
- case ${targetline} in
- target=*|swap=*)
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- # Prepare for the next target/swap by resetting variables
- unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
- ;;
-
- gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*)
- if [ -z "${target}${swap}" ] ; then
- ewarn "Ignoring setting outside target/swap section: ${targetline}"
- continue
- fi
- ;;
-
- dmcrypt_*=*)
- # ignore global options
- continue
- ;;
-
- *)
- ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
- ;;
- esac
-
- # Queue this setting for the next call to dm_crypt_execute
- eval "${targetline}"
- done 3< ${conf_file}
-
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
-}
-
-stop() {
- local line header
-
- # Break down all mappings
- header=true
- egrep "^(target|swap)=" ${conf_file} | \
- while read line ; do
- ${header} && einfo "Removing dm-crypt mappings"
- header=false
-
- target= swap=
- eval ${line}
-
- [ -n "${swap}" ] && target=${swap}
- if [ -z "${target}" ] ; then
- ewarn "invalid line in ${conf_file}: ${line}"
- continue
- fi
-
- ebegin " ${target}"
- cryptsetup remove ${target}
- eend $?
- done
-
- # Break down loop devices
- header=true
- grep '^source=./dev/loop' ${conf_file} | \
- while read line ; do
- ${header} && einfo "Detaching dm-crypt loop devices"
- header=false
-
- source=
- eval ${line}
-
- ebegin " ${source}"
- losetup -d "${source}"
- eend $?
- done
-
- return 0
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
index 0903ac5eabd..ea9a5ca4807 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
@@ -5,6 +5,7 @@
depend() {
use modules
before checkfs fsck
+ after dev-settle
if grep -qs ^swap= "${conf_file}" ; then
before swap
@@ -109,7 +110,7 @@ dm_crypt_execute() {
# ${target} is active:
# Newer versions report:
# ${target} is active[ and is in use.]
- if cryptsetup ${header_opt} status ${target} | egrep -q ' is active' ; then
+ if cryptsetup ${header_opt} status ${target} | grep -E -q ' is active' ; then
einfo "dm-crypt mapping ${target} is already configured"
return
fi
@@ -329,7 +330,7 @@ stop() {
# Break down all mappings
print_header=true
- egrep "^(target|swap)=" ${conf_file} | \
+ grep -E "^(target|swap)=" ${conf_file} | \
while read line ; do
${print_header} && einfo "Removing dm-crypt mappings"
print_header=false
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
index 5f7443faf40..5e848865257 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
@@ -18,6 +18,7 @@
Use /dev/urandom instead of /dev/random
+ cpe:/a:cryptsetup_project:cryptsetup
cryptsetup/cryptsetup
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest
new file mode 100644
index 00000000000..a888522f131
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/Manifest
@@ -0,0 +1 @@
+DIST udisks-2.9.4.tar.bz2 1699288 BLAKE2B 913f6dd02988c0bded13ae15a5f05e5b3c6404f0b0d58a493601a0762c7534403f89e9fb46ec6a536b85d5f9ca1f788c7a308f5563a897b324d212da0e7bab4b SHA512 35f5429bc2a7092aa659cba9296837d127e2b17c23ab23111d0d9b230d15ef5a6965e112b1f3829748a69a52fb5b09722153f86f1ef70977b3ad7b7a4ec40ec5
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch
new file mode 100644
index 00000000000..271a5271e3c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/files/udisks-2.9.4-undefined.patch
@@ -0,0 +1,143 @@
+Upstream-PR: https://github.com/storaged-project/udisks/pull/978
+Upstream-PR: https://github.com/storaged-project/udisks/pull/979
+Upstream-Commit: 362cc8f1613193f8e68d13a416421bb36fd7f713
+Upstream-Commit: 6cbce6602ce447127cb4f77706870b6706bf1c5f
+Upstream-Commit: 97bb17425e52ee6b2f11b13b3764d0dd6e8cfc97
+From 362cc8f1613193f8e68d13a416421bb36fd7f713 Mon Sep 17 00:00:00 2001
+From: orbea
+Date: Tue, 10 May 2022 09:29:10 -0700
+Subject: [PATCH 1/3] modules/btrfs: Add missing dependency
+
+When building udisks with --enable-btrfs using slibtool instead of GNU
+libtool the build will fail with undefined references.
+
+This is because of a missing dependency for libudisks2_btrfs_la_LIBADD
+and GNU libtool will hide this issue by silently ignoring -no-undefined
+while slibtool does not.
+
+Gentoo Bug: https://bugs.gentoo.org/782061
+---
+ modules/btrfs/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/btrfs/Makefile.am b/modules/btrfs/Makefile.am
+index ac8c941849..f96cd16186 100644
+--- a/modules/btrfs/Makefile.am
++++ b/modules/btrfs/Makefile.am
+@@ -73,6 +73,7 @@ libudisks2_btrfs_la_LDFLAGS = \
+ $(NULL)
+
+ libudisks2_btrfs_la_LIBADD = \
++ $(top_builddir)/src/libudisks-daemon.la \
+ $(GLIB_LIBS) \
+ $(GIO_LIBS) \
+ $(GUDEV_LIBS) \
+
+From 6cbce6602ce447127cb4f77706870b6706bf1c5f Mon Sep 17 00:00:00 2001
+From: orbea
+Date: Wed, 11 May 2022 07:55:13 -0700
+Subject: [PATCH 2/3] modules/bcache: Add missing dependency
+
+---
+ modules/bcache/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/bcache/Makefile.am b/modules/bcache/Makefile.am
+index 571541a6d4..7509205ba2 100644
+--- a/modules/bcache/Makefile.am
++++ b/modules/bcache/Makefile.am
+@@ -71,6 +71,7 @@ libudisks2_bcache_la_LDFLAGS = \
+ $(NULL)
+
+ libudisks2_bcache_la_LIBADD = \
++ $(top_builddir)/src/libudisks-daemon.la \
+ $(GLIB_LIBS) \
+ $(GIO_LIBS) \
+ $(GUDEV_LIBS) \
+
+From 97bb17425e52ee6b2f11b13b3764d0dd6e8cfc97 Mon Sep 17 00:00:00 2001
+From: orbea
+Date: Wed, 11 May 2022 07:55:25 -0700
+Subject: [PATCH 3/3] modules/lvm2: Add missing dependency
+
+---
+ modules/lvm2/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/lvm2/Makefile.am b/modules/lvm2/Makefile.am
+index 3342ad8e9b..67b8aa6b3f 100644
+--- a/modules/lvm2/Makefile.am
++++ b/modules/lvm2/Makefile.am
+@@ -76,6 +76,7 @@ libudisks2_lvm2_la_LDFLAGS = \
+ $(NULL)
+
+ libudisks2_lvm2_la_LIBADD = \
++ $(top_builddir)/src/libudisks-daemon.la \
+ $(GLIB_LIBS) \
+ $(GIO_LIBS) \
+ $(GUDEV_LIBS) \
+From 663f8194eeac75ec26fbfbd8855c5873315c495c Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek
+Date: Fri, 13 May 2022 17:04:52 +0200
+Subject: [PATCH 1/3] modules/iscsi: Add missing linker dependency
+
+---
+ modules/iscsi/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/iscsi/Makefile.am b/modules/iscsi/Makefile.am
+index 05af5ece29..2cecc300e9 100644
+--- a/modules/iscsi/Makefile.am
++++ b/modules/iscsi/Makefile.am
+@@ -77,6 +77,7 @@ libudisks2_iscsi_la_LDFLAGS = \
+ $(NULL)
+
+ libudisks2_iscsi_la_LIBADD = \
++ $(top_builddir)/src/libudisks-daemon.la \
+ $(GLIB_LIBS) \
+ $(GIO_LIBS) \
+ $(GUDEV_LIBS) \
+
+From 8ff2214d740f9819d6ede02534d7d0f23d6a3818 Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek
+Date: Fri, 13 May 2022 17:05:26 +0200
+Subject: [PATCH 2/3] modules/lsm: Add missing linker dependency
+
+---
+ modules/lsm/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/lsm/Makefile.am b/modules/lsm/Makefile.am
+index 2193115417..b77a9013fa 100644
+--- a/modules/lsm/Makefile.am
++++ b/modules/lsm/Makefile.am
+@@ -71,6 +71,7 @@ libudisks2_lsm_la_LDFLAGS = \
+ $(NULL)
+
+ libudisks2_lsm_la_LIBADD = \
++ $(top_builddir)/src/libudisks-daemon.la \
+ $(GLIB_LIBS) \
+ $(GIO_LIBS) \
+ $(GUDEV_LIBS) \
+
+From 4f59e7fd5b9ad94091230713c28f6a818269d48c Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek
+Date: Fri, 13 May 2022 17:05:43 +0200
+Subject: [PATCH 3/3] modules/zram: Add missing linker dependency
+
+---
+ modules/zram/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/modules/zram/Makefile.am b/modules/zram/Makefile.am
+index 9e5e9a6315..40f929583d 100644
+--- a/modules/zram/Makefile.am
++++ b/modules/zram/Makefile.am
+@@ -78,6 +78,7 @@ libudisks2_zram_la_LDFLAGS = \
+ $(NULL)
+
+ libudisks2_zram_la_LIBADD = \
++ $(top_builddir)/src/libudisks-daemon.la \
+ $(GLIB_LIBS) \
+ $(GIO_LIBS) \
+ $(GUDEV_LIBS) \
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml
new file mode 100644
index 00000000000..8e19b03530b
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/metadata.xml
@@ -0,0 +1,18 @@
+
+
+
+
+ freedesktop-bugs@gentoo.org
+
+
+
+ storaged-project/udisks
+
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild
new file mode 100644
index 00000000000..12ec4ea23ef
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/udisks/udisks-2.9.4-r3.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools bash-completion-r1 linux-info systemd tmpfiles udev xdg-utils
+
+DESCRIPTION="Daemon providing interfaces to work with storage devices"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/udisks"
+SRC_URI="https://github.com/storaged-project/udisks/releases/download/${P}/${P}.tar.bz2"
+
+LICENSE="LGPL-2+ GPL-2+"
+SLOT="2"
+KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
+IUSE="acl +daemon debug elogind +introspection lvm nls selinux systemd vdo zram"
+
+REQUIRED_USE="
+ ?? ( elogind systemd )
+ elogind? ( daemon )
+ systemd? ( daemon )
+ zram? ( systemd )
+"
+
+# See configure.ac file for the required min version
+BLOCKDEV_MIN_VER="2.25"
+
+# mount, umount, swapon, swapoff (see also #403073)
+RDEPEND="${COMMON_DEPEND}
+ >=sys-block/parted-3
+ >=sys-apps/util-linux-2.30
+ selinux? ( sec-policy/selinux-devicekit )
+"
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-3.1
+"
+BDEPEND="
+ app-text/docbook-xsl-stylesheets
+ >=dev-util/gdbus-codegen-2.32
+ >=dev-util/gtk-doc-am-1.3
+ virtual/pkgconfig
+ nls? ( >=sys-devel/gettext-0.19.8 )
+"
+# If adding a eautoreconf, then these might be needed at buildtime:
+# dev-libs/gobject-introspection-common
+# sys-devel/autoconf-archive
+
+DOCS=( AUTHORS HACKING NEWS README.md )
+
+PATCHES=(
+ "${FILESDIR}/${P}-undefined.patch" # 782061
+)
+
+pkg_setup() {
+ # Listing only major arch's here to avoid tracking kernel's defconfig
+ if use amd64 || use arm || use ppc || use ppc64 || use x86; then
+ CONFIG_CHECK="~!IDE" #319829
+ CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" #412377
+ CONFIG_CHECK+=" ~NLS_UTF8" #425562
+ kernel_is lt 3 10 && CONFIG_CHECK+=" ~USB_SUSPEND" #331065, #477278
+ linux-info_pkg_setup
+ fi
+}
+
+src_prepare() {
+ xdg_environment_reset
+ default
+
+ if ! use systemd ; then
+ sed -i -e 's:libsystemd-login:&disable:' configure || die
+ fi
+
+ # Added for bug # 782061
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --enable-btrfs
+ --disable-gtk-doc
+ --disable-static
+ --localstatedir="${EPREFIX}"/var
+ --with-html-dir="${EPREFIX}"/usr/share/gtk-doc/html
+ --with-modprobedir="${EPREFIX}"/lib/modprobe.d
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ --with-tmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
+ --with-udevdir="${EPREFIX}$(get_udevdir)"
+ $(use_enable acl)
+ $(use_enable daemon)
+ $(use_enable debug)
+ $(use_enable introspection)
+ $(use_enable lvm lvm2)
+ $(use_enable lvm lvmcache)
+ $(use_enable nls)
+ $(use_enable vdo)
+ $(use_enable zram)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ find "${ED}" -type f -name "*.la" -delete || die
+ keepdir /var/lib/udisks2 #383091
+
+ rm -rf "${ED}"/usr/share/bash-completion
+ dobashcomp data/completions/udisksctl
+}
+
+pkg_preinst() {
+ # Remove gtk-doc symlink, #597628
+ if [[ -L "${EROOT}"/usr/share/gtk-doc/html/udisks2 ]]; then
+ rm "${EROOT}"/usr/share/gtk-doc/html/udisks2 || die
+ fi
+}
+
+pkg_postinst() {
+ udev_reload
+
+ # TODO: obsolete with tmpfiles_process?
+ # mkdir -p "${EROOT}"/run #415987
+
+ tmpfiles_process udisks2.conf
+
+ # See pkg_postinst() of >=sys-apps/baselayout-2.1-r1. Keep in sync?
+ if ! grep -qs "^tmpfs.*/run " "${EROOT}"/proc/mounts ; then
+ echo
+ ewarn "You should reboot the system now to get /run mounted with tmpfs!"
+ fi
+}
+
+pkg_postrm() {
+ udev_reload
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest
new file mode 100644
index 00000000000..f7c1656f60c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/Manifest
@@ -0,0 +1 @@
+DIST cracklib-2.9.11.tar.xz 461116 BLAKE2B 46b499e465c1c268b772781a9c8ce573a5167ae2e0ac919b403acdb9a14c35140dfb53909eef6e41600e26c2f87d905b3d6d05380c66f053d091765b58a264f4 SHA512 c32e509f757344a1f0b7032ad3b6dc47a8759852a94e511c92073d85bce55f45d48c389d9eb34c993e1d61ad5c1542150672f3e8bc147148ebbb04d3319a2409
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild
new file mode 100644
index 00000000000..8be12c0d344
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/cracklib-2.9.11.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Note: ideally bump with sys-apps/cracklib-words
+
+DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{9..11} )
+inherit distutils-r1 libtool multilib-minimal usr-ldscript
+
+MY_P=${P/_}
+DESCRIPTION="Password Checking Library"
+HOMEPAGE="https://github.com/cracklib/cracklib/"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/v${PV}/${P}.tar.xz"
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="nls python static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+ python? ( ${PYTHON_DEPS} )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="
+ ${RDEPEND}
+ nls? ( virtual/libintl )
+"
+BDEPEND="
+ nls? ( sys-devel/gettext )
+ python? ( ${DISTUTILS_DEPS} )
+"
+
+distutils_enable_tests unittest
+
+pkg_setup() {
+ # Workaround bug #195017
+ if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then
+ eerror "Upgrade path is broken with FEATURES=unmerge-orphans"
+ eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+ die "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # bug #269003
+ elibtoolize
+
+ if use python ; then
+ distutils-r1_src_prepare
+ fi
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ # use /usr/lib so that the dictionary is shared between ABIs
+ --with-default-dict="/usr/lib/cracklib_dict"
+ --without-python
+ $(use_enable nls)
+ $(use_enable static-libs static)
+ )
+
+ export ac_cv_header_zlib_h=$(usex zlib)
+ export ac_cv_search_gzopen=$(usex zlib -lz no)
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ default
+
+ if multilib_is_native_abi && use python ; then
+ local -x CFLAGS="${CFLAGS} -DLOCALEDIR='\"${EPREFIX}/usr/share/locale\"' -DDEFAULT_CRACKLIB_DICT=\'${EPREFIX}/usr/lib/cracklib_dict\'"
+ cd python || die
+ distutils-r1_src_compile
+ fi
+}
+
+multilib_src_test() {
+ default
+
+ if multilib_is_native_abi && use python ; then
+ distutils-r1_src_test
+ fi
+}
+
+python_test() {
+ cd "${S}"/python || die
+
+ # Make sure we load the freshly built library
+ local -x LD_LIBRARY_PATH="${BUILD_DIR/-${EPYTHON/./_}}/lib/.libs:${BUILD_DIR}/lib:${LD_LIBRARY_PATH}"
+
+ eunittest
+}
+
+multilib_src_install() {
+ default
+
+ # Move shared libs to /
+ gen_usr_ldscript -a crack
+
+ if multilib_is_native_abi && use python ; then
+ cd python || die
+ distutils-r1_src_install
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+
+ find "${ED}" -type f -name "*.la" -delete || die
+ rm -r "${ED}"/usr/share/cracklib || die
+
+ insinto /usr/share/dict
+ doins dicts/cracklib-small
+}
+
+pkg_postinst() {
+ if [[ -z ${ROOT} ]] ; then
+ ebegin "Regenerating cracklib dictionary"
+ create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null
+ eend $?
+ fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml
new file mode 100644
index 00000000000..8aacd02b19c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/cracklib/metadata.xml
@@ -0,0 +1,12 @@
+
+
+
+
+ base-system@gentoo.org
+ Gentoo Base System
+
+
+ cracklib
+ cracklib/cracklib
+
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest
new file mode 100644
index 00000000000..4046bb32be9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/Manifest
@@ -0,0 +1,2 @@
+DIST libblockdev-2.28.tar.gz 925698 BLAKE2B 63ac7ab5bd02c1ef1848d0b252e09fe721cfe86258f063b7bab616766cbc56311707dcb2dd3a1fadf0e0840187f121aa178fd5959500cd590b846238a9d3e36e SHA512 9e01c41db4f728c8e81e710c6bb4725bbe34b3a7de25ff7f57b7b88ca6b7b5debbe858947585d314770036b2c3c533f9f8ff3d038b7ca50eee3d18f9fbe0d392
+DIST libblockdev-3.0.1.tar.gz 1066201 BLAKE2B bc213683fcfe78fcbeb494be90a5974911603f301152095b7aa6e0f14c0acfcaf946e8ef175b201d04d47de9d7743d9feaff5a31b23086b0253b5cab9cab24ee SHA512 b45e2f26691fe4016c8a161e1300f1edfca7a810e7535dd1eb787ad88a0d3110f75e0da289027eaed16bad275bfbb709b29b946e5fc3750a56e86c6453aa3a6d
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch
new file mode 100644
index 00000000000..2fbeaf49f23
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-2.28-sh_tests.patch
@@ -0,0 +1,23 @@
+bash is fine with "test . == ." but e.g. dash fails on not having
+the two dots quoted as strings.
+
+--- a/docs/Makefile.am
++++ b/docs/Makefile.am
+@@ -2,7 +2,7 @@
+
+ html-doc.stamp: ${srcdir}/libblockdev-docs.xml ${srcdir}/libblockdev-sections.txt $(wildcard ${srcdir}/../src/plugins/*.[ch]) $(wildcard ${srcdir}/../src/lib/*.[ch]) $(wildcard ${srcdir}/../src/utils/*.[ch])
+ touch ${builddir}/html-doc.stamp
+- test ${builddir} == ${srcdir} || cp ${srcdir}/libblockdev-sections.txt ${srcdir}/libblockdev-docs.xml ${builddir}
++ test "${builddir}" == "${srcdir}" || cp ${srcdir}/libblockdev-sections.txt ${srcdir}/libblockdev-docs.xml ${builddir}
+ gtkdoc-scan --rebuild-types --module=libblockdev --source-dir=${srcdir}/../src/plugins/ --source-dir=${srcdir}/../src/lib/ --source-dir=${srcdir}/../src/utils/
+ gtkdoc-mkdb --module=libblockdev --output-format=xml --source-dir=${srcdir}/../src/plugins/ --source-dir=${srcdir}/../src/lib/ --source-dir=${srcdir}/../src/utils/ --source-suffixes=c,h
+ test -d ${builddir}/html || mkdir ${builddir}/html
+@@ -13,7 +13,7 @@
+ -rm -rf ${builddir}/html
+ -rm -rf ${builddir}/xml
+ test ! -f ${builddir}/html-doc.stamp || rm ${builddir}/html-doc.stamp
+- test ${builddir} == ${srcdir} || rm -f ${builddir}/libblockdev-sections.txt ${builddir}/libblockdev-docs.xml
++ test "${builddir}" == "${srcdir}" || rm -f ${builddir}/libblockdev-sections.txt ${builddir}/libblockdev-docs.xml
+
+ install-data-local:
+ test -d ${DESTDIR}${datadir}/gtk-doc/html/libblockdev || mkdir -p ${DESTDIR}${datadir}/gtk-doc/html/libblockdev
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.1-sh_tests.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.1-sh_tests.patch
new file mode 100644
index 00000000000..c57464c39d8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/files/libblockdev-3.0.1-sh_tests.patch
@@ -0,0 +1,23 @@
+bash is fine with "test . == ." but e.g. dash fails on not having
+the two dots quoted as strings.
+
+--- a/docs/Makefile.am
++++ b/docs/Makefile.am
+@@ -2,7 +2,7 @@
+
+ html-doc.stamp: ${srcdir}/libblockdev-docs.xml ${srcdir}/libblockdev-sections.txt ${srcdir}/3.0-api-changes.xml $(wildcard ${srcdir}/../src/plugins/*.[ch]) $(wildcard ${srcdir}/../src/lib/*.[ch]) $(wildcard ${srcdir}/../src/utils/*.[ch])
+ touch ${builddir}/html-doc.stamp
+- test ${builddir} = ${srcdir} || cp ${srcdir}/libblockdev-sections.txt ${srcdir}/libblockdev-docs.xml ${builddir}
++ test "${builddir}" = "${srcdir}" || cp ${srcdir}/libblockdev-sections.txt ${srcdir}/libblockdev-docs.xml ${builddir}
+ gtkdoc-scan --rebuild-types --module=libblockdev --source-dir=${srcdir}/../src/plugins/ --source-dir=${srcdir}/../src/lib/ --source-dir=${srcdir}/../src/utils/ --ignore-headers="${srcdir}/../src/plugins/check_deps.h ${srcdir}/../src/plugins/dm_logging.h ${srcdir}/../src/plugins/vdo_stats.h ${srcdir}/../src/plugins/fs/common.h"
+ gtkdoc-mkdb --module=libblockdev --output-format=xml --source-dir=${srcdir}/../src/plugins/ --source-dir=${srcdir}/../src/lib/ --source-dir=${srcdir}/../src/utils/ --source-suffixes=c,h
+ test -d ${builddir}/html || mkdir ${builddir}/html
+@@ -13,7 +13,7 @@
+ -rm -rf ${builddir}/html
+ -rm -rf ${builddir}/xml
+ test ! -f ${builddir}/html-doc.stamp || rm ${builddir}/html-doc.stamp
+- test ${builddir} = ${srcdir} || rm -f ${builddir}/libblockdev-sections.txt ${builddir}/libblockdev-docs.xml ${builddir}/3.0-api-changes.xml
++ test "${builddir}" = "${srcdir}" || rm -f ${builddir}/libblockdev-sections.txt ${builddir}/libblockdev-docs.xml ${builddir}/3.0-api-changes.xml
+
+ install-data-local:
+ test -d ${DESTDIR}${datadir}/gtk-doc/html/libblockdev || mkdir -p ${DESTDIR}${datadir}/gtk-doc/html/libblockdev
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild
new file mode 100644
index 00000000000..16134d24995
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit autotools python-single-r1 xdg-utils
+
+DESCRIPTION="A library for manipulating block devices"
+HOMEPAGE="https://github.com/storaged-project/libblockdev"
+if [[ "${PV}" == *9999 ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git"
+ BDEPEND="
+ sys-devel/autoconf-archive
+ "
+else
+ MY_PV="${PV}-1"
+ SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz"
+ KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
+fi
+LICENSE="LGPL-2+"
+SLOT="0/2" # subslot is SOVERSION
+IUSE="bcache +cryptsetup device-mapper dmraid escrow gtk-doc introspection lvm kbd test +tools vdo"
+# Tests require root. In a future release, we may be able to run a smaller
+# subset with new run_tests.py arguments.
+RESTRICT="!test? ( test ) test"
+
+RDEPEND="
+ >=dev-libs/glib-2.42.2
+ dev-libs/libbytesize
+ >=sys-apps/kmod-19
+ >=sys-apps/util-linux-2.27
+ >=sys-block/parted-3.1
+ cryptsetup? (
+ escrow? (
+ >=dev-libs/nss-3.18.0
+ dev-libs/volume_key
+ )
+ >=sys-fs/cryptsetup-1.6.7:=
+ )
+ device-mapper? ( sys-fs/lvm2 )
+ dmraid? (
+ sys-fs/dmraid
+ sys-fs/lvm2
+ )
+ lvm? (
+ sys-fs/lvm2
+ virtual/udev
+ )
+ vdo? ( dev-libs/libyaml )
+ ${PYTHON_DEPS}
+"
+
+DEPEND="
+ ${RDEPEND}
+"
+
+# TODO: relax libbytesize condition once it has gained py3.11 support
+BDEPEND+="
+ dev-util/gtk-doc-am
+ gtk-doc? ( dev-util/gtk-doc )
+ introspection? ( >=dev-libs/gobject-introspection-1.3.0 )
+ test? (
+ $(python_gen_cond_dep '
+ dev-libs/libbytesize[python,${PYTHON_USEDEP}]
+ ' python3_{9..10} )
+ sys-block/targetcli-fb
+ )
+"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ escrow? ( cryptsetup )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.28-sh_tests.patch
+)
+
+pkg_setup() {
+ python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ xdg_environment_reset #623992
+ default
+
+ # https://bugs.gentoo.org/744289
+ find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \
+ | xargs --null sed "s@ -Werror@@" -i || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --with-btrfs
+ --with-fs
+ --with-part
+ --with-python3
+ --without-mpath
+ --without-nvdimm
+ --without-python2
+ $(use_enable introspection)
+ $(use_enable test tests)
+ $(use_with bcache)
+ $(use_with cryptsetup crypto)
+ $(use_with device-mapper dm)
+ $(use_with dmraid)
+ $(use_with escrow)
+ $(use_with gtk-doc)
+ $(use_with kbd)
+ $(use_with lvm lvm)
+ $(use_with lvm lvm-dbus)
+ $(use_with tools)
+ $(use_with vdo)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # See http://storaged.org/libblockdev/ch03.html
+ # The 'check' target just does Pylint.
+ # ... but it needs root.
+ emake test
+}
+
+src_install() {
+ default
+ find "${ED}" -type f -name "*.la" -delete || die
+ # This is installed even with USE=-lvm, but libbd_lvm are omitted so it
+ # doesn't work at all.
+ if ! use lvm ; then
+ rm -f "${ED}"/usr/bin/lvm-cache-stats || die
+ fi
+ python_optimize #718576
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r2.ebuild
new file mode 100644
index 00000000000..b0ea270cfb8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-2.28-r2.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+inherit autotools python-single-r1 xdg-utils
+
+DESCRIPTION="A library for manipulating block devices"
+HOMEPAGE="https://github.com/storaged-project/libblockdev"
+if [[ "${PV}" == *9999 ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git"
+ BDEPEND="
+ sys-devel/autoconf-archive
+ "
+else
+ MY_PV="${PV}-1"
+ SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+LICENSE="LGPL-2+"
+SLOT="0/2" # subslot is SOVERSION
+IUSE="bcache +cryptsetup device-mapper dmraid escrow gtk-doc introspection lvm kbd test +tools vdo"
+# Tests require root. In a future release, we may be able to run a smaller
+# subset with new run_tests.py arguments.
+RESTRICT="!test? ( test ) test"
+
+RDEPEND="
+ >=dev-libs/glib-2.42.2
+ dev-libs/libbytesize
+ sys-apps/gptfdisk
+ >=sys-apps/kmod-19
+ >=sys-apps/util-linux-2.27
+ >=sys-block/parted-3.1
+ cryptsetup? (
+ escrow? (
+ >=dev-libs/nss-3.18.0
+ dev-libs/volume_key
+ )
+ >=sys-fs/cryptsetup-1.6.7:=
+ )
+ device-mapper? ( sys-fs/lvm2 )
+ dmraid? (
+ sys-fs/dmraid
+ sys-fs/lvm2
+ )
+ lvm? (
+ sys-fs/lvm2
+ virtual/udev
+ )
+ vdo? ( dev-libs/libyaml )
+ ${PYTHON_DEPS}
+"
+
+DEPEND="
+ ${RDEPEND}
+"
+
+BDEPEND+="
+ dev-util/gtk-doc-am
+ gtk-doc? ( dev-util/gtk-doc )
+ introspection? ( >=dev-libs/gobject-introspection-1.3.0 )
+ test? (
+ $(python_gen_cond_dep '
+ dev-libs/libbytesize[python,${PYTHON_USEDEP}]
+ ')
+ sys-block/targetcli-fb
+ )
+"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ escrow? ( cryptsetup )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.28-sh_tests.patch
+)
+
+pkg_setup() {
+ python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ xdg_environment_reset #623992
+ default
+
+ # https://bugs.gentoo.org/744289
+ find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \
+ | xargs --null sed "s@ -Werror@@" -i || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --with-btrfs
+ --with-fs
+ --with-part
+ --with-python3
+ --without-mpath
+ --without-nvdimm
+ --without-python2
+ $(use_enable introspection)
+ $(use_enable test tests)
+ $(use_with bcache)
+ $(use_with cryptsetup crypto)
+ $(use_with device-mapper dm)
+ $(use_with dmraid)
+ $(use_with escrow)
+ $(use_with gtk-doc)
+ $(use_with kbd)
+ $(use_with lvm lvm)
+ $(use_with lvm lvm-dbus)
+ $(use_with tools)
+ $(use_with vdo)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # See http://storaged.org/libblockdev/ch03.html
+ # The 'check' target just does Pylint.
+ # ... but it needs root.
+ emake test
+}
+
+src_install() {
+ default
+ find "${ED}" -type f -name "*.la" -delete || die
+ # This is installed even with USE=-lvm, but libbd_lvm are omitted so it
+ # doesn't work at all.
+ if ! use lvm ; then
+ rm -f "${ED}"/usr/bin/lvm-cache-stats || die
+ fi
+ python_optimize #718576
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.1.ebuild
new file mode 100644
index 00000000000..f5bc2e4fb5e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-3.0.1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+inherit autotools python-single-r1 xdg-utils
+
+DESCRIPTION="A library for manipulating block devices"
+HOMEPAGE="https://github.com/storaged-project/libblockdev"
+if [[ "${PV}" == *9999 ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git"
+ BDEPEND="
+ sys-devel/autoconf-archive
+ "
+else
+ MY_PV="${PV}-1"
+ SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~loong ~mips ~ppc64 ~riscv ~x86"
+fi
+LICENSE="LGPL-2+"
+SLOT="0/3" # subslot is SOVERSION
+IUSE="+cryptsetup device-mapper escrow gtk-doc introspection lvm +nvme test +tools"
+# Tests require root. In a future release, we may be able to run a smaller
+# subset with new run_tests.py arguments.
+RESTRICT="!test? ( test ) test"
+
+RDEPEND="
+ >=dev-libs/glib-2.42.2
+ dev-libs/libbytesize
+ sys-apps/gptfdisk
+ >=sys-apps/kmod-19
+ >=sys-apps/util-linux-2.27
+ >=sys-block/parted-3.1
+ cryptsetup? (
+ escrow? (
+ >=dev-libs/nss-3.18.0
+ dev-libs/volume_key
+ )
+ >=sys-apps/keyutils-1.5.0:=
+ >=sys-fs/cryptsetup-2.3.0:=
+ )
+ device-mapper? ( sys-fs/lvm2 )
+ lvm? (
+ sys-fs/lvm2
+ virtual/udev
+ )
+ nvme? ( sys-libs/libnvme )
+ ${PYTHON_DEPS}
+"
+
+DEPEND="
+ ${RDEPEND}
+"
+
+BDEPEND+="
+ dev-util/gtk-doc-am
+ gtk-doc? ( dev-util/gtk-doc )
+ introspection? ( >=dev-libs/gobject-introspection-1.3.0 )
+ test? (
+ $(python_gen_cond_dep '
+ dev-libs/libbytesize[python,${PYTHON_USEDEP}]
+ ')
+ sys-block/targetcli-fb
+ )
+"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ escrow? ( cryptsetup )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.0.1-sh_tests.patch
+)
+
+pkg_setup() {
+ python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ xdg_environment_reset #623992
+ default
+
+ # https://bugs.gentoo.org/744289
+ find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \
+ | xargs --null sed "s@ -Werror@@" -i || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --with-btrfs
+ --with-fs
+ --with-part
+ --with-python3
+ --without-mpath
+ --without-nvdimm
+ $(use_enable introspection)
+ $(use_enable test tests)
+ $(use_with cryptsetup crypto)
+ $(use_with device-mapper dm)
+ $(use_with escrow)
+ $(use_with gtk-doc)
+ $(use_with lvm lvm)
+ $(use_with lvm lvm-dbus)
+ $(use_with nvme)
+ $(use_with tools)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # See http://storaged.org/libblockdev/ch03.html
+ # The 'check' target just does Pylint.
+ # ... but it needs root.
+ emake test
+}
+
+src_install() {
+ default
+ find "${ED}" -type f -name "*.la" -delete || die
+ # This is installed even with USE=-lvm, but libbd_lvm are omitted so it
+ # doesn't work at all.
+ if ! use lvm ; then
+ rm -f "${ED}"/usr/bin/lvm-cache-stats || die
+ fi
+ python_optimize #718576
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-9999.ebuild
new file mode 100644
index 00000000000..59bd04d7fe4
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/libblockdev-9999.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+inherit autotools python-single-r1 xdg-utils
+
+DESCRIPTION="A library for manipulating block devices"
+HOMEPAGE="https://github.com/storaged-project/libblockdev"
+if [[ "${PV}" == *9999 ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/storaged-project/libblockdev.git"
+ BDEPEND="
+ sys-devel/autoconf-archive
+ "
+else
+ MY_PV="${PV}-1"
+ SRC_URI="https://github.com/storaged-project/${PN}/releases/download/${MY_PV}/${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+LICENSE="LGPL-2+"
+SLOT="0/3" # subslot is SOVERSION
+IUSE="+cryptsetup device-mapper escrow gtk-doc introspection lvm +nvme test +tools"
+# Tests require root. In a future release, we may be able to run a smaller
+# subset with new run_tests.py arguments.
+RESTRICT="!test? ( test ) test"
+
+RDEPEND="
+ >=dev-libs/glib-2.42.2
+ dev-libs/libbytesize
+ sys-apps/gptfdisk
+ >=sys-apps/kmod-19
+ >=sys-apps/util-linux-2.27
+ >=sys-block/parted-3.1
+ cryptsetup? (
+ escrow? (
+ >=dev-libs/nss-3.18.0
+ dev-libs/volume_key
+ )
+ >=sys-apps/keyutils-1.5.0:=
+ >=sys-fs/cryptsetup-2.3.0:=
+ )
+ device-mapper? ( sys-fs/lvm2 )
+ lvm? (
+ sys-fs/lvm2
+ virtual/udev
+ )
+ nvme? ( sys-libs/libnvme )
+ ${PYTHON_DEPS}
+"
+
+DEPEND="
+ ${RDEPEND}
+"
+
+BDEPEND+="
+ dev-util/gtk-doc-am
+ gtk-doc? ( dev-util/gtk-doc )
+ introspection? ( >=dev-libs/gobject-introspection-1.3.0 )
+ test? (
+ $(python_gen_cond_dep '
+ dev-libs/libbytesize[python,${PYTHON_USEDEP}]
+ ')
+ sys-block/targetcli-fb
+ )
+"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ escrow? ( cryptsetup )"
+
+pkg_setup() {
+ python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ xdg_environment_reset #623992
+ default
+
+ # https://bugs.gentoo.org/744289
+ find -type f \( -name "Makefile.am" -o -name "configure.ac" \) -print0 \
+ | xargs --null sed "s@ -Werror@@" -i || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --with-btrfs
+ --with-fs
+ --with-part
+ --with-python3
+ --without-mpath
+ --without-nvdimm
+ $(use_enable introspection)
+ $(use_enable test tests)
+ $(use_with cryptsetup crypto)
+ $(use_with device-mapper dm)
+ $(use_with escrow)
+ $(use_with gtk-doc)
+ $(use_with lvm lvm)
+ $(use_with lvm lvm-dbus)
+ $(use_with nvme)
+ $(use_with tools)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # See http://storaged.org/libblockdev/ch03.html
+ # The 'check' target just does Pylint.
+ # ... but it needs root.
+ emake test
+}
+
+src_install() {
+ default
+ find "${ED}" -type f -name "*.la" -delete || die
+ # This is installed even with USE=-lvm, but libbd_lvm are omitted so it
+ # doesn't work at all.
+ if ! use lvm ; then
+ rm -f "${ED}"/usr/bin/lvm-cache-stats || die
+ fi
+ python_optimize #718576
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml
new file mode 100644
index 00000000000..4ae6f93edad
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libblockdev/metadata.xml
@@ -0,0 +1,27 @@
+
+
+
+
+ marecki@gentoo.org
+ Marek Szuba
+
+
+ slashbeast@gentoo.org
+ Piotr Karbowski
+
+
+
+ storaged-project/libblockdev
+
+