diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest
index d669c417d5..4f8c8c5ede 100644
--- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/Manifest
@@ -1,4 +1 @@
-DIST pambase-20250826.tar.bz2 4925 BLAKE2B c6929aa506b94b9215bd2c686fd9965d6c3a77f36c7a2d114ca5b2c39a30e2209a84408ee855559837d54161e359723889b89bb9c048bb36b00c7156495968fc SHA512 c9bc07ac617891ddab6f2a8358b10899462d9b54fcc3642d222dd2402914f24225854103b6c581aa2041fb0feb0f94688e07aad10ab94c3a629b4cd2937bd785
-DIST pambase-20250906.tar.bz2 4972 BLAKE2B b65da13a265d5a3df1e84546a8f6e1447d7ea5a40fe4a44488691c4a182cf4b3d13d20ce85778f549d217ebf4b4511e71f5f285b34edf9e9e18bab50b0d22c82 SHA512 639d87169fafb0e44401104ade7dfaa7a5d6bd473d9e4e3c35a0fb87aaf73a383d406ee05944a3190750e55e59decd867ab3f773664f9fb787f40acc05826d1c
-DIST pambase-20251013.tar.bz2 4963 BLAKE2B c2eb355819c28a6b41e8aea843c176769fa53519cb357239712165f0bf507bc21132d732fd2600d9354e2031e55da30beb676f1da854ce4bda687b8de006641a SHA512 968d82e817b209d66ea1719493539ff363a844795efd8584690a4ca9b5f932f5f5a9e8352747b590ae6ffba332a9a7d8e2a224af26bc3a6bdf012736daca9e6c
DIST pambase-20251104.tar.bz2 4986 BLAKE2B fe5deb57d1b346071d67ac6720e3a8930c23a5aee6b64beeea2238e60b7a8a3070603bf4665936d082a8469f72058787a11243722b3fbd9edb888dab59c3dedc SHA512 037e3fbf4b63a1944220e73b2c8f15b3aea1f7f7691cdcf50c38c7a5702b6620fdaa4464c5183d26058f1a2d081cd1557690028fefbd649d0083cf22fbf9e1ae
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml
index 526e8b5c34..86b87e2005 100644
--- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/metadata.xml
@@ -72,7 +72,10 @@
via pam_sss.
- Switch Linux-PAM's pam_unix module to use yescrypt for passwords hashes rather than MD5
+ Switch Linux-PAM's pam_unix module to use yescrypt for passwords hashes
+ rather than MD5. Like with USE=sha512 (see that description), this
+ only changes the default, and hashes with other types are still
+ supported.
Enable pam_krb5 module on system auth stack, as an alternative
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250826.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250826.ebuild
deleted file mode 100644
index a56107d0f7..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250826.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..13} )
-
-inherit edo pam python-any-r1 readme.gentoo-r1
-
-DESCRIPTION="PAM base configuration files"
-HOMEPAGE="https://github.com/gentoo/pambase"
-
-if [[ ${PV} == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="
- https://anongit.gentoo.org/git/proj/pambase.git
- https://github.com/gentoo/pambase.git
- "
-else
- SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2"
-
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-fi
-
-LICENSE="MIT"
-SLOT="0"
-IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt"
-
-RESTRICT="binchecks"
-
-REQUIRED_USE="
- ?? ( elogind systemd )
- ?? ( passwdqc pwquality )
- ?? ( sha512 yescrypt )
- pwhistory? ( || ( passwdqc pwquality ) )
- homed? ( !pam_krb5 )
- pam_krb5? ( !homed )
-"
-
-MIN_PAM_REQ=1.4.0
-
-RDEPEND="
- >=sys-libs/pam-${MIN_PAM_REQ}
- elogind? ( sys-auth/elogind[pam] )
- gnome-keyring? ( gnome-base/gnome-keyring[pam] )
- mktemp? ( sys-auth/pam_mktemp )
- pam_krb5? (
- >=sys-libs/pam-${MIN_PAM_REQ}
- sys-auth/pam_krb5
- )
- caps? ( sys-libs/libcap[pam] )
- pam_ssh? ( sys-auth/pam_ssh )
- passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
- pwquality? ( dev-libs/libpwquality[pam] )
- selinux? ( sys-libs/pam[selinux] )
- sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
- homed? ( sys-apps/systemd[homed] )
- systemd? ( sys-apps/systemd[pam] )
- yescrypt? ( sys-libs/libxcrypt[system] )
- sssd? ( sys-auth/sssd )
-"
-BDEPEND="
- $(python_gen_any_dep '
- dev-python/jinja2[${PYTHON_USEDEP}]
- ')
-"
-
-python_check_deps() {
- python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]"
-}
-
-src_configure() {
- local crypt=md5
- # TODO: sha256, blowfish, gost_yescrypt
- use sha512 && crypt=sha512
- use yescrypt && crypt=yescrypt
-
- local pamargs=(
- # Not all 'upstream' options are (currently) wired up
- # in the ebuild.
- #
- # TODO: pam_shells
- $(usev caps '--caps')
- $(usev debug '--debug')
- $(usev elogind '--elogind')
- $(usev gnome-keyring '--gnome-keyring')
- $(usev homed '--homed')
- $(usev minimal '--minimal')
- $(usev mktemp '--mktemp')
- $(usev nullok '--nullok')
- $(usev pam_krb5 '--krb5')
- $(usev pam_ssh '--pam-ssh')
- $(usev passwdqc '--passwdqc')
- $(usev pwhistory '--pwhistory')
- $(usev pwquality '--pwquality')
- $(usev securetty '--securetty')
- $(usev selinux '--selinux')
- $(usex systemd '--systemd' '--openrc')
- $(usev sssd '--sssd')
-
- --encrypt=${crypt}
- )
-
- edo ${EPYTHON} ./${PN}.py "${pamargs[@]}"
-}
-
-src_test() { :; }
-
-src_install() {
- local DOC_CONTENTS
-
- if use passwdqc; then
- DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
- page and then edit the /etc/security/passwdqc.conf file"
- fi
-
- if use pwquality; then
- DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
- page and then edit the /etc/security/pwquality.conf file"
- fi
-
- { use passwdqc || use pwquality; } && readme.gentoo_create_doc
-
- dopamd -r stack/.
-}
-
-pkg_postinst() {
- { use passwdqc || use pwquality; } && readme.gentoo_print_elog
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250906.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250906.ebuild
deleted file mode 100644
index 2d64418812..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20250906.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..14} )
-
-inherit edo pam python-any-r1 readme.gentoo-r1
-
-DESCRIPTION="PAM base configuration files"
-HOMEPAGE="https://github.com/gentoo/pambase"
-
-if [[ ${PV} == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="
- https://anongit.gentoo.org/git/proj/pambase.git
- https://github.com/gentoo/pambase.git
- "
-else
- SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2"
-
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-fi
-
-LICENSE="MIT"
-SLOT="0"
-IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt"
-
-RESTRICT="binchecks"
-
-REQUIRED_USE="
- ?? ( elogind systemd )
- ?? ( passwdqc pwquality )
- ?? ( sha512 yescrypt )
- pwhistory? ( || ( passwdqc pwquality ) )
- homed? ( !pam_krb5 )
- pam_krb5? ( !homed )
-"
-
-MIN_PAM_REQ=1.4.0
-
-RDEPEND="
- >=sys-libs/pam-${MIN_PAM_REQ}
- elogind? ( sys-auth/elogind[pam] )
- gnome-keyring? ( gnome-base/gnome-keyring[pam] )
- mktemp? ( sys-auth/pam_mktemp )
- pam_krb5? (
- >=sys-libs/pam-${MIN_PAM_REQ}
- sys-auth/pam_krb5
- )
- caps? ( sys-libs/libcap[pam] )
- pam_ssh? ( sys-auth/pam_ssh )
- passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
- pwquality? ( dev-libs/libpwquality[pam] )
- selinux? ( sys-libs/pam[selinux] )
- sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
- homed? ( sys-apps/systemd[homed] )
- systemd? ( sys-apps/systemd[pam] )
- yescrypt? ( sys-libs/libxcrypt[system] )
- sssd? ( sys-auth/sssd )
-"
-BDEPEND="
- $(python_gen_any_dep '
- dev-python/jinja2[${PYTHON_USEDEP}]
- ')
-"
-
-python_check_deps() {
- python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]"
-}
-
-src_configure() {
- local crypt=md5
- # TODO: sha256, blowfish, gost_yescrypt
- use sha512 && crypt=sha512
- use yescrypt && crypt=yescrypt
-
- local pamargs=(
- # Not all 'upstream' options are (currently) wired up
- # in the ebuild.
- #
- # TODO: pam_shells
- $(usev caps '--caps')
- $(usev debug '--debug')
- $(usev elogind '--elogind')
- $(usev gnome-keyring '--gnome-keyring')
- $(usev homed '--homed')
- $(usev minimal '--minimal')
- $(usev mktemp '--mktemp')
- $(usev nullok '--nullok')
- $(usev pam_krb5 '--krb5')
- $(usev pam_ssh '--pam-ssh')
- $(usev passwdqc '--passwdqc')
- $(usev pwhistory '--pwhistory')
- $(usev pwquality '--pwquality')
- $(usev securetty '--securetty')
- $(usev selinux '--selinux')
- $(usex systemd '--systemd' '--openrc')
- $(usev sssd '--sssd')
-
- --encrypt=${crypt}
- )
-
- edo ${EPYTHON} ./${PN}.py "${pamargs[@]}"
-}
-
-src_test() { :; }
-
-src_install() {
- local DOC_CONTENTS
-
- if use passwdqc; then
- DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
- page and then edit the /etc/security/passwdqc.conf file"
- fi
-
- if use pwquality; then
- DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
- page and then edit the /etc/security/pwquality.conf file"
- fi
-
- { use passwdqc || use pwquality; } && readme.gentoo_create_doc
-
- dopamd -r stack/.
-}
-
-pkg_postinst() {
- { use passwdqc || use pwquality; } && readme.gentoo_print_elog
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20251013.ebuild b/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20251013.ebuild
deleted file mode 100644
index 2d64418812..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-auth/pambase/pambase-20251013.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..14} )
-
-inherit edo pam python-any-r1 readme.gentoo-r1
-
-DESCRIPTION="PAM base configuration files"
-HOMEPAGE="https://github.com/gentoo/pambase"
-
-if [[ ${PV} == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="
- https://anongit.gentoo.org/git/proj/pambase.git
- https://github.com/gentoo/pambase.git
- "
-else
- SRC_URI="https://gitweb.gentoo.org/proj/pambase.git/snapshot/${P}.tar.bz2"
-
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
-fi
-
-LICENSE="MIT"
-SLOT="0"
-IUSE="caps debug elogind gnome-keyring homed minimal mktemp +nullok pam_krb5 pam_ssh +passwdqc pwhistory pwquality securetty selinux +sha512 sssd systemd yescrypt"
-
-RESTRICT="binchecks"
-
-REQUIRED_USE="
- ?? ( elogind systemd )
- ?? ( passwdqc pwquality )
- ?? ( sha512 yescrypt )
- pwhistory? ( || ( passwdqc pwquality ) )
- homed? ( !pam_krb5 )
- pam_krb5? ( !homed )
-"
-
-MIN_PAM_REQ=1.4.0
-
-RDEPEND="
- >=sys-libs/pam-${MIN_PAM_REQ}
- elogind? ( sys-auth/elogind[pam] )
- gnome-keyring? ( gnome-base/gnome-keyring[pam] )
- mktemp? ( sys-auth/pam_mktemp )
- pam_krb5? (
- >=sys-libs/pam-${MIN_PAM_REQ}
- sys-auth/pam_krb5
- )
- caps? ( sys-libs/libcap[pam] )
- pam_ssh? ( sys-auth/pam_ssh )
- passwdqc? ( >=sys-auth/passwdqc-1.4.0-r1 )
- pwquality? ( dev-libs/libpwquality[pam] )
- selinux? ( sys-libs/pam[selinux] )
- sha512? ( >=sys-libs/pam-${MIN_PAM_REQ} )
- homed? ( sys-apps/systemd[homed] )
- systemd? ( sys-apps/systemd[pam] )
- yescrypt? ( sys-libs/libxcrypt[system] )
- sssd? ( sys-auth/sssd )
-"
-BDEPEND="
- $(python_gen_any_dep '
- dev-python/jinja2[${PYTHON_USEDEP}]
- ')
-"
-
-python_check_deps() {
- python_has_version "dev-python/jinja2[${PYTHON_USEDEP}]"
-}
-
-src_configure() {
- local crypt=md5
- # TODO: sha256, blowfish, gost_yescrypt
- use sha512 && crypt=sha512
- use yescrypt && crypt=yescrypt
-
- local pamargs=(
- # Not all 'upstream' options are (currently) wired up
- # in the ebuild.
- #
- # TODO: pam_shells
- $(usev caps '--caps')
- $(usev debug '--debug')
- $(usev elogind '--elogind')
- $(usev gnome-keyring '--gnome-keyring')
- $(usev homed '--homed')
- $(usev minimal '--minimal')
- $(usev mktemp '--mktemp')
- $(usev nullok '--nullok')
- $(usev pam_krb5 '--krb5')
- $(usev pam_ssh '--pam-ssh')
- $(usev passwdqc '--passwdqc')
- $(usev pwhistory '--pwhistory')
- $(usev pwquality '--pwquality')
- $(usev securetty '--securetty')
- $(usev selinux '--selinux')
- $(usex systemd '--systemd' '--openrc')
- $(usev sssd '--sssd')
-
- --encrypt=${crypt}
- )
-
- edo ${EPYTHON} ./${PN}.py "${pamargs[@]}"
-}
-
-src_test() { :; }
-
-src_install() {
- local DOC_CONTENTS
-
- if use passwdqc; then
- DOC_CONTENTS="To amend the existing password policy please see the man 5 passwdqc.conf
- page and then edit the /etc/security/passwdqc.conf file"
- fi
-
- if use pwquality; then
- DOC_CONTENTS="To amend the existing password policy please see the man 5 pwquality.conf
- page and then edit the /etc/security/pwquality.conf file"
- fi
-
- { use passwdqc || use pwquality; } && readme.gentoo_create_doc
-
- dopamd -r stack/.
-}
-
-pkg_postinst() {
- { use passwdqc || use pwquality; } && readme.gentoo_print_elog
-}