diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest
new file mode 100644
index 0000000000..57fe6ac8d9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest
@@ -0,0 +1 @@
+DIST gnutls-3.6.15.tar.xz 6081656 BLAKE2B 6c52419037e41e817087a2577a6b73969cf065453ecf88e2f87152f544a177e4ad0ef825ae9dab243312e0223a953ab28e532bd2dbf96cb9498618415bc7f654 SHA512 f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
new file mode 100644
index 0000000000..dad6cec8d3
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.6.15-skip-dtls-seccomp-tests.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/649396
+https://bugs.gentoo.org/711104
+
+--- a/tests/dtls-client-with-seccomp.c
++++ b/tests/dtls-client-with-seccomp.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
++#if 1
+ 
+ int main()
+ {
+--- a/tests/dtls-with-seccomp.c
++++ b/tests/dtls-with-seccomp.c
+@@ -27,7 +27,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP)
++#if 1
+ 
+ int main()
+ {
+ 
diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.6.15.ebuild b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.6.15.ebuild
new file mode 100644
index 0000000000..5fabb1a30d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.6.15.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit libtool multilib-minimal
+
+DESCRIPTION="A TLS 1.2 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-3 LGPL-2.1+"
+SLOT="0/30" # libgnutls.so number
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind"
+
+REQUIRED_USE="
+	test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+# NOTICE: sys-devel/autogen is required at runtime as we
+# use system libopts
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.4.1:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+	tools? ( sys-devel/autogen:= )
+	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-2:=[networking] )
+	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1:=[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	test? (
+		seccomp? ( sys-libs/libseccomp )
+	)"
+BDEPEND=">=virtual/pkgconfig-0-r1
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+	tools? ( sys-devel/autogen )
+	valgrind? ( dev-util/valgrind )
+	test-full? (
+		app-crypt/dieharder
+		>=app-misc/datefudge-1.22
+		dev-libs/softhsm:2[-bindist]
+		net-dialup/ppp
+		net-misc/socat
+	)"
+
+DOCS=(
+	README.md
+	doc/certtool.cfg
+)
+
+HTML_DOCS=()
+
+#PATCHES=( "${FILESDIR}"/${PN}-3.6.15-skip-dtls-seccomp-tests.patch )
+
+pkg_setup() {
+	# bug#520818
+	export TZ=UTC
+
+	use doc && HTML_DOCS+=(
+		doc/gnutls.html
+	)
+}
+
+src_prepare() {
+	default
+
+	# force regeneration of autogen-ed files
+	local file
+	for file in $(grep -l AutoGen-ed src/*.c) ; do
+		rm src/$(basename ${file} .c).{c,h} || die
+	done
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	local libconf=()
+
+	# TPM needs to be tested before being enabled
+	libconf+=( --without-tpm )
+
+	# hardware-accell is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# Cygwin as does not understand these asm files at all
+	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	local myeconfargs=(
+		$(multilib_native_enable manpages)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable doc)
+		$(multilib_native_use_enable guile)
+		$(multilib_native_use_enable seccomp seccomp-tests)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test-full full-test-suite)
+		$(multilib_native_use_enable tools)
+		$(multilib_native_use_enable valgrind valgrind-tests)
+		$(use_enable cxx)
+		$(use_enable dane libdane)
+		$(use_enable nls)
+		$(use_enable openssl openssl-compatibility)
+		$(use_enable sslv2 ssl2-support)
+		$(use_enable sslv3 ssl3-support)
+		$(use_enable static-libs static)
+		$(use_enable tls-heartbeat heartbeat-support)
+		$(use_with idn)
+		$(use_with pkcs11 p11-kit)
+		--disable-rpath
+		--with-default-trust-store-file="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
+		--with-unbound-root-key-file="${EPREFIX}/etc/dnssec/root-anchors.txt"
+		--without-included-libtasn1
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml
new file mode 100644
index 0000000000..34baa89cc6
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/metadata.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="project">
+    <email>base-system@gentoo.org</email>
+  </maintainer>
+  <use>
+    <flag name="dane">
+      Build libgnutls-dane, implementing DNS-based Authentication of
+      Named Entities. Requires <pkg>net-dns/unbound</pkg>
+    </flag>
+    <flag name="openssl">
+      Build openssl compatibility libraries
+    </flag>
+    <flag name="pkcs11">
+      Add support for PKCS#11 through <pkg>app-crypt/p11-kit</pkg>
+    </flag>
+    <flag name="tools">
+      Build extra tools
+    </flag>
+    <flag name="tls-heartbeat">
+      Enable the Heartbeat Extension in TLS and DTLS
+    </flag>
+    <flag name="sslv2">
+      Support for the old/insecure SSLv2 protocol
+    </flag>
+    <flag name="sslv3">
+      Support for the old/insecure SSLv3 protocol
+    </flag>
+    <flag name="test-full">
+      Enable full test mode
+    </flag>
+    <flag name="valgrind">
+      Enable usage of <pkg>dev-util/valgrind</pkg> in debug
+    </flag>
+  </use>
+  <slots>
+   <subslots>Reflect ABI compatibility of libgnutls.so</subslots>
+  </slots>
+  <upstream>
+    <remote-id type="cpe">cpe:/a:gnu:gnutls</remote-id>
+  </upstream>
+</pkgmetadata>