From 8577c39ea10e944bbe06f7db893abe5803879a8a Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Tue, 16 May 2023 11:44:33 +0530
Subject: [PATCH] sys-apps/sandbox: Sync with Gentoo

It's from Gentoo commit cba985622c089f355a42d163111c7021841ad3d5.
---
 .../portage-stable/sys-apps/sandbox/Manifest  |  8 +--
 .../files/sandbox-3.1-label-decl.patch        | 41 ------------
 .../sys-apps/sandbox/metadata.xml             | 18 +++--
 .../sys-apps/sandbox/sandbox-2.24.ebuild      | 63 ------------------
 .../sys-apps/sandbox/sandbox-2.25.ebuild      | 63 ------------------
 .../sys-apps/sandbox/sandbox-2.26.ebuild      | 58 ----------------
 .../sys-apps/sandbox/sandbox-2.28.ebuild      | 62 -----------------
 .../sys-apps/sandbox/sandbox-2.29.ebuild      |  4 +-
 ...box-2.27.ebuild => sandbox-2.30-r1.ebuild} | 18 ++---
 .../sys-apps/sandbox/sandbox-3.0.ebuild       | 62 -----------------
 .../sys-apps/sandbox/sandbox-3.1.ebuild       | 66 -------------------
 11 files changed, 24 insertions(+), 439 deletions(-)
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild
 rename sdk_container/src/third_party/portage-stable/sys-apps/sandbox/{sandbox-2.27.ebuild => sandbox-2.30-r1.ebuild} (71%)
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild

diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest
index b3f61f637d..fab9ebe2fb 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest
@@ -1,8 +1,2 @@
-DIST sandbox-2.24.tar.xz 438408 BLAKE2B 5e725d17da0abc06d56216f4df2f4034076f50163db1c3bbddbf4fd07dbd5b7d92ef2f1b2c01eb77ff6cf531c5cc6a05e60b028f585310ac56eef96240882843 SHA512 8df5414e334a15f367acfd218ba1b74ba618b93d7bdeca8a039b69cbd81ab048ec5a6cecb24df09fa9a5f4fe214d647acf5138004defd45e6396eec5ae7c93d0
-DIST sandbox-2.25.tar.xz 436004 BLAKE2B c9c7d351cdefbb2b1a585904c38742a5a3bde50d3d690c57cff9cdc71ffb822e78a2b56c47afd03fbc70834de5dda13c5a300d9d6b35e09ec400a050d4f8e82c SHA512 4e998c4d9ba6eb69369cc49849060a2e90535eae91fbb64c4d46371fe0ed5182413b14674f10c773fd997b6895bc870ccb23586351f5bb06b69dc11a0cddbe1d
-DIST sandbox-2.26.tar.xz 444412 BLAKE2B 3bc88d86ba4e2522895c4448dff6da2cffceb912e5ff9610fe4c3aea255ffd9b9ca9bbe8e45d94508f45e9c141aa6945a9a8d82cba0f3ca102ff6a1624c84161 SHA512 f20766daf2ce43753772a184c86a7b6847f96ab7b60b202616e15d791bc1f770162035a9b1ffe38765dff8d2567ad971a9a2bdeba9a8769845a758fcd95206fa
-DIST sandbox-2.27.tar.xz 448948 BLAKE2B 03a311c8c7c8719bac398e39ce49e7149bdaa1d5b2811f395eb2251a32aabba995f97c3d5d27461aadb64bf43adf2b0cbaa7c2f141dd86f64f8dd326422ac104 SHA512 2a53e6fc87cec975962737b1fadc447d86985d27b18ad2caed711116da2ba435f54db0f7dadb02664b2638b9dc77752831cd4820390f5c3e61a42429e13462a7
-DIST sandbox-2.28.tar.xz 450840 BLAKE2B 1a144db1dcd140ce393f47b224c4389693bd3db6d056749968a9e78730b1075192148aa63fdfd5ab93893dfb96a87bcc36bee8b4540abefca0590a8def8365f2 SHA512 eaac54fbc35f51da3c94bfa10e0556f0fd39c20660fea2aa7d3cbf76dd3e4c9fb4a16cc198425988b79313f9331af030e1dca431c3f057ee4a04927c96897895
 DIST sandbox-2.29.tar.xz 452784 BLAKE2B 388f5d9c49134696bafbc6b882581396a9fa2e7caa6ccfb4376706d653f836ce18e0d77527c4c4f2ff753c0b920ab5ab60e151dd8a4e399e13dbc3fe7c0533d6 SHA512 15c0e6b71e8b8547b8188f857568c99b1925d5a837a289b21c4f842341361bf7119b96083697dc83546caf530daab700fb8c2704974e7cfb804d64bb5257a4b4
-DIST sandbox-3.0.tar.xz 454384 BLAKE2B b4f38b7c5ed2dc52e558f1b7e36d2308e6017c9d14861c60eace0f240a909f11184e259b2359ea96cad81d21234cc9a6bcd9f313ce56bd2f3bb1ce836f006a50 SHA512 3a35ee0b19a356b1986468ef5d2ecd553b88cbdaf287ce31a211b4072097a9844fca413ffa0f2858b9a4e75ead822fe9d9834f17c241ba32c2f14e02619a70b3
-DIST sandbox-3.1.tar.xz 454404 BLAKE2B f8cc2960f1c7b3367d375952f0a7ca978c1a2cc27b63137046152d1080a1a7b6b99d356af0776d3b57a5c260b2d89f0b7bfb127967407b537642be04e92b8603 SHA512 e57c0fc1ddb5a63012abd02080770d49deaa1d0168508a794df2eaa25b2b7a4fa6c505e8b93572a3745912819202c264cdf980f10dc7101c487a9b03e7f65815
+DIST sandbox-2.30.tar.xz 455764 BLAKE2B eb3bf46aedda96154a96f31d31469b394fd7ea113c2f2f01e739c690f2305ce95e0e2c7b641c1c7e088d89a1c36b82ce7afd6422fd137b7d93fd5b601be43996 SHA512 4a7dd2c7c50ac68d1944bea1275d0b66789055342f3aaa507f7440926bf5d9639850a98fa036da539708b6dbe4766b60f960b738db1c5ee5518ca81d1a629cae
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
deleted file mode 100644
index b17f4b866f..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Wed, 3 Nov 2021 12:25:10 -0400
-Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings
-
-Looks like gcc is inconsistent in when it chokes on this code:
-> a label can only be part of a statement and a declaration is not a statement
-
-Hoist the decl up to the top of scope to avoid the issue.
-
-Bug: https://bugs.gentoo.org/821433
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- libsandbox/trace.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/libsandbox/trace.c b/libsandbox/trace.c
-index f3390d99822e..d2899b743048 100644
---- a/libsandbox/trace.c
-+++ b/libsandbox/trace.c
-@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[])
- 
- bool trace_possible(const char *filename, char *const argv[], const void *data)
- {
-+	char *args;
-+
- 	/* If YAMA ptrace_scope is very high, then we can't trace at all.  #771360 */
- 	int yama = trace_yama_level();
- 	if (yama >= 2) {
-@@ -721,7 +723,7 @@ bool trace_possible(const char *filename, char *const argv[], const void *data)
- 	}
- 
-  fail:
--	char *args = flatten_args(argv);
-+	args = flatten_args(argv);
- 	sb_eqawarn("Unable to trace static ELF: %s: %s\n", filename, args);
- 	free(args);
- 	return false;
--- 
-2.33.0
-
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml
index 11e084f7c9..bbb3ef1aec 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml
@@ -1,11 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<maintainer type="project">
-  <email>sandbox@gentoo.org</email>
-  <name>Sandbox Maintainers</name>
-</maintainer>
-<use>
-  <flag name="nnp">Enable NO_NEW_PRIVS which blocks set*id programs from gaining privileges (e.g. sudo)</flag>
-</use>
+	<maintainer type="project">
+		<email>sandbox@gentoo.org</email>
+		<name>Sandbox Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="nnp">Enable NO_NEW_PRIVS which blocks set*id programs from gaining privileges (e.g. sudo)</flag>
+	</use>
+	<upstream>
+		<remote-id type="gentoo">proj/sandbox</remote-id>
+		<remote-id type="github">gentoo/sandbox</remote-id>
+	</upstream>
 </pkgmetadata>
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild
deleted file mode 100644
index e95d6bc812..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib-minimal multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~sam/distfiles/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE=""
-
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
-
-sandbox_death_notice() {
-	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
-	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
-}
-
-src_prepare() {
-	default
-
-	# sandbox uses `__asm__ (".symver "...` which does
-	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
-}
-
-multilib_src_configure() {
-	filter-lfs-flags #90228
-
-	ECONF_SOURCE="${S}" econf
-}
-
-multilib_src_test() {
-	# Default sandbox build will run with --jobs set to # cpus.
-	# -j1 to prevent test faiures caused by file descriptor
-	# injection GNU make does.
-	emake -j1 check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
-}
-
-multilib_src_install_all() {
-	doenvd "${FILESDIR}"/09sandbox
-
-	keepdir /var/log/sandbox
-	fowners root:portage /var/log/sandbox
-	fperms 0770 /var/log/sandbox
-
-	dodoc AUTHORS ChangeLog* NEWS README
-}
-
-pkg_postinst() {
-	chown root:portage "${EROOT}"/var/log/sandbox
-	chmod 0770 "${EROOT}"/var/log/sandbox
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild
deleted file mode 100644
index 70179abd1b..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic multilib-minimal multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~mgorny/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE=""
-
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
-
-sandbox_death_notice() {
-	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
-	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
-}
-
-src_prepare() {
-	default
-
-	# sandbox uses `__asm__ (".symver "...` which does
-	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
-}
-
-multilib_src_configure() {
-	filter-lfs-flags #90228
-
-	ECONF_SOURCE="${S}" econf
-}
-
-multilib_src_test() {
-	# Default sandbox build will run with --jobs set to # cpus.
-	# -j1 to prevent test faiures caused by file descriptor
-	# injection GNU make does.
-	emake -j1 check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
-}
-
-multilib_src_install_all() {
-	doenvd "${FILESDIR}"/09sandbox
-
-	keepdir /var/log/sandbox
-	fowners root:portage /var/log/sandbox
-	fperms 0770 /var/log/sandbox
-
-	dodoc AUTHORS ChangeLog* NEWS README
-}
-
-pkg_postinst() {
-	chown root:portage "${EROOT}"/var/log/sandbox
-	chmod 0770 "${EROOT}"/var/log/sandbox
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild
deleted file mode 100644
index 414c257602..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic multilib-minimal multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE=""
-
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice"
-
-sandbox_death_notice() {
-	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
-	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
-}
-
-src_prepare() {
-	default
-
-	# sandbox uses `__asm__ (".symver "...` which does
-	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
-}
-
-multilib_src_configure() {
-	filter-lfs-flags #90228
-
-	ECONF_SOURCE="${S}" econf
-}
-
-multilib_src_test() {
-	# Default sandbox build will run with --jobs set to # cpus.
-	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
-}
-
-multilib_src_install_all() {
-	doenvd "${FILESDIR}"/09sandbox
-
-	dodoc AUTHORS ChangeLog* README.md
-}
-
-pkg_postinst() {
-	mkdir -p "${EROOT}"/var/log/sandbox
-	chown root:portage "${EROOT}"/var/log/sandbox
-	chmod 0770 "${EROOT}"/var/log/sandbox
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild
deleted file mode 100644
index 83e9089888..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild
+++ /dev/null
@@ -1,62 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic multilib-minimal multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="+nnp"
-
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice"
-
-sandbox_death_notice() {
-	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
-	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
-}
-
-src_prepare() {
-	default
-
-	if ! use nnp ; then
-		sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die
-	fi
-
-	# sandbox uses `__asm__ (".symver "...` which does
-	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
-}
-
-multilib_src_configure() {
-	filter-lfs-flags #90228
-
-	ECONF_SOURCE="${S}" econf
-}
-
-multilib_src_test() {
-	# Default sandbox build will run with --jobs set to # cpus.
-	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
-}
-
-multilib_src_install_all() {
-	doenvd "${FILESDIR}"/09sandbox
-
-	dodoc AUTHORS ChangeLog* README.md
-}
-
-pkg_postinst() {
-	mkdir -p "${EROOT}"/var/log/sandbox
-	chown root:portage "${EROOT}"/var/log/sandbox
-	chmod 0770 "${EROOT}"/var/log/sandbox
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild
index 83e9089888..e36a8c1e59 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -11,7 +11,7 @@ SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
 IUSE="+nnp"
 
 DEPEND="app-arch/xz-utils
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.30-r1.ebuild
similarity index 71%
rename from sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.30-r1.ebuild
index 83e9089888..7a018dc315 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.30-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -7,16 +7,19 @@ inherit flag-o-matic multilib-minimal multiprocessing
 
 DESCRIPTION="sandbox'd LD_PRELOAD hack"
 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+SRC_URI="https://dev.gentoo.org/~floppym/dist/${P}.tar.xz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 IUSE="+nnp"
 
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
+# pax-utils lower bound for bug #265376
+DEPEND=">=app-misc/pax-utils-0.1.19"
+# Avoid folks installing with older file, bug #889046. We still need the
+# >= dep in Portage but this is a safety net if people do partial upgrades.
+RDEPEND="!<sys-apps/file-5.44-r1"
+BDEPEND="app-arch/xz-utils"
 
 has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice"
 
@@ -34,8 +37,7 @@ src_prepare() {
 
 	# sandbox uses `__asm__ (".symver "...` which does
 	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
+	filter-lto
 }
 
 multilib_src_configure() {
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild
deleted file mode 100644
index 83e9089888..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild
+++ /dev/null
@@ -1,62 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic multilib-minimal multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="+nnp"
-
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice"
-
-sandbox_death_notice() {
-	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
-	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
-}
-
-src_prepare() {
-	default
-
-	if ! use nnp ; then
-		sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die
-	fi
-
-	# sandbox uses `__asm__ (".symver "...` which does
-	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
-}
-
-multilib_src_configure() {
-	filter-lfs-flags #90228
-
-	ECONF_SOURCE="${S}" econf
-}
-
-multilib_src_test() {
-	# Default sandbox build will run with --jobs set to # cpus.
-	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
-}
-
-multilib_src_install_all() {
-	doenvd "${FILESDIR}"/09sandbox
-
-	dodoc AUTHORS ChangeLog* README.md
-}
-
-pkg_postinst() {
-	mkdir -p "${EROOT}"/var/log/sandbox
-	chown root:portage "${EROOT}"/var/log/sandbox
-	chmod 0770 "${EROOT}"/var/log/sandbox
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild
deleted file mode 100644
index 1c11a7faf1..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild
+++ /dev/null
@@ -1,66 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic multilib-minimal multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox"
-SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="+nnp"
-
-DEPEND="app-arch/xz-utils
-	>=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-PATCHES=(
-	"${FILESDIR}"/${P}-label-decl.patch #821433
-)
-
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice"
-
-sandbox_death_notice() {
-	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
-	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
-}
-
-src_prepare() {
-	default
-
-	if ! use nnp ; then
-		sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die
-	fi
-
-	# sandbox uses `__asm__ (".symver "...` which does
-	# not play well with gcc's LTO: https://gcc.gnu.org/PR48200
-	append-flags -fno-lto
-	append-ldflags -fno-lto
-}
-
-multilib_src_configure() {
-	filter-lfs-flags #90228
-
-	ECONF_SOURCE="${S}" econf
-}
-
-multilib_src_test() {
-	# Default sandbox build will run with --jobs set to # cpus.
-	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
-}
-
-multilib_src_install_all() {
-	doenvd "${FILESDIR}"/09sandbox
-
-	dodoc AUTHORS ChangeLog* README.md
-}
-
-pkg_postinst() {
-	mkdir -p "${EROOT}"/var/log/sandbox
-	chown root:portage "${EROOT}"/var/log/sandbox
-	chmod 0770 "${EROOT}"/var/log/sandbox
-}