diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest
index f1bedb2e82..f0f6c0f8e2 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/Manifest
@@ -1 +1 @@
-DIST 20200910.00.tar.gz 42599 BLAKE2B 6c2917f03277834e54050e5bf94943dc311c70e3150247b91cee5835b09fb197686788373ab8cdff4f3f8e4baa85dd515bcb22a99530475bd7c3991d1d272ece SHA512 575813becdd7046b9c5813f33aad440737df6d0fa1d9345f8f4340fda4bc348b27860231ed163196cf06609fd3311fe2bbf45486c260c45a0a38795a95f09834
+DIST guest-oslogin-20200910.00.tar.gz 42599 BLAKE2B 6c2917f03277834e54050e5bf94943dc311c70e3150247b91cee5835b09fb197686788373ab8cdff4f3f8e4baa85dd515bcb22a99530475bd7c3991d1d272ece SHA512 575813becdd7046b9c5813f33aad440737df6d0fa1d9345f8f4340fda4bc348b27860231ed163196cf06609fd3311fe2bbf45486c260c45a0a38795a95f09834
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/60-flatcar-google-oslogin.conf b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/60-flatcar-google-oslogin.conf
index d9f62661bf..13806e51fa 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/60-flatcar-google-oslogin.conf
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/60-flatcar-google-oslogin.conf
@@ -1,3 +1,3 @@
 # Needed for google oslogin
-AuthorizedKeysCommand /usr/libexec/google_authorized_keys
+AuthorizedKeysCommand /usr/bin/google_authorized_keys
 AuthorizedKeysCommandUser root
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/google-oslogin-pkg-config.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/google-oslogin-pkg-config.patch
new file mode 100644
index 0000000000..5ec931a8b1
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/google-oslogin-pkg-config.patch
@@ -0,0 +1,20 @@
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -1,14 +1,14 @@
+ SHELL = /bin/sh
+ TOPDIR = $(realpath ..)
+ 
+-CPPFLAGS = -Iinclude -I/usr/include/json-c
++CPPFLAGS := -Iinclude $(shell $(PKG_CONFIG) --cflags libcurl json-c pam)
+ FLAGS = -fPIC -Wall -g
+ CFLAGS = $(FLAGS) -Wstrict-prototypes
+ CXXFLAGS = $(FLAGS)
+ 
+ LDFLAGS = -shared -Wl,-soname,$(SONAME)
+-LDLIBS = -lcurl -ljson-c
+-PAMLIBS = -lpam $(LDLIBS)
++LDLIBS := $(shell $(PKG_CONFIG) --libs libcurl json-c)
++PAMLIBS := $(shell $(PKG_CONFIG) --libs pam) $(LDLIBS)
+ 
+ # Paths which should be overrideable.
+ 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/google-oslogin-var-lib.patch
similarity index 55%
rename from sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/google-oslogin-var-lib.patch
index 65fae86284..53542e80d6 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/0001-pam_module-use-var-lib-instead-of-var.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/google-oslogin-var-lib.patch
@@ -3,15 +3,8 @@ From: Andrew Jeddeloh <andrew.jeddeloh@coreos.com>
 Date: Fri, 6 Jul 2018 15:54:40 -0700
 Subject: [PATCH] pam_module: use /var/lib/ instead of /var
 
----
- guest-oslogin/src/pam/pam_oslogin_admin.cc | 2 +-
- guest-oslogin/src/pam/pam_oslogin_login.cc | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/guest-oslogin/src/pam/pam_oslogin_admin.cc b/guest-oslogin/src/pam/pam_oslogin_admin.cc
-index 04d0808..376916e 100644
---- a/guest-oslogin/src/pam/pam_oslogin_admin.cc
-+++ b/guest-oslogin/src/pam/pam_oslogin_admin.cc
+--- a/src/pam/pam_oslogin_admin.cc
++++ b/src/pam/pam_oslogin_admin.cc
 @@ -36,7 +36,7 @@ using oslogin_utils::ParseJsonToEmail;
  using oslogin_utils::UrlEncode;
  using oslogin_utils::kMetadataServerUrl;
@@ -21,10 +14,8 @@ index 04d0808..376916e 100644
  
  extern "C" {
  
-diff --git a/guest-oslogin/src/pam/pam_oslogin_login.cc b/guest-oslogin/src/pam/pam_oslogin_login.cc
-index 9e708f4..428600b 100644
---- a/guest-oslogin/src/pam/pam_oslogin_login.cc
-+++ b/guest-oslogin/src/pam/pam_oslogin_login.cc
+--- a/src/pam/pam_oslogin_login.cc
++++ b/src/pam/pam_oslogin_login.cc
 @@ -36,7 +36,7 @@ using oslogin_utils::ParseJsonToEmail;
  using oslogin_utils::UrlEncode;
  using oslogin_utils::kMetadataServerUrl;
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/sshd_config b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/sshd_config
index 7b51b214e4..59b661f9f0 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/sshd_config
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/files/sshd_config
@@ -9,7 +9,7 @@ UsePAM yes
 PrintLastLog no # handled by PAM
 PrintMotd no # handled by PAM
 # Needed for google oslogin
-AuthorizedKeysCommand /usr/libexec/google_authorized_keys
+AuthorizedKeysCommand /usr/bin/google_authorized_keys
 AuthorizedKeysCommandUser root
 # Temporarily accept ssh-rsa algorithm for openssh >= 8.8,
 # until most ssh clients could deprecate ssh-rsa.
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00-r3.ebuild
deleted file mode 100644
index 679e0c0b3a..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00-r3.ebuild
+++ /dev/null
@@ -1,57 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DESCRIPTION="Components to support Google Cloud OS Login. This contains bits that belong in USR"
-HOMEPAGE="https://github.com/GoogleCloudPlatform/guest-oslogin"
-SRC_URI="https://github.com/GoogleCloudPlatform/guest-oslogin/archive/${PV}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE=""
-
-inherit pam toolchain-funcs
-
-DEPEND="
-	net-misc/curl[ssl]
-	dev-libs/json-c
-	sys-libs/pam
-"
-
-RDEPEND="${DEPEND}"
-
-S=${WORKDIR}/guest-oslogin-${PV}/
-
-src_prepare() {
-	eapply -p2 "$FILESDIR/0001-pam_module-use-var-lib-instead-of-var.patch"
-	default
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" \
-            VERSION=${PV} \
-            JSON_INCLUDE_PATH="${SYSROOT%/}/usr/include/json-c"
-}
-
-src_install() {
-	dolib.so src/libnss_cache_oslogin-${PV}.so
-	dolib.so src/libnss_oslogin-${PV}.so
-
-	exeinto /usr/libexec
-	doexe src/google_authorized_keys
-	doexe src/google_oslogin_nss_cache
-
-	dopammod src/pam_oslogin_admin.so
-	dopammod src/pam_oslogin_login.so
-
-	# config files the base Ignition config will create links to
-	insinto /usr/share/google-oslogin
-	doins "${FILESDIR}/sshd_config"
-	doins "${FILESDIR}/60-flatcar-google-oslogin.conf"
-	doins "${FILESDIR}/nsswitch.conf"
-	doins "${FILESDIR}/pam_sshd"
-	doins "${FILESDIR}/oslogin-sudoers"
-	doins "${FILESDIR}/group.conf"
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00-r4.ebuild
new file mode 100644
index 0000000000..0602182066
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/google-oslogin/google-oslogin-20200910.00-r4.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MY_P="guest-oslogin-${PV}"
+DESCRIPTION="Components to support Google Cloud OS Login. This contains bits that belong in USR"
+HOMEPAGE="https://github.com/GoogleCloudPlatform/guest-oslogin"
+SRC_URI="https://github.com/GoogleCloudPlatform/guest-oslogin/archive/${PV}.tar.gz -> ${MY_P}.tar.gz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64"
+IUSE="systemd"
+
+inherit pam systemd toolchain-funcs
+
+DEPEND="
+	net-misc/curl[ssl]
+	dev-libs/json-c:=
+	sys-libs/pam
+"
+
+RDEPEND="
+	${DEPEND}
+	systemd? ( sys-apps/systemd )
+	!systemd? ( virtual/cron )
+"
+
+BDEPEND="
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-var-lib.patch
+	"${FILESDIR}"/${PN}-pkg-config.patch
+)
+
+my_emake() {
+	emake \
+		VERSION="${PV}" \
+		PKG_CONFIG="$(tc-getPKG_CONFIG)" \
+		"${@}"
+}
+
+src_compile() {
+	my_emake \
+		CC="$(tc-getCC)" \
+		CXX="$(tc-getCXX)"
+}
+
+src_install() {
+	my_emake \
+		DESTDIR="${D}" \
+		PREFIX="${EPREFIX}/usr" \
+		BINDIR="\$(PREFIX)/bin" \
+		CRONDIR="${EPREFIX}/etc/cron.d" \
+		LIBDIR="\$(PREFIX)/$(get_libdir)" \
+		MANDIR="\$(PREFIX)/share/man" \
+		PAMDIR="$(getpam_mod_dir)" \
+		PRESETDIR="$(systemd_get_systempresetdir)" \
+		SYSTEMDDIR="$(systemd_get_systemunitdir)" \
+		INSTALL_CRON=$(usex !systemd 1 '') \
+		install
+
+	# Flatcar doesn't need this script.
+	rm "${ED}"/usr/bin/google_oslogin_control || die
+
+	# man pages need fixing up for Gentoo QA but Flatcar drops them anyway.
+	rm -r "${ED}"/usr/share/man || die
+
+	# config files the base Ignition config will create links to
+	insinto /usr/share/google-oslogin
+	doins "${FILESDIR}/sshd_config"
+	doins "${FILESDIR}/60-flatcar-google-oslogin.conf"
+	doins "${FILESDIR}/nsswitch.conf"
+	doins "${FILESDIR}/pam_sshd"
+	doins "${FILESDIR}/oslogin-sudoers"
+	doins "${FILESDIR}/group.conf"
+}