From cdb941284b0ae1b90e5407d2efff2b78bc24dbcb Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Mon, 30 Jun 2025 12:22:32 +0200
Subject: [PATCH] overlay profiles: Add a bunch of accept keywords and sort
 them

---
 .../coreos/base/package.accept_keywords       | 49 ++++++++++++++++---
 1 file changed, 41 insertions(+), 8 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index f801bcea5b..cb1495c138 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -11,12 +11,15 @@
 =app-containers/containerd-2.0.5 ~amd64 ~arm64
 
 # Keep versions on both arches in sync.
+=app-containers/containers-common-0.63.0 ~arm64
 =app-containers/cri-tools-1.32.0 ~arm64
 
 # Needed to address CVE-2025-24965.
 =app-containers/crun-1.20 ~amd64 ~arm64
 
 # Keep versions on both arches in sync.
+=app-containers/docker-28.0.4 ~arm64
+=app-containers/docker-cli-28.0.4 ~arm64
 =app-containers/lxc-6.0.4-r1 ~amd64 ~arm64
 =app-containers/incus-6.0.4-r1 ~amd64 ~arm64
 
@@ -29,12 +32,20 @@
 # Seems to be the only available ebuild in portage-stable right now.
 =app-crypt/adcli-0.9.2 ~arm64
 
+# Packages are in Gentoo but not expected to be used outside Flatcar, so they
+# are generally never stabilised. Thus an unusual form is used to pick up the
+# latest version of the package with the unstable keywords.
+app-crypt/azure-keyvault-pkcs11
+
 # Needed by arm64-native SDK
 =app-crypt/ccid-1.6.1 ~arm64
 
 # The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet.
 =app-crypt/clevis-19-r1 **
 
+# Keep versions on both arches in sync.
+=app-crypt/gnupg-2.4.8 ~arm64
+
 # Needed to address CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, GHSA-63p5-mwg2-787v, CVE-2025-27423, CVE-2025-29768
 =app-editors/vim-9.1.1436 ~amd64 ~arm64
 =app-editors/vim-core-9.1.1436 ~amd64 ~arm64
@@ -50,24 +61,43 @@
 
 # Keep versions on both arches in sync.
 =dev-build/meson-1.7.2 ~arm64
-=dev-db/sqlite-3.49.2 ~arm64
-=dev-lang/go-1.24.4 ~arm64
+
+# Packages are in Gentoo but not expected to be used outside Flatcar, so they
+# are generally never stabilised. Thus an unusual form is used to pick up the
+# latest version of the package with the unstable keywords.
+dev-cpp/azure-core
+dev-cpp/azure-identity
+dev-cpp/azure-security-keyvault-certificates
+dev-cpp/azure-security-keyvault-keys
 
 # Keep versions on both arches in sync.
+=dev-db/sqlite-3.49.2 ~arm64
+=dev-lang/go-1.24.4 ~arm64
+=dev-lang/python-3.11.13 ~arm64
 =dev-lang/yasm-1.3.0-r1 ~arm64
-=dev-libs/ding-libs-0.6.2-r1 ~arm64
 =dev-libs/cowsql-1.15.8 ~arm64
+=dev-libs/ding-libs-0.6.2-r1 ~arm64
 
 # Needed to address CVE-2025-4373
 =dev-libs/glib-2.84.3 ~amd64 ~arm64
 =dev-libs/gobject-introspection-common-1.84.0 ~amd64 ~arm64
 
+# Keep versions on both arches in sync.
+=dev-libs/jansson-2.14.1 ~arm64
+
 # The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet.
 =dev-libs/jose-12 **
+
+# Keep versions on both arches in sync.
+=dev-libs/libgcrypt-1.11.1 ~arm64
+=dev-libs/libunistring-1.3 ~arm64
+
+# The only available ebuild (from GURU) has ~amd64 and no keyword for arm64 yet.
 =dev-libs/luksmeta-9-r1 **
 
 # Keep versions on both arches in sync.
 =dev-libs/raft-0.22.1 ~arm64
+=dev-python/msgpack-1.1.1 ~arm64
 
 # No arm64 keyword in package.
 =dev-util/bsdiff-4.3-r4 **
@@ -87,6 +117,7 @@
 
 # Keep versions on both arches in sync.
 =net-firewall/conntrack-tools-1.4.8-r1 ~arm64
+=net-firewall/ipset-7.24 ~arm64
 
 # Needed to address CVE-2025-2312.
 =net-fs/cifs-utils-7.3 ~amd64 ~arm64
@@ -94,21 +125,21 @@
 # Keep versions on both arches in sync.
 =net-libs/libnetfilter_cthelper-1.0.1-r1 ~arm64
 =net-libs/libnetfilter_cttimeout-1.0.1 ~arm64
+=net-libs/libnftnl-1.2.9 ~arm64
 
 # Needed for addressing CVE-2025-47268 and CVE-2025-48964
 =net-misc/iputils-20250605 ~amd64 ~arm64
 
+# Keep versions on both arches in sync.
+=net-misc/passt-2025.04.15 ~arm64
+
 # Packages are in Gentoo but not expected to be used outside Flatcar, so they
 # are generally never stabilised. Thus an unusual form is used to pick up the
 # latest version of the package with the unstable keywords.
-app-crypt/azure-keyvault-pkcs11
-dev-cpp/azure-core
-dev-cpp/azure-identity
-dev-cpp/azure-security-keyvault-certificates
-dev-cpp/azure-security-keyvault-keys
 sys-apps/azure-vm-utils
 
 # Keep versions on both arches in sync.
+=sys-apps/portage-3.0.68 ~arm64
 =sys-apps/zram-generator-1.2.1 ~arm64
 =sys-auth/polkit-126-r1 ~amd64
 
@@ -124,4 +155,6 @@ sys-apps/azure-vm-utils
 # Keep versions on both arches in sync.
 =sys-fs/fuse-3.17.2 ~arm64
 =sys-fs/lxcfs-6.0.4 ~arm64
+=sys-libs/libcap-2.76 ~arm64
+=sys-libs/libunwind-1.8.2 ~arm64
 =sys-process/audit-4.0.2-r1 ~arm64