diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index 79f9dc8229..14f8916352 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -78,3 +78,6 @@ net-analyzer/nmap ncat -lua
 
 # removes mta dependencies
 app-admin/sudo -sendmail
+
+# avoid pulling in gnutls
+sys-apps/systemd -ssl
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest
index b3c4bf25f2..127585a9f7 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/Manifest
@@ -1,2 +1,2 @@
-DIST systemd-207.tar.xz 2363804 SHA256 ac1f8120315e7969063bbb0c181c8dc59509aeaf10c4266077c257a182ad5942 SHA512 566c6126fea038cb182608f7b9c3bb4410d0622cb637f30c60fba73c9052f7a36d2b0f790e3d94bb751080448ba14cee600481da378f5e97b0f5becfc849be54 WHIRLPOOL 823c3064e1e961599011d4cd027f5e2d0ba3b434c67b880d1a541720220f40c7cc82211f3f086042dbb440b2c7e11e1379aa0d656e33a2a7ba5b1d7e45b904f7
 DIST systemd-211.tar.xz 2664508 SHA256 f278c1ff6f0f0efadf0f7fff01ed6a0ead1a7868b5a9e1baa240e1673e516648 SHA512 fd33920825d0b63bf6e6a583cbfbf44fe577428f5fa6993b659d7f310f8fbdb3f5b22d585818ec4b834fd0703bc5d6bf93e6925e5c391f14ee65f44c0878d5e5 WHIRLPOOL 26205fc02cb13fb8f43c23888d83c31daa676c117a32e65adbc372e8eb974fe7e37f560b85b72abb4cfc832a45a6658858a1cca17a526baa967ba2d95904a448
+DIST systemd-212.tar.xz 2722692 SHA256 652906b43704fe705cb47757ea9bbbf3c1ab4a1d55ea38b0013a6f2d0863f2c2 SHA512 3e6dac77785cb2f928886886f92cdd11ed00a4db1453699e0102d3ecffa03d1795f44df10239105e4b2b039f0e3e4b5d44c9f876f25c10a6dc4f7e1fbf87c333 WHIRLPOOL 31d1a967435963155c60ca5016f207aa105e9ddcb7d73e9fcde20f7e1fb66701384b81ee01134bf4d75dfa1ea0d412bb352ff11ac6f8c05e836135baf94bbe37
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
new file mode 100644
index 0000000000..780a171850
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch
@@ -0,0 +1,32 @@
+From ef1a79119cc9cdeef03af17795e6a05459a0f3af Mon Sep 17 00:00:00 2001
+From: Steven Siloti <ssiloti@gmail.com>
+Date: Sun, 30 Mar 2014 21:20:26 -0700
+Subject: [PATCH] sd-rtnl: fix off-by-one
+To: systemd-devel@lists.freedesktop.org
+
+Also fix type parameter passed to new0
+---
+ src/libsystemd/sd-rtnl/rtnl-message.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
+index 84a8ffa..97ace2a 100644
+--- a/src/libsystemd/sd-rtnl/rtnl-message.c
++++ b/src/libsystemd/sd-rtnl/rtnl-message.c
+@@ -1073,11 +1073,11 @@ int rtnl_message_parse(sd_rtnl_message *m,
+         unsigned short type;
+         size_t *tb;
+ 
+-        tb = (size_t *) new0(size_t *, max);
++        tb = new0(size_t, max + 1);
+         if(!tb)
+                 return -ENOMEM;
+ 
+-        *rta_tb_size = max;
++        *rta_tb_size = max + 1;
+ 
+         for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
+                 type = rta->rta_type;
+-- 
+1.9.1
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-210.9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-210.9999.ebuild
deleted file mode 120000
index 8da16946bc..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-210.9999.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-systemd-9999.ebuild
\ No newline at end of file
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r1.ebuild
new file mode 100644
index 0000000000..31a58818c2
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-212-r1.ebuild
@@ -0,0 +1,501 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.103 2014/03/31 19:01:25 floppym Exp $
+
+EAPI=5
+
+if [[ ${PV} == 9999 ]]; then
+AUTOTOOLS_AUTORECONF=yes
+EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}
+	http://cgit.freedesktop.org/${PN}/${PN}/"
+
+inherit git-r3
+
+elif [[ ${PV} == *9999 ]]; then
+AUTOTOOLS_AUTORECONF=yes
+EGIT_REPO_URI="git://anongit.freedesktop.org/${PN}/${PN}-stable
+	http://cgit.freedesktop.org/${PN}/${PN}-stable/"
+EGIT_BRANCH=v${PV%%.*}-stable
+
+inherit git-r3
+fi
+
+AUTOTOOLS_PRUNE_LIBTOOL_FILES=all
+PYTHON_COMPAT=( python{2_7,3_2,3_3} )
+inherit autotools-utils bash-completion-r1 fcaps linux-info multilib \
+	multilib-minimal pam python-single-r1 systemd toolchain-funcs udev \
+	user
+
+DESCRIPTION="System and service manager for Linux"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
+
+LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
+SLOT="0/2"
+KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
+	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
+	test vanilla xattr openrc"
+
+MINKV="3.0"
+
+COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
+	sys-libs/libcap:0=
+	acl? ( sys-apps/acl:0= )
+	audit? ( >=sys-process/audit-2:0= )
+	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
+	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0= )
+	gudev? ( dev-libs/glib:2=[${MULTILIB_USEDEP}] )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0= )
+	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
+	kmod? ( >=sys-apps/kmod-15:0= )
+	lzma? ( app-arch/xz-utils:0=[${MULTILIB_USEDEP}] )
+	pam? ( virtual/pam:= )
+	python? ( ${PYTHON_DEPS} )
+	qrcode? ( media-gfx/qrencode:0= )
+	seccomp? ( >=sys-libs/libseccomp-2.1:0= )
+	selinux? ( sys-libs/libselinux:0= )
+	ssl? ( >=net-libs/gnutls-3.1.4:0= )
+	xattr? ( sys-apps/attr:0= )
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
+
+# baselayout-2.2 has /run
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/baselayout-2.2
+	|| (
+		>=sys-apps/util-linux-2.22
+		<sys-apps/sysvinit-2.88-r4
+	)
+	!sys-auth/nss-myhostname
+	!<sys-libs/glibc-2.14
+	!sys-fs/udev"
+
+# sys-apps/daemon: the daemon only (+ build-time lib dep for tests)
+PDEPEND=">=sys-apps/dbus-1.6.8-r1:0
+	>=sys-apps/hwids-20130717-r1[udev]
+	openrc? ( >=sys-fs/udev-init-scripts-25 )
+	policykit? ( sys-auth/polkit )
+	!vanilla? ( sys-apps/gentoo-systemd-integration )"
+
+# Newer linux-headers needed by ia64, bug #480218
+DEPEND="${COMMON_DEPEND}
+	app-arch/xz-utils:0
+	dev-util/gperf
+	>=dev-util/intltool-0.50
+	>=sys-devel/binutils-2.23.1
+	>=sys-devel/gcc-4.6
+	>=sys-kernel/linux-headers-${MINKV}
+	ia64? ( >=sys-kernel/linux-headers-3.9 )
+	virtual/pkgconfig
+	doc? ( >=dev-util/gtk-doc-1.18 )
+	python? ( dev-python/lxml[${PYTHON_USEDEP}] )
+	test? ( >=sys-apps/dbus-1.6.8-r1:0 )"
+
+if [[ ${PV} == *9999 ]]; then
+DEPEND="${DEPEND}
+	app-text/docbook-xml-dtd:4.2
+	app-text/docbook-xml-dtd:4.5
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt:0
+	dev-libs/gobject-introspection
+	>=dev-libs/libgcrypt-1.4.5:0"
+
+SRC_URI=
+KEYWORDS=
+fi
+
+src_prepare() {
+if [[ ${PV} == *9999 ]]; then
+	if use doc; then
+		gtkdocize --docdir docs/ || die
+	else
+		echo 'EXTRA_DIST =' > docs/gtk-doc.make
+	fi
+fi
+	# fix networkd crash, https://bugs.gentoo.org/show_bug.cgi?id=507044
+	epatch "${FILESDIR}"/212-0001-sd-rtnl-fix-off-by-one.patch
+
+	# CoreOs specific hacks^Wfeatures
+	epatch "${FILESDIR}"/211-handle-empty-etc-os-release.patch
+
+	# patch to make journald work at first boot
+	epatch "${FILESDIR}"/211-tmpfiles.patch
+
+	# Bug 463376
+	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die
+
+	autotools-utils_src_prepare
+}
+
+pkg_pretend() {
+	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
+		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
+		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD
+		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
+		~!GRKERNSEC_PROC"
+
+	use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL"
+	use pam && CONFIG_CHECK+=" ~AUDITSYSCALL"
+	use xattr && CONFIG_CHECK+=" ~TMPFS_XATTR"
+	kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG"
+	use firmware-loader || CONFIG_CHECK+=" ~!FW_LOADER_USER_HELPER"
+
+	if linux_config_exists; then
+		local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH)
+			if [ -n "${uevent_helper_path}" ] && [ "${uevent_helper_path}" != '""' ]; then
+				ewarn "It's recommended to set an empty value to the following kernel config option:"
+				ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}"
+			fi
+	fi
+
+	if [[ ${MERGE_TYPE} != binary ]]; then
+		if [[ $(gcc-major-version) -lt 4
+			|| ( $(gcc-major-version) -eq 4 && $(gcc-minor-version) -lt 6 ) ]]
+		then
+			eerror "systemd requires at least gcc 4.6 to build. Please switch the active"
+			eerror "gcc version using gcc-config."
+			die "systemd requires at least gcc 4.6"
+		fi
+	fi
+
+	if [[ ${MERGE_TYPE} != buildonly ]]; then
+		if kernel_is -lt ${MINKV//./ }; then
+			ewarn "Kernel version at least ${MINKV} required"
+		fi
+
+		if ! use firmware-loader && kernel_is -lt 3 8; then
+			ewarn "You seem to be using kernel older than 3.8. Those kernel versions"
+			ewarn "require systemd with USE=firmware-loader to support loading"
+			ewarn "firmware. Missing this flag may cause some hardware not to work."
+		fi
+
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	use python && python-single-r1_pkg_setup
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		# disable -flto since it is an optimization flag
+		# and makes distcc less effective
+		cc_cv_CFLAGS__flto=no
+
+		--with-pamconfdir=/usr/share/pam.d
+		--with-dbuspolicydir=/usr/share/dbus-1/system.d
+		--disable-maintainer-mode
+		--localstatedir=/var
+		--with-pamlibdir=$(getpam_mod_dir)
+		# avoid bash-completion dep
+		--with-bashcompletiondir="$(get_bashcompdir)"
+		# make sure we get /bin:/sbin in $PATH
+		--enable-split-usr
+		# disable sysv compatibility
+		--with-sysvinit-path=
+		--with-sysvrcnd-path=
+		# no deps
+		--enable-efi
+		--enable-ima
+		# optional components/dependencies
+		$(use_enable acl)
+		$(use_enable audit)
+		$(use_enable cryptsetup libcryptsetup)
+		$(use_enable doc gtk-doc)
+		$(use_enable gcrypt)
+		$(use_enable gudev)
+		$(use_enable http microhttpd)
+		$(use_enable introspection)
+		$(use_enable kdbus)
+		$(use_enable kmod)
+		$(use_enable lzma xz)
+		$(use_enable pam)
+		$(use_enable policykit polkit)
+		$(use_with python)
+		$(use_enable python python-devel)
+		$(use_enable qrcode qrencode)
+		$(use_enable seccomp)
+		$(use_enable selinux)
+		$(use_enable ssl gnutls)
+		$(use_enable test tests)
+		$(use_enable xattr)
+
+		# not supported (avoid automagic deps in the future)
+		--disable-chkconfig
+
+		# hardcode a few paths to spare some deps
+		QUOTAON=/usr/sbin/quotaon
+		QUOTACHECK=/usr/sbin/quotacheck
+	)
+
+	# Keep using the one where the rules were installed.
+	MY_UDEVDIR=$(get_udevdir)
+
+	if use firmware-loader; then
+		myeconfargs+=(
+			--with-firmware-path="/lib/firmware/updates:/lib/firmware"
+		)
+	fi
+
+	# Added for testing; this is UNSUPPORTED by the Gentoo systemd team!
+	if [[ -n ${ROOTPREFIX+set} ]]; then
+		myeconfargs+=(
+			--with-rootprefix="${ROOTPREFIX}"
+			--with-rootlibdir="${ROOTPREFIX}/$(get_libdir)"
+		)
+	fi
+
+	if ! multilib_is_native_abi; then
+		myeconfargs+=(
+			ac_cv_search_cap_init=
+			ac_cv_header_sys_capability_h=yes
+			DBUS_CFLAGS=' '
+			DBUS_LIBS=' '
+
+			--disable-acl
+			--disable-audit
+			--disable-gcrypt
+			--disable-gnutls
+			--disable-gtk-doc
+			--disable-introspection
+			--disable-kmod
+			--disable-libcryptsetup
+			--disable-microhttpd
+			--disable-networkd
+			--disable-pam
+			--disable-polkit
+			--disable-qrencode
+			--disable-seccomp
+			--disable-selinux
+			--disable-tests
+			--disable-xattr
+			--disable-xz
+			--disable-python-devel
+		)
+	fi
+
+	# Work around bug 463846.
+	tc-export CC
+
+	autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+	local mymakeopts=(
+		udevlibexecdir="${MY_UDEVDIR}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}"
+	else
+		# prerequisites for gudev
+		use gudev && emake src/gudev/gudev{enumtypes,marshal}.{c,h}
+
+		echo 'gentoo: $(BUILT_SOURCES)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+		echo 'gentoo: $(lib_LTLIBRARIES) $(pkgconfiglib_DATA)' | \
+		emake "${mymakeopts[@]}" -f Makefile -f - gentoo
+	fi
+}
+
+multilib_src_test() {
+	multilib_is_native_abi || continue
+
+	default
+}
+
+multilib_src_install() {
+	local mymakeopts=(
+		# automake fails with parallel libtool relinking
+		# https://bugs.gentoo.org/show_bug.cgi?id=491398
+		-j1
+
+		udevlibexecdir="${MY_UDEVDIR}"
+		dist_udevhwdb_DATA=
+		DESTDIR="${D}"
+	)
+
+	if multilib_is_native_abi; then
+		emake "${mymakeopts[@]}" install
+	else
+		mymakeopts+=(
+			install-libLTLIBRARIES
+			install-pkgconfiglibDATA
+			install-includeHEADERS
+			# safe to call unconditionally, 'installs' empty list
+			install-libgudev_includeHEADERS
+			install-pkgincludeHEADERS
+		)
+
+		emake "${mymakeopts[@]}"
+	fi
+
+	# install compat pkg-config files
+	local pcfiles=( src/compat-libs/libsystemd-{daemon,id128,journal,login}.pc )
+	emake "${mymakeopts[@]}" install-pkgconfiglibDATA \
+		pkgconfiglib_DATA="${pcfiles[*]}"
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	einstalldocs
+
+	# we just keep sysvinit tools, so no need for the mans
+	rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
+		|| die
+	rm "${D}"/usr/share/man/man1/init.1 || die
+
+	# Disable storing coredumps in journald, bug #433457
+	mv "${D}"/usr/lib/sysctl.d/50-coredump.conf{,.disabled} || die
+
+	# Preserve empty dir /var, bug #437008
+	keepdir /var/lib/systemd
+
+	# Keep /etc clean
+	rmdir "${D}"/etc/{binfmt,modules-load,sysctl,tmpfiles}.d || die
+
+	# Don't default to graphical.target
+	rm "${D}"/usr/lib/systemd/system/default.target || die
+	dosym multi-user.target /usr/lib/systemd/system/default.target
+
+	# Move a few services enabled in /etc to /usr
+	rm "${D}"/etc/systemd/system/getty.target.wants/getty@tty1.service || die
+	rmdir "${D}"/etc/systemd/system/getty.target.wants || die
+	dosym ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
+
+	rm "${D}"/etc/systemd/system/multi-user.target.wants/remote-fs.target \
+		"${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service \
+		|| die
+	rmdir "${D}"/etc/systemd/system/multi-user.target.wants || die
+	systemd_enable_service multi-user.target remote-fs.target
+	systemd_enable_service multi-user.target systemd-networkd.service
+}
+
+migrate_locale() {
+	local envd_locale_def="${EROOT%/}/etc/env.d/02locale"
+	local envd_locale=( "${EROOT%/}"/etc/env.d/??locale )
+	local locale_conf="${EROOT%/}/etc/locale.conf"
+
+	if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then
+		# If locale.conf does not exist...
+		if [[ -e ${envd_locale} ]]; then
+			# ...either copy env.d/??locale if there's one
+			ebegin "Moving ${envd_locale} to ${locale_conf}"
+			mv "${envd_locale}" "${locale_conf}"
+			eend ${?} || FAIL=1
+		else
+			# ...or create a dummy default
+			ebegin "Creating ${locale_conf}"
+			cat > "${locale_conf}" <<-EOF
+				# This file has been created by the sys-apps/systemd ebuild.
+				# See locale.conf(5) and localectl(1).
+
+				# LANG=${LANG}
+			EOF
+			eend ${?} || FAIL=1
+		fi
+	fi
+
+	if [[ ! -L ${envd_locale} ]]; then
+		# now, if env.d/??locale is not a symlink (to locale.conf)...
+		if [[ -e ${envd_locale} ]]; then
+			# ...warn the user that he has duplicate locale settings
+			ewarn
+			ewarn "To ensure consistent behavior, you should replace ${envd_locale}"
+			ewarn "with a symlink to ${locale_conf}. Please migrate your settings"
+			ewarn "and create the symlink with the following command:"
+			ewarn "ln -s -n -f ../locale.conf ${envd_locale}"
+			ewarn
+		else
+			# ...or just create the symlink if there's nothing here
+			ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink"
+			ln -n -s ../locale.conf "${envd_locale_def}"
+			eend ${?} || FAIL=1
+		fi
+	fi
+}
+
+migrate_net_name_slot() {
+	# If user has disabled 80-net-name-slot.rules using a empty file or a symlink to /dev/null,
+	# do the same for 80-net-setup-link.rules to keep the old behavior
+	local net_move=no
+	local net_name_slot_sym=no
+	local net_rules_path="${EROOT%/}"/etc/udev/rules.d
+	local net_name_slot="${net_rules_path}"/80-net-name-slot.rules
+	local net_setup_link="${net_rules_path}"/80-net-setup-link.rules
+	if [[ -e ${net_setup_link} ]]; then
+		net_move=no
+	elif [[ -f ${net_name_slot} && $(sed -e "/^#/d" -e "/^\W*$/d" ${net_name_slot} | wc -l) == 0 ]]; then
+		net_move=yes
+	elif [[ -L ${net_name_slot} && $(readlink ${net_name_slot}) == /dev/null ]]; then
+		net_move=yes
+		net_name_slot_sym=yes
+	fi
+	if [[ ${net_move} == yes ]]; then
+		ebegin "Copying ${net_name_slot} to ${net_setup_link}"
+
+		if [[ ${net_name_slot_sym} == yes ]]; then
+			ln -nfs /dev/null "${net_setup_link}"
+		else
+			cp "${net_name_slot}" "${net_setup_link}"
+		fi
+		eend $? || FAIL=1
+	fi
+}
+
+pkg_postinst() {
+	enewgroup systemd-journal
+	if use http; then
+		enewgroup systemd-journal-gateway
+		enewuser systemd-journal-gateway -1 -1 -1 systemd-journal-gateway
+	fi
+	systemd_update_catalog
+
+	# Keep this here in case the database format changes so it gets updated
+	# when required. Despite that this file is owned by sys-apps/hwids.
+	if has_version "sys-apps/hwids[udev]"; then
+		udevadm hwdb --update --root="${ROOT%/}"
+	fi
+
+	udev_reload || FAIL=1
+
+	# Bug 468876
+	fcaps cap_dac_override,cap_sys_ptrace=ep usr/bin/systemd-detect-virt
+
+	# Bug 465468, make sure locales are respect, and ensure consistency
+	# between OpenRC & systemd
+	migrate_locale
+
+	# Migrate 80-net-name-slot.rules -> 80-net-setup-link.rules
+	migrate_net_name_slot
+
+	if [[ ${FAIL} ]]; then
+		eerror "One of the postinst commands failed. Please check the postinst output"
+		eerror "for errors. You may need to clean up your system and/or try installing"
+		eerror "systemd again."
+		eerror
+	fi
+
+	if [[ ! -L "${ROOT}"/etc/mtab ]]; then
+		ewarn "Upstream mandates the /etc/mtab file should be a symlink to /proc/mounts."
+		ewarn "Not having it is not supported by upstream and will cause tools like 'df'"
+		ewarn "and 'mount' to not work properly. Please run:"
+		ewarn "	# ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
+		ewarn
+	fi
+
+	if ! has_version sys-apps/systemd-ui; then
+		elog "To get additional features, a number of optional runtime dependencies may"
+		elog "be installed:"
+		elog "- sys-apps/systemd-ui: for GTK+ systemadm UI and gnome-ask-password-agent"
+	fi
+}
+
+pkg_prerm() {
+	# If removing systemd completely, remove the catalog database.
+	if [[ ! ${REPLACED_BY_VERSION} ]]; then
+		rm -f -v "${EROOT}"/var/lib/systemd/catalog/database
+	fi
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index 1d7e474d07..2b1bc6cd20 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.100 2014/03/03 22:19:31 floppym Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-9999.ebuild,v 1.103 2014/03/31 19:01:25 floppym Exp $
 
 EAPI=5
 
@@ -34,7 +34,7 @@ LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
 KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 IUSE="acl audit cryptsetup doc +firmware-loader gcrypt gudev http introspection
-	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux tcpd
+	kdbus +kmod lzma pam policykit python qrcode +seccomp selinux ssl
 	test vanilla xattr openrc"
 
 MINKV="3.0"
@@ -46,7 +46,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
 	cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= )
 	gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0= )
 	gudev? ( dev-libs/glib:2=[${MULTILIB_USEDEP}] )
-	http? ( net-libs/libmicrohttpd:0= )
+	http? ( >=net-libs/libmicrohttpd-0.9.33:0= )
 	introspection? ( >=dev-libs/gobject-introspection-1.31.1:0= )
 	kmod? ( >=sys-apps/kmod-15:0= )
 	lzma? ( app-arch/xz-utils:0=[${MULTILIB_USEDEP}] )
@@ -55,7 +55,7 @@ COMMON_DEPEND=">=sys-apps/util-linux-2.20:0=
 	qrcode? ( media-gfx/qrencode:0= )
 	seccomp? ( >=sys-libs/libseccomp-2.1:0= )
 	selinux? ( sys-libs/libselinux:0= )
-	tcpd? ( sys-apps/tcp-wrappers:0= )
+	ssl? ( >=net-libs/gnutls-3.1.4:0= )
 	xattr? ( sys-apps/attr:0= )
 	abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
 		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
@@ -122,7 +122,7 @@ fi
 
 pkg_pretend() {
 	local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS ~DEVTMPFS ~DMIID
-		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~PROC_FS
+		~EPOLL ~FANOTIFY ~FHANDLE ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS
 		~SECCOMP ~SIGNALFD ~SYSFS ~TIMERFD
 		~!IDE ~!SYSFS_DEPRECATED ~!SYSFS_DEPRECATED_V2
 		~!GRKERNSEC_PROC"
@@ -210,7 +210,7 @@ multilib_src_configure() {
 		$(use_enable qrcode qrencode)
 		$(use_enable seccomp)
 		$(use_enable selinux)
-		$(use_enable tcpd tcpwrap)
+		$(use_enable ssl gnutls)
 		$(use_enable test tests)
 		$(use_enable xattr)
 
@@ -249,6 +249,7 @@ multilib_src_configure() {
 			--disable-acl
 			--disable-audit
 			--disable-gcrypt
+			--disable-gnutls
 			--disable-gtk-doc
 			--disable-introspection
 			--disable-kmod
@@ -260,7 +261,6 @@ multilib_src_configure() {
 			--disable-qrencode
 			--disable-seccomp
 			--disable-selinux
-			--disable-tcpwrap
 			--disable-tests
 			--disable-xattr
 			--disable-xz