diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest
deleted file mode 100644
index 6e7c0b7954..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST gnupg-2.0.26.tar.bz2 4303384 SHA256 7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 SHA512 5dd23baaac764fd48abd235ed52a85a2c7fd68b98fcde45c0f294ddb3b5629e8b1bd894585fbed4e6a6cb2bc4a5552c098c3cf1a849fffa469424fd0a4fee726 WHIRLPOOL 8d9b30337957f6bfeddea29116d862ef0c0ddd06d59bc2799db236b91b2c6767aad6f37f2166fc431c5d9454eb41f49f3e261bc38d0e89361f0c467f4591cd5a
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
deleted file mode 100644
index 9506f81437..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
-Date: Sun, 17 Apr 2011 01:34:39 +0200
-Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
- file.
-
-https://bugs.g10code.com/gnupg/issue1466
-
----
- tools/gpgsm-gencert.sh |    8 ++++----
- 1 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
-index b209c8e..e7c812f 100755
---- a/tools/gpgsm-gencert.sh
-+++ b/tools/gpgsm-gencert.sh
-@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
- Key-Usage: $KEY_USAGE
- Name-DN: $NAME
- EOF
--[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
--[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
--[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
--[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
-+[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
-+[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
-+[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
-+[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
- ) > "$file_parameter"
- 
- 
--- 
-1.7.5.rc1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch
deleted file mode 100644
index 4c9eff26fd..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From a2dcc5cc49c3e79d64bd1a2ad7a5bc4df5b073ee Mon Sep 17 00:00:00 2001
-From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
-Date: Wed, 13 Aug 2014 11:13:34 +0200
-Subject: [PATCH] gpg: Need to init the trustdb for import.
-
-* g10/trustdb.c (clear_ownertrusts): Init trustdb.
-
---
-
-This was fixed in 1.4 branch in commit
-23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
-2.0 branch that exhibits the same problem. This is actually a hack
-to fix a bug introduced with commit 2528178.
-
-GnuPG-bug-id: 1622
----
- g10/trustdb.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/g10/trustdb.c b/g10/trustdb.c
-index f96701a..7bfef25 100644
---- a/g10/trustdb.c
-+++ b/g10/trustdb.c
-@@ -923,6 +923,8 @@ clear_ownertrusts (PKT_public_key *pk)
-   TRUSTREC rec;
-   int rc;
- 
-+  init_trustdb();
-+
-   if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
-     return 0;
- 
--- 
-1.8.5.5
-
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Pth-config-for-cross-build.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Pth-config-for-cross-build.patch
deleted file mode 100644
index a74b684217..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Pth-config-for-cross-build.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- a/m4/gnupg-pth.m4
-+++ b/m4/gnupg-pth.m4
-@@ -80,14 +80,15 @@
- # PTH_CLFAGS and PTH_LIBS are AS_SUBST.
- #
- AC_DEFUN([GNUPG_PATH_PTH],
--[ AC_ARG_WITH(pth-prefix,
-+[ AC_REQUIRE([AC_CANONICAL_HOST])
-+  AC_ARG_WITH(pth-prefix,
-              AC_HELP_STRING([--with-pth-prefix=PFX],
-                            [prefix where GNU Pth is installed]),
-      pth_config_prefix="$withval", pth_config_prefix="")
-   if test x$pth_config_prefix != x ; then
-      PTH_CONFIG="$pth_config_prefix/bin/pth-config"
-   fi
--  AC_PATH_PROG(PTH_CONFIG, pth-config, no)
-+  AC_PATH_TOOL(PTH_CONFIG, pth-config, no)
-   tmp=ifelse([$1], ,1.3.7,$1)
-   if test "$PTH_CONFIG" != "no"; then
-     GNUPG_PTH_VERSION_CHECK($tmp)
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch
deleted file mode 100644
index 734a04abd5..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From ed8383c618e124cfa708c9ee87563fcdf2f4649c Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Fri, 19 Dec 2014 18:53:34 -0500
-Subject: [PATCH] sm: Avoid double-free on iconv failure
-
-* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
-double-free of pwbuf.
-
---
-
-Observed by Joshua Rogers <honey@internot.info>, who proposed a
-slightly different fix.
-
-Debian-Bug-Id: 773472
-
-Added fix at a second place - wk.
----
- sm/minip12.c |    2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/agent/minip12.c b/agent/minip12.c
-index 01b91b7..ca4d248 100644
---- a/agent/minip12.c
-+++ b/agent/minip12.c
-@@ -2422,6 +2422,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
-                      " requested charset '%s': %s\n",
-                      charset, strerror (errno));
-           gcry_free (pwbuf);
-+          pwbuf = NULL;
-           goto failure;
-         }
- 
-@@ -2436,6 +2437,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
-                      " requested charset '%s': %s\n",
-                      charset, strerror (errno));
-           gcry_free (pwbuf);
-+          pwbuf = NULL;
-           jnlib_iconv_close (cd);
-           goto failure;
-         }
--- 
-1.7.10.4
-
-From b0b3803e8c2959dd67ca96debc54b5c6464f0d41 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Fri, 19 Dec 2014 18:07:55 -0500
-Subject: [PATCH] scd: Avoid double-free on error condition in scd
-
-* scd/command.c (cmd_readkey): avoid double-free of cert
-
---
-
-When ksba_cert_new() fails, cert will be double-freed.
-
-Debian-Bug-Id: 773471
-
-Original patch changed by wk to do the free only at leave.
----
- scd/command.c |    6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/scd/command.c b/scd/command.c
-index dd4191f..1cc580a 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -804,10 +804,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
- 
-   rc = ksba_cert_new (&kc);
-   if (rc)
--    {
--      xfree (cert);
--      goto leave;
--    }
-+    goto leave;
-+
-   rc = ksba_cert_init_from_mem (kc, cert, ncert);
-   if (rc)
-     {
--- 
-1.7.10.4
-
-From abd5f6752d693b7f313c19604f0723ecec4d39a6 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Mon, 22 Dec 2014 12:16:46 +0100
-Subject: [PATCH] dirmngr,gpgsm: Return NULL on fail
-
-* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
-* sm/gpgsm.c (parse_keyserver_line): Ditto.
---
-
-Reported-by: Joshua Rogers <git@internot.info>
-
-  "If something inside the ldapserver_parse_one function failed,
-   'server' would be freed, then returned, leading to a
-   use-after-free.  This code is likely copied from sm/gpgsm.c, which
-   was also susceptible to this bug."
-
-Signed-off-by: Werner Koch <wk@gnupg.org>
----
- dirmngr/ldapserver.c |    1 +
- sm/gpgsm.c           |    1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/sm/gpgsm.c b/sm/gpgsm.c
-index 3398d17..72bceb4 100644
---- a/sm/gpgsm.c
-+++ b/sm/gpgsm.c
-@@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
-     {
-       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
-       keyserver_list_free (server);
-+      server = NULL;
-     }
- 
-   return server;
--- 
-1.7.10.4
-
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.0.26-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.0.26-r4.ebuild
deleted file mode 100644
index f25eb020b1..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.0.26-r4.ebuild
+++ /dev/null
@@ -1,167 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.26-r3.ebuild,v 1.12 2015/03/30 03:06:10 tgall Exp $
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs autotools
-
-DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
-# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb"
-
-COMMON_DEPEND_LIBS="
-	>=dev-libs/libassuan-2
-	>=dev-libs/libgcrypt-1.4:0=
-	>=dev-libs/libgpg-error-1.11
-	>=dev-libs/libksba-1.0.7
-	>=dev-libs/pth-1.3.7
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	readline? ( sys-libs/readline )
-	smartcard? ( usb? ( virtual/libusb:0 ) )
-	ldap? ( net-nds/openldap )"
-COMMON_DEPEND_BINS="app-crypt/pinentry"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
-	${COMMON_DEPEND_BINS}
-	static? (
-		>=dev-libs/libassuan-2[static-libs]
-		>=dev-libs/libgcrypt-1.4:0=[static-libs]
-		>=dev-libs/libgpg-error-1.11[static-libs]
-		>=dev-libs/libksba-1.0.7[static-libs]
-		>=dev-libs/pth-1.3.7[static-libs]
-		>=net-misc/curl-7.10[static-libs]
-		sys-libs/zlib[static-libs]
-		bzip2? ( app-arch/bzip2[static-libs] )
-	)
-	nls? ( sys-devel/gettext )
-	doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
-	${COMMON_DEPEND_BINS}
-	mta? ( virtual/mta )
-	!<=app-crypt/gnupg-2.0.1
-	selinux? ( sec-policy/selinux-gpg )
-	nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-src_prepare() {
-	epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
-	epatch "${FILESDIR}/${P}-Need-to-init-the-trustdb-for-import.patch"
-	epatch "${FILESDIR}/${P}-misc-cve.patch"
-	epatch "${FILESDIR}/${P}-Pth-config-for-cross-build.patch"
-	epatch_user
-	eautoreconf
-}
-
-src_configure() {
-	local myconf=()
-
-	# 'USE=static' support was requested:
-	# gnupg1: bug #29299
-	# gnupg2: bug #159623
-	use static && append-ldflags -static
-
-	if use smartcard; then
-		myconf+=(
-			--enable-scdaemon
-			$(use_enable usb ccid-driver)
-		)
-	else
-		myconf+=( --disable-scdaemon )
-	fi
-
-	if use elibc_SunOS || use elibc_AIX; then
-		myconf+=( --disable-symcryptrun )
-	else
-		myconf+=( --enable-symcryptrun )
-	fi
-
-	econf \
-		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
-		--enable-gpg \
-		--enable-gpgsm \
-		--enable-agent \
-		--without-adns \
-		"${myconf[@]}" \
-		$(use_enable bzip2) \
-		$(use_enable nls) \
-		$(use_enable mta mailto) \
-		$(use_enable ldap) \
-		$(use_with readline) \
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		cd doc
-		emake html
-	fi
-}
-
-src_install() {
-	default
-
-	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
-		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
-
-	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
-	rm "${ED}"/usr/share/gnupg/help* || die
-
-	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
-		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
-	dosym gpg2 /usr/bin/gpg
-	dosym gpgv2 /usr/bin/gpgv
-	dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
-	dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
-	dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
-	if use ldap; then
-		dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
-	fi
-	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
-	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
-	if use doc; then
-		dohtml doc/gnupg.html/* doc/*.png
-	fi
-}
-
-pkg_postinst() {
-	elog "If you wish to view images emerge:"
-	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
-	elog "Remember to use photo-viewer option in configuration file to activate"
-	elog "the right viewer."
-	elog
-
-	if use smartcard; then
-		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
-		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
-		elog " - sys-apps/pcsc-lite and a compatible reader device;"
-		elog " - dev-libs/openct and a compatible reader device;"
-		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
-		elog ""
-		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
-		elog "app-crypt/ccid first."
-	fi
-
-	ewarn "Please remember to restart gpg-agent if a different version"
-	ewarn "of the agent is currently used. If you are unsure of the gpg"
-	ewarn "agent you are using please run 'killall gpg-agent',"
-	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml
deleted file mode 100644
index 04058e5e27..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-  <maintainer type="project">
-    <email>crypto@gentoo.org</email>
-    <name>Crypto</name>
-  </maintainer>
-  <longdescription>
-    GnuPG is a complete and free implementation of the OpenPGP standard as
-    defined by RFC4880.
-  </longdescription>
-  <use>
-    <flag name="smartcard">
-      Build scdaemon software. Enables usage of OpenPGP cards. For
-      other type of smartcards, try
-      <pkg>app-crypt/gnupg-pkcs11-scd</pkg>.
-      Bring in <pkg>dev-libs/libusb</pkg> as a dependency; enable
-      scdaemon.
-    </flag>
-    <flag name="usb">
-      Build direct CCID access for scdaemon; requires
-      <pkg>dev-libs/libusb</pkg>.
-    </flag>
-    <flag name="mta">
-      Build mta support using
-      <pkg>virtual/mta</pkg>.
-    </flag>
-    <flag name="tofu">
-      Enable support for Trust of First use trust model; requires
-      <pkg>dev-db/sqlite</pkg>.
-    </flag>
-    <flag name="tools">
-      Install extra tools.
-    </flag>
-  </use>
-</pkgmetadata>
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
index 1295a35ea2..1383b6198a 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
@@ -41,5 +41,3 @@
 =sys-fs/quota-4.02 **
 =sys-fs/xfsprogs-3.2.2-r1 **
 =sys-process/lsof-4.89 ~arm64
-=apps-crypt/gnupg-2.0.26-r4 ~arm64
-=dev-libs/libksba-1.3.3 ~arm64
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided
index 5851346bdd..7ff9f93672 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided
@@ -6,6 +6,7 @@ dev-lang/perl-5.12.4-r1
 dev-libs/gobject-introspection-1.40.0-r1
 sys-apps/kexec-tools-2.0.4-r1
 dev-util/boost-build-1.55.0
+app-crypt/gnupg-2.0.26-r3
 
 # build errors
 net-dns/bind-tools-9.10.1_p1