diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest
index 9419b545f9..cfac32c1b1 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/Manifest
@@ -8,3 +8,5 @@ DIST incus-6.14.tar.xz 12509468 BLAKE2B ec3bb614088d82e07c13169a6b26d8c83214fddb
 DIST incus-6.14.tar.xz.asc 833 BLAKE2B c9cfa631bb316234a6958f2aa3e708e32ea2fca34357700e7d1e38723be539f5b6b1484597c18baca1f22d922c7aca148463dfc0b818f7809126e6873e4826b5 SHA512 6a2f4ceeab44462cca74799a1c135eeb17cbece3d270c5195c3eacda8ea24419fc34cab6d157dbfed803bb269df42a02abc417b98887cec5f10b0ec70b430644
 DIST incus-6.15.tar.xz 12716184 BLAKE2B bc821575f7f24b42054028ce628a29f38ef41b8a31a94f34381019306681f9279ae6c36cb00b7f84d62f5ddc89d27216d753e5c0f5ec1d327bbd283ab5fe1e15 SHA512 7561abce8eb9c01764aca9bb5477028439c05f6c1c20637f288028be93f4bc0d74a36af76f7ad0e35028dfe40e2a0bb2d7b4a363d1da35fe657072f5d847c78e
 DIST incus-6.15.tar.xz.asc 833 BLAKE2B ccab84a2fd3f9d6971ff0fd7cba9afc23dbe0fc0bcb8738656f9071db7c773840566009d5014dc15d37be26bff018e3faf8af59dd5d50b629aebd2e79cf3dc5e SHA512 b1bf43ffff719a3f1c6be7a8d32e44f418efb8e926914dea5479ba1175768910fa38b4e5b83c51e90ec34d2d345629597beb286215b9658a611cf568b8e43122
+DIST incus-6.17.tar.xz 12809024 BLAKE2B 5d6cb615b547430641faa716df5ce7c4d03aad436a4161c9d9dab99bd4fff7b8f93c8250d5b65237047c2baeeeac6f42a21b9a6970a41e79e7e6af9ceca2cf62 SHA512 ae744784ed676dcdcad3a284a0e16a816786cb87d78fae7f317baa4c75b193edb56ab2ec38b916c84930df5385e7b239c1cb9dc869672502be1e4d660a8d6113
+DIST incus-6.17.tar.xz.asc 833 BLAKE2B a0fc3eaa51df6b77988cc331cf03fad982d0a735a2e751564d05bd6f929b422b8682b56ec9101b17000978ec7f919189b3721779ca299f7df0c46fa56275aaf6 SHA512 23cc6ed65bf99899bd3ed4dd7f79a1eada375e32ad0f9b91be1e3fcc0d2af5abeffe05b7c02f0b63a7eca7dfaeee030dbc27fce67e8952f42f18638ebfc9a2e2
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.17.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.17.ebuild
new file mode 100644
index 0000000000..2e839535a1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/incus-6.17.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-env go-module linux-info optfeature systemd toolchain-funcs verify-sig
+
+DESCRIPTION="Modern, secure and powerful system container and virtual machine manager"
+HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus"
+SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.xz
+	verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.xz.asc )"
+
+LICENSE="Apache-2.0 BSD LGPL-3 MIT"
+SLOT="0/stable"
+KEYWORDS="~amd64 ~arm64"
+IUSE="apparmor fuidshift nls qemu"
+
+DEPEND="acct-group/incus
+	acct-group/incus-admin
+	app-arch/xz-utils
+	>=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)]
+	dev-db/sqlite:3
+	>=dev-libs/cowsql-1.15.7
+	dev-libs/lzo
+	>=dev-libs/raft-0.22.1:=[lz4]
+	>=dev-util/xdelta-3.0[lzma(+)]
+	net-dns/dnsmasq[dhcp]
+	sys-libs/libcap
+	virtual/udev"
+RDEPEND="${DEPEND}
+	|| (
+		net-firewall/iptables
+		net-firewall/nftables[json]
+	)
+	fuidshift? ( !app-containers/lxd )
+	net-firewall/ebtables
+	sys-apps/iproute2
+	sys-fs/fuse:*
+	>=sys-fs/lxcfs-5.0.0
+	sys-fs/squashfs-tools[lzma]
+	virtual/acl
+	apparmor? ( sec-policy/apparmor-profiles )
+	qemu? (
+		app-cdr/cdrtools
+		app-emulation/qemu[spice,usbredir,virtfs]
+		sys-apps/gptfdisk
+	)"
+BDEPEND=">=dev-lang/go-1.24.7
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
+
+CONFIG_CHECK="
+	~AIO
+	~CGROUPS
+	~IPC_NS
+	~NET_NS
+	~PID_NS
+
+	~SECCOMP
+	~USER_NS
+	~UTS_NS
+
+	~KVM
+	~MACVTAP
+	~VHOST_VSOCK
+"
+
+ERROR_AIO="CONFIG_AIO is required."
+ERROR_IPC_NS="CONFIG_IPC_NS is required."
+ERROR_NET_NS="CONFIG_NET_NS is required."
+ERROR_PID_NS="CONFIG_PID_NS is required."
+ERROR_SECCOMP="CONFIG_SECCOMP is required."
+ERROR_UTS_NS="CONFIG_UTS_NS is required."
+
+WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines."
+WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines."
+WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines."
+
+# Go magic.
+QA_PREBUILT="/usr/bin/incus
+	/usr/bin/incus-agent
+	/usr/bin/incus-benchmark
+	/usr/bin/incus-migrate
+	/usr/bin/lxc-to-incus
+	/usr/sbin/fuidshift
+	/usr/sbin/incusd
+	/usr/sbin/lxd-to-incus"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/linuxcontainers.asc
+
+# The testsuite must be run as root.
+# make: *** [Makefile:156: check] Error 1
+RESTRICT="test"
+
+GOPATH="${S}/_dist"
+
+src_unpack() {
+	verify-sig_src_unpack
+	go-module_src_unpack
+}
+
+src_prepare() {
+	export GOPATH="${S}/_dist"
+
+	default
+
+	sed -i \
+		-e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \
+		-e "s:make:make ${MAKEOPTS}:g" \
+		Makefile || die
+
+	sed -i \
+		-e "s:/usr/share/OVMF:/usr/share/edk2/OvmfX64:g" \
+		-e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \
+		internal/server/instance/drivers/edk2/driver_edk2.go || die "Failed to fix hardcoded ovmf paths."
+
+	cp "${FILESDIR}"/incus-6.14-r1.service "${T}"/incus.service || die
+	if use apparmor; then
+		sed -i \
+			'/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \
+			"${T}"/incus.service || die
+	fi
+
+	# Disable -Werror's from go modules.
+	find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die
+}
+
+src_configure() { :; }
+
+src_compile() {
+	export GOPATH="${S}/_dist"
+	export CGO_LDFLAGS_ALLOW="-Wl,-z,now"
+
+	for k in incus-benchmark incus-simplestreams incus-user incus lxc-to-incus lxd-to-incus ; do
+		ego install -v -x "${S}/cmd/${k}"
+	done
+
+	if use fuidshift ; then
+		ego install -v -x "${S}/cmd/fuidshift"
+	fi
+
+	ego install -v -x -tags libsqlite3 "${S}"/cmd/incusd
+
+	# Needs to be built statically
+	CGO_ENABLED=0 go install -v -tags agent,netgo,static -buildmode default "${S}"/cmd/incus-migrate
+
+	# Build the VM agents, statically too
+	if use amd64 ; then
+		GOARCH=amd64 CGO_ENABLED=0 ego build -o "${S}"/_dist/bin/incus-agent.linux.x86_64 -v \
+			-tags agent,netgo,static -buildmode default "${S}"/cmd/incus-agent
+		GOARCH=386 CGO_ENABLED=0 ego build -o "${S}"/_dist/bin/incus-agent.linux.i686 -v \
+			-tags agent,netgo,static -buildmode default "${S}"/cmd/incus-agent
+		GOARCH=amd64 GOOS=windows CGO_ENABLED=0 ego build -o "${S}"/_dist/bin/incus-agent.windows.x86_64 -v \
+			-tags agent,netgo,static -buildmode default "${S}"/cmd/incus-agent
+		GOARCH=386 GOOS=windows CGO_ENABLED=0 ego build -o "${S}"/_dist/bin/incus-agent.windows.i686 -v \
+			-tags agent,netgo,static -buildmode default "${S}"/cmd/incus-agent
+	elif use arm64 ; then
+		GOARCH=arm64 CGO_ENABLED=0 ego build -o "${S}"/_dist/bin/incus-agent.linux.aarch64 -v \
+			-tags agent,netgo,static -buildmode default "${S}"/cmd/incus-agent
+		GOARCH=arm64 GOOS=windows CGO_ENABLED=0 ego build -o "${S}"/_dist/bin/incus-agent.windows.aarch64 -v \
+			-tags agent,netgo,static -buildmode default "${S}"/cmd/incus-agent
+	else
+		echo "No VM support for this arch."
+		return
+	fi
+
+	use nls && emake build-mo
+}
+
+src_test() {
+	emake check
+}
+
+src_install() {
+	export GOPATH="${S}/_dist"
+
+	export GOHOSTARCH=$(go-env_goarch "${CBUILD}")
+	if [[ "${GOARCH}" != "${GOHOSTARCH}" ]]; then
+		local bindir="_dist/bin/linux_${GOARCH}"
+	else
+		local bindir="_dist/bin"
+	fi
+
+	newsbin "${FILESDIR}"/incus-startup-0.4.sh incus-startup
+
+	# Admin tools
+	for l in incusd incus-user lxd-to-incus ; do
+		dosbin "${bindir}/${l}"
+	done
+
+	# User tools
+	for m in incus-benchmark incus-migrate incus-simplestreams incus lxc-to-incus ; do
+		dobin "${bindir}/${m}"
+	done
+
+	# VM Agents
+	if use amd64 ; then
+		exeinto /usr/libexec/incus/agents
+		doexe ${bindir}/incus-agent.linux.x86_64
+		doexe ${bindir}/incus-agent.linux.i686
+		doexe ${bindir}/incus-agent.windows.x86_64
+		doexe ${bindir}/incus-agent.windows.i686
+	elif use arm64 ; then
+		exeinto /usr/libexec/incus
+		doexe ${bindir}/incus-agent.linux.aarch64
+		doexe ${bindir}/incus-agent.windows.aarch64
+	fi
+
+	# fuidshift, should be moved under admin tools at some point
+	if use fuidshift ; then
+		dosbin ${bindir}/fuidshift
+	fi
+
+	newconfd "${FILESDIR}"/incus-6.0.confd incus
+	newinitd "${FILESDIR}"/incus-6.0.initd incus
+	newinitd "${FILESDIR}"/incus-user-0.4.initd incus-user
+
+	systemd_dounit "${T}"/incus.service
+	systemd_newunit "${FILESDIR}"/incus-0.4.socket incus.socket
+	systemd_newunit "${FILESDIR}"/incus-startup-0.4.service incus-startup.service
+	systemd_newunit "${FILESDIR}"/incus-user-0.4.service incus-user.service
+	systemd_newunit "${FILESDIR}"/incus-user-0.4.socket incus-user.socket
+
+	if ! tc-is-cross-compiler; then
+		# Generate and install shell completion files.
+		mkdir -p "${D}"/usr/share/{bash-completion/completions/,fish/vendor_completions.d/,zsh/site-functions/} || die
+		"${bindir}"/incus completion bash > "${D}"/usr/share/bash-completion/completions/incus || die
+		"${bindir}"/incus completion fish > "${D}"/usr/share/fish/vendor_completions.d/incus.fish || die
+		"${bindir}"/incus completion zsh > "${D}"/usr/share/zsh/site-functions/_incus || die
+	else
+		ewarn "Shell completion files not installed! Install them manually with incus completion --help"
+	fi
+
+	dodoc AUTHORS
+	dodoc -r doc/*
+	use nls && domo po/*.mo
+
+	# Incus needs INCUS_EDK2_PATH in env to find OVMF files for virtual machines, #946184,
+	# and INCUS_AGENT_PATH to find multi-setup agents for VMs, #959878.
+	newenvd "${FILESDIR}"/90incus.envd 90incus
+}
+
+pkg_postinst() {
+	elog
+	elog "Please see"
+	elog "  https://wiki.gentoo.org/wiki/Incus"
+	elog "  https://wiki.gentoo.org/wiki/Incus#Migrating_from_LXD"
+	elog
+	optfeature "OCI container images support" app-containers/skopeo app-containers/umoci
+	optfeature "support for ACME certificate issuance" app-crypt/lego
+	optfeature "btrfs storage backend" sys-fs/btrfs-progs
+	optfeature "ipv6 support" net-dns/dnsmasq[ipv6]
+	optfeature "full incus-migrate support" net-misc/rsync
+	optfeature "lvm2 storage backend" sys-fs/lvm2
+	optfeature "zfs storage backend" sys-fs/zfs
+	elog
+	elog "Be sure to add your local user to the incus group."
+	elog
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml b/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml
index 550a6f36da..186d0e5dda 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/app-containers/incus/metadata.xml
@@ -5,6 +5,10 @@
     <email>juippis@gentoo.org</email>
     <name>Joonas Niilola</name>
   </maintainer>
+  <maintainer type="person">
+    <email>mschiff@gentoo.org</email>
+    <name>Marc Schiffbauer</name>
+  </maintainer>
   <maintainer type="project">
     <email>virtualization@gentoo.org</email>
     <name>Gentoo Virtualization Project</name>