From 0bfa8e1425eb8f3b023914eff2bae4ad7007235d Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Wed, 17 Jun 2026 11:38:50 +0100
Subject: [PATCH 1/4] sys-apps/portage: Sync with Gentoo and take 3.0.80 early

We want it for a cross fix and buildpkg-proactive.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 .../coreos/base/package.accept_keywords       |   3 +
 .../portage-stable/sys-apps/portage/Manifest  |   1 +
 ...-import-problem-after-Python-upgrade.patch |  47 ++++
 .../sys-apps/portage/portage-3.0.79-r1.ebuild | 238 ++++++++++++++++++
 ...ge-3.0.79.ebuild => portage-3.0.80.ebuild} |   0
 5 files changed, 289 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/portage/files/0001-Workaround-import-problem-after-Python-upgrade.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.79-r1.ebuild
 rename sdk_container/src/third_party/portage-stable/sys-apps/portage/{portage-3.0.79.ebuild => portage-3.0.80.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 146820b102d..19336e325f8 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -115,3 +115,6 @@ sys-apps/azure-vm-utils
 # Use unstable version for cross-compile fix. This needs to be at least as new
 # as app-containers/docker.
 =app-containers/docker-cli-29.1.3
+
+# Take this version early for a cross fix and buildpkg-proactive.
+=sys-apps/portage-3.0.80
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/portage/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/portage/Manifest
index c66feb0bcac..f86fe1c3994 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/portage/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/portage/Manifest
@@ -1,3 +1,4 @@
 DIST portage-3.0.77.tar.bz2 1222765 BLAKE2B 062b99059582caf323001b14e74d5ad762aeb4ece9750dcd548b4eddacabea60044dbb8006911c458c2550b7f1f86a5e91c5f0f67b37a3c839a1d7bac751376c SHA512 bae4d30d53473402a90c21923c71e81463e0f1afc1300f194d67b1af109eca71bd52ca82a1c17881871b9c30a64d584eb0392daab81b38c622cb2384afd195b7
 DIST portage-3.0.78.tar.bz2 1234503 BLAKE2B fecc7def9d2b3cbeb022a1807f9f3db643b4000b1c9674bf2306f6a7b13ef163f7243c9f62e035ef1c0ee5d49f2fdd25b63ff6ae100c9adf59fd3c9352e80410 SHA512 38243d05ad6d253275f19e7c90bc527fe63f6c26a82e7135c603f853612af42c1038ae3269637049ba7212e9caebfe80004d735c02c84882a35fdbc48d3777de
 DIST portage-3.0.79.tar.bz2 1235108 BLAKE2B 279b874be40f3ba610d8dc439683a388dc926cabe236dc4426a64fcd1267484312e84b15fb44c80ecb0ddce50cace4c9fc3f29886b6911d4199ed611fbecf28d SHA512 63df73d0fb2fd5ff7e6f0cacd8999aca0c99b91fbe2a2be0204a597e8230ecc1e60dcad0f24d9200b5948dec2c7e1e417853805d19beaf748c1f16490e64036c
+DIST portage-3.0.80.tar.bz2 1237591 BLAKE2B 58b5a54629f9be4f768a94e16acf73e07c47622fa488450e22e36be8e0b006e05c1ed22aab2ba5787c88f8ddbaadcec6b3dde02bb9e2967994723fcb3b97f6dc SHA512 91a98ab1e8ff75a4207f0b2ec664c023928278e99f5c758704dd6ce06073d4544d7785584adeb80ab7853218373ea1f16af1c11fcb5bdde659f730dbfa632cae
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/portage/files/0001-Workaround-import-problem-after-Python-upgrade.patch b/sdk_container/src/third_party/portage-stable/sys-apps/portage/files/0001-Workaround-import-problem-after-Python-upgrade.patch
new file mode 100644
index 00000000000..0e0eef3f894
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/portage/files/0001-Workaround-import-problem-after-Python-upgrade.patch
@@ -0,0 +1,47 @@
+From e7cf51fd6a504b2ab9d887c562c2ca3ace12d033 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Sun, 31 May 2026 17:30:41 +0200
+Subject: [PATCH] Workaround import problem after Python upgrade
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+To: gentoo-portage-dev@lists.gentoo.org
+
+Make `SyncfsProcess` import non-lazy to ensure that it is imported
+before the old-Python version of Portage is removed, and therefore fix
+a crash when Portage is being rebuilt for a new Python version.
+
+Bug: https://bugs.gentoo.org/970375
+Closes: https://github.com/gentoo/portage/pull/1586
+Signed-off-by: Michał Górny <mgorny@gentoo.org>
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ lib/portage/dbapi/vartree.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/portage/dbapi/vartree.py b/lib/portage/dbapi/vartree.py
+index 87d4f3453238..7f392588ef9a 100644
+--- a/lib/portage/dbapi/vartree.py
++++ b/lib/portage/dbapi/vartree.py
+@@ -43,6 +43,10 @@ from portage import _unicode_encode
+ from portage.util.futures.executor.fork import ForkExecutor
+ from ._VdbMetadataDelta import VdbMetadataDelta
+ 
++# Made global to fix importing on Python version upgrade:
++# https://bugs.gentoo.org/970375
++from ._SyncfsProcess import SyncfsProcess
++
+ from _emerge.EbuildBuildDir import EbuildBuildDir
+ from _emerge.EbuildPhase import EbuildPhase
+ from _emerge.emergelog import emergelog
+@@ -6128,7 +6132,6 @@ class dblink:
+         does nothing if FEATURES=merge-sync is disabled.
+         """
+         import subprocess
+-        from portage.dbapi._SyncfsProcess import SyncfsProcess
+ 
+         if not self._device_path_map or "merge-sync" not in self.settings.features:
+             return
+-- 
+2.54.0
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.79-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.79-r1.ebuild
new file mode 100644
index 00000000000..a2d28808941
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.79-r1.ebuild
@@ -0,0 +1,238 @@
+# Copyright 1999-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{12..14} )
+PYTHON_REQ_USE='bzip2(+),threads(+)'
+TMPFILES_OPTIONAL=1
+
+inherit meson linux-info python-r1 tmpfiles
+
+DESCRIPTION="The package management and distribution system for Gentoo"
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Portage"
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="
+		https://anongit.gentoo.org/git/proj/portage.git
+		https://github.com/gentoo/portage.git
+	"
+	inherit git-r3
+else
+	SRC_URI="https://gitweb.gentoo.org/proj/portage.git/snapshot/${P}.tar.bz2"
+	KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="apidoc build doc gentoo-dev +ipc +native-extensions +rsync-verify selinux test xattr"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	${PYTHON_DEPS}
+	>=app-arch/tar-1.27
+	>=dev-build/meson-1.3.0-r1
+	>=sys-apps/sed-4.0.5
+	sys-devel/patch
+	!build? ( $(python_gen_impl_dep 'ssl(+)') )
+	apidoc? (
+		dev-python/sphinx[${PYTHON_USEDEP}]
+		dev-python/sphinx-epytext[${PYTHON_USEDEP}]
+	)
+	doc? (
+		~app-text/docbook-xml-dtd-4.4
+		app-text/xmlto
+	)
+	test? (
+		dev-python/pytest-xdist[${PYTHON_USEDEP}]
+		dev-vcs/git
+	)
+"
+# Require sandbox-2.2 for bug #288863.
+# For whirlpool hash, require python[ssl] (bug #425046).
+RDEPEND="
+	${PYTHON_DEPS}
+	>=acct-user/portage-0-r4
+	>=app-arch/tar-1.27
+	app-arch/zstd
+	>=app-misc/pax-utils-0.1.17
+	dev-lang/python-exec:2
+	>=sys-apps/baselayout-2.9
+	>=sys-apps/findutils-4.9
+	!build? (
+		>=app-admin/eselect-1.2
+		app-portage/getuto
+		>=app-shells/bash-5.3:0
+		dev-util/debugedit
+		>=sec-keys/openpgp-keys-gentoo-release-20240703
+		>=sys-apps/sed-4.0.5
+		rsync-verify? (
+			app-alternatives/gpg[ssl(-)]
+			>=app-portage/gemato-14.5[${PYTHON_USEDEP}]
+		)
+	)
+	kernel_linux? (
+		sys-apps/util-linux
+		elibc_glibc? ( >=sys-apps/sandbox-2.2 )
+		elibc_musl? ( >=sys-apps/sandbox-2.2 )
+	)
+	selinux? ( >=sys-libs/libselinux-2.0.94[python,${PYTHON_USEDEP}] )
+	xattr? ( kernel_linux? (
+		>=sys-apps/install-xattr-0.3
+	) )
+"
+# coreutils-6.4 rdep is for date format in emerge-webrsync #164532
+# NOTE: FEATURES=installsources requires debugedit and rsync
+PDEPEND="
+	!build? (
+		>=net-misc/rsync-2.6.4
+		>=sys-apps/coreutils-6.4
+		>=sys-apps/file-5.44-r3
+	)
+"
+
+PATCHES=(
+	"${FILESDIR}/0001-Workaround-import-problem-after-Python-upgrade.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~IPC_NS ~PID_NS ~NET_NS ~UTS_NS"
+
+	check_extra_config
+}
+
+src_prepare() {
+	default
+
+	if use prefix-guest; then
+		sed -e "s|^\(main-repo = \).*|\\1gentoo_prefix|" \
+			-e "s|^\\[gentoo\\]|[gentoo_prefix]|" \
+			-e "s|^\(sync-uri = \).*|\\1rsync://rsync.prefix.bitzolder.nl/gentoo-portage-prefix|" \
+			-i cnf/repos.conf || die "sed failed"
+	fi
+}
+
+src_configure() {
+	local code_only=false
+	python_foreach_impl my_src_configure
+}
+
+my_src_configure() {
+	local emesonargs=(
+		-Dcode-only=${code_only}
+		-Deprefix="${EPREFIX}"
+		-Dportage-bindir="${EPREFIX}/usr/lib/portage/${EPYTHON}"
+		-Ddocdir="${EPREFIX}/usr/share/doc/${PF}"
+		$(meson_use doc)
+		$(meson_use apidoc)
+		$(meson_use gentoo-dev)
+		$(meson_use ipc)
+		$(meson_use xattr)
+	)
+
+	if use native-extensions && [[ "${EPYTHON}" != pypy3* ]] ; then
+		emesonargs+=( -Dnative-extensions=true )
+	else
+		emesonargs+=( -Dnative-extensions=false )
+	fi
+
+	if use build; then
+		emesonargs+=( -Drsync-verify=false )
+	else
+		emesonargs+=( $(meson_use rsync-verify) )
+	fi
+
+	meson_src_configure
+	code_only=true
+}
+
+src_compile() {
+	python_foreach_impl meson_src_compile
+}
+
+src_test() {
+	local EPYTEST_XDIST=1
+	local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1
+	python_foreach_impl epytest
+}
+
+src_install() {
+	python_foreach_impl my_src_install
+	dotmpfiles "${FILESDIR}"/portage-{ccache,tmpdir}.conf
+
+	local scripts
+	mapfile -t scripts < <(awk '/^#!.*python/ {print FILENAME} {nextfile}' "${ED}"/usr/{bin,sbin}/* || die)
+	python_replicate_script "${scripts[@]}"
+}
+
+my_src_install() {
+	local pydirs=(
+		"${D}$(python_get_sitedir)"
+		"${ED}/usr/lib/portage/${EPYTHON}"
+	)
+
+	meson_src_install
+	python_fix_shebang "${pydirs[@]}"
+	python_optimize "${pydirs[@]}"
+}
+
+pkg_preinst() {
+	if ! use build && [[ -z ${ROOT} ]]; then
+		python_setup
+		local sitedir=$(python_get_sitedir)
+		[[ -d ${D}${sitedir} ]] || die "${D}${sitedir}: No such directory"
+		env -u DISTDIR \
+			-u PORTAGE_OVERRIDE_EPREFIX \
+			-u PORTAGE_REPOSITORIES \
+			-u PORTDIR \
+			-u PORTDIR_OVERLAY \
+			PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \
+			ED="${ED}" \
+			"${PYTHON}" -m portage._compat_upgrade.default_locations || die
+
+		env -u BINPKG_COMPRESS -u PORTAGE_REPOSITORIES \
+			PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \
+			ED="${ED}" \
+			"${PYTHON}" -m portage._compat_upgrade.binpkg_compression || die
+
+		env -u FEATURES -u PORTAGE_REPOSITORIES \
+			PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \
+			ED="${ED}" \
+			"${PYTHON}" -m portage._compat_upgrade.binpkg_multi_instance || die
+
+		env -u BINPKG_FORMAT \
+			PYTHONPATH="${D}${sitedir}${PYTHONPATH:+:${PYTHONPATH}}" \
+			ED="${ED}" \
+			"${PYTHON}" -m portage._compat_upgrade.binpkg_format || die
+	fi
+
+	# elog dir must exist to avoid logrotate error for bug #415911.
+	# This code runs in preinst in order to bypass the mapping of
+	# portage:portage to root:root which happens after src_install.
+	keepdir /var/log/portage/elog
+	# This is allowed to fail if the user/group are invalid for prefix users.
+	if chown portage:portage "${ED}"/var/log/portage{,/elog} 2>/dev/null ; then
+		chmod g+s,ug+rwx "${ED}"/var/log/portage{,/elog}
+	fi
+
+	if has_version "<${CATEGORY}/${PN}-2.3.77"; then
+		elog "The emerge --autounmask option is now disabled by default, except for"
+		elog "portions of behavior which are controlled by the --autounmask-use and"
+		elog "--autounmask-license options. For backward compatibility, previous"
+		elog "behavior of --autounmask=y and --autounmask=n is entirely preserved."
+		elog "Users can get the old behavior simply by adding --autounmask to the"
+		elog "make.conf EMERGE_DEFAULT_OPTS variable. For the rationale for this"
+		elog "change, see https://bugs.gentoo.org/658648."
+	fi
+}
+
+pkg_postinst() {
+	# Warn about obsolete "enotice" script, bug #867010
+	local bashrc=${EROOT}/etc/portage/profile/profile.bashrc
+	if [[ -e ${bashrc} ]] && grep -q enotice "${bashrc}"; then
+		eerror "Obsolete 'enotice' script detected!"
+		eerror "Please remove this from ${bashrc} to avoid problems."
+		eerror "See bug 867010 for more details."
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.79.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.80.ebuild
similarity index 100%
rename from sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.79.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-apps/portage/portage-3.0.80.ebuild

From dd0135e62fbc454dcd2594609e58f15cfd5a3e16 Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Wed, 27 May 2026 13:08:54 +0100
Subject: [PATCH 2/4] make.defaults: Proactively build binary packages, but not
 for the SDK

We often adjust package.accept_keywords to bring arm64 in line with
amd64, but this has broken builds when such packages have eventually
become stable while their unstable binary counterparts have remained in
the SDK. FEATURES="buildpkg-proactive" was implemented to fix this.

However, there is no need to build binary packages for the SDK itself,
so restrict that to the board roots.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 .../coreos-overlay/profiles/coreos/base/make.defaults        | 4 ++--
 .../profiles/coreos/targets/generic/make.defaults            | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
index f79435f42ab..ef3eeb043f4 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@@ -112,8 +112,8 @@ LINGUAS="en"
 PORTAGE_BZIP2_COMMAND="lbzip2"
 PORTAGE_BUNZIP2_COMMAND="lbunzip2"
 
-# Always build binary packages, remove old build logs, avoid running as root.
-FEATURES="buildpkg clean-logs compressdebug parallel-install splitdebug
+# Always remove old build logs, avoid running as root.
+FEATURES="clean-logs compressdebug parallel-install splitdebug
           userfetch userpriv usersandbox ipc-sandbox network-sandbox
           -ccache -merge-sync -binpkg-multi-instance"
 
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults
index 41c51cf110a..6b445297e50 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults
@@ -8,8 +8,11 @@ USE="${USE} -cros_host -expat -cairo -X -man"
 USE="${USE} -acl -gpm -python"
 USE="${USE} -fortran -abiword -perl -poppler-data"
 
+# Proactively ensure usable binary packages exist for building an image.
+FEATURES="buildpkg buildpkg-proactive"
+
 # Exclude documentation
-FEATURES="nodoc noinfo noman"
+FEATURES="${FEATURES} nodoc noinfo noman"
 
 # Exclude even more documentation
 # Remove bash-completion files as we don't install bash-completion.

From cdead0a8c5481f03830acbb649e25b62d279898a Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Wed, 17 Jun 2026 11:30:30 +0100
Subject: [PATCH 3/4] Revert "overlay profiles: Export some ebuild variables"

This reverts commit c0c501204b6a7feaea4465dd974437e9d24944de. Portage no
longer unexports BROOT, SYSROOT, and ESYSROOT under EAPI 9. ROOT and
EROOT shouldn't be needed, especially as they are not supposed to be
used during src_* phases anyway. EPREFIX just shouldn't be needed. ARCH
was not unexported in the first place. If any of these do cause issues,
they can be dealt with on a per-package basis.

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 .../coreos-overlay/profiles/coreos/base/profile.bashrc        | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc
index a2505849b0b..72701a012f9 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc
@@ -3,10 +3,6 @@
 CROS_BUILD_BOARD_TREE="${SYSROOT}/build"
 CROS_ADDONS_TREE="/mnt/host/source/src/third_party/coreos-overlay/coreos"
 
-# EAPI 9 is not exporting those variables, but some of them are still
-# used by cross-pkg-config, for instance.
-export ARCH EROOT ESYSROOT BROOT ROOT SYSROOT EPREFIX
-
 # Are we merging for the board sysroot, or for the SDK, or for
 # the images? Returns a string in a passed variable:
 #

From d23bee514ca6ac5335946c307d980619766f2e4c Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Fri, 19 Jun 2026 16:56:58 +0100
Subject: [PATCH 4/4] acct-user.eclass: Sync with Gentoo for dependency fix

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 .../portage-stable/eclass/acct-user.eclass    | 25 ++++++++++++++++---
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass b/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass
index a62a10c7d3e..d4ef8993fe9 100644
--- a/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass
+++ b/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass
@@ -1,4 +1,4 @@
-# Copyright 2019-2025 Gentoo Authors
+# Copyright 2019-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # @ECLASS: acct-user.eclass
@@ -19,7 +19,7 @@
 # on the package providing it.
 #
 # The ebuild needs to call acct-user_add_deps after specifying
-# ACCT_USER_GROUPS.
+# ACCT_USER_GROUPS or ACCT_USER_HOME_OWNER.
 #
 # Example:
 # If your package needs user 'foo' belonging to same-named group, you
@@ -152,8 +152,8 @@ S=${WORKDIR}
 
 # @FUNCTION: acct-user_add_deps
 # @DESCRIPTION:
-# Generate appropriate RDEPEND from ACCT_USER_GROUPS.  This must be
-# called if ACCT_USER_GROUPS are set.
+# Generate appropriate RDEPEND from ACCT_USER_GROUPS and
+# ACCT_USER_HOME_OWNER.  This must be called if one of these are set.
 acct-user_add_deps() {
 	debug-print-function ${FUNCNAME} "$@"
 
@@ -165,6 +165,23 @@ acct-user_add_deps() {
 	fi
 
 	RDEPEND+=${ACCT_USER_GROUPS[*]/#/ acct-group/}
+
+	local user group
+	case ${ACCT_USER_HOME_OWNER} in
+		*:*)
+			user=${ACCT_USER_HOME_OWNER%:*}
+			group=${ACCT_USER_HOME_OWNER#*:} ;;
+		*)
+			user=${ACCT_USER_HOME_OWNER}
+			group= ;;
+	esac
+
+	# Add ACCT_USER_HOME_OWNER dependencies if necessary.
+	[[ -n ${user} && ${user} != "${ACCT_USER_NAME}" ]] &&
+		RDEPEND+=" acct-user/${user}"
+	[[ -n ${group} ]] && ! has "${group}" "${ACCT_USER_GROUPS[@]}" &&
+		RDEPEND+=" acct-group/${group}"
+
 	_ACCT_USER_ADD_DEPS_CALLED=1
 }