diff --git a/diskimage_builder/elements/gentoo/README.rst b/diskimage_builder/elements/gentoo/README.rst
index 7ebb23b0f..066257e48 100644
--- a/diskimage_builder/elements/gentoo/README.rst
+++ b/diskimage_builder/elements/gentoo/README.rst
@@ -44,3 +44,7 @@ Notes:
which will be called by running the `python` command. The
`GENTOO_PYTHON_ACTIVE_VERSION` is used to set that mapping. The variable
contents can be something like `python3.5`.
+
+* You can enable overlays using the `GENTOO_OVERLAYS` variable. In it you
+ should put a space separated list of overlays. The overlays must be in the
+ official overlay list and must be git based.
diff --git a/diskimage_builder/elements/gentoo/environment.d/00-gentoo-envars.bash b/diskimage_builder/elements/gentoo/environment.d/00-gentoo-envars.bash
index fad06d68f..1fbaf46bc 100644
--- a/diskimage_builder/elements/gentoo/environment.d/00-gentoo-envars.bash
+++ b/diskimage_builder/elements/gentoo/environment.d/00-gentoo-envars.bash
@@ -4,3 +4,4 @@ export GENTOO_PROFILE=${GENTOO_PROFILE:-'default/linux/amd64/13.0'}
export GENTOO_PORTAGE_CLEANUP=${GENTOO_PORTAGE_CLEANUP:-'False'}
export GENTOO_PYTHON_TARGETS=${GENTOO_PYTHON_TARGETS:-'python2_7 python3_4'}
export GENTOO_PYTHON_ACTIVE_VERSION=${GENTOO_PYTHON_ACTIVE_VERSION:-'python3.4'}
+export GENTOO_OVERLAYS=${GENTOO_OVERLAYS:-''}
diff --git a/diskimage_builder/elements/gentoo/finalise.d/99-cleanup b/diskimage_builder/elements/gentoo/finalise.d/99-cleanup
index 86c098b7c..2dc2f69ea 100755
--- a/diskimage_builder/elements/gentoo/finalise.d/99-cleanup
+++ b/diskimage_builder/elements/gentoo/finalise.d/99-cleanup
@@ -34,6 +34,13 @@ eselect news read all
rm -Rf /root/.ccache/* /usr/src/* /var/cache/edb/dep/* /var/cache/genkernel/* /var/empty/* /var/run/* /var/state/* /var/tmp/*
rm -Rf /etc/*- /etc/*.old /etc/ssh/ssh_host_* /root/.*history /root/.lesshst /root/.ssh/known_hosts /root/.viminfo /usr/share/genkernel /usr/lib64/python*/site-packages/gentoolkit/test/eclean/testdistfiles.tar.gz
if [[ "${GENTOO_PORTAGE_CLEANUP}" != "False" ]]; then
+ # remove the overlays
+ if [[ ${GENTOO_OVERLAYS} != '' ]]; then
+ for OVERLAY in ${GENTOO_OVERLAYS}; do
+ layman -d "${OVERLAY}"
+ done
+ fi
+ # remove portage files
rm -Rf /usr/portage/* /var/cache/portage/distfiles
fi
diff --git a/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays b/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays
new file mode 100755
index 000000000..05d212e51
--- /dev/null
+++ b/diskimage_builder/elements/gentoo/pre-install.d/02-gentoo-03-enable-overlays
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+ set -x
+fi
+set -eu
+set -o pipefail
+
+if [[ ${GENTOO_OVERLAYS} != '' ]]; then
+ if mountpoint -q /dev/shm; then
+ echo "/dev/shm found in /proc/self/mountinfo"
+ elif [[ -k /dev/shm ]]; then
+ echo "/dev/shm exists and is stickied"
+ else
+ fix_shm
+ fi
+
+ if [[ ! -f /usr/portage/profiles ]]; then
+ emerge-webrsync -q
+ fi
+
+ # layman requires cryptography, which needs ecc crypto functions.
+ # binaries providing those functions have questionable legality for
+ # redistribution, so we have to use a version of openssl that works around
+ # it (using fedora's patchset) and also use a version of cryptography that
+ # depends on that version of openssl.
+ echo '=dev-python/cryptography-2.1.3 ~amd64' >> /etc/portage/package.keywords/layman
+ echo '=dev-libs/openssl-1.1.0g-r1 ~amd64' >> /etc/portage/package.keywords/layman
+ echo '=dev-libs/openssl-1.1.0g-r1' >> /etc/portage/package.unmask/layman
+ emerge -q --oneshot --jobs=2 openssl openssh
+ # install layman
+ USE="-build" emerge --deep -q --jobs=2 layman
+ # sync the initial overlay list
+ layman -S
+ # enable the various overlays
+ for OVERLAY in ${GENTOO_OVERLAYS}; do
+ layman -a "${OVERLAY}"
+ done
+
+ unfix_shm
+fi