diff --git a/build/build-image.sh b/build/build-image.sh
index a598867..0d2a346 100755
--- a/build/build-image.sh
+++ b/build/build-image.sh
@@ -44,13 +44,15 @@ eselect profile set default/linux/amd64/23.0/musl/hardened/selinux
 # STOP TELLING ME ABOUT THE NEWS
 eselect news read new > /dev/null
 
+id -nu 250 | tee > /build/artifacts/test
+
 # Copy in host configs
 cp -r /build/include-host/* /
 
 # squashfs-tools needed for image mksquashfs for image generation
 # gentoolkit needed for euse for setting use flags
 # btrfs-progs needed for mkfs.btrfs for generating usr partition fs
-#emerge -j "$NPROC" --quiet --noreplace @halogenos-host
+emerge -j "$NPROC" --quiet --noreplace @halogenos-host
 
 # We have to ensure use.disable contains at least one flag
 # Otherwise euse -D will disable all global use flags
@@ -66,8 +68,8 @@ export ROOT="$DISTPATH"
 
 # Emerge all packages
 emerge -j "$NPROC" --quiet --noreplace @halogenos-image
-emerge -j "$NPROC" --quiet --update --deep --noreplace @world
-emerge -j "$NPROC" --quiet --autounmask=y sys-kernel/vanilla-kernel
+#emerge -j "$NPROC" --quiet --update --deep --noreplace @world
+emerge -j "$NPROC" --quiet --autounmask=y --autounmask-write sys-kernel/vanilla-kernel
 emerge --depclean
 emerge --unmerge --nodeps portage perl-cleaner
 
diff --git a/build/include-host/etc/portage/package.accept_keywords/cmake b/build/include-host/etc/portage/package.accept_keywords/cmake
new file mode 100644
index 0000000..fee801f
--- /dev/null
+++ b/build/include-host/etc/portage/package.accept_keywords/cmake
@@ -0,0 +1 @@
+=dev-build/cmake-3.31.7-r1::gentoo ~amd64
\ No newline at end of file
diff --git a/build/include-host/etc/portage/package.accept_keywords/kernel b/build/include-host/etc/portage/package.accept_keywords/kernel
new file mode 100644
index 0000000..8788b6a
--- /dev/null
+++ b/build/include-host/etc/portage/package.accept_keywords/kernel
@@ -0,0 +1,2 @@
+=virtual/dist-kernel-6.14.7 ~amd64
+=sys-kernel/vanilla-kernel-6.14.7 ~amd64
\ No newline at end of file
diff --git a/build/include-host/etc/portage/package.use/kernel b/build/include-host/etc/portage/package.use/kernel
index 0531ce4..59035ce 100644
--- a/build/include-host/etc/portage/package.use/kernel
+++ b/build/include-host/etc/portage/package.use/kernel
@@ -1 +1 @@
-sys-kernel/vanilla-kernel amd64
\ No newline at end of file
+sys-kernel/installkernel dracut
\ No newline at end of file
diff --git a/build/include-host/etc/portage/patches/sys-libs/libselinux/fix-musl.patch b/build/include-host/etc/portage/patches/sys-libs/libselinux/fix-musl.patch
new file mode 100644
index 0000000..6f54100
--- /dev/null
+++ b/build/include-host/etc/portage/patches/sys-libs/libselinux/fix-musl.patch
@@ -0,0 +1,20 @@
+--- libselinux-3.6.old/src/selinux_restorecon.c	2023-12-13 10:46:22.000000000 -0400
++++ libselinux-3.6/src/selinux_restorecon.c	2024-02-17 12:08:29.352291673 -0400
+@@ -436,7 +436,7 @@
+ 	file_spec_t *prevfl, *fl;
+ 	uint32_t h;
+ 	int ret;
+-	struct stat64 sb;
++	struct stat sb;
+ 
+ 	__pthread_mutex_lock(&fl_mutex);
+ 
+@@ -450,7 +450,7 @@
+ 	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
+ 	     prevfl = fl, fl = fl->next) {
+ 		if (ino == fl->ino) {
+-			ret = lstat64(fl->file, &sb);
++			ret = lstat(fl->file, &sb);
+ 			if (ret < 0 || sb.st_ino != ino) {
+ 				freecon(fl->con);
+ 				free(fl->file);
\ No newline at end of file
diff --git a/build/include-host/etc/portage/sets/halogenos-host b/build/include-host/etc/portage/sets/halogenos-host
index a5a24ae..69ed93e 100644
--- a/build/include-host/etc/portage/sets/halogenos-host
+++ b/build/include-host/etc/portage/sets/halogenos-host
@@ -1,3 +1,4 @@
+=dev-build/cmake-3.31.7-r1::gentoo
 app-portage/gentoolkit
 sys-apps/busybox
 sys-fs/btrfs-progs
diff --git a/build/include-host/etc/portage/sets/halogenos-image b/build/include-host/etc/portage/sets/halogenos-image
index 41f2330..f7f1fe9 100644
--- a/build/include-host/etc/portage/sets/halogenos-image
+++ b/build/include-host/etc/portage/sets/halogenos-image
@@ -7,5 +7,6 @@ sys-apps/bubblewrap
 sys-apps/flatpak
 sys-apps/fwupd
 sys-apps/shadow
+sys-fs/ecryptfs-utils
 sys-libs/musl
 virtual/tmpfiles
\ No newline at end of file
diff --git a/build/include-host/etc/portage/use.disable b/build/include-host/etc/portage/use.disable
index 8b13789..9161f47 100644
--- a/build/include-host/etc/portage/use.disable
+++ b/build/include-host/etc/portage/use.disable
@@ -1 +1 @@
-
+initramfs
diff --git a/build/include-image/usr/etc/docker/issue b/build/include-image/usr/etc/issue
similarity index 100%
rename from build/include-image/usr/etc/docker/issue
rename to build/include-image/usr/etc/issue
diff --git a/build/include-image/usr/etc/docker/issue.logo b/build/include-image/usr/etc/issue.logo
similarity index 100%
rename from build/include-image/usr/etc/docker/issue.logo
rename to build/include-image/usr/etc/issue.logo
diff --git a/build/include-image/usr/etc/docker/ld.so.preload b/build/include-image/usr/etc/ld.so.preload
similarity index 100%
rename from build/include-image/usr/etc/docker/ld.so.preload
rename to build/include-image/usr/etc/ld.so.preload
diff --git a/compose.yml b/compose.yml
index f09b4e9..d9be1a8 100644
--- a/compose.yml
+++ b/compose.yml
@@ -12,16 +12,16 @@ services:
       REQSIG: ${REQSIG}
       DISTURL: ${DISTURL}
     secrets:
-      - signing_key_public
+      - pgp_key_public
     volumes:
       - ./build:/build
   sign:
     image: docker.io/vladgh/gpg
-    command: --batch --import /run/secrets/signing_key_private --passphrase-file /run/secrets/signing_key_password
+    command: --batch --import /run/secrets/signing_key_private --passphrase-file /run/secrets/pgp_key_password
     secrets:
-     - signing_key_password
-     - signing_key_private
-     - signing_key_public
+     - pgp_key_password
+     - pgp_key_private
+     - pgp_key_public
     volumes:
      - ./build/images:/images
   serve:
@@ -30,9 +30,20 @@ services:
      - ./build/images:/images
 
 secrets:
-  signing_key_password:
-    file: secrets/signing_key_password.txt
-  signing_key_private:
-    file: secrets/HalogenOS_private.asc
-  signing_key_public:
-    file: secrets/HalogenOS_public.asc
\ No newline at end of file
+  # PGP keys: For signing image files, overlays, and other release artifacts.
+  pgp_key_password:
+    file: secrets/HalogenOS_pgp_key_password.txt
+  pgp_key_private:
+    file: secrets/HalogenOS_pgp_key_private.asc
+  pgp_key_public:
+    file: secrets/HalogenOS_pgp_key_public.asc
+  # X509 keys: For signing kernel modules. Unused for now.
+  # Unless keys are synced across builds, kernel modules cannot be used in
+  # overlays, because by default new keys are automatically generated on each
+  # build.
+  x509_key_password:
+    file: secrets/HalogenOS_x509_key_password.txt
+  x509_key_private:
+    file: secrets/HalogenOS_x509_key_private.pfx
+  x509_key_public:
+    file: secrets/HalogenOS_x509_key_public.cer
\ No newline at end of file