vcontainer: add SDK-based standalone tarball

Add vcontainer-tarball.bb recipe that creates a relocatable standalone
distribution of vdkr and vpdmn container tools using Yocto SDK infrastructure.

Features:
- Auto-detects available architectures from built blobs
- Custom SDK installer with vcontainer-specific messages
- nativesdk-qemu-vcontainer.bb: minimal QEMU without OpenGL deps

Recipe changes:
- DELETE vdkr-native_1.0.bb (functionality moved to SDK)
- DELETE vpdmn-native_1.0.bb (functionality moved to SDK)
- ADD vcontainer-tarball.bb (SDK tarball recipe)
- ADD toolchain-shar-extract.sh (SDK installer template)
- ADD nativesdk-qemu-vcontainer.bb (minimal QEMU for SDK)

Usage:
  MACHINE=qemux86-64 bitbake vcontainer-tarball
  ./tmp/deploy/sdk/vcontainer-standalone.sh -d /opt/vcontainer -y
  source /opt/vcontainer/init-env.sh
  vdkr images

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

7 files changed, 899 insertions, 402 deletions

diff --git a/recipes-containers/vcontainer/README.md b/recipes-containers/vcontainer/README.md
index 4b7b03ed..76d54d18 100644
--- a/recipes-containers/vcontainer/README.md
+++ b/recipes-containers/vcontainer/README.md
@@ -10,8 +10,10 @@ Execute Docker or Podman commands inside a QEMU-emulated target environment.
 ## Quick Start
 
 ```bash
-# Build vdkr
-bitbake vdkr-native
+# Build and install SDK (see "Standalone SDK" section for full instructions)
+MACHINE=qemux86-64 bitbake vcontainer-tarball
+./tmp/deploy/sdk/vcontainer-standalone.sh -d /tmp/vcontainer -y
+source /tmp/vcontainer/init-env.sh
 
 # List images (uses host architecture by default)
 vdkr images
@@ -190,34 +192,52 @@ vdkr --stateless images   # Empty
 vdkr clean
 ```
 
-## Standalone Distribution
+## Standalone SDK
 
-Create a self-contained redistributable tarball that works without Yocto:
+Create a self-contained redistributable SDK that works without Yocto:
 
 ```bash
-# Build the standalone tarball
-MACHINE=qemux86-64 bitbake vdkr-native -c create_tarball
+# Ensure multiconfig is enabled in local.conf:
+# BBMULTICONFIG = "vruntime-aarch64 vruntime-x86-64"
 
-# Output: tmp/deploy/vdkr/vdkr-standalone-x86_64.tar.gz
+# Step 1: Build blobs for desired architectures (sequentially to avoid deadlocks)
+bitbake mc:vruntime-x86-64:vdkr-initramfs-create mc:vruntime-x86-64:vpdmn-initramfs-create
+bitbake mc:vruntime-aarch64:vdkr-initramfs-create mc:vruntime-aarch64:vpdmn-initramfs-create
+
+# Step 2: Build SDK (auto-detects available architectures)
+MACHINE=qemux86-64 bitbake vcontainer-tarball
+
+# Output: tmp/deploy/sdk/vcontainer-standalone.sh
+```
+
+To limit architectures, set in local.conf:
+```bash
+VCONTAINER_ARCHITECTURES = "x86_64"           # x86_64 only
+VCONTAINER_ARCHITECTURES = "aarch64"          # aarch64 only
+VCONTAINER_ARCHITECTURES = "x86_64 aarch64"   # both (default if both built)
 ```
 
-The tarball includes:
-- `vdkr` - Main CLI script
-- `vdkr-aarch64`, `vdkr-x86_64` - Symlinks (only for available architectures)
-- `vrunner.sh` - QEMU runner
-- `vdkr-blobs/` - Kernel and initramfs per architecture
-- `qemu/` - QEMU system emulators with wrapper scripts
-- `lib/` - Shared libraries for QEMU
-- `share/qemu/` - QEMU firmware files
-- `socat` - Socket communication for memres mode
+The SDK includes:
+- `vdkr`, `vpdmn` - Main CLI scripts
+- `vdkr-<arch>`, `vpdmn-<arch>` - Symlinks for each included architecture
+- `vrunner.sh` - Shared QEMU runner
+- `vdkr-blobs/`, `vpdmn-blobs/` - Kernel and initramfs per architecture
+- `sysroots/` - SDK binaries (QEMU, socat, libraries)
 - `init-env.sh` - Environment setup script
 
 Usage:
 ```bash
-tar -xzf vdkr-standalone-x86_64.tar.gz
-cd vdkr-standalone
+# Install (self-extracting)
+./vcontainer-standalone.sh -d /tmp/vcontainer -y
+
+# Or extract tarball directly
+tar -xf vcontainer-standalone.tar.xz -C /tmp/vcontainer
+
+# Use
+cd /tmp/vcontainer
 source init-env.sh
-vdkr images
+vdkr-x86_64 images
+vdkr-aarch64 images
 ```
 
 ## Interactive Mode
@@ -297,13 +317,13 @@ vdkr rm -f debug
 See `tests/README.md` for the pytest-based test suite:
 
 ```bash
-# Build standalone tarball
-MACHINE=qemux86-64 bitbake vdkr-native -c create_tarball
+# Build and install SDK
+MACHINE=qemux86-64 bitbake vcontainer-tarball
+./tmp/deploy/sdk/vcontainer-standalone.sh -d /tmp/vcontainer -y
 
-# Extract and run tests
-cd /tmp && tar -xzf .../vdkr-standalone-x86_64.tar.gz
+# Run tests
 cd /opt/bruce/poky/meta-virtualization
-pytest tests/test_vdkr.py -v --vdkr-dir /tmp/vdkr-standalone
+pytest tests/test_vdkr.py -v --vdkr-dir /tmp/vcontainer
 ```
 
 ## vpdmn (Podman)
@@ -331,9 +351,7 @@ Key differences from vdkr:
 
 | Recipe | Purpose |
 |--------|---------|
-| `vdkr-native_1.0.bb` | Main vdkr (Docker) CLI and blobs |
-| `vpdmn-native_1.0.bb` | Main vpdmn (Podman) CLI and blobs |
-| `vcontainer-native_1.0.bb` | Unified tarball with both tools |
+| `vcontainer-tarball.bb` | Standalone SDK with vdkr and vpdmn |
 | `vdkr-initramfs-create_1.0.bb` | Build vdkr initramfs blobs |
 | `vpdmn-initramfs-create_1.0.bb` | Build vpdmn initramfs blobs |
 
@@ -347,18 +365,16 @@ Key differences from vdkr:
 | `vdkr-init.sh` | Docker init script (baked into initramfs) |
 | `vpdmn-init.sh` | Podman init script (daemonless) |
 
-## Testing
+## Testing Both Tools
 
 ```bash
-# Build unified standalone tarball
-bitbake vcontainer-native -c create_tarball
-
-# Extract
-cd /tmp && tar -xzf .../vcontainer-standalone-*.tar.gz
+# Build and install SDK (includes both vdkr and vpdmn)
+MACHINE=qemux86-64 bitbake vcontainer-tarball
+./tmp/deploy/sdk/vcontainer-standalone.sh -d /tmp/vcontainer -y
 
 # Run tests for both tools
 cd /opt/bruce/poky/meta-virtualization
-pytest tests/test_vdkr.py tests/test_vpdmn.py -v --vdkr-dir /tmp/vcontainer-standalone
+pytest tests/test_vdkr.py tests/test_vpdmn.py -v --vdkr-dir /tmp/vcontainer
 ```
 
 ## See Also
diff --git a/recipes-containers/vcontainer/files/toolchain-shar-extract.sh b/recipes-containers/vcontainer/files/toolchain-shar-extract.sh
new file mode 100644
index 00000000..5e72f14d
--- /dev/null
+++ b/recipes-containers/vcontainer/files/toolchain-shar-extract.sh
@@ -0,0 +1,326 @@
+#!/bin/sh
+# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
+#
+# SPDX-License-Identifier: GPL-2.0-only
+
+export LC_ALL=en_US.UTF-8
+
+# The pipefail option is now part of POSIX (POSIX.1-2024) and available in more
+# and more shells. Enable it if available to make the SDK installer more robust.
+(set -o pipefail 2> /dev/null) && set -o pipefail
+
+#Make sure at least one python is installed
+INIT_PYTHON=$(command -v python3 2>/dev/null )
+[ -z "$INIT_PYTHON" ] && INIT_PYTHON=$(command -v python2 2>/dev/null)
+[ -z "$INIT_PYTHON" ] && echo "Error: The SDK needs a python installed" && exit 1
+
+# Remove invalid PATH elements first (maybe from a previously setup toolchain now deleted
+PATH=`$INIT_PYTHON -c 'import os; print(":".join(e for e in os.environ["PATH"].split(":") if os.path.exists(e)))'`
+
+tweakpath () {
+    case ":${PATH}:" in
+        *:"$1":*)
+            ;;
+        *)
+            PATH=$PATH:$1
+    esac
+}
+
+# Some systems don't have /usr/sbin or /sbin in the cleaned environment PATH but we make need it 
+# for the system's host tooling checks
+tweakpath /usr/sbin
+tweakpath /sbin
+
+INST_ARCH=$(uname -m | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/")
+SDK_ARCH=$(echo @SDK_ARCH@ | sed -e "s/i[3-6]86/ix86/" -e "s/x86[-_]64/x86_64/")
+
+verlte () {
+        [  "$1" = "`printf "$1\n$2" | sort -V | head -n1`" ]
+}
+
+verlt() {
+        [ "$1" = "$2" ] && return 1 || verlte $1 $2
+}
+
+verlt `uname -r` @OLDEST_KERNEL@
+if [ $? = 0 ]; then
+        echo "Error: The SDK needs a kernel > @OLDEST_KERNEL@"
+        exit 1
+fi
+
+if [ "$INST_ARCH" != "$SDK_ARCH" ]; then
+        # Allow for installation of ix86 SDK on x86_64 host
+        if [ "$INST_ARCH" != x86_64 -o "$SDK_ARCH" != ix86 ]; then
+                echo "Error: Incompatible SDK installer! Your host is $INST_ARCH and this SDK was built for $SDK_ARCH hosts."
+                exit 1
+        fi
+fi
+
+if ! xz -V > /dev/null 2>&1; then
+        echo "Error: xz is required for installation of this SDK, please install it first"
+        exit 1
+fi
+
+SDK_BUILD_PATH="@SDKPATH@"
+DEFAULT_INSTALL_DIR="@SDKPATHINSTALL@"
+SUDO_EXEC=""
+EXTRA_TAR_OPTIONS=""
+target_sdk_dir=""
+answer=""
+relocate=1
+savescripts=0
+verbose=0
+publish=0
+listcontents=0
+while getopts ":yd:npDRSl" OPT; do
+        case $OPT in
+        y)
+                answer="Y"
+                ;;
+        d)
+                target_sdk_dir=$OPTARG
+                ;;
+        n)
+                prepare_buildsystem="no"
+                ;;
+        p)
+                prepare_buildsystem="no"
+                publish=1
+                ;;
+        D)
+                verbose=1
+                ;;
+        R)
+                relocate=0
+                savescripts=1
+                ;;
+        S)
+                savescripts=1
+                ;;
+        l)
+                listcontents=1
+                ;;
+        *)
+                echo "Usage: $(basename "$0") [-y] [-d <dir>]"
+                echo "  -y         Automatic yes to all prompts"
+                echo "  -d <dir>   Install the SDK to <dir>"
+                echo "======== Extensible SDK only options ============"
+                echo "  -n         Do not prepare the build system"
+                echo "  -p         Publish mode (implies -n)"
+                echo "======== Advanced DEBUGGING ONLY OPTIONS ========"
+                echo "  -S         Save relocation scripts"
+                echo "  -R         Do not relocate executables"
+                echo "  -D         use set -x to see what is going on"
+                echo "  -l         list files that will be extracted"
+                exit 1
+                ;;
+        esac
+done
+
+payload_offset=$(($(grep -na -m1 "^MARKER:$" "$0"|cut -d':' -f1) + 1))
+if [ "$listcontents" = "1" ] ; then
+    if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
+        tail -n +$payload_offset "$0" > sdk.zip
+        if unzip -l sdk.zip;then
+            rm sdk.zip
+        else
+            rm sdk.zip && exit 1
+        fi
+    else
+        tail -n +$payload_offset "$0"| tar tvJ || exit 1
+    fi
+    exit
+fi
+
+titlestr="@SDK_TITLE@ installer version @SDK_VERSION@"
+printf "%s\n" "$titlestr"
+printf "%${#titlestr}s\n" | tr " " "="
+
+if [ $verbose = 1 ] ; then
+        set -x
+fi
+
+@SDK_PRE_INSTALL_COMMAND@
+
+# SDK_EXTENSIBLE is exposed from the SDK_PRE_INSTALL_COMMAND above
+if [ "$SDK_EXTENSIBLE" = "1" ]; then
+        DEFAULT_INSTALL_DIR="@SDKEXTPATH@"
+fi
+
+if [ "$target_sdk_dir" = "" ]; then
+        if [ "$answer" = "Y" ]; then
+                target_sdk_dir="$DEFAULT_INSTALL_DIR"
+        else
+                read -p "Enter target directory for SDK (default: $DEFAULT_INSTALL_DIR): " target_sdk_dir
+                [ "$target_sdk_dir" = "" ] && target_sdk_dir=$DEFAULT_INSTALL_DIR
+        fi
+fi
+
+eval target_sdk_dir=$(echo "$target_sdk_dir"|sed 's/ /\\ /g')
+if [ -d "$target_sdk_dir" ]; then
+        target_sdk_dir=$(cd "$target_sdk_dir"; pwd)
+else
+        target_sdk_dir=$(readlink -m "$target_sdk_dir")
+fi
+
+# limit the length for target_sdk_dir, ensure the relocation behaviour in relocate_sdk.py has right result.
+# This is due to ELF interpreter being set to 'a'*1024 in
+# meta/recipes-core/meta/uninative-tarball.bb
+if [ ${#target_sdk_dir} -gt 1024 ]; then
+        echo "Error: The target directory path is too long!!!"
+        exit 1
+fi
+
+if [ "$SDK_EXTENSIBLE" = "1" ]; then
+        # We're going to be running the build system, additional restrictions apply
+        if echo "$target_sdk_dir" | grep -q '[+\ @$]'; then
+                echo "The target directory path ($target_sdk_dir) contains illegal" \
+                     "characters such as spaces, @, \$ or +. Abort!"
+                exit 1
+        fi
+        # The build system doesn't work well with /tmp on NFS
+        fs_dev_path="$target_sdk_dir"
+        while [ ! -d "$fs_dev_path" ] ; do
+                fs_dev_path=`dirname $fs_dev_path`
+        done
+        fs_dev_type=`stat -f -c '%t' "$fs_dev_path"`
+        if [ "$fsdevtype" = "6969" ] ; then
+                echo "The target directory path $target_sdk_dir is on NFS, this is not possible. Abort!"
+                exit 1
+        fi
+else
+        if [ -n "$(echo $target_sdk_dir|grep ' ')" ]; then
+                echo "The target directory path ($target_sdk_dir) contains spaces. Abort!"
+                exit 1
+        fi
+fi
+
+if [ -e "$target_sdk_dir/environment-setup-@REAL_MULTIMACH_TARGET_SYS@" ]; then
+        echo "The directory \"$target_sdk_dir\" already contains vcontainer tools."
+        printf "If you continue, existing files will be overwritten! Proceed [y/N]? "
+
+        default_answer="n"
+else
+        printf "You are about to install vcontainer tools (vdkr/vpdmn) to \"$target_sdk_dir\". Proceed [Y/n]? "
+
+        default_answer="y"
+fi
+
+if [ "$answer" = "" ]; then
+        read answer
+        [ "$answer" = "" ] && answer="$default_answer"
+else
+        echo $answer
+fi
+
+if [ "$answer" != "Y" -a "$answer" != "y" ]; then
+        echo "Installation aborted!"
+        exit 1
+fi
+
+# Try to create the directory (this will not succeed if user doesn't have rights)
+mkdir -p $target_sdk_dir >/dev/null 2>&1
+
+# if don't have the right to access dir, gain by sudo 
+if [ ! -x $target_sdk_dir -o ! -w $target_sdk_dir -o ! -r $target_sdk_dir ]; then 
+        if [ "$SDK_EXTENSIBLE" = "1" ]; then
+                echo "Unable to access \"$target_sdk_dir\", will not attempt to use" \
+                     "sudo as as extensible SDK cannot be used as root."
+                exit 1
+        fi
+
+        SUDO_EXEC=$(command -v "sudo")
+        if [ -z $SUDO_EXEC ]; then
+                echo "No command 'sudo' found, please install sudo first. Abort!"
+                exit 1
+        fi
+
+        # test sudo could gain root right
+        $SUDO_EXEC pwd >/dev/null 2>&1
+        [ $? -ne 0 ] && echo "Sorry, you are not allowed to execute as root." && exit 1
+
+        # now that we have sudo rights, create the directory
+        $SUDO_EXEC mkdir -p $target_sdk_dir >/dev/null 2>&1
+fi
+
+printf "Extracting vcontainer tools..."
+if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
+    if [ -z "$(command -v unzip)" ]; then
+        echo "Aborted, unzip is required to extract the SDK archive, please make sure it's installed on your system!"
+        exit 1
+    fi
+    tail -n +$payload_offset "$0" > sdk.zip
+    if $SUDO_EXEC unzip $EXTRA_TAR_OPTIONS sdk.zip -d $target_sdk_dir;then
+        rm sdk.zip
+    else
+        rm sdk.zip && exit 1
+    fi
+elif [ @SDK_ARCHIVE_TYPE@ = "tar.zst" ]; then
+    if [ -z "$(command -v zstd)" ]; then
+        echo "Aborted, zstd is required to extract the SDK archive, please make sure it's installed on your system!"
+        exit 1
+    fi
+    tail -n +$payload_offset "$0"| zstd -T0 -dc | $SUDO_EXEC tar mx -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
+else
+    if [ -z "$(command -v xz)" ]; then
+        echo "Aborted, xz is required to extract the SDK archive, please make sure it's installed on your system!"
+        exit 1
+    fi
+    tail -n +$payload_offset "$0"| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
+fi
+echo "done"
+
+printf "Configuring paths..."
+# fix environment paths
+real_env_setup_script=""
+for env_setup_script in `ls $target_sdk_dir/environment-setup-*`; do
+        if grep -q 'OECORE_NATIVE_SYSROOT=' $env_setup_script; then
+                # Handle custom env setup scripts that are only named
+                # environment-setup-* so that they have relocation
+                # applied - what we want beyond here is the main one
+                # rather than the one that simply sorts last
+                real_env_setup_script="$env_setup_script"
+        fi
+        $SUDO_EXEC sed -e "s:@SDKPATH@:$target_sdk_dir:g" -i $env_setup_script
+done
+if [ -n "$real_env_setup_script" ] ; then
+        env_setup_script="$real_env_setup_script"
+fi
+echo "done"
+
+@SDK_POST_INSTALL_COMMAND@
+
+# delete the relocating script, so that user is forced to re-run the installer
+# if he/she wants another location for the sdk
+if [ $savescripts = 0 ] ; then
+        $SUDO_EXEC rm -f ${env_setup_script%/*}/relocate_sdk.py ${env_setup_script%/*}/relocate_sdk.sh
+fi
+
+# Execute post-relocation script
+post_relocate="$target_sdk_dir/post-relocate-setup.sh"
+if [ -e "$post_relocate" ]; then
+        $SUDO_EXEC sed -e "s:@SDKPATH@:$target_sdk_dir:g" -i $post_relocate
+        $SUDO_EXEC /bin/sh $post_relocate "$target_sdk_dir" "@SDKPATH@"
+        if [ $? -ne 0 ]; then
+                echo "Executing $post_relocate failed"
+                exit 1
+        fi
+        $SUDO_EXEC rm -f $post_relocate
+fi
+
+echo ""
+echo "vcontainer tools installed successfully!"
+echo ""
+echo "To use, source the environment script:"
+echo "  \$ . $target_sdk_dir/init-env.sh"
+echo ""
+echo "Architectures included: @VCONTAINER_ARCHITECTURES@"
+echo ""
+echo "Then run:"
+echo "  \$ vdkr-<arch> images      # Docker"
+echo "  \$ vpdmn-<arch> images     # Podman"
+echo ""
+
+exit 0
+
+MARKER:
diff --git a/recipes-containers/vcontainer/files/vrunner.sh b/recipes-containers/vcontainer/files/vrunner.sh
index 588261ff..2be33765 100755
--- a/recipes-containers/vcontainer/files/vrunner.sh
+++ b/recipes-containers/vcontainer/files/vrunner.sh
@@ -872,6 +872,16 @@ if [ -n "$STATE_DIR" ]; then
     mkdir -p "$STATE_DIR"
     STATE_IMG="$STATE_DIR/$STATE_FILE"
 
+    # Migration: vpdmn used to use docker-state.img, now uses podman-state.img
+    # If old file exists but new file doesn't, rename it automatically
+    if [ "$STATE_FILE" = "podman-state.img" ]; then
+        OLD_STATE_IMG="$STATE_DIR/docker-state.img"
+        if [ -f "$OLD_STATE_IMG" ] && [ ! -f "$STATE_IMG" ]; then
+            log "INFO" "Migrating old vpdmn state file: docker-state.img -> podman-state.img"
+            mv "$OLD_STATE_IMG" "$STATE_IMG"
+        fi
+    fi
+
     if [ ! -f "$STATE_IMG" ]; then
         log "INFO" "Creating new state disk at $STATE_IMG..."
         # Create 2GB state disk for Docker storage
diff --git a/recipes-containers/vcontainer/vcontainer-tarball.bb b/recipes-containers/vcontainer/vcontainer-tarball.bb
new file mode 100644
index 00000000..edd788db
--- /dev/null
+++ b/recipes-containers/vcontainer/vcontainer-tarball.bb
@@ -0,0 +1,448 @@
+# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
+#
+# SPDX-License-Identifier: MIT
+#
+# vcontainer-tarball.bb
+# ===========================================================================
+# Standalone SDK-style tarball for vdkr/vpdmn container tools
+# ===========================================================================
+#
+# This recipe uses Yocto's populate_sdk infrastructure to create a
+# relocatable standalone distribution of vdkr (Docker) and vpdmn (Podman).
+#
+# USAGE:
+#   MACHINE=qemux86-64 bitbake vcontainer-tarball
+#   MACHINE=qemuarm64 bitbake vcontainer-tarball
+#
+# OUTPUT:
+#   tmp/deploy/sdk/vcontainer-standalone-<arch>.tar.xz
+#   tmp/deploy/sdk/vcontainer-standalone-<arch>.sh (self-extracting installer)
+#
+# ===========================================================================
+
+SUMMARY = "Standalone SDK tarball for vdkr and vpdmn container tools"
+DESCRIPTION = "A relocatable standalone distribution of vdkr (Docker) and \
+               vpdmn (Podman) CLI tools using Yocto SDK infrastructure."
+HOMEPAGE = "https://git.yoctoproject.org/meta-virtualization/"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+# Use our custom SDK installer template with vcontainer-specific messages
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+TOOLCHAIN_SHAR_EXT_TMPL = "${THISDIR}/files/toolchain-shar-extract.sh"
+
+# No target sysroot - host tools only (like buildtools-tarball)
+TOOLCHAIN_TARGET_TASK = ""
+TARGET_ARCH = "none"
+TARGET_OS = "none"
+
+# Host tools to include via SDK
+# Note: nativesdk-qemu-vcontainer is a minimal QEMU without OpenGL/virgl
+# to avoid mesa -> llvm -> clang build dependency chain
+TOOLCHAIN_HOST_TASK = "\
+    nativesdk-sdk-provides-dummy \
+    nativesdk-qemu-vcontainer \
+    nativesdk-socat \
+    "
+
+# SDK naming and metadata
+TOOLCHAIN_OUTPUTNAME = "vcontainer-standalone"
+SDK_TITLE = "vcontainer tools (vdkr/vpdmn)"
+
+# SDK configuration (same pattern as buildtools-tarball)
+MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"
+PACKAGE_ARCH = "${SDK_ARCH}_${SDK_OS}"
+PACKAGE_ARCHS = ""
+SDK_PACKAGE_ARCHS += "vcontainer-dummy-${SDKPKGSUFFIX}"
+
+RDEPENDS = "${TOOLCHAIN_HOST_TASK}"
+EXCLUDE_FROM_WORLD = "1"
+
+inherit populate_sdk
+inherit toolchain-scripts-base
+inherit nopackages
+
+# Must be set AFTER inherit populate_sdk (class sets it to target arch)
+REAL_MULTIMACH_TARGET_SYS = "none"
+
+# Disable tasks we don't need
+deltask install
+deltask populate_sysroot
+
+# No config site needed
+TOOLCHAIN_NEED_CONFIGSITE_CACHE = ""
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_populate_sdk[stamp-extra-info] = "${PACKAGE_ARCH}"
+
+# ===========================================================================
+# Architecture mapping
+# ===========================================================================
+VCONTAINER_TARGET_ARCH = "${@d.getVar('MACHINE').replace('qemuarm64', 'aarch64').replace('qemux86-64', 'x86_64')}"
+VCONTAINER_KERNEL_NAME = "${@'Image' if d.getVar('MACHINE') == 'qemuarm64' else 'bzImage'}"
+VCONTAINER_MC = "${@'vruntime-aarch64' if d.getVar('MACHINE') == 'qemuarm64' else 'vruntime-x86-64'}"
+
+# ===========================================================================
+# Multiconfig dependencies for blobs
+# ===========================================================================
+# Auto-detect which architectures have blobs available.
+# To limit to specific architectures, set in local.conf:
+#   VCONTAINER_ARCHITECTURES = "x86_64"           # x86_64 only
+#   VCONTAINER_ARCHITECTURES = "aarch64"          # aarch64 only
+#   VCONTAINER_ARCHITECTURES = "x86_64 aarch64"   # both (default if both built)
+def get_available_architectures(d):
+    import os
+    topdir = d.getVar('TOPDIR')
+    available = []
+    arch_info = {
+        'x86_64': ('vruntime-x86-64', 'qemux86-64'),
+        'aarch64': ('vruntime-aarch64', 'qemuarm64'),
+    }
+    for arch, (mc, machine) in arch_info.items():
+        deploy_dir = os.path.join(topdir, 'tmp-%s' % mc, 'deploy', 'images', machine, 'vdkr', arch)
+        if os.path.isdir(deploy_dir):
+            available.append(arch)
+    # If nothing available yet, default to current MACHINE's arch (will be built)
+    if not available:
+        available.append(d.getVar('VCONTAINER_TARGET_ARCH'))
+    return " ".join(sorted(available))
+
+VCONTAINER_ARCHITECTURES ?= "${@get_available_architectures(d)}"
+
+# Trigger multiconfig blob builds automatically via mcdepends
+# VCONTAINER_MC is set based on MACHINE (qemuarm64 -> vruntime-aarch64, qemux86-64 -> vruntime-x86-64)
+do_populate_sdk[mcdepends] = "mc::${VCONTAINER_MC}:vdkr-initramfs-create:do_deploy mc::${VCONTAINER_MC}:vpdmn-initramfs-create:do_deploy"
+
+# ===========================================================================
+# Custom SDK files - environment script AND blobs/scripts
+# ===========================================================================
+# IMPORTANT: All custom files must be added in create_sdk_files:append()
+# because SDK_POSTPROCESS_COMMAND runs archive_sdk BEFORE any appended commands.
+# The order is: create_sdk_files -> check_sdk_sysroots -> archive_sdk -> ...
+# ===========================================================================
+create_sdk_files:append () {
+    # Variables - these are Yocto variables expanded at parse time
+    TOPDIR="${TOPDIR}"
+    THISDIR="${THISDIR}"
+    ARCHITECTURES="${VCONTAINER_ARCHITECTURES}"
+
+    # SDK output directory
+    SDK_OUT="${SDK_OUTPUT}/${SDKPATH}"
+
+    bbnote "TOPDIR=${TOPDIR}"
+    bbnote "THISDIR=${THISDIR}"
+    bbnote "ARCHITECTURES=${ARCHITECTURES}"
+    bbnote "SDK_OUT=${SDK_OUT}"
+
+    # -----------------------------------------------------------------------
+    # Step 1: Copy blobs and scripts (MUST happen before archive_sdk)
+    # -----------------------------------------------------------------------
+    VDKR_INCLUDED=0
+    VPDMN_INCLUDED=0
+
+    # Copy blobs for each architecture
+    for ARCH in ${ARCHITECTURES}; do
+        bbnote "Adding vcontainer blobs for ${ARCH}"
+
+        # Determine multiconfig and kernel name for this arch
+        case "${ARCH}" in
+            aarch64)
+                MC="vruntime-aarch64"
+                MC_MACHINE="qemuarm64"
+                KERNEL="Image"
+                ;;
+            x86_64)
+                MC="vruntime-x86-64"
+                MC_MACHINE="qemux86-64"
+                KERNEL="bzImage"
+                ;;
+            *)
+                bbwarn "Unknown architecture: ${ARCH}"
+                continue
+                ;;
+        esac
+
+        MC_DEPLOY="${TOPDIR}/tmp-${MC}/deploy/images/${MC_MACHINE}"
+        bbnote "MC_DEPLOY=${MC_DEPLOY} for ${ARCH}"
+
+        # Create blob directories
+        mkdir -p "${SDK_OUT}/vdkr-blobs/${ARCH}"
+        mkdir -p "${SDK_OUT}/vpdmn-blobs/${ARCH}"
+
+        # Copy vdkr blobs
+        VDKR_SRC="${MC_DEPLOY}/vdkr/${ARCH}"
+        if [ -d "${VDKR_SRC}" ]; then
+            for blob in ${KERNEL} initramfs.cpio.gz rootfs.img; do
+                if [ -f "${VDKR_SRC}/${blob}" ]; then
+                    cp "${VDKR_SRC}/${blob}" "${SDK_OUT}/vdkr-blobs/${ARCH}/"
+                    bbnote "Copied vdkr blob: ${ARCH}/${blob}"
+                else
+                    bbfatal "vdkr blob not found: ${VDKR_SRC}/${blob}"
+                fi
+            done
+            VDKR_INCLUDED=1
+        else
+            bbfatal "vdkr blobs not found for ${ARCH}. Build them first with:
+  bitbake mc:${MC}:vdkr-initramfs-create"
+        fi
+
+        # Copy vpdmn blobs
+        VPDMN_SRC="${MC_DEPLOY}/vpdmn/${ARCH}"
+        if [ -d "${VPDMN_SRC}" ]; then
+            for blob in ${KERNEL} initramfs.cpio.gz rootfs.img; do
+                if [ -f "${VPDMN_SRC}/${blob}" ]; then
+                    cp "${VPDMN_SRC}/${blob}" "${SDK_OUT}/vpdmn-blobs/${ARCH}/"
+                    bbnote "Copied vpdmn blob: ${ARCH}/${blob}"
+                else
+                    bbfatal "vpdmn blob not found: ${VPDMN_SRC}/${blob}"
+                fi
+            done
+            VPDMN_INCLUDED=1
+        else
+            bbfatal "vpdmn blobs not found for ${ARCH}. Build them first with:
+  bitbake mc:${MC}:vpdmn-initramfs-create"
+        fi
+    done
+
+    # Copy scripts from layer
+    FILES_DIR="${THISDIR}/files"
+
+    # Copy shared scripts
+    for script in vrunner.sh vcontainer-common.sh; do
+        if [ -f "${FILES_DIR}/${script}" ]; then
+            cp "${FILES_DIR}/${script}" "${SDK_OUT}/"
+            chmod 755 "${SDK_OUT}/${script}"
+            bbnote "Copied ${script}"
+        else
+            bbfatal "${script} not found in ${FILES_DIR}"
+        fi
+    done
+
+    # Copy and set up vdkr
+    if [ "${VDKR_INCLUDED}" = "1" ] && [ -f "${FILES_DIR}/vdkr.sh" ]; then
+        cp "${FILES_DIR}/vdkr.sh" "${SDK_OUT}/vdkr"
+        chmod 755 "${SDK_OUT}/vdkr"
+        # Create symlinks for each included architecture
+        for ARCH in ${ARCHITECTURES}; do
+            if [ -d "${SDK_OUT}/vdkr-blobs/${ARCH}" ]; then
+                ln -sf vdkr "${SDK_OUT}/vdkr-${ARCH}"
+                bbnote "Created symlink vdkr-${ARCH}"
+            fi
+        done
+        bbnote "Installed vdkr"
+    fi
+
+    # Copy and set up vpdmn
+    if [ "${VPDMN_INCLUDED}" = "1" ] && [ -f "${FILES_DIR}/vpdmn.sh" ]; then
+        cp "${FILES_DIR}/vpdmn.sh" "${SDK_OUT}/vpdmn"
+        chmod 755 "${SDK_OUT}/vpdmn"
+        # Create symlinks for each included architecture
+        for ARCH in ${ARCHITECTURES}; do
+            if [ -d "${SDK_OUT}/vpdmn-blobs/${ARCH}" ]; then
+                ln -sf vpdmn "${SDK_OUT}/vpdmn-${ARCH}"
+                bbnote "Created symlink vpdmn-${ARCH}"
+            fi
+        done
+        bbnote "Installed vpdmn"
+    fi
+
+    # Create README
+    cat > "${SDK_OUT}/README.txt" <<EOF
+vcontainer Standalone SDK
+=========================
+
+This is a self-contained, relocatable distribution of vdkr (Docker) and
+vpdmn (Podman) CLI tools for cross-architecture container operations.
+
+Quick Start:
+  source init-env.sh
+  vdkr-x86_64 images      # Docker for x86_64
+  vpdmn-aarch64 images    # Podman for aarch64
+
+Architectures included: ${ARCHITECTURES}
+
+Contents:
+  init-env.sh           - Environment setup script
+  vdkr, vdkr-<arch>     - Docker CLI wrapper
+  vpdmn, vpdmn-<arch>   - Podman CLI wrapper
+  vrunner.sh            - Shared QEMU runner
+  vcontainer-common.sh  - Shared CLI code
+  vdkr-blobs/           - Docker QEMU blobs (per-arch subdirectories)
+  vpdmn-blobs/          - Podman QEMU blobs (per-arch subdirectories)
+  sysroots/             - SDK binaries (QEMU, socat, libraries)
+
+Requirements:
+  - Linux x86_64 host
+  - KVM support recommended (for performance)
+
+For more information:
+  https://git.yoctoproject.org/meta-virtualization/
+EOF
+
+    bbnote "vcontainer blobs and scripts added to SDK"
+
+    # -----------------------------------------------------------------------
+    # Step 2: Create environment script (after blobs so we can check for them)
+    # -----------------------------------------------------------------------
+
+    # Remove ALL default SDK files - we create our own
+    rm -f ${SDK_OUTPUT}/${SDKPATH}/site-config-*
+    rm -f ${SDK_OUTPUT}/${SDKPATH}/version-*
+    rm -f ${SDK_OUTPUT}/${SDKPATH}/environment-setup-*
+
+    # Create vcontainer-specific environment script
+    # Keep the environment-setup-* naming so SDK installer works
+    script=${SDK_OUTPUT}/${SDKPATH}/environment-setup-${REAL_MULTIMACH_TARGET_SYS}
+
+    # Create environment script
+    # Set OECORE_NATIVE_SYSROOT temporarily for SDK relocation, then unset it
+    # (like buildtools-tarball does to avoid confusing other Yocto tools)
+    cat > $script <<'HEADER'
+#!/bin/bash
+# vcontainer environment setup script
+# Source this file: source environment-setup-none
+# Or use the symlink: source init-env.sh
+
+VCONTAINER_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+HEADER
+    # Yocto variables (${SDK_SYS}, ${SDKPATHNATIVE}) expand at parse time
+    # Shell variables use $VAR to avoid Yocto expansion
+    echo 'export OECORE_NATIVE_SYSROOT="'"${SDKPATHNATIVE}"'"' >> $script
+    echo 'export PATH="$VCONTAINER_DIR:$OECORE_NATIVE_SYSROOT/usr/bin:/usr/bin:/bin:$PATH"' >> $script
+    cat >> $script <<'FOOTER'
+
+echo "vcontainer environment configured."
+echo ""
+FOOTER
+
+    # Add usage info based on what's included (check files we just copied)
+    if [ -f "${SDK_OUT}/vdkr" ]; then
+        cat >> $script <<'ENVEOF'
+echo "vdkr (Docker) commands:"
+echo "  vdkr images              # List docker images"
+echo "  vdkr vimport ./oci/ app  # Import OCI directory"
+ENVEOF
+    fi
+
+    if [ -f "${SDK_OUT}/vpdmn" ]; then
+        cat >> $script <<'ENVEOF'
+echo "vpdmn (Podman) commands:"
+echo "  vpdmn images             # List podman images"
+echo "  vpdmn vimport ./oci/ app # Import OCI directory"
+ENVEOF
+    fi
+
+    cat >> $script <<ENVEOF
+echo ""
+echo "Architectures: ${VCONTAINER_ARCHITECTURES}"
+ENVEOF
+
+    # Unset OECORE_NATIVE_SYSROOT to avoid confusing other Yocto tools
+    # (same pattern as buildtools-tarball)
+    echo '' >> $script
+    echo '# Clean up - unset to avoid confusing other Yocto tools' >> $script
+    echo 'unset OECORE_NATIVE_SYSROOT' >> $script
+
+    # Replace placeholder with actual SDK_SYS
+    sed -i -e "s:@SDK_SYS@:${SDK_SYS}:g" $script
+    chmod 755 $script
+
+    # Create init-env.sh symlink for convenience
+    ln -sf environment-setup-${REAL_MULTIMACH_TARGET_SYS} ${SDK_OUTPUT}/${SDKPATH}/init-env.sh
+
+    # Create version file
+    echo "vcontainer SDK version: ${PV}" > ${SDK_OUTPUT}/${SDKPATH}/version.txt
+    echo "Built: $(date)" >> ${SDK_OUTPUT}/${SDKPATH}/version.txt
+    echo "Architectures: ${VCONTAINER_ARCHITECTURES}" >> ${SDK_OUTPUT}/${SDKPATH}/version.txt
+
+    # -----------------------------------------------------------------------
+    # Step 3: Remove unnecessary files to reduce SDK size (~100MB savings)
+    # -----------------------------------------------------------------------
+    bbnote "Removing unnecessary files from SDK..."
+
+    # Remove locale data (~97MB) - not needed for vcontainer tools
+    rm -rf ${SDK_OUTPUT}/${SDKPATHNATIVE}/usr/lib/locale
+    bbnote "Removed locale data"
+
+    # Remove QEMU user-mode emulators (we only need system emulators)
+    # Keep: qemu-system-aarch64, qemu-system-x86_64
+    for qemu_bin in ${SDK_OUTPUT}/${SDKPATHNATIVE}/usr/bin/qemu-*; do
+        case "$(basename $qemu_bin)" in
+            qemu-system-aarch64|qemu-system-x86_64|qemu-img|qemu-nbd)
+                # Keep these
+                ;;
+            qemu-system-*)
+                # Remove other system emulators (handled by QEMU_TARGETS now, but just in case)
+                rm -f "$qemu_bin"
+                ;;
+            *)
+                # Remove user-mode emulators (qemu-aarch64, qemu-arm, etc.)
+                rm -f "$qemu_bin"
+                bbnote "Removed $(basename $qemu_bin)"
+                ;;
+        esac
+    done
+
+    bbnote "SDK size optimization complete"
+}
+
+create_sdk_files[vardeps] += "VCONTAINER_TARGET_ARCH VCONTAINER_KERNEL_NAME VCONTAINER_MC"
+
+# ===========================================================================
+# Substitute custom placeholders in installer script
+# ===========================================================================
+# This runs AFTER archive_sdk to replace placeholders in our custom template
+SDK_POSTPROCESS_COMMAND += "substitute_vcontainer_vars;"
+
+substitute_vcontainer_vars () {
+    # Replace placeholders in the installer script
+    # Use SDKDEPLOYDIR (work directory) not SDK_DEPLOY (final deploy location)
+    sed -i -e "s|@VCONTAINER_ARCHITECTURES@|${VCONTAINER_ARCHITECTURES}|g" ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.sh
+    bbnote "Substituted VCONTAINER_ARCHITECTURES=${VCONTAINER_ARCHITECTURES} in installer"
+}
+
+substitute_vcontainer_vars[vardeps] += "VCONTAINER_ARCHITECTURES"
+
+# ===========================================================================
+# Print usage information after SDK is built
+# ===========================================================================
+python do_populate_sdk:append() {
+    import os
+
+    deploy_dir = d.getVar('SDK_DEPLOY')
+    toolchain_outputname = d.getVar('TOOLCHAIN_OUTPUTNAME')
+    architectures = d.getVar('VCONTAINER_ARCHITECTURES').split()
+
+    # Find the installer script
+    installer = os.path.join(deploy_dir, toolchain_outputname + '.sh')
+    installer_size = 0
+    if os.path.exists(installer):
+        installer_size = os.path.getsize(installer) // (1024 * 1024)
+
+    # Check what was included
+    sdk_output = d.getVar('SDK_OUTPUT')
+    sdkpath = d.getVar('SDKPATH')
+    sdk_out = os.path.join(sdk_output, sdkpath.lstrip('/'))
+    vdkr_included = os.path.exists(os.path.join(sdk_out, 'vdkr'))
+    vpdmn_included = os.path.exists(os.path.join(sdk_out, 'vpdmn'))
+
+    bb.plain("")
+    bb.plain("=" * 70)
+    bb.plain("vcontainer SDK tarball created:")
+    bb.plain("  %s" % installer)
+    bb.plain("  Size: %d MB" % installer_size)
+    bb.plain("  Architectures: %s" % " ".join(architectures))
+    bb.plain("  vdkr (Docker): %s" % ("included" if vdkr_included else "NOT included"))
+    bb.plain("  vpdmn (Podman): %s" % ("included" if vpdmn_included else "NOT included"))
+    bb.plain("")
+    bb.plain("To extract and use:")
+    bb.plain("  %s -d /tmp/vcontainer -y" % installer)
+    bb.plain("  cd /tmp/vcontainer")
+    bb.plain("  source init-env.sh")
+    for arch in architectures:
+        if vdkr_included:
+            bb.plain("  vdkr-%s images      # Docker for %s" % (arch, arch))
+        if vpdmn_included:
+            bb.plain("  vpdmn-%s images     # Podman for %s" % (arch, arch))
+    bb.plain("=" * 70)
+}
diff --git a/recipes-containers/vcontainer/vdkr-native_1.0.bb b/recipes-containers/vcontainer/vdkr-native_1.0.bb
deleted file mode 100644
index a6a56ecb..00000000
--- a/recipes-containers/vcontainer/vdkr-native_1.0.bb
+++ /dev/null
@@ -1,191 +0,0 @@
-# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
-#
-# SPDX-License-Identifier: MIT
-#
-# vdkr-native_1.0.bb
-# ===========================================================================
-# Emulated Docker for cross-architecture container operations
-# ===========================================================================
-#
-# vdkr provides a Docker-like CLI that executes arbitrary docker commands
-# inside a QEMU-emulated environment with the target architecture's Docker
-# daemon. Commands like "docker load", "docker export", "docker images" etc
-# are passed through to Docker running inside QEMU and results streamed back.
-#
-# vdkr uses its own initramfs (built by vdkr-initramfs-create) which
-# has vdkr-init.sh baked in. This is separate from container-cross-install.
-#
-# USAGE:
-#   vdkr images                    # Uses detected default arch
-#   vdkr -a aarch64 images         # Explicit arch
-#   vdkr-aarch64 images            # Symlink (backwards compatible)
-#   vdkr-x86_64 load -i myimage.tar
-#
-# Architecture detection (in priority order):
-#   1. --arch / -a flag
-#   2. Executable name (vdkr-aarch64, vdkr-x86_64)
-#   3. VDKR_ARCH environment variable
-#   4. Config file: ~/.config/vdkr/arch
-#   5. Host architecture (uname -m)
-#
-# DEPENDENCIES:
-#   - Kernel/initramfs blobs from vdkr-initramfs-create
-#   - QEMU system emulator (qemu-system-native)
-#
-# ===========================================================================
-
-SUMMARY = "Emulated Docker for cross-architecture container operations"
-DESCRIPTION = "Provides vdkr CLI that executes docker commands inside \
-               QEMU-emulated environment. Useful for building/manipulating \
-               containers for target architectures on a different host."
-HOMEPAGE = "https://github.com/anthropics/meta-virtualization"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
-
-inherit native
-
-# Dependencies
-DEPENDS = "qemu-system-native coreutils-native socat-native"
-
-# vdkr-init.sh is now baked into the initramfs, not installed separately
-SRC_URI = "\
-    file://vdkr.sh \
-    file://vrunner.sh \
-"
-
-# Pre-built blobs are optional - they're checked into the layer after being
-# built by vdkr-initramfs-build. If not present, vdkr will still build
-# but will require --blob-dir at runtime.
-#
-# To build blobs:
-#   MACHINE=qemuarm64 bitbake vdkr-initramfs-build
-#   MACHINE=qemux86-64 bitbake vdkr-initramfs-build
-# Then copy from tmp/deploy/images/<machine>/vdkr-initramfs/ to files/blobs/vdkr/<arch>/
-#
-# For development, set VDKR_USE_DEPLOY = "1" in local.conf to use blobs
-# directly from DEPLOY_DIR instead of copying to layer.
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-# Layer directory containing optional blobs
-VDKR_LAYER_BLOBS = "${THISDIR}/files/blobs/vdkr"
-
-# Deploy directories (used when VDKR_USE_DEPLOY = "1")
-VDKR_DEPLOY_AARCH64 = "${DEPLOY_DIR}/images/qemuarm64/vdkr-initramfs"
-VDKR_DEPLOY_X86_64 = "${DEPLOY_DIR}/images/qemux86-64/vdkr-initramfs"
-
-# Set to "1" in local.conf to prefer DEPLOY_DIR blobs over layer
-VDKR_USE_DEPLOY ?= "0"
-
-S = "${UNPACKDIR}"
-
-do_install() {
-    # Install vdkr main script and architecture symlinks
-    install -d ${D}${bindir}
-    install -d ${D}${bindir}/vdkr-blobs/aarch64
-    install -d ${D}${bindir}/vdkr-blobs/x86_64
-
-    # Install main vdkr script (arch detected at runtime)
-    install -m 0755 ${S}/vdkr.sh ${D}${bindir}/vdkr
-
-    # Create backwards-compatible symlinks
-    ln -sf vdkr ${D}${bindir}/vdkr-aarch64
-    ln -sf vdkr ${D}${bindir}/vdkr-x86_64
-
-    # Install runner script
-    install -m 0755 ${S}/vrunner.sh ${D}${bindir}/
-
-    # Determine blob source directories based on VDKR_USE_DEPLOY
-    if [ "${VDKR_USE_DEPLOY}" = "1" ]; then
-        AARCH64_SRC="${VDKR_DEPLOY_AARCH64}"
-        X86_64_SRC="${VDKR_DEPLOY_X86_64}"
-        bbwarn "============================================================"
-        bbwarn "VDKR_USE_DEPLOY=1: Using blobs from DEPLOY_DIR"
-        bbwarn "This is for development only. For permanent use, copy blobs:"
-        bbwarn ""
-        bbwarn "  # For aarch64:"
-        bbwarn "  cp ${VDKR_DEPLOY_AARCH64}/Image \\"
-        bbwarn "     ${VDKR_LAYER_BLOBS}/aarch64/"
-        bbwarn "  cp ${VDKR_DEPLOY_AARCH64}/initramfs.cpio.gz \\"
-        bbwarn "     ${VDKR_LAYER_BLOBS}/aarch64/"
-        bbwarn ""
-        bbwarn "  # For x86_64:"
-        bbwarn "  cp ${VDKR_DEPLOY_X86_64}/bzImage \\"
-        bbwarn "     ${VDKR_LAYER_BLOBS}/x86_64/"
-        bbwarn "  cp ${VDKR_DEPLOY_X86_64}/initramfs.cpio.gz \\"
-        bbwarn "     ${VDKR_LAYER_BLOBS}/x86_64/"
-        bbwarn ""
-        bbwarn "Then remove VDKR_USE_DEPLOY from local.conf"
-        bbwarn "============================================================"
-    else
-        AARCH64_SRC="${VDKR_LAYER_BLOBS}/aarch64"
-        X86_64_SRC="${VDKR_LAYER_BLOBS}/x86_64"
-    fi
-
-    # Install aarch64 blobs (if available)
-    # Requires: Image, initramfs.cpio.gz, rootfs.img
-    if [ -f "$AARCH64_SRC/Image" ] && [ -f "$AARCH64_SRC/rootfs.img" ]; then
-        install -m 0644 "$AARCH64_SRC/Image" ${D}${bindir}/vdkr-blobs/aarch64/
-        install -m 0644 "$AARCH64_SRC/initramfs.cpio.gz" ${D}${bindir}/vdkr-blobs/aarch64/
-        install -m 0644 "$AARCH64_SRC/rootfs.img" ${D}${bindir}/vdkr-blobs/aarch64/
-        bbnote "Installed aarch64 blobs from $AARCH64_SRC"
-    else
-        bbnote "No aarch64 blobs found at $AARCH64_SRC"
-        bbnote "Required: Image, initramfs.cpio.gz, rootfs.img"
-    fi
-
-    # Install x86_64 blobs (if available)
-    # Requires: bzImage, initramfs.cpio.gz, rootfs.img
-    if [ -f "$X86_64_SRC/bzImage" ] && [ -f "$X86_64_SRC/rootfs.img" ]; then
-        install -m 0644 "$X86_64_SRC/bzImage" ${D}${bindir}/vdkr-blobs/x86_64/
-        install -m 0644 "$X86_64_SRC/initramfs.cpio.gz" ${D}${bindir}/vdkr-blobs/x86_64/
-        install -m 0644 "$X86_64_SRC/rootfs.img" ${D}${bindir}/vdkr-blobs/x86_64/
-        bbnote "Installed x86_64 blobs from $X86_64_SRC"
-    else
-        bbnote "No x86_64 blobs found at $X86_64_SRC"
-        bbnote "Required: bzImage, initramfs.cpio.gz, rootfs.img"
-    fi
-}
-
-# Make available in native sysroot
-SYSROOT_DIRS += "${bindir}"
-
-# Task to print usage instructions for using vdkr from current location
-# Run with: bitbake vdkr-native -c print_usage
-python do_print_usage() {
-    import os
-    bindir = d.getVar('D') + d.getVar('bindir')
-
-    # Find the actual install location
-    image_dir = d.getVar('D')
-    native_sysroot = d.getVar('STAGING_DIR_NATIVE')
-
-    bb.plain("")
-    bb.plain("=" * 70)
-    bb.plain("vdkr Usage Instructions")
-    bb.plain("=" * 70)
-    bb.plain("")
-    bb.plain("Option 1: Add to PATH (recommended)")
-    bb.plain("-" * 40)
-    bb.plain("export PATH=\"%s:$PATH\"" % (native_sysroot + d.getVar('bindir')))
-    bb.plain("")
-    bb.plain("Then use:")
-    bb.plain("  vdkr images              # Uses default arch (host or config)")
-    bb.plain("  vdkr -a aarch64 images   # Explicit arch")
-    bb.plain("  vdkr-x86_64 images       # Symlink (backwards compatible)")
-    bb.plain("")
-    bb.plain("Option 2: Direct invocation")
-    bb.plain("-" * 40)
-    bb.plain("%s/vdkr images" % (native_sysroot + d.getVar('bindir')))
-    bb.plain("")
-    bb.plain("Option 3: Set default architecture")
-    bb.plain("-" * 40)
-    bb.plain("mkdir -p ~/.config/vdkr && echo 'aarch64' > ~/.config/vdkr/arch")
-    bb.plain("")
-    bb.plain("Note: QEMU must be in PATH. If not found, also add:")
-    bb.plain("export PATH=\"%s:$PATH\"" % (d.getVar('STAGING_BINDIR_NATIVE')))
-    bb.plain("")
-    bb.plain("=" * 70)
-}
-addtask print_usage
-do_print_usage[nostamp] = "1"
diff --git a/recipes-containers/vcontainer/vpdmn-native_1.0.bb b/recipes-containers/vcontainer/vpdmn-native_1.0.bb
deleted file mode 100644
index 7aaa8b28..00000000
--- a/recipes-containers/vcontainer/vpdmn-native_1.0.bb
+++ /dev/null
@@ -1,177 +0,0 @@
-# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
-#
-# SPDX-License-Identifier: MIT
-#
-# vpdmn-native_1.0.bb
-# ===========================================================================
-# Emulated Podman for cross-architecture container operations
-# ===========================================================================
-#
-# vpdmn provides a Podman-like CLI that executes arbitrary podman commands
-# inside a QEMU-emulated environment with the target architecture's Podman.
-# Commands like "podman load", "podman images", etc. are passed through to
-# Podman running inside QEMU and results streamed back.
-#
-# vpdmn shares the vrunner.sh runner with vdkr (it's runtime-agnostic).
-#
-# USAGE:
-#   vpdmn images                    # Uses detected default arch
-#   vpdmn -a aarch64 images         # Explicit arch
-#   vpdmn-aarch64 images            # Symlink (backwards compatible)
-#   vpdmn-x86_64 load -i myimage.tar
-#
-# Architecture detection (in priority order):
-#   1. --arch / -a flag
-#   2. Executable name (vpdmn-aarch64, vpdmn-x86_64)
-#   3. VPDMN_ARCH environment variable
-#   4. Config file: ~/.config/vpdmn/arch
-#   5. Host architecture (uname -m)
-#
-# DEPENDENCIES:
-#   - Kernel/initramfs blobs from vpdmn-initramfs-create
-#   - QEMU system emulator (qemu-system-native)
-#   - vrunner.sh (shared runner from vdkr-native)
-#
-# ===========================================================================
-
-SUMMARY = "Emulated Podman for cross-architecture container operations"
-DESCRIPTION = "Provides vpdmn CLI that executes podman commands inside \
-               QEMU-emulated environment. Useful for building/manipulating \
-               containers for target architectures on a different host."
-HOMEPAGE = "https://github.com/anthropics/meta-virtualization"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
-
-inherit native
-
-# Dependencies - we use vdkr's runner script
-DEPENDS = "qemu-system-native coreutils-native socat-native vdkr-native"
-
-SRC_URI = "\
-    file://vpdmn.sh \
-"
-
-# Pre-built blobs are optional - they're checked into the layer after being
-# built by vpdmn-initramfs-create. If not present, vpdmn will still build
-# but will require --blob-dir at runtime.
-#
-# To build blobs:
-#   MACHINE=qemuarm64 bitbake vpdmn-initramfs-create
-#   MACHINE=qemux86-64 bitbake vpdmn-initramfs-create
-# Then copy from tmp/deploy/images/<machine>/vpdmn-initramfs/ to files/blobs/vpdmn/<arch>/
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-# Layer directory containing optional blobs
-VPDMN_LAYER_BLOBS = "${THISDIR}/files/blobs/vpdmn"
-
-# Deploy directories (used when VPDMN_USE_DEPLOY = "1")
-VPDMN_DEPLOY_AARCH64 = "${DEPLOY_DIR}/images/qemuarm64/vpdmn-initramfs"
-VPDMN_DEPLOY_X86_64 = "${DEPLOY_DIR}/images/qemux86-64/vpdmn-initramfs"
-
-# Set to "1" in local.conf to prefer DEPLOY_DIR blobs over layer
-VPDMN_USE_DEPLOY ?= "0"
-
-S = "${UNPACKDIR}"
-
-do_install() {
-    # Install vpdmn main script and architecture symlinks
-    install -d ${D}${bindir}
-    install -d ${D}${bindir}/vpdmn-blobs/aarch64
-    install -d ${D}${bindir}/vpdmn-blobs/x86_64
-
-    # Install main vpdmn script (arch detected at runtime)
-    install -m 0755 ${S}/vpdmn.sh ${D}${bindir}/vpdmn
-
-    # Create backwards-compatible symlinks
-    ln -sf vpdmn ${D}${bindir}/vpdmn-aarch64
-    ln -sf vpdmn ${D}${bindir}/vpdmn-x86_64
-
-    # Note: vpdmn uses vrunner.sh from vdkr-native (it's runtime-agnostic)
-
-    # Determine blob source directories based on VPDMN_USE_DEPLOY
-    if [ "${VPDMN_USE_DEPLOY}" = "1" ]; then
-        AARCH64_SRC="${VPDMN_DEPLOY_AARCH64}"
-        X86_64_SRC="${VPDMN_DEPLOY_X86_64}"
-        bbwarn "============================================================"
-        bbwarn "VPDMN_USE_DEPLOY=1: Using blobs from DEPLOY_DIR"
-        bbwarn "This is for development only. For permanent use, copy blobs:"
-        bbwarn ""
-        bbwarn "  # For aarch64:"
-        bbwarn "  cp ${VPDMN_DEPLOY_AARCH64}/Image \\"
-        bbwarn "     ${VPDMN_LAYER_BLOBS}/aarch64/"
-        bbwarn "  cp ${VPDMN_DEPLOY_AARCH64}/initramfs.cpio.gz \\"
-        bbwarn "     ${VPDMN_LAYER_BLOBS}/aarch64/"
-        bbwarn ""
-        bbwarn "  # For x86_64:"
-        bbwarn "  cp ${VPDMN_DEPLOY_X86_64}/bzImage \\"
-        bbwarn "     ${VPDMN_LAYER_BLOBS}/x86_64/"
-        bbwarn "  cp ${VPDMN_DEPLOY_X86_64}/initramfs.cpio.gz \\"
-        bbwarn "     ${VPDMN_LAYER_BLOBS}/x86_64/"
-        bbwarn ""
-        bbwarn "Then remove VPDMN_USE_DEPLOY from local.conf"
-        bbwarn "============================================================"
-    else
-        AARCH64_SRC="${VPDMN_LAYER_BLOBS}/aarch64"
-        X86_64_SRC="${VPDMN_LAYER_BLOBS}/x86_64"
-    fi
-
-    # Install aarch64 blobs (if available)
-    # Requires: Image, initramfs.cpio.gz, rootfs.img
-    if [ -f "$AARCH64_SRC/Image" ] && [ -f "$AARCH64_SRC/rootfs.img" ]; then
-        install -m 0644 "$AARCH64_SRC/Image" ${D}${bindir}/vpdmn-blobs/aarch64/
-        install -m 0644 "$AARCH64_SRC/initramfs.cpio.gz" ${D}${bindir}/vpdmn-blobs/aarch64/
-        install -m 0644 "$AARCH64_SRC/rootfs.img" ${D}${bindir}/vpdmn-blobs/aarch64/
-        bbnote "Installed aarch64 blobs from $AARCH64_SRC"
-    else
-        bbnote "No aarch64 blobs found at $AARCH64_SRC"
-        bbnote "Required: Image, initramfs.cpio.gz, rootfs.img"
-    fi
-
-    # Install x86_64 blobs (if available)
-    # Requires: bzImage, initramfs.cpio.gz, rootfs.img
-    if [ -f "$X86_64_SRC/bzImage" ] && [ -f "$X86_64_SRC/rootfs.img" ]; then
-        install -m 0644 "$X86_64_SRC/bzImage" ${D}${bindir}/vpdmn-blobs/x86_64/
-        install -m 0644 "$X86_64_SRC/initramfs.cpio.gz" ${D}${bindir}/vpdmn-blobs/x86_64/
-        install -m 0644 "$X86_64_SRC/rootfs.img" ${D}${bindir}/vpdmn-blobs/x86_64/
-        bbnote "Installed x86_64 blobs from $X86_64_SRC"
-    else
-        bbnote "No x86_64 blobs found at $X86_64_SRC"
-        bbnote "Required: bzImage, initramfs.cpio.gz, rootfs.img"
-    fi
-}
-
-# Make available in native sysroot
-SYSROOT_DIRS += "${bindir}"
-
-# Task to print usage instructions
-# Run with: bitbake vpdmn-native -c print_usage
-python do_print_usage() {
-    import os
-    native_sysroot = d.getVar('STAGING_DIR_NATIVE')
-
-    bb.plain("")
-    bb.plain("=" * 70)
-    bb.plain("vpdmn Usage Instructions")
-    bb.plain("=" * 70)
-    bb.plain("")
-    bb.plain("Option 1: Add to PATH (recommended)")
-    bb.plain("-" * 40)
-    bb.plain("export PATH=\"%s:$PATH\"" % (native_sysroot + d.getVar('bindir')))
-    bb.plain("")
-    bb.plain("Then use:")
-    bb.plain("  vpdmn images              # Uses default arch (host or config)")
-    bb.plain("  vpdmn -a aarch64 images   # Explicit arch")
-    bb.plain("  vpdmn-x86_64 images       # Symlink (backwards compatible)")
-    bb.plain("")
-    bb.plain("Option 2: Set default architecture")
-    bb.plain("-" * 40)
-    bb.plain("mkdir -p ~/.config/vpdmn && echo 'aarch64' > ~/.config/vpdmn/arch")
-    bb.plain("")
-    bb.plain("Note: QEMU must be in PATH. If not found, also add:")
-    bb.plain("export PATH=\"%s:$PATH\"" % (d.getVar('STAGING_BINDIR_NATIVE')))
-    bb.plain("")
-    bb.plain("=" * 70)
-}
-addtask print_usage
-do_print_usage[nostamp] = "1"
diff --git a/recipes-devtools/qemu/nativesdk-qemu-vcontainer.bb b/recipes-devtools/qemu/nativesdk-qemu-vcontainer.bb
new file mode 100644
index 00000000..8fc68679
--- /dev/null
+++ b/recipes-devtools/qemu/nativesdk-qemu-vcontainer.bb
@@ -0,0 +1,65 @@
+# SPDX-FileCopyrightText: Copyright (C) 2025 Bruce Ashfield
+#
+# SPDX-License-Identifier: MIT
+#
+# Minimal QEMU variant for vcontainer tools (vdkr/vpdmn)
+#
+# This recipe provides a stripped-down nativesdk QEMU without OpenGL/SDL
+# dependencies, avoiding the mesa -> llvm -> clang build chain.
+#
+# This is separate from the main nativesdk-qemu to avoid affecting other
+# users who may need OpenGL support in their SDK QEMU.
+#
+# VERSION TRACKING: This recipe automatically discovers the QEMU version
+# from oe-core, so no updates are needed when oe-core bumps QEMU.
+
+SUMMARY = "Minimal QEMU for vcontainer tools"
+DESCRIPTION = "QEMU built without OpenGL/virglrenderer for use in vcontainer \
+               standalone tarballs. Avoids pulling in mesa/llvm/clang."
+
+# Dynamically discover QEMU version from oe-core (same pattern as busybox-initrd.bb)
+def get_qemu_pv(d):
+    import os
+    import re
+    corebase = d.getVar('COREBASE')
+    qemu_dir = os.path.join(corebase, 'meta', 'recipes-devtools', 'qemu')
+    if os.path.isdir(qemu_dir):
+        re_bb_name = re.compile(r"^qemu_([0-9.]+)\.bb$")
+        for bb_file in os.listdir(qemu_dir):
+            result = re_bb_name.match(bb_file)
+            if result:
+                return result.group(1)
+    bb.fatal("Cannot find qemu recipe in %s" % qemu_dir)
+
+PV := "${@get_qemu_pv(d)}"
+
+# Point to oe-core qemu files directory for patches and support files
+FILESEXTRAPATHS:prepend := "${COREBASE}/meta/recipes-devtools/qemu/qemu:"
+
+# Use the same base as oe-core qemu
+require recipes-devtools/qemu/qemu.inc
+
+# Pull in the main recipe's dependencies and settings
+DEPENDS += "glib-2.0 zlib pixman"
+DEPENDS:append:libc-musl = " libucontext"
+
+# Inherit nativesdk explicitly (not via BBCLASSEXTEND)
+inherit nativesdk
+
+# Target list for nativesdk (cross-prefix is already set by qemu.inc for class-nativesdk)
+EXTRA_OECONF:append = " --target-list=${@get_qemu_target_list(d)}"
+
+# Minimal PACKAGECONFIG - no opengl, no sdl, no virglrenderer
+# This avoids mesa -> llvm -> clang dependency chain
+# virtfs is needed for volume mounts (-v host:container)
+PACKAGECONFIG = "fdt kvm pie slirp virtfs"
+
+# Only build the QEMU targets we actually need for vcontainer
+# This saves ~150MB compared to building all architectures
+QEMU_TARGETS = "aarch64 x86_64"
+
+# QEMU's configure doesn't support --disable-static, so disable it
+DISABLE_STATIC = ""
+
+# Ensure proper naming
+BPN = "qemu"