$ find /usr/portage -user root $ sudo emerge --sync ... ... ... $ find /usr/portage -user root /usr/portage/.git/objects/66/bdfc089cc0c65cb9bae2826d2f09833edc7b6c /usr/portage/.git/objects/73/f0d0373a2f10ad9370ac6fb9beffd5b01f9c11 /usr/portage/.git/objects/aa/477fa87c6a8de71c55d5d61af1513165c6b821 /usr/portage/.git/refs/heads/master /usr/portage/.git/ORIG_HEAD /usr/portage/.git/index /usr/portage/app-crypt/argon2/argon2-20171227.ebuild /usr/portage/app-crypt/libmd/Manifest ... Reproducible: Always $ grep usersync /etc/portage/make.conf FEATURES="parallel-fetch userfetch usersync userpriv usersandbox"
Note this started with a recent portage update. It also switched from 'git pull' to 'git fetch' followed by 'git merge'.
What portage version does emerge --version show?
(In reply to Zac Medico from comment #2) > What portage version does emerge --version show? $ emerge --version Portage 2.3.49 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.0-gentoo x86_64)
Still present in: $ emerge --version Portage 2.3.51 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.0-gentoo x86_64)
The problem seems to be that 'git merge' is spawned directly with subprocess.call, which ignores the settings present in spawn_kwargs, instead of using portage.process.spawn or similar functions.
True, the merge command does not drop privileges: https://gitweb.gentoo.org/proj/portage.git/commit/?id=3cd8cf93abb6410cc877381531bb662a704dffa7 > exitcode = subprocess.call(merge_cmd, > cwd=portage._unicode_encode(self.repo.location))
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=0490cfa00afcf1347e4e72528b20c93648d6871c commit 0490cfa00afcf1347e4e72528b20c93648d6871c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2018-11-23 09:00:25 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2018-11-23 23:55:24 +0000 git: drop privileges for gc and merge (bug 669496) Use portage.process.spawn (with new cwd parameter) and self.spawn_kwargs to drop privileges for git gc and merge commands. Fixes: 3cd8cf93abb6 ("GitSync: abort checkout for signature problem (bug 660372)") Fixes: 903c4b1a6768 ("GitSync: support sync-depth (bug 552814)") Bug: https://bugs.gentoo.org/669496 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/sync/modules/git/git.py | 10 ++++++---- lib/portage/tests/sync/test_sync_local.py | 22 ++++++++++++++++++++-- 2 files changed, 26 insertions(+), 6 deletions(-)
This one looks fixed after recent portage update.
Fixed in portage-2.3.62.