I have noticed that the following symlink is broken /opt/openjdk-bin-11.0.7_p10/lib/security/cacerts Basically, it needs to points to one more level up: ../../../../../etc/ssl/certs/java/cacerts (5 instead of 4). Similarly, /opt/openjdk-bin-8.242_p08/jre/lib/security/cacerts ../../../../../../etc/ssl/certs/java/cacerts (6 instead of 5) java applications unable to connect without proper certificates: https://github.com/Col-E/Recaf/issues/199 emerge --info Portage 2.3.89 (python 3.6.10-final-0, default/linux/amd64/17.1/hardened, gcc-9.3.0, glibc-2.29-r7, 5.5.11-pentoo x86_64) ================================================================= System uname: Linux-5.5.11-pentoo-x86_64-Intel-R-_Core-TM-_i5-3320M_CPU_@_2.60GHz-with-gentoo-2.6 KiB Mem: 7968628 total, 3976116 free KiB Swap: 4194300 total, 4194300 free Timestamp of repository gentoo: Wed, 22 Apr 2020 00:45:01 +0000 Head commit of repository gentoo: 1fdca6d7842fd90ee8d839d1e3963e4e6514bf85 Head commit of repository pentoo: 6e4380b2eaef93df7fedce58ea254435eb55b2e5 Head commit of repository steam-overlay: ae3e928b83b722ae6197fc1bc78859b592b819e5 sh bash 4.4_p23-r1 ld GNU ld (Gentoo 2.33.1 p2) 2.33.1 app-shells/bash: 4.4_p23-r1::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.30.1::gentoo dev-lang/python: 2.7.17-r2::gentoo, 3.6.10-r1::gentoo, 3.7.7-r1::gentoo dev-util/cmake: 3.16.5::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.42.1::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.13.4-r2::gentoo, 1.16.1-r2::gentoo sys-devel/binutils: 2.33.1-r1::gentoo sys-devel/gcc: 9.3.0::gentoo sys-devel/gcc-config: 2.2.1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 5.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.29-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.asia.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: yes sync-rsync-verify-max-age: 24 sync-rsync-verify-jobs: 1 sync-rsync-extra-opts: local-overlay location: /var/db/overlays/local masters: gentoo priority: 0 pentoo location: /var/db/overlays/pentoo-overlay sync-type: git sync-uri: https://github.com/pentoo/pentoo-overlay masters: gentoo steam-overlay location: /var/db/overlays/steam-overlay sync-type: git sync-uri: https://github.com/anyc/steam-overlay.git masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe -frecord-gcc-switches" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe -frecord-gcc-switches" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--quiet-build" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe -frecord-gcc-switches -frecord-gcc-switches" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -frecord-gcc-switches -frecord-gcc-switches" GENTOO_MIRRORS="http://mirror.rise.ph/gentoo/" INSTALL_MASK="*.la" LANG="en_SG.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0" LINGUAS="en ru" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_BINHOST="https://pentoo.emjay-embedded.co.uk/Packages/amd64-hardened/" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--omit-dir-times" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
on my systems symlink is NOT broken for both versions and points like this: > pwd > /opt/openjdk-bin-8.252_p09/jre/lib/security > cacerts -> ../../../../../etc/ssl/certs/java/cacerts > file cacerts > cacerts: symbolic link to ../../../../../etc/ssl/certs/java/cacerts > file -L cacerts > cacerts: Java KeyStore > pwd > /opt/openjdk-bin-11.0.6_p10/lib/security > cacerts -> ../../../../etc/ssl/certs/java/cacerts > file cacerts > cacerts: symbolic link to ../../../../etc/ssl/certs/java/cacerts > file -L cacerts > cacerts: Java KeyStore is your /opt somehow specially mounted or is a symlink? or maybe anything else special about filesystem layout? We used to create absolute symlinks and it was easier to follow that this multi-level madness, but such are rules.
Correct, my /opt is a symlink: /opt -> /data/opt
I’ll see what I can do to make a bit more robust or switch back to prefix + absolute path, for now please use workaround, I’ll need to speak with QA guys about absolute symlink destinations.
It's not a surprise, that any other packages installed in opt with relevant symlinks are broken too. Here is what I have installed: ./linkchecker /opt/ /opt/zoom/libturbojpeg.so -> ../../usr/lib64/libturbojpeg.so /opt/zoom/libmpg123.so -> ../../usr/lib64/libmpg123.so /opt/firefox/browser/plugins -> /usr/lib64/nsbrowser/plugins /opt/thunderbird/plugins -> /usr/lib64/nsbrowser/plugins This but should be reassign to relevant parties.
I think you should really try to work-around it locally, there's no good way to work support it in ebuild/eclass/portage. Probably maintainers just going to ignore, as supporting every possible filesystem layout is hard. I've seen bugs like this closed WONTFIX. instead of symlink you can use bind mount. you can bind mount anything anywhere, even files. so this entry in fstab /data/opt /opt none bind 0 0 will do the same as symlink, but without symlink dereference problem and/or wrong levels with relative symlink. before doing above don't forget to remove /opt symlink and create an empty directory instead. you can do same with individual files as well like mount -o bind /etc/resolv.conf /mnt/gentoo/etc/resolv.conf will bind a single file. Closing.
also I think bind-mounting will solve your current symlink, you will not even need to reinstall packages.
I suspect a problem is deeper. Portage should not require a specific FS system. Other users my have symlink the entire /usr for example. It would break hard the OS. I expect a proper resolution.
feel free to open generic bug and link this one or send an email to gentoo-dev@lists.gentoo.org for more discussion.
