This is a new Gentoo::Prefix installation. Please note the paths under CONFIG_PROTECT and CONFIG_PROTECT_MASK and not always prefixifed. Provided I do not see these variable in /auto/vestec1-elixir/projects/biocev/gentoo/etc/portage/make.conf/0100_bootstrap_prefix_make.conf I assume it is a bug in emerge and not something actually misconfigured by bootstrap-prefix.sh . I do not see any similar bugs open except bug #766258 . Luckily I do not have root privs I I cannot really alter /etc on this machine. $ emerge --info Portage 3.0.49 (python 3.11.4-final-0, default/linux/amd64/17.1/no-multilib/prefix/kernel-3.2+, gcc-13, glibc-2.37-r4, 5.10.0-13-amd64 x86_64) ================================================================= System uname: Linux-5.10.0-13-amd64-x86_64-Intel-R-_Xeon-R-_Platinum_8260_CPU_@_2.40GHz-with-glibc2.37 KiB Mem: 3169357408 total,2310472252 free KiB Swap: 16383996 total, 16383996 free Timestamp of repository gentoo: Wed, 02 Aug 2023 15:00:01 +0000 Head commit of repository gentoo: e95d5bff77351593d29643d39f272a0b5a6941a5 sh bash 5.2_p15-r6 ld GNU ld (Gentoo 2.40 p6) 2.40.0 app-misc/pax-utils: 1.3.7::gentoo app-shells/bash: 5.2_p15-r6::gentoo dev-lang/perl: 5.38.0-r1::gentoo dev-lang/python: 3.11.4::gentoo, 3.12.0_beta4_p1::gentoo dev-lang/rust: 1.71.0::gentoo dev-lang/rust-bin: 1.71.0::gentoo dev-util/cmake: 3.27.1::gentoo dev-util/meson: 1.2.0::gentoo sys-apps/baselayout: 2.14::gentoo sys-apps/sandbox: 2.37::gentoo sys-devel/autoconf: 2.71-r7::gentoo sys-devel/automake: 1.16.5-r1::gentoo sys-devel/binutils: 2.40-r7::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/gcc: 13.2.0::gentoo sys-devel/gcc-config: 2.11::gentoo sys-devel/libtool: 2.4.7-r1::gentoo sys-devel/make: 4.4.1-r1::gentoo sys-kernel/linux-headers: 6.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.37-r4::gentoo Repositories: gentoo location: /auto/vestec1-elixir/projects/biocev/gentoo/var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 volatile: True sync-rsync-extra-opts: sync-rsync-verify-jobs: 1 sync-rsync-verify-max-age: 24 sync-rsync-verify-metamanifest: no ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE dlj-1.1 sun-bcla-java-vm Oracle-BCLA-JavaSE IBM-J1.6 NPSL RAR Intel-SDP fasta vienna-rna unafold GRL MSttfEULA hplip-plugin meme mRNAmarkup ApE ICS ipw3945 finchtv modeller gmap abyss swiss-prot Aladdin AVASYS pyvcf Non-profit-OSL-3.0 estscan bcca_2010 oncotator Adobe blat staden CeCILL-1.1 phrap STRIDE cctbx-2.0 bh-luxi ARIADNE unRAR all-rights-reserved trf annovar_personal_only stampy-academic BSD-BroadInstitute UPennState freedist free-noncomm blasr sun-jlfgr FLI-Jena PSTT netperf sun-jsr67 xv vim.org OSGi-Specification-2.0 colt google-chrome ACE AFL churchill genscan no-source-code ISSL JSON MPEG-4 Apache-2.0 BSD MIT BSD-2 FSFAP unicode Subversion PSF-2.4 merlin android julius CROSSOVER-3 lha PUEL-11" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -O2 -pipe -march=native -ftree-vectorize" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/auto/vestec1-elixir/projects/biocev/gentoo/etc /etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d /etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo" CONFIG_SHELL="/auto/vestec1-elixir/projects/biocev/gentoo/bin/bash" CXXFLAGS="-O2 -pipe -O2 -pipe -march=native -ftree-vectorize" DISTDIR="/auto/vestec1-elixir/projects/biocev/gentoo/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news nostrip parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans unprivileged" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" MAKEOPTS="-j64" PKGDIR="/auto/vestec1-elixir/projects/biocev/gentoo/var/cache/binpkgs" PORTAGE_CONFIGROOT="/auto/vestec1-elixir/projects/biocev/gentoo/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/auto/vestec1-elixir/projects/biocev/gentoo/var/tmp" SHELL="/auto/vestec1-elixir/projects/biocev/gentoo/bin/bash" USE="X a52 aac acl acpi alsa amd64 amr amrenc aom apache apache2 archive armadillo asm audit av1 avx avx2 berkdb blas bluetooth bluray bmp boost bz2 bzip2 cairo caps cdda cdio cdr cdrom cgi chromium cli codec2 coin cpudetection cracklib crypt cryptlib cryptsetup cups curl cxx dav1d device-mapper dhcp directfb directx dri dri3 drm dvbpsi dvd dvda dxf dxva2 egl elogind emboss encode eselect-ldso exif faad fax fbcon fdk ffmpeg fftw flac fontconfig foomatic fortran gbm gcrypt gd gdal gdbm geoip geolocation georeferencer geos gimp glpk gml gmp gnutls gps grass gstreamer gtk gtk3 h.264 h.265 h264 h265 hal haptic hdf5 heif hevc hpijs hwdb iconv id3tag imaging innodb inotify iproute2 ipv6 java javafx javascript jbig jce jpeg jpeg2k jpg js jscript kdrive keymap kms ladspa lapack laptop las lcms libaom libdrm libkms libnotify librtmp libsoxr libtesseract libtirpc libv4l libxml2 live lm-sensors lm_sensors lz4 lzma mad mariadb matroska mjpeg mmal mmx modemmanager mp3 mpeg mtp mysql ncurses netcdf networkmanager nfs nls nptl nptlonly nscd nss ntfsprogs nvenc objc ocr odbc ogdi ogg openal opencl opengl openh264 openmp openssl opus parport pbs pcre pcre16 pcsc-lite pdal pdf perl php png polar polkit postgres ppds pppd prefix python qemu qml qt3support qt4 qt5 rav1e readline rendering resolvconf romio rubberband scanner seccomp server session sha slideshow smartcard sndfile sndio split-usr sqlite srt sse sse2 sse3 sse4_1 sse4_2 ssh ssl sslv3 ssse3 startup-notification suexec svg svt-av1 syslog tcl tcpd test-rust threads tiff tk tkip tools truetype twolame udev unicode unwind upnp usb v4l v4l2 vaapi vidstab vim-syntax virtualbox vmaf vnc vorbis vp8 vp9 vpx vulkan wavpack wayland webp wifi x11 x264 x265 xa xcb xephyr xft xls xml xmp xorg xrandr xv xvfb xvid xvmc zip zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 avx512f avx512dq avx512cd avx512bw avx512vl f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LANG, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
Many CONFIG_PROTECT and CONFIG_PROTECT_MASK entries come from env.d files installed by various packages. I think each package would need to be fixed independently. % grep -RF CONFIG_PROTECT /etc/env.d /etc/env.d/78kf:CONFIG_PROTECT=/usr/share/config /etc/env.d/51dconf:CONFIG_PROTECT_MASK="/etc/dconf" /etc/env.d/09sandbox:CONFIG_PROTECT_MASK="/etc/sandbox.d" /etc/env.d/50baselayout:CONFIG_PROTECT_MASK="/etc/gentoo-release" /etc/env.d/37fontconfig:CONFIG_PROTECT_MASK="/etc/fonts/fonts.conf" /etc/env.d/99gentoolkit-env:CONFIG_PROTECT_MASK="/etc/revdep-rebuild" /etc/env.d/98ca-certificates:CONFIG_PROTECT_MASK="/etc/ca-certificates.conf" /etc/env.d/30gnupg:CONFIG_PROTECT=/usr/share/gnupg/qualified.txt % grep -RFl CONFIG_PROTECT /etc/env.d | xargs qfile app-crypt/gnupg: /etc/env.d/30gnupg app-misc/ca-certificates: /etc/env.d/98ca-certificates app-portage/gentoolkit: /etc/env.d/99gentoolkit-env gnome-base/dconf: /etc/env.d/51dconf kde-frameworks/kf-env: /etc/env.d/78kf media-libs/fontconfig: /etc/env.d/37fontconfig sys-apps/baselayout: /etc/env.d/50baselayout sys-apps/sandbox: /etc/env.d/09sandbox In general, you'll need to hunt down where each of the entries is coming from so we can fix it at the source.
Wow! Here we go: $ grep -RF CONFIG_PROTECT /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/09sandbox:CONFIG_PROTECT_MASK="/etc/sandbox.d" /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/50baselayout:CONFIG_PROTECT_MASK="/etc/gentoo-release" /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/50ncurses:CONFIG_PROTECT_MASK="/etc/terminfo" /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/30gnupg:CONFIG_PROTECT=/usr/share/gnupg/qualified.txt $ grep -RFl CONFIG_PROTECT /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d | xargs qfile app-crypt/gnupg: /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/30gnupg app-misc/ca-certificates: /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/98ca-certificates sys-apps/baselayout: /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/50baselayout sys-apps/sandbox: /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/09sandbox sys-libs/ncurses: /auto/vestec1-elixir/projects/biocev/gentoo/etc/env.d/50ncurses $ I think Gentoo::Prefix used to have wrapper functions to EPREFIXify the paths during package install and qmerge steps. But at the moment only a few packages are the culprit.
Since CONFIG_PROTECT and CONFIG_PROTECT_MASK comes from the profiles, they cannot respect EPREFIX. Therefore, they are an exception, and EPREFIX is prepended to the paths from them at runtime. So, these not being prefixed is intentional. It is not nice, but no other way possible, sorry.
