By default, stage3 tarballs come with an empty "/var/db/repos/" folder. This leads to the initial sync and any subsequent sync being done by root. This issue has been described for different sync methods: - webrsync: bug 707980 - git and rsync: bug 941605 I wish for a portage:portage owned empty "/var/db/repos/gentoo" folder to be provided with the stage3 tarball in order to ensure that repo syncs are done by the "portage" user, at least, for the official repo. Reproducible: Always Steps to Reproduce: 1. rm -rf /var/db/repos/gentoo 2. emaint --auto sync Actual Results: $ ps au | grep rsync root 7294 3.6 0.4 619008 35056 pts/1 S+ 09:23 0:02 rsync --recursive --links --safe-links --perms --tim root 7295 15.0 0.3 692000 27808 pts/1 S+ 09:23 0:09 rsync --recursive --links --safe-links --perms --tim Expected Results: $ ps au | grep rsync portage 7294 3.6 0.4 619008 35056 pts/1 S+ 09:23 0:02 rsync --recursive --links --safe-links --perms --tim portage 7295 15.0 0.3 692000 27808 pts/1 S+ 09:23 0:09 rsync --recursive --links --safe-links --perms --tim Obviously, this won't mitigate the problems of syncs done by root for overlays which were added with eselect-repository: https://github.com/projg2/eselect-repository/issues/30 At least, however, this covers the more important offial repo.
We should probably do this as it's an easy workaround. It'll also remove the scary warning on first sync I think for non-existent dir. But one question is if it's going to break people who are relying on being able to mount there in a stage3.
(In reply to Sam James from comment #1) > We should probably do this as it's an easy workaround. It'll also remove the > scary warning on first sync I think for non-existent dir. Yes. I'll have a look. > But one question is if it's going to break people who are relying on being > able to mount there in a stage3. I dont think this is a problem anymore. As far as I know, if you mount on a directory that has contents, the contents are just silently shadowed.
commit b51ceb558a282b8fdfc3952f81be037caa3d5fbe Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Tue Jan 21 22:46:50 2025 +0100 Ensure that the repo_base directory is owned by portage:portage This allows emerge to use usersync from the start Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
commit b51ceb558a282b8fdfc3952f81be037caa3d5fbe Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: Tue Jan 21 22:46:50 2025 +0100 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: Tue Jan 21 22:51:07 2025 +0100 Ensure that the repo_base directory is owned by portage:portage This allows emerge to use usersync from the start Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> catalyst/base/stagebase.py | 5 +++++ 1 file changed, 5 insertions(+) This is fixed with the next stage builds.
I wonder whether it's a good idea to default to syncing repos as the same user that's used for building packages with userpriv... should a package being built have write access to repositories?
