Updating the system to app-misc/ca-certificates-20210119.3.64 has triggered a huge etc-update requirement: * IMPORTANT: 125 config files in '/etc' need updating. * See the CONFIGURATION FILES and CONFIGURATION FILES UPDATE TOOLS * sections of the emerge man page to learn how to update config files. * After world updates, it is important to remove obsolete packages with * emerge --depclean. Refer to `man emerge` for more information. Looking at the changes they all seem to be symlink updates from absolute to relative paths, e.g.: Showing differences between /etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem and /etc/ssl/certs/._cfg0000_AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem --- /tmp/etc-update-282755/symdiff-QUJ/0 2021-04-19 01:53:20.842868970 -0700 +++ /tmp/etc-update-282755/symdiff-QUJ/1 2021-04-19 01:53:20.842868970 -0700 @@ -1 +1 @@ -SYM: /etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem -> /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt +SYM: /etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem -> ../../../usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt The amount of updates seems to vary from host to host. Reproducible: Always Expected Results: These should be auto merged instead of prompting the user. >>> emerge --info Portage 3.0.18 (python 3.8.9-final-0, default/linux/amd64/17.1/no-multilib/hardened, gcc-9.3.0, glibc-2.33, 5.11.14-gentoo x86_64) ================================================================= System uname: Linux-5.11.14-gentoo-x86_64-Intel-R-_Celeron-R-_CPU_N3450_@_1.10GHz-with-glibc2.2.5 KiB Mem: 8006844 total, 4957904 free KiB Swap: 2097148 total, 1961980 free Timestamp of repository gentoo: Mon, 19 Apr 2021 02:00:01 +0000 Head commit of repository gentoo: 4f5e17d44555e6be9d3050c6d779cbb0665952c5 sh bash 5.1_p4 ld GNU ld (Gentoo 2.35.2 p1) 2.35.2 app-shells/bash: 5.1_p4::gentoo dev-lang/perl: 5.32.1::gentoo dev-lang/python: 3.8.9::gentoo, 3.9.4::gentoo dev-lang/rust: 1.51.0-r2::gentoo dev-util/cmake: 3.20.1::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.7-r2::gentoo sys-apps/openrc: 0.42.1-r1::gentoo sys-apps/sandbox: 2.23::gentoo sys-devel/autoconf: 2.69-r5::gentoo sys-devel/automake: 1.16.3-r1::gentoo sys-devel/binutils: 2.35.2::gentoo sys-devel/gcc: 9.3.0-r2::gentoo sys-devel/gcc-config: 2.4::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.11::gentoo (virtual/os-headers) sys-libs/glibc: 2.33::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: yes sync-rsync-verify-jobs: 1 sync-rsync-verify-max-age: 24 sync-rsync-extra-opts: sinustrom location: /var/lib/layman/sinustrom sync-type: laymansync sync-uri: https://github.com/zpuskas/sinustrom-gentoo-overlay.git masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/" LANG="en_US.utf8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="7zip acl acpi aes amd64 bash-completion bzip2 crypt gmp hardened iconv ipv6 libglvnd libtirpc lzma mmx mmxext ncurses networkmanager nls nptl opencl opengl openmp pam pcre pie popcnt posix readline seccomp smp sockets split-usr sse sse2 sse3 sse4_1 sse4_2 ssl ssp ssse3 threads uicode unicode usb vim-syntax xattr xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_8" PYTHON_TARGETS="python3_8" RUBY_TARGETS="ruby26" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS
When update-ca-certificates is run without --root, it generates absolute symlinks. When it is run with --root, it generates relative symlinks. You probably ran update-ca-certificates manually without --root at some point, and then the ebuild ran it with --root. We should probably update ca-certificates-20150426-root.patch to make the behavior more consistent.
Yes, I ran update-ca-certificates without the --root option, because I needed to add a certificate from /usr/local/share/ca-certificates. I was not aware of the Gentoo specific patched in --root option, since: - `man update-ca-certificates` contains no references to it - https://wiki.gentoo.org/wiki/Certificates contains no references to it I just also ran update-ca-certificates with the --help option, again no explanation. The patch itself also has no relevant comments added to it. If this is option is required it probably should be documented somewhere.
(In reply to Zoltan Puskas from comment #2) > If this is option is required it probably should be documented somewhere. The option is not required. Adding it to the man page sounds like a good idea regardless.