See https://bugs.gentoo.org/838223#c14. The issue is that with FEATURES="userpriv", Portage still runs git as root (which we noticed because of poor interaction with git's new "safe directory" functionality). See https://github.com/gentoo/portage/pull/818#discussion_r850685334 for the interaction with gemato: "The files gnupg files generated by gemato will be owned by root, but we need to run git as non-root to avoid the "'/var/db/repos/gentoo' is owned by someone else" error. I think we would need to invoke the gemato setup code (self._get_openpgp_env()) as the appropriate non-root user."
Isn't 'userfetch' the one that is supposed to make git run as non-root? From man make.conf: userfetch When portage is run as root, drop privileges to portage:portage during the fetching of package sources. userpriv Allow portage to drop root privileges and compile packages as portage:portage without a sandbox (unless usersandbox is also used). usersandbox Enable the sandbox in the compile phase, when running without root privs (userpriv). usersync Drop privileges to the owner of ${repository_location} for emerge(1) --sync operations. Note that this feature assumes that all subdi‐ rectories of ${repository_location} have the same ownership as ${repository_location} itself. It is the user's responsibility to ensure correct ownership, since otherwise Portage would have to waste time validating ownership for each and every sync operation.
(In reply to Emanuel Czirai from comment #1) I actually think we are talking about "usersync" here, not "userfetch" or "userpriv".
flow, could I tempt you into looking at this?
