Description of problem: The Plague build system generates SRPMs that, when checked with rpmlint, report the "strange-permission" warning (perms set to 0666) on all files contained in the RPM. This may be a 'nit', but it would be preferable that SRPMs generated by the build system did not draw ANY warnings or errors when checked with rpmlint (just as it is preferable for new package submittals). Version-Release number of selected component (if applicable): How reproducible: Run rpmlint on a recent plague repo SRPM (such as rkhunter for example) Steps to Reproduce: 1. Install rpmlint 0.75-1.fc4 2. Choose a recent plague repo SRPM 3. rpmlint <some-srpm-package.src.rpm> Actual results: [glhoulette@root plague-results]$ rpmlint rkhunter-1.2.8-1.fc3.src.rpm W: rkhunter strange-permission rkhunter-1.2.7-datestamp.patch 0666 W: rkhunter strange-permission rkhunter-1.2.7-append_log.patch 0666 W: rkhunter strange-permission rkhunter-1.2.8-default_settings-conf.patch 0666 W: rkhunter strange-permission rkhunter-1.2.8.tar.gz 0666 W: rkhunter strange-permission rkhunter-1.2.7-group_log.patch 0666 W: rkhunter strange-permission rkhunter-1.2.8-app_check_default.patch 0666 W: rkhunter strange-permission rkhunter-1.1.8-showfiles.patch 0666 W: rkhunter strange-permission rkhunter-auto_scan.tar.gz 0666 W: rkhunter strange-permission rkhunter-1.1.9-shared_man_search.patch 0666 W: rkhunter strange-permission rkhunter-1.2.8-1.src.sha 0666 W: rkhunter strange-permission rkhunter.spec 0666 W: rkhunter strange-permission rkhunter-1.2.7-manpage.patch 0666 [glhoulette@root plague-results]$ Expected results: [glhoulette@root plague-results]$ rpmlint rkhunter-1.2.8-1.fc3.src.rpm [glhoulette@root plague-results]$ Additional info: Note that *_NONE_* of the original files checked into CVS had perms set to 0666 and that when the SRPM is built locally it does NOT result in an RPM that flags the same (indeed ANY) warnings.
It's not just a nit, see bug 205902. We've ended up having world writable files in several *binary* FE packages because of this.
Sorry for the mis-classification. I had not 'connected the dots' with regards to the possible (ab)use of the cp -p usage in .spec files. I always set the binary install files perms EXPLICITELY as parameters to the __install macro. This might be a good candidate to add some cautionary verbage to: http://fedoraproject.org/wiki/Packaging/Guidelines
Interesting. Fixed in cvs and on build master.