rpmlint check for ghost files without %attr()

[darix]

having all permissions bits set to 0 should be rarely a valid case. rpmlint should warn packagers if they forgot to set the mode.

and in combination with systemd-tmpfiles it should ideally check that the mode is the same as in the tmpfiles.d config.

This mostlikely happens if you %ghost non existing files, which more recent rpm allows.

[marxin]

@mgerstner What do you think about it? Can you please somehow include it to a check?

[mgerstner]

I don't think that this is a security related topic. A file with a mode of 0 is pretty safe ...

So I would say it is more regular quality asszrabce that could go into the mainline rpmlint checks.

Coupling this with a check of systemd-tmpfiles contents could become tricky / costly is my first impression. The check would need to lookup systemd-tmpfiles configuration files shipped in the same package (if it even is in the same package) and then compare its contents against the paths of all other files in the package.

[darix]

https://bugzilla.opensuse.org/show_bug.cgi?id=1223578

[danigm]

I've just created a PR with a new check to warn about files without permissions, what do you think about this? https://github.com/rpm-software-management/rpmlint/pull/1230/files