https://bugzilla.redhat.com/show_bug.cgi?id=2174438
--- Comment #6 from Robby Callicotte rcallicotte@mailbox.org --- Review Items ============
In the spec file, the line: install -m 0600 vault-rotate %{buildroot}%{_sysconfdir}/sysconfig/vault-rotate
Generates the following rpmlint error: painless-password-rotation.noarch: E: non-readable /etc/sysconfig/vault-rotate 600
Is this file supposed to be readable only by the root user? According to the guidelines[1], the default mode for files is 644. Please advise.
The following review message was observed: [!]: Packages should try to preserve timestamps of original installed files.
This can be remedied by adding install's "p" flag to the %install lines below: install -m 0755 rotate-linux-password.sh %{buildroot}%{_bindir}/rotate-linux-password.sh install -m 0644 systemd/rotate-password.service %{buildroot}%{_unitdir}/rotate-password.service install -m 0644 systemd/rotate-password.timer %{buildroot}%{_unitdir}/rotate-password.timer install -m 0600 vault-rotate %{buildroot}%{_sysconfdir}/sysconfig/vault-rotate
The following lines:
BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd
Can be simplified with: %{?systemd_requires}
It is your choice if you want to use the short for or not.
[1] - https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_permissions