FilesCheck: warn about files with zero perms

See rpm-software-management#878

rpmlint/checks/FilesCheck.py

@@ -570,6 +570,10 @@ def _check_file(self, pkg, fname, pkgfile):
 
         self._check_file_crond(pkg, fname, pkgfile)
 
+        # files with all permissions bits as zero
+        # https://github.com/rpm-software-management/rpmlint/issues/878
+        self._check_file_zero_perms(pkg, fname, pkgfile)
+
     def _check_file_manpage(self, pkg, fname):
         """
         Check if the the manual page is compressed with the compression method
@@ -629,6 +633,12 @@ def _check_file_crond(self, pkg, fname, pkgfile):
         if stat.S_IWGRP & mode or stat.S_IWOTH & mode:
             self.output.add_info('E', pkg, 'non-owner-writeable-only-crontab-file', fname)
 
+    def _check_file_zero_perms(self, pkg, fname, pkgfile):
+        mode = pkgfile.mode
+        perm = mode & 0o7777
+        if not perm:
+            self.output.add_info('W', pkg, 'zero-perms', fname, '%o' % perm)
+
     def _check_file_unexpandaed_macro(self, pkg, fname):
         for match in self.macro_regex.findall(fname):
             self.output.add_info('W', pkg, 'unexpanded-macro', fname, match)

rpmlint/descriptions/FilesCheck.toml

@@ -409,3 +409,11 @@ A file in /usr/bin is a link to a script in a different place with a shebang.
 rpm won't be able to inject the needed interpreter as dependency, so it should
 be done manually.
 """
+
+zero-perms="""
+Your package contains a file with no permissions. This is usually an error
+because the file won't be accessible by any user. You should check the file
+permissions and ensure that are correct or fix it using "%attr" macro in %files
+section.
+http://ftp.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html
+"""

rpmlint/pkg.py

@@ -844,6 +844,7 @@ def _mock_file(self, path, attrs):
 
         if attrs.get('is_dir', False):
             self.add_dir(path, metadata=metadata)
+            return
 
         content = ''
         if 'content-path' in attrs:
@@ -878,6 +879,10 @@ def create_files(self, files):
     def add_dir(self, path, metadata=None):
         pkgdir = PkgFile(path)
         pkgdir.magic = 'directory'
+
+        path = os.path.join(self.dir_name(), path.lstrip('/'))
+        os.makedirs(Path(path), exist_ok=True)
+
         pkgdir.path = path
         self.files[path] = pkgdir
 

test/test_files.py

@@ -1,6 +1,8 @@
+import re
 import stat
 
 import pytest
+import rpm
 from rpmlint.checks.FilesCheck import FilesCheck
 from rpmlint.checks.FilesCheck import pyc_magic_from_chunk, pyc_mtime_from_chunk
 from rpmlint.checks.FilesCheck import python_bytecode_to_script as pbts
@@ -333,3 +335,27 @@ def test_directory_without_x_permission2(tmp_path, package, filescheck):
     test.check(get_tested_package(package, tmp_path))
     out = output.print_results(output.results)
     assert 'E: non-standard-dir-perm' in out
+
+
+@pytest.mark.parametrize('package', [
+    get_tested_mock_package(
+        header={'requires': []},
+        files={
+            '/var/lib/pipewire': {'is_dir': True, 'metadata': {'mode': 0o000 | stat.S_IFDIR}},
+            '/var/lib/dir_read': {'is_dir': True, 'metadata': {'mode': 0o755 | stat.S_IFDIR}},
+            '/var/lib/pipewire/ghost_file': {'metadata': {'mode': 0o000, 'flags': rpm.RPMFILE_GHOST}},
+            '/var/lib/pipewire/ghost_file_read': {'metadata': {'mode': 0o644, 'flags': rpm.RPMFILE_GHOST}},
+            '/var/lib/pipewire/normal_file': {'metadata': {'mode': 0o000}},
+            '/var/lib/pipewire/normal_file_read': {'metadata': {'mode': 0o644}},
+        },
+    ),
+])
+def test_files_without_perms(package, output, test):
+    test.check(package)
+    out = output.print_results(output.results)
+    assert re.findall('W: zero-perms .*pipewire ', out)
+    assert re.findall('W: zero-perms .*ghost_file ', out)
+    assert re.findall('W: zero-perms .*normal_file ', out)
+    assert not re.findall('W: zero-perms .*normal_file_read ', out)
+    assert not re.findall('W: zero-perms .*dir_read ', out)
+    assert not re.findall('W: zero-perms .*ghost_file_read ', out)