However, in the postinstall section here https://github.com/NVIDIA/yum-packaging-precompiled-kmod/blob/main/yum-kmod-nvidia.spec#L172 the file gets an execute bit set. This causes security tooling we run to be unhappy as the file flags as modified since install (i.e. possible malware). The postld file should be defined with the desired permissions in the rpm spec rather than have them set in the %post section
the postld file defined in the rpm spec file here https://github.com/NVIDIA/yum-packaging-precompiled-kmod/blob/main/yum-kmod-nvidia.spec#L40 is in the rpm database with permissions 0644.
However, in the postinstall section here https://github.com/NVIDIA/yum-packaging-precompiled-kmod/blob/main/yum-kmod-nvidia.spec#L172 the file gets an execute bit set. This causes security tooling we run to be unhappy as the file flags as modified since install (i.e. possible malware). The postld file should be defined with the desired permissions in the rpm spec rather than have them set in the %post section