diff --git a/lib/puppet/provider/bootstrap_rpm/bootstrap_rpm.rb b/lib/puppet/provider/bootstrap_rpm/bootstrap_rpm.rb
index f92ed42d..4c203fac 100644
--- a/lib/puppet/provider/bootstrap_rpm/bootstrap_rpm.rb
+++ b/lib/puppet/provider/bootstrap_rpm/bootstrap_rpm.rb
@@ -38,8 +38,10 @@ def symlink=(value)
     link_rpm(value)
   end
 
-  def latest_rpm
-    rpms = Dir.glob("#{resource[:dest]}/#{resource[:name]}*.noarch.rpm")
+  def latest_rpm(source: false)
+    extension = source ? 'src.rpm' : 'noarch.rpm'
+
+    rpms = Dir.glob("#{resource[:dest]}/#{resource[:name]}*.#{extension}")
     rpms = rpms.reject { |rpm| rpm.end_with?("latest.noarch.rpm") }
 
     return false if rpms.empty?
@@ -89,7 +91,7 @@ def release
   end
 
   def build_rpm
-    output = rpmbuild(
+    rpmbuild(
       '-ba',
       File.join(spec_dir, "#{resource[:name]}.spec"),
       '--define', "_topdir #{base_dir}",
@@ -100,10 +102,17 @@ def build_rpm
 
   def copy_rpm
     FileUtils.copy(built_rpm, resource[:dest])
+    set_ownership(latest_rpm)
   end
 
   def copy_srpm
     FileUtils.copy(built_srpm, resource[:dest])
+    set_ownership(latest_rpm(source: true))
+  end
+
+  def set_ownership(file)
+    File.chmod(resource[:mode].to_i(8), file)
+    FileUtils.chown(resource[:owner], resource[:group], file)
   end
 
   def rpm_changed?
diff --git a/lib/puppet/type/bootstrap_rpm.rb b/lib/puppet/type/bootstrap_rpm.rb
index 9fb93d11..b2e2b489 100644
--- a/lib/puppet/type/bootstrap_rpm.rb
+++ b/lib/puppet/type/bootstrap_rpm.rb
@@ -62,27 +62,4 @@ def insync?(is)
   def refresh
     provider.create
   end
-
-  def generate
-    file_opts = {
-      ensure: (self[:ensure] == :absent) ? :absent : :file,
-      path: "#{self[:dest]}/#{self[:name]}",
-    }
-
-    [:owner,
-     :group,
-     :mode].each do |param|
-      file_opts[param] = self[param] unless self[param].nil?
-    end
-
-    excluded_metaparams = [:before, :notify, :require, :subscribe, :tag]
-
-    Puppet::Type.metaparams.each do |metaparam|
-      unless self[metaparam].nil? || excluded_metaparams.include?(metaparam)
-        file_opts[metaparam] = self[metaparam]
-      end
-    end
-
-    [Puppet::Type.type(:file).new(file_opts)]
-  end
 end
diff --git a/spec/acceptance/bootstrap_rpm_spec.rb b/spec/acceptance/bootstrap_rpm_spec.rb
index cc480c7c..a7f41916 100644
--- a/spec/acceptance/bootstrap_rpm_spec.rb
+++ b/spec/acceptance/bootstrap_rpm_spec.rb
@@ -35,6 +35,13 @@
       it { should be_grouped_into 'root' }
     end
 
+    describe file("/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-1.src.rpm") do
+      it { should be_file }
+      it { should be_mode 644 }
+      it { should be_owned_by 'root' }
+      it { should be_grouped_into 'root' }
+    end
+
     describe file("/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-2.noarch.rpm") do
       it { should_not exist }
     end
@@ -213,4 +220,54 @@ class { 'foreman_proxy_content::bootstrap_rpm':
       it { should be_linked_to "/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-10.noarch.rpm" }
     end
   end
+
+  context 'generates bootstrapm RPM with proper mode with 0077 umask' do
+    before(:all) do
+      on hosts, 'rm -rf /var/www/html/pub/*rpm'
+      on hosts, "echo 'umask 0077' > /etc/profile.d/umask.sh"
+    end
+
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        include foreman_proxy_content::bootstrap_rpm
+        PUPPET
+      end
+    end
+
+    describe file("/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-1.noarch.rpm") do
+      it { should be_file }
+      it { should be_mode 644 }
+      it { should be_owned_by 'root' }
+      it { should be_grouped_into 'root' }
+    end
+  end
+
+  context 'correctly sets the mode on subsequent RPMs' do
+    it 'applies again without error' do
+      apply_manifest(
+        "class { 'foreman_proxy_content::bootstrap_rpm': rhsm_port => 8447, }",
+        catch_failures: true
+      )
+    end
+
+    describe file("/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-2.noarch.rpm") do
+      it { should be_file }
+      it { should be_mode 644 }
+      it { should be_owned_by 'root' }
+      it { should be_grouped_into 'root' }
+    end
+
+    describe file("/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-2.src.rpm") do
+      it { should be_file }
+      it { should be_mode 644 }
+      it { should be_owned_by 'root' }
+      it { should be_grouped_into 'root' }
+    end
+
+    describe file('/var/www/html/pub/katello-ca-consumer-latest.noarch.rpm') do
+      it { should be_symlink }
+      it { should be_linked_to "/var/www/html/pub/katello-ca-consumer-#{host_inventory['fqdn']}-1.0-2.noarch.rpm" }
+    end
+  end
 end