Don't allow installing gpg-pubkey packages

People could install gpg-pubkey if they had the ARCH and OS tag set. Do not allow that.
ffesti · Nov 29, 2024 · 5954bac · 5954bac
1 parent d0d2438
commit 5954bac
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/lib/rpmte.cc b/lib/rpmte.cc
@@ -178,6 +178,11 @@ static int addTE(rpmte p, Header h, fnpyKey key, rpmRelocation * relocs)
 	}
     }
 
+    if (p->type != TR_REMOVED && rstreq(p->name, "gpg-pubkey")) {
+	rpmlog(RPMLOG_ERR, "installing gpg-pubkey packages is not allowed. use rpmkeys instead\n");
+	goto exit;
+    }
+
     p->isSource = headerIsSource(h);
 
     p->NEVR = headerGetAsString(h, RPMTAG_NEVR);