From 5954bac106a68ecf5ad00af8ebaa83efe904b664 Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Fri, 29 Nov 2024 15:28:08 +0100 Subject: [PATCH] Don't allow installing gpg-pubkey packages People could install gpg-pubkey if they had the ARCH and OS tag set. Do not allow that. --- lib/rpmte.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/rpmte.cc b/lib/rpmte.cc index a50c7478b0..c88b1be2aa 100644 --- a/lib/rpmte.cc +++ b/lib/rpmte.cc @@ -178,6 +178,11 @@ static int addTE(rpmte p, Header h, fnpyKey key, rpmRelocation * relocs) } } + if (p->type != TR_REMOVED && rstreq(p->name, "gpg-pubkey")) { + rpmlog(RPMLOG_ERR, "installing gpg-pubkey packages is not allowed. use rpmkeys instead\n"); + goto exit; + } + p->isSource = headerIsSource(h); p->NEVR = headerGetAsString(h, RPMTAG_NEVR);