From 2e07ee099268fa0d55f0e1b837aac8a3fe17ae4b Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Thu, 8 Jan 2026 00:05:31 +0100
Subject: [PATCH] Do not install post-quantum GPG keys

At the moment rpm_key fails to process PQC GPG keys while attempting
to check if gpg is installed [1].

Thus, rpm_key needs to start running sequoia instead of gnupg to verify
PQ keys.

Until then, we avoid importing PQC keys.

[1] https://github.com/ansible/ansible/blob/69afa45880c9c03009b178632dccc7c0ffc5b5fa/lib/ansible/modules/rpm_key.py#L240

Change-Id: If176d905411869b55ff1751659f5e46963c9f037
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
---
 templates/prep-scripts/redhat_prep.sh.j2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/templates/prep-scripts/redhat_prep.sh.j2 b/templates/prep-scripts/redhat_prep.sh.j2
index 965a6d7d..0b73afd7 100644
--- a/templates/prep-scripts/redhat_prep.sh.j2
+++ b/templates/prep-scripts/redhat_prep.sh.j2
@@ -6,7 +6,11 @@ set -e -x
 {% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
 
 if [[ -d "/etc/pki/rpm-gpg" ]]; then
-  rpm --import /etc/pki/rpm-gpg/* || true
+  for key in /etc/pki/rpm-gpg/*; do
+    if [[ "${key}" != *-PQC ]]; then
+      rpm --import "${key}" || true
+    fi
+  done
 fi
 
 # The containers do not need the LXC repository (only hosts need it).