diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc
index 85a515e3bd..5b90a0bc1a 100644
--- a/sign/rpmgensig.cc
+++ b/sign/rpmgensig.cc
@@ -699,6 +699,14 @@ static int rpmSign(const char *rpm, int deleting, int flags)
 	    flags &= ~(RPMSIGN_FLAG_RPMV4|RPMSIGN_FLAG_RPMV3);
     }
 
+    if (headerIsSource(h) &&
+	(flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY))) {
+	rpmlog(RPMLOG_DEBUG,
+	       _("File signatures not applicable to "
+	         "source packages, skipping: %s\n"), rpm);
+	flags &= ~(RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY);
+    }
+
     unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
     origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
 
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 63bef22c15..59c1f9bc91 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -1845,4 +1845,19 @@ rpm -qp --qf "[%{filenames}:%{filesignatures}\n]" /data/RPMS/imatest-1.0-1.fc34.
 ],
 [ignore])
 
+RPMTEST_CHECK([
+cp /data/SRPMS/hello-1.0-1.src.rpm /tmp/
+rpmsign --debug --key-id 4344591E1964C5FC \
+	--addsign --signfiles --fskpath=/data/keys/privkey.pem \
+	/tmp/hello-1.0-1.src.rpm 2>&1 | grep "File signatures not applicable"
+# Avoid spurious NOKEY warning
+rpmsign --delsign /tmp/hello-1.0-1.src.rpm
+rpm -qp --qf "[%{filenames}:%{filesignatures}\n]" /tmp/hello-1.0-1.src.rpm
+],
+[0],
+[D: File signatures not applicable to source packages, skipping: /tmp/hello-1.0-1.src.rpm
+hello-1.0.tar.gz:(none)
+],
+[])
+
 RPMTEST_CLEANUP