diff --git a/Makefile.common b/Makefile.common
index f23073c..5b17354 100644
--- a/Makefile.common
+++ b/Makefile.common
@@ -1,88 +1,89 @@
 SHELL = /bin/bash
 TOPLVL = "../."
 
 SPECFILE = $(shell if [ -f package.yml ]; then echo "package.yml"; else echo "pspec.xml"; fi; )
 SPECFILE2 = $(shell if [ -f pspec_x86_64.xml ]; then echo "pspec_x86_64.xml"; else echo "pspec.xml"; fi; )
 TAG=$(shell $(TOPLVL)/common/Scripts/gettag.py $(SPECFILE))
 SOURCE=$(shell basename $(shell dirname $(abspath $(SPECFILE))))
 SIGNTAG=$(shell if [ "$(git config commit.gpgsign)" == "true" ]; then echo "-s"; else echo " "; fi; )
 
 complete:
 	make build
 
 abireport:
 	$(TOPLVL)/common/Go/yabi/yabi *.eopkg
 
 build-stable:
 	sudo solbuild build $(SPECFILE) -p main-x86_64;
 	@echo "=========================================================================="
 	@echo "WARNING: This package was built against -stable and is for local use only."
 	@echo "                                                                          "
 	@echo "         Do NOT publish packages or Differentials built against -stable!!!"
 	@echo "=========================================================================="
 
 build:
 	sudo solbuild build $(SPECFILE) -p unstable-x86_64;
 
 tram:
 	sudo solbuild --transit-manifest unstable build $(SPECFILE) -p unstable-x86_64;
 
 local:
 	sudo solbuild build $(SPECFILE) -p local-unstable-x86_64;
 
 cvecheck:
 	cve-check-tool $(SPECFILE2) -M $(TOPLVL)/common/mapping -o report.html; \
 
 bump:
 	if [[ -e package.yml ]]; then \
 		python /usr/share/ypkg/ybump.py package.yml; \
 	else \
 		$(TOPLVL)/common/Scripts/pbump.py pspec.xml; \
 	fi;
 
 convert:
 	$(TOPLVL)/common/Scripts/yconvert.py pspec.xml;
 
 clean:
 	if [[ `ls *.eopkg` ]]; then \
 		rm *.eopkg -fv;  \
 	fi;
 
 pull:
 	git pull --rebase
 
 publish:
+	sh $(TOPLVL)/common/Scripts/system-base-devel-safety-catch.sh
 	@if [[ `git symbolic-ref HEAD 2>/dev/null` = "refs/heads/master" && `git tag` != *$(TAG)* ]]; then \
 		git tag $(SIGNTAG) -a -m "Publish $(TAG)" $(TAG); \
 		git push --all; \
 		git push --tags; \
 		ssh -4 -p 798 build@getsol.us build "$(SOURCE)" "$(TAG)"; \
 	else \
 		echo "Error: Cannot publish, either not on the master branch or the tag already exists."; \
 	fi;
 
 republish:
 	ssh -4 -p 798 build@getsol.us build "$(SOURCE)" "$(TAG)"
 
 switch-domains:
 	go run $(TOPLVL)/common/Go/switch_repo_domains.go
 
 notify-complete:
 	sh $(TOPLVL)/common/Scripts/buildserver-notification.sh
 
 help:
 	@echo "build           - Build the current package against the unstable repo"
 	@echo "build-stable    - Build the current package against the stable repo (do NOT use for official submissions!)"
 	@echo "tram            - Build the current package against the unstable-x86-64 profile and generate a solbuild transit manifest"
 	@echo "bump            - Bump current release"
 	@echo "convert         - Convert pspec to package.yml"
 	@echo "cvecheck        - Check package for CVEs"
 	@echo "clean           - Clean current tree"
 	@echo "republish       - Rebuild existing tag"
 	@echo "publish         - Tag and publish a release"
 	@echo "pull            - Pull/rebase latest changes"
 	@echo "notify-complete - Get a notification when the build has finished on the buildserver"
 	@echo "switch-domains  - Update local repositories to use correct hostname"
 
 .PHONY:
 	complete
diff --git a/Scripts/system-base-devel-safety-catch.sh b/Scripts/system-base-devel-safety-catch.sh
new file mode 100755
index 0000000..ab79352
--- /dev/null
+++ b/Scripts/system-base-devel-safety-catch.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Safety catch to prevent system.base/system.devel pkgs where there are additions to abi_used_libs from being publishing accidently.
+# Otherwise, if a system.base/system.devel pkg depends on another pkg that isn't in system.base/system.devel the solbuild image will refuse to update.
+
+# FIXME: Check for rundeps changes as well
+
+LAST_COMMIT_DIFF=`git diff @~ @`
+
+if [[ `git grep -E 'system.base|system.devel' package.yml` ]]; then
+    SYSTEM_BASE_DEVEL_PKG=1
+fi
+
+if [[ `grep -E abi_used_libs <<< $LAST_COMMIT_DIFF` ]]; then
+    # Only if the change is an addition
+    ABI_ADDITION=`git diff @~ @ -U0 --word-diff abi_used_libs | grep {+`
+    if [[ $ABI_ADDITION != "" ]]; then
+        CHANGED_ABI_USED_LIBS=1
+    fi
+fi
+
+if [[ ! -z "${SYSTEM_BASE_DEVEL_PKG}" && ! -z "${CHANGED_ABI_USED_LIBS}" ]]; then
+    echo "Found a system.base/system.devel pkg where" $ABI_ADDITION "has been added to abi_used_libs."
+    echo "Please ensure that the package containing" $ABI_ADDITION "is in system.base/system.devel BEFORE continuing."
+    read -p "Press y to continue. If unsure press any other key to abort." prompt
+    if [[ $prompt = "y" ]]; then
+        exit 0
+    else
+        exit 1
+    fi
+fi
+
+#FILES_PATTERN='abi_used_libs'
+#FORBIDDEN='system.base'
+#git diff --cached --name-only | \
+#    grep -E $FILES_PATTERN | \
+#    GREP_COLORS='mt=4;5;37;41' xargs grep --color --with-filename -n $FORBIDDEN && echo 'COMMIT REJECTED Found "$FORBIDDEN" references. Please remove them before commiting' && exit 1