As far as we know, yes. The initially detected backdoor injected itself only to RPM and DEB build artifacts.

That said, the threat actor was working on it for 2 years so there’s a chance there are other backdoors. People are still reviewing everything they did over that time.