The attached patch makes V4 signatures work
Created attachment 110558 [details] proposed patch
Hmm, V4 signatures define the hash differently than V3. I do not see that change in the patch (but I have not looked deeply at V4 signatures several years now). Are you sure that V4 signatures "work"? If so, very very cool!
Yes V4 sigs work with that patch (although the code should probably check the signature expiration date and check for signature revocations, as gpg does). I was surprised that most of the code was already there, just the removal of the ifdef NOTYET in signature.c, the V3 error message changes and some bugfixes were required.
WORKSFORME! Thanks for identifying my brain fart: -#ifdef NOTYET /* XXX not for binary/text document signatures. */ - if (sigp->sigtype == 4) { - int nb = dig->nbytes + sigp->hashlen; + if (sigp->version == 4) { + int nb = sigp->hashlen; CHeck in on HEAD and rpm-4_4 momentarily, will be in rpm-4.4.1-0.16 and later when built.