Description of problem:

In the production C9S compose [1], the jq-1.6-15.el9.aarch64.rpm is signed correctly. In the development C9S compose [2], the jq-1.6-15.el9.aarch64.rpm is now unsigned. It is also unsigned in CentOS Koji [3] now. This is problematic because it now cannot be used in gpg enabled repos (i.e. AutoSD compose).

The rpm signatures being stripped in post seems to be a bug or unwanted modification to the rpm.

[1]: https://mirror.stream.centos.org/9-stream/AppStream/aarch64/os/Packages/jq-1.6-15.el9.aarch64.rpm
[2]: https://composes.stream.centos.org/development/latest-CentOS-Stream/compose/AppStream/aarch64/os/Packages/jq-1.6-15.el9.aarch64.rpm
[3]: https://kojihub.stream.centos.org/kojifiles/packages/jq/1.6/15.el9/aarch64/jq-1.6-15.el9.aarch64.rpm

Version-Release number of selected component (if applicable):

jq-1.6-15.el9

How reproducible:

Easy to reproduce.

Steps to Reproduce:
1. Download rpm from development compose or koji directly (See [2] or [3]
   in the description above)
2. Verify the signature with `rpm -qpi`
   rpm -qpi jq-1.6-15.el9.aarch64.rpm
3. Confirm that Signature field is empty
   eg. Signature   : (none)

Actual results:

  Signature   : (none)

Expected results:

  Signature   : RSA/SHA256, Tue 11 Apr 2023 08:25:58 PM CEST, Key ID 05b555b38483c65d

Additional info: