rpm-4.0.3 ignores the %__gpg macro when checking signatures, executing the gpg from $PATH instead.
Created attachment 36063 [details] Fix
This is the traditional, legacy, behavior of rpm -K