diff --git a/SPECS-EXTENDED/hivex/hivex-1.3.18.tar.gz.sig b/SPECS-EXTENDED/hivex/hivex-1.3.18.tar.gz.sig
deleted file mode 100644
index ee867fdbb5e..00000000000
--- a/SPECS-EXTENDED/hivex/hivex-1.3.18.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAlxJfxkRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKCZBRAAqXBbrDyf+TtXCLZBIrs0MkfrYtQFDxps
-nTNz6sdNXftYl0LKJ6dhEkNwVg0QP31ifX1mQfU4EmJiEOI7qW6xqNLPlwhkKaIP
-qoB7ctesELb3LBhcgjI9lUjaCeGXrWkIHxp9SWC3esGqHIxWVu+BwKmFt1DfAZtH
-KE9gtVO6g5sbCdZEP2b4d/PwsL1vO0glekCkEZ0n3PcOgf0isVU0IUSz2IVhcy6e
-DqY4puYFwopVEpPzzRI9oW/y2XJTTssCM9F420HDnemtUQpx0Uw637MiCRLoN6Or
-PA1IkTzx/01Ub6OKl3gbMoY3s27yOFJToBVkTmYDvZHUJpNRCj7ytaKAIiZ4aan7
-WOi+7h9cvkjcr0OhomN+5bDLg6XpaVj9SPuM3W/AgDaYu6PeSvpr5yAtg3VEArJ3
-Lh4y8b+fh1pzdkLJsvGxK+YpL+ollgTP2y2CAXxgTDv0oMrUI9O4vrNKaOSE4Qnl
-TinMMFaYvuBWzzTKfjhtnFOMI8YvAFHHVDhBSWost2ZR5W6SCd9xXAvMdUQDL3aD
-ReesInrLptdklyKL+4l8miokUfq+U0ASi1PC3+Ek/yk13LtUXHEvXfb9rQlPhOc3
-Fp1278JziKQd7xlkvMuo+Q2PSRGSDaBACqmqjwBaLsPDoz8jsiZOZ/qPg6qcx0kM
-y93C/w1pCcA=
-=YBlx
------END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/hivex/hivex.signatures.json b/SPECS-EXTENDED/hivex/hivex.signatures.json
index 6b4227b62d0..64f620a5d63 100644
--- a/SPECS-EXTENDED/hivex/hivex.signatures.json
+++ b/SPECS-EXTENDED/hivex/hivex.signatures.json
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "hivex-1.3.18.tar.gz": "8a1e788fd9ea9b6e8a99705ebd0ff8a65b1bdee28e319c89c4a965430d0a7445",
-  "hivex-1.3.18.tar.gz.sig": "a571bdac71f53fd95598fe3857b7c3d319d69360d5499c2c41a82bf60a43fad8",
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8"
+  "hivex-1.3.18.tar.gz": "8a1e788fd9ea9b6e8a99705ebd0ff8a65b1bdee28e319c89c4a965430d0a7445"
  }
 }
\ No newline at end of file
diff --git a/SPECS-EXTENDED/hivex/hivex.spec b/SPECS-EXTENDED/hivex/hivex.spec
index 6702ef43d46..99f3154f9d6 100644
--- a/SPECS-EXTENDED/hivex/hivex.spec
+++ b/SPECS-EXTENDED/hivex/hivex.spec
@@ -7,26 +7,15 @@ Distribution:   Mariner
 %bcond_with ocaml
 %endif
 
-# Verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 Name:           hivex
 Version:        1.3.18
-Release:        22%{?dist}
+Release:        23%{?dist}
 Summary:        Read and write Windows Registry binary hive files
 
-License:        LGPLv2
+License:        LGPLv2+
 URL:            http://libguestfs.org/
 
 Source0:        http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz
-%if 0%{verify_tarball_signature}
-Source1:        http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz.sig
-%endif
-
-# Keyring used to verify tarball signature.
-%if 0%{verify_tarball_signature}
-Source2:       libguestfs.keyring
-%endif
 
 # Patches - all upstream since 1.3.18.
 Patch0001:      0001-Win-Hivex-Regedit-Accept-CRLF-line-endings.patch
@@ -65,9 +54,6 @@ BuildRequires:  rubygem(minitest)
 BuildRequires:  rubygem(rdoc)
 BuildRequires:  readline-devel
 BuildRequires:  libxml2-devel
-%if 0%{verify_tarball_signature}
-BuildRequires: gnupg2
-%endif
 
 # https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions
 Provides:      bundled(gnulib)
@@ -180,9 +166,6 @@ ruby-%{name} contains Ruby bindings for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %setup -q
 %autopatch -p1
 
@@ -226,7 +209,8 @@ if ! make check -k; then
 fi
 
 %files -f %{name}.lang
-%doc README LICENSE
+%license LICENSE
+%doc README
 %{_bindir}/hivexget
 %{_bindir}/hivexml
 %{_bindir}/hivexsh
@@ -237,7 +221,6 @@ fi
 
 
 %files devel
-%doc LICENSE
 %{_libdir}/libhivex.so
 %{_mandir}/man3/hivex.3*
 %{_includedir}/hivex.h
@@ -245,7 +228,6 @@ fi
 
 
 %files static
-%doc LICENSE
 %{_libdir}/libhivex.a
 
 
@@ -289,6 +271,10 @@ fi
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.3.18-23
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Thu Oct 14 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.3.18-22
 - Switching to using full number for the 'Release' tag.
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
diff --git a/SPECS-EXTENDED/libnbd/libnbd-1.3.6.tar.gz.sig b/SPECS-EXTENDED/libnbd/libnbd-1.3.6.tar.gz.sig
deleted file mode 100644
index e3728c096f1..00000000000
--- a/SPECS-EXTENDED/libnbd/libnbd-1.3.6.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl6DgywRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKA36hAAqAKRx3OTDzmmwuP7OhpE5J7Vyzvmflk2
-W+7KabBdCT6wJzP7ijIBND3FF/loN7S4Sv0DzlFsF+nZL25cNjillms8opGgaJ80
-Q/CYqEWuJ/c9LaFxbLS9Mt8U4emZjvAZPnYYTWVdV2SO7ee7DlED+WhGMp0aFve9
-dMof4lgiARudzC6AmX2rXtPTdpNzG5nAkZSB6LiddLEqgp60B4MVknqn4QXHENt9
-+C1hJvXDrZNul7a8KJSzXzYmRDS3LPFFFmxX83oAW5a54uqsEuTqyZMkiJbR34f2
-p24XFUDyt32wJBaycBCEL9cGpXvrUHwBCzHiQOYyUg6qnGAzoHlHpMswqF/Rjjh0
-W84/tZKniEoWTJMrB4+R3/xclEG2Z6Xh3ggRzuuNzjHErk1NMNI/f8h9+5ONmAQx
-dWqWqtjgqme0iFtZ9mCljl24lFSPOOIhxh4RkuJ5nzNFlEu3P1MIe12SvfzStBM4
-8FWsxblf648YqLtCwIATHhy7XWzKW2wk9SKhrL/HFdpEAjIw25u6U465lZpFYrkf
-PTYGZd/7g1cwBZn2PpzmLHQNPb+w1bEwabvKTibhN58dkK65ARX8xMYf0zSAy77C
-hUAvkiU/X4wdUcUldQne2F0dBRX1GTk67Mv4MTTCzHcjgUzB9CmnndUEEZl/Y56S
-sGvY+ASaC2A=
-=Xqoy
------END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/libnbd/libnbd.signatures.json b/SPECS-EXTENDED/libnbd/libnbd.signatures.json
index 350f5bf4888..d6225eadc30 100644
--- a/SPECS-EXTENDED/libnbd/libnbd.signatures.json
+++ b/SPECS-EXTENDED/libnbd/libnbd.signatures.json
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "libnbd-1.3.6.tar.gz": "0f3cc65bc69d2e7637ed424b6546bd0af32be2bd58c9e6bdf494074cbb07ac05",
-  "libnbd-1.3.6.tar.gz.sig": "c6308755badfa0f750c816330e4a83ac8e6219aab631a35fe0efdb19dc68bb0a"
+  "libnbd-1.3.6.tar.gz": "0f3cc65bc69d2e7637ed424b6546bd0af32be2bd58c9e6bdf494074cbb07ac05"
  }
 }
\ No newline at end of file
diff --git a/SPECS-EXTENDED/libnbd/libnbd.spec b/SPECS-EXTENDED/libnbd/libnbd.spec
index 1284f153489..eb1bfb793d6 100644
--- a/SPECS-EXTENDED/libnbd/libnbd.spec
+++ b/SPECS-EXTENDED/libnbd/libnbd.spec
@@ -1,6 +1,3 @@
-# If we should verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 # If there are patches which touch autotools files, set this to 1.
 %global patches_touch_autotools %{nil}
 
@@ -9,7 +6,7 @@
 
 Name:           libnbd
 Version:        1.3.6
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        NBD client library in userspace
 
 License:        LGPLv2+
@@ -18,20 +15,11 @@ Distribution:   Mariner
 URL:            https://github.com/libguestfs/libnbd
 
 Source0:        http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz
-Source1:        http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig
-# Keyring used to verify tarball signature.  This contains the single
-# key from here:
-# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex
-Source2:       libguestfs.keyring
 
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool
 %endif
 
-%if 0%{verify_tarball_signature}
-BuildRequires:  gnupg2
-%endif
-
 # For the core library.
 BuildRequires:  gcc
 BuildRequires:  /usr/bin/pod2man
@@ -91,7 +79,7 @@ The key features are:
 
 %package devel
 Summary:        Development headers for %{name}
-License:        LGPLv2+ and BSD
+License:        BSD and LGPLv2+
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 
 
@@ -110,6 +98,7 @@ This package contains OCaml language bindings for %{name}.
 
 %package -n ocaml-%{name}-devel
 Summary:        OCaml language development package for %{name}
+License:        BSD and LGPLv2+
 Requires:       ocaml-%{name}%{?_isa} = %{version}-%{release}
 
 
@@ -135,7 +124,7 @@ python3-%{name} contains Python 3 bindings for %{name}.
 
 %package -n nbdfuse
 Summary:        FUSE support for %{name}
-License:        LGPLv2+ and BSD
+License:        BSD and LGPLv2+
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 
 
@@ -158,9 +147,6 @@ for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %autosetup -p1
 %if 0%{patches_touch_autotools}
 autoreconf -i
@@ -270,6 +256,10 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.3.6-3
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Fri Oct 15 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.3.6-2
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS-EXTENDED/nbdkit/nbdkit-1.20.7.tar.gz.sig b/SPECS-EXTENDED/nbdkit/nbdkit-1.20.7.tar.gz.sig
deleted file mode 100644
index a34b0f1b11b..00000000000
--- a/SPECS-EXTENDED/nbdkit/nbdkit-1.20.7.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl9RT1ERHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKBJ0hAAqp1wLYPDjD+6sGuKVOK8vqEWwzDc6yWx
-+M0h7+/gqwP1ijNihUU0DaFlYMYZInbQMLbyRn4jsHUT1BsAHUk0klEQZYuA4ew0
-yeUao+ktpqwxO0IfrIIKFXpaQ4di3H0NBbpTBHZxRuo4QP1aUtnpy4QQvTk6Ed0l
-rjNwM7G7m4I2QLDWujlZue0aaMKj9NVs30GmjgjvPFAT3qXcRLPbvBGPLpTvnevW
-uY+MoubZotzgSoEafb6/U46HJ39dd68+cr4fpuku7UqjAz0thStBE2WfYsPHnq1c
-7ch14Zr4lMiGKdx72RSfdLQAJuP4SYOldeuHN/qOPtq9njhoIxC9d0AMUFoKPkJ+
-f0mjr51QuEmtwsRCvS/b7yfkrihkmrGeraGe1DCL7BCrX32AOgLdTNWTpRTsCfTM
-O+iEL+JJlP2udtSSH0l8Ao86o+gcDHxY4nlFRodOEMdvlYn81A7TB2O44wgCNfUE
-B33NTQf0oqNOExgqpOD2HvQXVL7bkaN2F3SKL8ns4f95fLdc5JJeV2dWRqr1yauH
-i/oaxtmivJSm1Dc/+QrwCZPnwTeWISsgWcUG267EcgDRN4AQu9wCO8ZDhjhvLRhr
-mDXYjgMb8MvagK8R8k3gjfD7FPeB+r/+F4WDADn9v3V5jcScRtMo3EAG3CwqyI25
-1WyuhcS+edE=
-=Esox
------END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/nbdkit/nbdkit.signatures.json b/SPECS-EXTENDED/nbdkit/nbdkit.signatures.json
index 599963074f7..84e7282644c 100644
--- a/SPECS-EXTENDED/nbdkit/nbdkit.signatures.json
+++ b/SPECS-EXTENDED/nbdkit/nbdkit.signatures.json
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "nbdkit-1.20.7.tar.gz": "999242d56787f69b79eddcd64e5cb2c3071d4bd8ed98dc7da711a09fca8095ec",
-  "nbdkit-1.20.7.tar.gz.sig": "ce2abbbdedd2187d53d327fe3479a513832886730c435932ff37c9b1df584226"
+  "nbdkit-1.20.7.tar.gz": "999242d56787f69b79eddcd64e5cb2c3071d4bd8ed98dc7da711a09fca8095ec"
  }
 }
\ No newline at end of file
diff --git a/SPECS-EXTENDED/nbdkit/nbdkit.spec b/SPECS-EXTENDED/nbdkit/nbdkit.spec
index 6a72570bf48..4e5aa6d0bb8 100644
--- a/SPECS-EXTENDED/nbdkit/nbdkit.spec
+++ b/SPECS-EXTENDED/nbdkit/nbdkit.spec
@@ -29,9 +29,6 @@ Distribution:   Mariner
 ExclusiveArch:  x86_64
 %endif
 
-# If we should verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 # If there are patches which touch autotools files, set this to 1.
 %global patches_touch_autotools %{nil}
 
@@ -40,18 +37,13 @@ ExclusiveArch:  x86_64
 
 Name:           nbdkit
 Version:        1.20.7
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        NBD server
 
 License:        BSD
 URL:            https://github.com/libguestfs/nbdkit
 
 Source0:        http://libguestfs.org/download/nbdkit/%{source_directory}/%{name}-%{version}.tar.gz
-%if 0%{verify_tarball_signature}
-Source1:        http://libguestfs.org/download/nbdkit/%{source_directory}/%{name}-%{version}.tar.gz.sig
-# Keyring used to verify tarball signature.
-Source2:       libguestfs.keyring
-%endif
 
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool
@@ -86,9 +78,6 @@ BuildRequires:  ocaml >= 4.02.2
 BuildRequires:  ruby-devel
 BuildRequires:  tcl-devel
 BuildRequires:  lua-devel
-%if 0%{verify_tarball_signature}
-BuildRequires:  gnupg2
-%endif
 
 # Only for running the test suite:
 BuildRequires:  /usr/bin/certtool
@@ -590,9 +579,6 @@ for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %autosetup -p1
 %if 0%{patches_touch_autotools}
 autoreconf -i
@@ -974,6 +960,10 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.20.7-3
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Fri Apr 30 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.20.7-2
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 - Making binaries paths compatible with CBL-Mariner's paths.
diff --git a/SPECS-EXTENDED/virt-p2v/virt-p2v-1.42.0.tar.gz.sig b/SPECS-EXTENDED/virt-p2v/virt-p2v-1.42.0.tar.gz.sig
deleted file mode 100644
index 3b379ae734a..00000000000
--- a/SPECS-EXTENDED/virt-p2v/virt-p2v-1.42.0.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl3fxr0RHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKDAfA/+PI6/c9bsoFa8VZ9tFW3cYP+9yy9ZK37e
-xq2lwhvEvNPBsSeiZUMK5POOebTOzCrzTZ0LwpGDCy4q83nOE7BM2pDa0zPh461l
-QKYqnfn04h3zx9LNPne1Qj0g5jA0oXtImTDPMwy0VgX9Eqh0Fc/Hc55UHP5UufeN
-LllyNhrxQUXvJ4b0Z/9kPAaJTayk0CQqAI0A008Bmc/EzH2dS/nHQofgiKBCxKah
-pNPI2bTBe/41XjFU1t36Zi/DNixTexXp4KclQX2PlGP3RR6+bJZY/OYH8G8zOS6d
-FnFZ5GdS+Rko+cvcJAGNkewAlkDUzsEAZ016ERDTwM4Fyx9VdcDQc0s07XpkR+jQ
-zM8wsaZjKIp99Snk2SwTDReXnUp/rNm0Wq3HeY3bowWVVdn3ivaDbMzipEoka9mz
-jvxNBUXISf/aenQ//PiqXmV3Q8q9oIZhFiq4/14N5bc8wauDnD+xnzo1u5ciOV69
-32rk3OXAXHMdn/ARpSTtbnv2QCAAjqDRlm4+xQmulZu6DCvnlUHvzsHErz40hrj8
-LMNA1Pw5MW8v72YLJKRDzQ1R6ELcR2SbYGuHYCN0wqDJXh7RAvTFQusYSBdEYC4F
-p9mWi9IWTkoV0RKC2b6nRGkVMpPmwZ4le+sYTawy1P/LM7UCCJHaFCp+pIZ09gVc
-SRk4FEKh1RI=
-=pvKa
------END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/virt-p2v/virt-p2v.signatures.json b/SPECS-EXTENDED/virt-p2v/virt-p2v.signatures.json
index 4f51a337910..034888b471b 100644
--- a/SPECS-EXTENDED/virt-p2v/virt-p2v.signatures.json
+++ b/SPECS-EXTENDED/virt-p2v/virt-p2v.signatures.json
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "virt-p2v-1.42.0.tar.gz": "b1164bde6658646f11e8ff0da36fe5acbedde3445cc8424110c08fc144564e20",
-  "virt-p2v-1.42.0.tar.gz.sig": "3276dc9f458cdfea747d80175ef01a25416f066da074e006c59cdbcfe07f50da"
+  "virt-p2v-1.42.0.tar.gz": "b1164bde6658646f11e8ff0da36fe5acbedde3445cc8424110c08fc144564e20"
  }
 }
\ No newline at end of file
diff --git a/SPECS-EXTENDED/virt-p2v/virt-p2v.spec b/SPECS-EXTENDED/virt-p2v/virt-p2v.spec
index d5453e89aaf..668b37a25fa 100644
--- a/SPECS-EXTENDED/virt-p2v/virt-p2v.spec
+++ b/SPECS-EXTENDED/virt-p2v/virt-p2v.spec
@@ -1,7 +1,5 @@
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
-# Verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
 
 # So far there are no ELF binaries in this package, so the list
 # of files in the debuginfo package will be empty, triggering
@@ -11,8 +9,8 @@ Distribution:   Mariner
 Summary:       Convert a physical machine to run on KVM
 Name:          virt-p2v
 Version:       1.42.0
-Release:       4%{?dist}
-License:       GPLv2+
+Release:       5%{?dist}
+License:       GPLv2+ and LGPLv2+
 
 # virt-p2v works only on x86_64 at the moment.  It requires porting
 # to properly detect the hardware on other architectures, and furthermore
@@ -22,14 +20,6 @@ ExclusiveArch: x86_64
 # Source and patches.
 URL:           http://libguestfs.org/
 Source0:       http://download.libguestfs.org/%{name}/%{name}-%{version}.tar.gz
-%if 0%{verify_tarball_signature}
-Source1:       http://download.libguestfs.org/%{name}/%{name}-%{version}.tar.gz.sig
-%endif
-
-# Keyring used to verify tarball signature.
-%if 0%{verify_tarball_signature}
-Source2:       libguestfs.keyring
-%endif
 
 # Basic build requirements.
 BuildRequires: gcc
@@ -44,9 +34,6 @@ BuildRequires: xz
 BuildRequires: gtk3-devel
 BuildRequires: dbus-devel
 BuildRequires: m4
-%if 0%{verify_tarball_signature}
-BuildRequires: gnupg2
-%endif
 
 # Test suite requirements.
 BuildRequires: /usr/bin/qemu-nbd
@@ -86,9 +73,6 @@ To convert virtual machines from other hypervisors, see virt-v2v.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %setup -q
 %autopatch -p1
 
@@ -119,7 +103,7 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/p2v-release-notes.1*
 
 %files
 %doc README
-%license COPYING
+%license COPYING COPYING.LIB
 %{_bindir}/virt-p2v-make-disk
 %{_bindir}/virt-p2v-make-kickstart
 %{_bindir}/virt-p2v-make-kiwi
@@ -133,6 +117,10 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/p2v-release-notes.1*
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.42.0-5
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Thu Oct 28 2021 Muhammad Falak <mwani@microsft.com> - 1.42.0-4
 - Remove epoch
 
diff --git a/SPECS-EXTENDED/virt-v2v/virt-v2v-1.42.0.tar.gz.sig b/SPECS-EXTENDED/virt-v2v/virt-v2v-1.42.0.tar.gz.sig
deleted file mode 100644
index 6b56583fcab..00000000000
--- a/SPECS-EXTENDED/virt-v2v/virt-v2v-1.42.0.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAl6YQ9QRHHJpY2hAYW5u
-ZXhpYS5vcmcACgkQkXOPc+G3aKAgTBAAiT/ojN14i0NRzpuGSb7I9oupzclVqic8
-c5NIXH8TGYLY9tVMYSsr+uyWu8Qk2lsqV6knXeqbBKot/682v2AlYn6ZpG+cl8tm
-ZKjVSwMwLVdAvV5zTaggEO/Xs8WbtSkmTk184s62804qlc+mv0ngFTGZomKjH4o1
-tHgJnegeR/lppeBnIuhAC/hWo6SyhPul8UnDg3rnByWOX7Qs3p4lY9y5hHv2pQfK
-ezXLDYBBAtQ3oe3p8jh3SCe7GLxxX8oxDCn6l8K7AK4czRMLJ/iykS/iE+E1bazM
-V7rUItPfK3MhrWThlekn4u5tOclCDKbK75Hgkb2qjeK9Ctad80boXnNEnIv0UWFr
-SaqCKmJrOtohn2oR/aUmTXm2u09jy+nQTRhvqy/2TNTdExCa1A6n7r0EcEJQMQPX
-DK34+cbn3J+/+BA9kyH2a2/pTwJBaCk4PCXyrxWAkHyLUt9HZwmtPXUeBhq/iMIf
-QZSo/LgXTTNEpsFx5K3xuvy6Ps/IaImeI8xdU2wl252/HN4wY3roZOBNflbTCF2m
-aXFXf6bReZmO9HJg5674zCYkB0N8nSPMaHmv7EWyK7sEMKCUuYnWMiEBHtIZA+dW
-Qp3IdoODkjciwVzJL2E7RhA2GNvwnkay4WYqb0mjAPVktVTnhla7S1hSD8SM6Fs7
-sVAPrKAFidk=
-=l3OH
------END PGP SIGNATURE-----
diff --git a/SPECS-EXTENDED/virt-v2v/virt-v2v.signatures.json b/SPECS-EXTENDED/virt-v2v/virt-v2v.signatures.json
index cc33b8102c1..fdeaee8bef8 100644
--- a/SPECS-EXTENDED/virt-v2v/virt-v2v.signatures.json
+++ b/SPECS-EXTENDED/virt-v2v/virt-v2v.signatures.json
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "virt-v2v-1.42.0.tar.gz": "a177452d990be506e66a7fd986d8a7b727d48158bb564673babe34f94a857547",
-  "virt-v2v-1.42.0.tar.gz.sig": "23c0b0e9984ce2e6ffc913d164af910e0006d9fbb9ea837eb6d601748768243b"
+  "virt-v2v-1.42.0.tar.gz": "a177452d990be506e66a7fd986d8a7b727d48158bb564673babe34f94a857547"
  }
 }
\ No newline at end of file
diff --git a/SPECS-EXTENDED/virt-v2v/virt-v2v.spec b/SPECS-EXTENDED/virt-v2v/virt-v2v.spec
index 6ade6bdd868..a7ffa3e0f27 100644
--- a/SPECS-EXTENDED/virt-v2v/virt-v2v.spec
+++ b/SPECS-EXTENDED/virt-v2v/virt-v2v.spec
@@ -1,8 +1,5 @@
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
-# If we should verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 # If there are patches which touch autotools files, set this to 1.
 %global patches_touch_autotools %{nil}
 
@@ -11,18 +8,13 @@ Distribution:   Mariner
 
 Name:          virt-v2v
 Version:       1.42.0
-Release:       6%{?dist}
+Release:       7%{?dist}
 Summary:       Convert a virtual machine to run on KVM
 
 License:       GPLv2+
 URL:           https://github.com/libguestfs/virt-v2v
 
 Source0:       http://download.libguestfs.org/virt-v2v/%{source_directory}/%{name}-%{version}.tar.gz
-%if 0%{verify_tarball_signature}
-Source1:       http://download.libguestfs.org/virt-v2v/%{source_directory}/%{name}-%{version}.tar.gz.sig
-# Keyring used to verify tarball signature.
-Source2:       libguestfs.keyring
-%endif
 
 # libguestfs hasn't been built on i686 for a while since there is no
 # kernel built for this architecture any longer and libguestfs rather
@@ -64,10 +56,6 @@ BuildRequires: ocaml-ounit-devel
 
 BuildRequires: nbdkit-python-plugin
 
-%if 0%{verify_tarball_signature}
-BuildRequires: gnupg2
-%endif
-
 Requires:      libguestfs%{?_isa} >= 1.40
 Requires:      libguestfs-tools-c >= 1.40
 
@@ -129,9 +117,6 @@ for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %autosetup -p1
 %if 0%{patches_touch_autotools}
 autoreconf -i
@@ -228,6 +213,10 @@ rm -r $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs/dllv2v_test_harness*
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.42.0-7
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Thu Oct 28 2021 Muhammad Falak <mwani@microsft.com> - 1.42.0-6
 - Remove epoch