--- lib/signature.c.orig	2018-01-05 10:59:06.358348915 +0000
+++ lib/signature.c	2018-01-05 12:25:13.224472739 +0000
@@ -118,6 +118,8 @@ rpmRC rpmGenerateSignature(char *SHA256,
     char *reservedSpace;
     int spaceSize = 32; /* always reserve a bit of space */
     int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}");
+    rpm_off_t size32 = size;
+    rpm_off_t payloadSize32 = payloadSize;
 
     /* Prepare signature */
     if (SHA256) {
@@ -149,21 +151,32 @@ rpmRC rpmGenerateSignature(char *SHA256,
 
     rpmtdReset(&td);
     td.count = 1;
-    if (payloadSize < UINT32_MAX) {
-	rpm_off_t p = payloadSize;
-	rpm_off_t s = size;
-	td.type = RPM_INT32_TYPE;
+    td.type = RPM_INT32_TYPE;
 
-	td.tag = RPMSIGTAG_PAYLOADSIZE;
-	td.data = &p;
-	headerPut(sig, &td, HEADERPUT_DEFAULT);
+    td.tag = RPMSIGTAG_PAYLOADSIZE;
+    td.data = &payloadSize32;
+    headerPut(sig, &td, HEADERPUT_DEFAULT);
 
-	td.tag = RPMSIGTAG_SIZE;
-	td.data = &s;
-	headerPut(sig, &td, HEADERPUT_DEFAULT);
-    } else {
+    td.tag = RPMSIGTAG_SIZE;
+    td.data = &size32;
+    headerPut(sig, &td, HEADERPUT_DEFAULT);
+
+    if (payloadSize >= UINT32_MAX) {
+	/*
+	 * Put the 64bit size variants into the header, but
+         * modify spaceSize so that the resulting header has
+         * the same size. Note that this only works if
+         * RPMSIGTAG_RESERVEDSPACE is the last tag in the header!
+         */
 	rpm_loff_t p = payloadSize;
 	rpm_loff_t s = size;
+        int newsigSize, oldsigSize;
+
+	oldsigSize = headerSizeof(sig, HEADER_MAGIC_YES);
+
+	headerDel(sig, RPMSIGTAG_PAYLOADSIZE);
+	headerDel(sig, RPMSIGTAG_SIZE);
+
 	td.type = RPM_INT64_TYPE;
 
 	td.tag = RPMSIGTAG_LONGARCHIVESIZE;
@@ -174,8 +187,8 @@ rpmRC rpmGenerateSignature(char *SHA256,
 	td.data = &s;
 	headerPut(sig, &td, HEADERPUT_DEFAULT);
 
-	/* adjust for the size difference between 64- and 32bit tags */
-	spaceSize -= 8;
+	newsigSize = headerSizeof(sig, HEADER_MAGIC_YES);
+	spaceSize -= newsigSize - oldsigSize;
     }
 
     if (gpgSize > 0)