Dpkg::Backend::GnuPG: Ensure future signing interop with gpg --openpgp

GnuPG upstream has decided to get out of the standardizing process for OpenPGP, and instead is trying to push its own proprietary fork based on an old draft that did not have consensus within the IETF working group. This is going to be a source of interoperability problems, but we can mitigate them somewhat when creating signatures by requiring compliance with the OpenPGP RFC, even if it's going to be locked into an old version, as later ones are not planned to get implemented. More so, given that the latest releases of GnuPG have been switched to default to the proprietary draft.

Dpkg::Backend::GnuPG: Ensure future signing interop with gpg --openpgp
GnuPG upstream has decided to get out of the standardizing process for OpenPGP, and instead is trying to push its own proprietary fork based on an old draft that did not have consensus within the IETF working group. This is going to be a source of interoperability problems, but we can mitigate them somewhat when creating signatures by requiring compliance with the OpenPGP RFC, even if it's going to be locked into an old version, as later ones are not planned to get implemented. More so, given that the latest releases of GnuPG have been switched to default to the proprietary draft.
b83114da · Guillem Jover · eb86aaa9 · b83114da
Commit b83114da authored 2 years ago by Guillem Jover
--- a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
+++ b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm
@@ -257,6 +257,7 @@ sub inline_sign {
    my @exec = ($self->{cmd});
    push @exec, _gpg_options_weak_digests();
    push @exec, qw(--utf8-strings --textmode --armor);
+    push @exec, '--openpgp';
    if ($key->type eq 'keyfile') {
        # Promote the keyfile keyhandle to a keystore, this way we share the
        # same gpg-agent and can get any password cached.