updated vendor

vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go

@@ -178,6 +178,18 @@ type Config struct {
 	// When set to true, a key without flags is treated as if all flags are enabled.
 	// This behavior is consistent with GPG.
 	InsecureAllowAllKeyFlagsWhenMissing bool
+	// InsecureGenerateNonCriticalKeyFlags causes the "Key Flags" signature subpacket
+	// to be non-critical in newly generated signatures.
+	// This may be needed for keys to be accepted by older clients who do not recognize
+	// the subpacket.
+	// For example, rpm 4.14.3-150400.59.3.1 in OpenSUSE Leap 15.4 does not recognize it.
+	InsecureGenerateNonCriticalKeyFlags bool
+	// InsecureGenerateNonCriticalSignatureCreationTime causes the "Signature Creation Time" signature subpacket
+	// to be non-critical in newly generated signatures.
+	// This may be needed for keys to be accepted by older clients who do not recognize
+	// the subpacket.
+	// For example, yum 3.4.3-168 in CentOS 7 and yum 3.4.3-158 in Amazon Linux 2 do not recognize it.
+	InsecureGenerateNonCriticalSignatureCreationTime bool
 
 	// MaxDecompressedMessageSize specifies the maximum number of bytes that can be
 	// read from a compressed packet. This serves as an upper limit to prevent
@@ -420,6 +432,20 @@ func (c *Config) AllowAllKeyFlagsWhenMissing() bool {
 	return c.InsecureAllowAllKeyFlagsWhenMissing
 }
 
+func (c *Config) GenerateNonCriticalKeyFlags() bool {
+	if c == nil {
+		return false
+	}
+	return c.InsecureGenerateNonCriticalKeyFlags
+}
+
+func (c *Config) GenerateNonCriticalSignatureCreationTime() bool {
+	if c == nil {
+		return false
+	}
+	return c.InsecureGenerateNonCriticalSignatureCreationTime
+}
+
 func (c *Config) DecompressedMessageSizeLimit() *int64 {
 	if c == nil {
 		return nil

vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go

@@ -933,7 +933,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
 		}
 		sig.Notations = append(sig.Notations, &notation)
 	}
-	sig.outSubpackets, err = sig.buildSubpackets(priv.PublicKey)
+	sig.outSubpackets, err = sig.buildSubpackets(priv.PublicKey, config)
 	if err != nil {
 		return err
 	}
@@ -1254,11 +1254,11 @@ type outputSubpacket struct {
 	contents      []byte
 }
 
-func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubpacket, err error) {
+func (sig *Signature) buildSubpackets(issuer PublicKey, config *Config) (subpackets []outputSubpacket, err error) {
 	creationTime := make([]byte, 4)
 	binary.BigEndian.PutUint32(creationTime, uint32(sig.CreationTime.Unix()))
 	// Signature Creation Time
-	subpackets = append(subpackets, outputSubpacket{true, creationTimeSubpacket, true, creationTime})
+	subpackets = append(subpackets, outputSubpacket{true, creationTimeSubpacket, !config.GenerateNonCriticalSignatureCreationTime(), creationTime})
 	// Signature Expiration Time
 	if sig.SigLifetimeSecs != nil && *sig.SigLifetimeSecs != 0 {
 		sigLifetime := make([]byte, 4)
@@ -1357,7 +1357,7 @@ func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubp
 		if sig.FlagGroupKey {
 			flags |= KeyFlagGroupKey
 		}
-		subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, true, []byte{flags}})
+		subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, !config.GenerateNonCriticalKeyFlags(), []byte{flags}})
 	}
 	// Signer's User ID
 	if sig.SignerUserId != nil {