From d28f68f5f694a1317c1c5551e444b0ed95f5f4cd Mon Sep 17 00:00:00 2001
From: Graham Knop <haarg@haarg.org>
Date: Fri, 3 Jun 2022 15:48:12 +0200
Subject: [PATCH] prefer gpg2 when possible

On systems that have both 'gpg' and 'gpg2', 'gpg' will sometimes be gpg
1. Prefer 'gpg2', which is more likely to be the newer version.

This can be important, because gpg 1 does not include the key
fingerprint when generating a signature, instead only including the key
id. This is true for all versions of gpg prior to 2.1.16. And gpg
versions 2.3.0 and newer only support the --auto-key-retrieve option
when the signature includes the fingerprint.
---
 lib/Module/Signature.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Module/Signature.pm b/lib/Module/Signature.pm
index ff89688..7afe16a 100644
--- a/lib/Module/Signature.pm
+++ b/lib/Module/Signature.pm
@@ -232,7 +232,7 @@ sub _which_gpg {
     # Cache it so we don't need to keep checking.
     return $which_gpg if $which_gpg;
 
-    for my $gpg_bin ('gpg', 'gpg2', 'gnupg', 'gnupg2') {
+    for my $gpg_bin ('gpg2', 'gpg', 'gnupg2', 'gnupg') {
         my $version = `$gpg_bin --version 2>&1`;
         if( $version && $version =~ /GnuPG/ ) {
             $which_gpg = $gpg_bin;