KellerFuchs
commented
1 year ago After retrieving the key from openpgp.org, [...] [it] contains no user ID - skipped. Apparently my gpg uses the key server as default.
That's "normal" : keys.openpgp.org expects users to verify (for that one keyserver) that they truly control the email address in their uid, before it will share the uid when someone is looking up that key.
Refusing to import keys without uids sounds like a bug, though: it is perfectly valid for OpenPGP keys not to contain any UID, AFAIK. It is merely an unusual case.
In any case, the keyserver should be sending us a verification email soon.
I'll also Do The Needful so that gpg --locate-keys 'team@hashbang.sh' fetches the key directly from our Web Key Directory server.
After running the installation script without the key imported, it worked to create the account but failed in the end when downloading something and checking signature, probably on download of the known_hosts file
OK, thanks for letting us know!
I tried to sign up via the shell script and couldn't verify the file since I couldn't import the pgp key, it does not find it.
After retrieving the key from openpgp.org, it does not import either and the error given is new key but contains no user ID - skipped. Apparently my gpg uses the key server as default.
when using the command gpg --recv-keys --keyserver hkps://keyserver.ubuntu.com 0xD2C4C74D8FAA96F5 instead, it imported and then the signature can be verified.
After running the installation script without the key imported, it worked to create the account but failed in the end when downloading something and checking signature, probably on download of the known_hosts file