I confirm [killruana@fanstasmic tmp]$ gpg --verify libgcrypt-1.6.0-1-i686.pkg.tar.xz.sig gpg: Signature made Mon Dec 16 23:30:48 2013 CET using RSA key ID 0F2A092B gpg: Good signature from "Andreas Radke <andyrtr@xxxxxxxxxxxxx>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: ADC8 A1FC C15E 01D4 5310 419E 9465 7AB2 0F2A 092B [killruana@fanstasmic tmp]$ sha512sum libgcrypt-1.6.0-1-i686.pkg.tar.xz eb4344f7a5602aa061575b2014abea21eb20c395f063d24904c914ea49ffaaa3cb31023b17ed2221bdd483676bd15194a0df748a6914d74cfaec8d76274d1036 libgcrypt-1.6.0-1-i686.pkg.tar.xz Le 14/01/2014 13:13, Damjan a écrit : > On 13.01.2014 22:52, Thomas Bächler wrote: >> Am 13.01.2014 22:48, schrieb Mark Lee: >>> Salutations, >>> >>> All right then; if it works for you guys. Will an announcement be made >>> on the arch website to ensure the upgrade doesn't break more systems or >>> will we continue the wait game and hope that all the mirrors sync and >>> the issue just goes away? >> >> As Lukas pointed out by now, a mistake was made when moving the >> packages, and libgcrypt was moved 20 minutes after the rest of the >> packages. Any mirror that synced in that timeframe will have an >> inconsistent state. >> >> There is no point in announcing anything, since all mirrors should have >> the corrected files already, and whoever didn't break their systems by >> now won't break them. > > I've had the problem on both my Arch computers. > > I'll have to manually install libgcrypt-1.6.0-1 now without checking its > signature. Which is a bit scary :) > > Can anyone confirm the checksum of the 32bit package file? I used > sha512sum /var/cache/pacman/pkg/libgcrypt-1.6.0-1-i686.pkg.tar.xz > > eb4344f7a5602aa061575b2014abea21eb20c395f063d24904c914ea49ffaaa3cb31023b17ed2221bdd483676bd15194a0df748a6914d74cfaec8d76274d1036 > > >
Attachment:
signature.asc
Description: OpenPGP digital signature
