I confirm [killruana@fanstasmic tmp]$ gpg --verify libgcrypt-1.6.0-1-i686.pkg.tar.xz.sig gpg: Signature made Mon Dec 16 23:30:48 2013 CET using RSA key ID 0F2A092B gpg: Good signature from "Andreas Radke <andyrtr@archlinux.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: ADC8 A1FC C15E 01D4 5310 419E 9465 7AB2 0F2A 092B [killruana@fanstasmic tmp]$ sha512sum libgcrypt-1.6.0-1-i686.pkg.tar.xz eb4344f7a5602aa061575b2014abea21eb20c395f063d24904c914ea49ffaaa3cb31023b17ed2221bdd483676bd15194a0df748a6914d74cfaec8d76274d1036 libgcrypt-1.6.0-1-i686.pkg.tar.xz Le 14/01/2014 13:13, Damjan a écrit :
On 13.01.2014 22:52, Thomas Bächler wrote:
Am 13.01.2014 22:48, schrieb Mark Lee:
Salutations,
All right then; if it works for you guys. Will an announcement be made on the arch website to ensure the upgrade doesn't break more systems or will we continue the wait game and hope that all the mirrors sync and the issue just goes away?
As Lukas pointed out by now, a mistake was made when moving the packages, and libgcrypt was moved 20 minutes after the rest of the packages. Any mirror that synced in that timeframe will have an inconsistent state.
There is no point in announcing anything, since all mirrors should have the corrected files already, and whoever didn't break their systems by now won't break them.
I've had the problem on both my Arch computers.
I'll have to manually install libgcrypt-1.6.0-1 now without checking its signature. Which is a bit scary :)
Can anyone confirm the checksum of the 32bit package file? I used sha512sum /var/cache/pacman/pkg/libgcrypt-1.6.0-1-i686.pkg.tar.xz
eb4344f7a5602aa061575b2014abea21eb20c395f063d24904c914ea49ffaaa3cb31023b17ed2221bdd483676bd15194a0df748a6914d74cfaec8d76274d1036