Package is corrupted PGP signature[SOLVED]

Similar Messages

• [SOLVED]linux-headers upgrade fails with PGP signature error

  Whe trying to upgrade the linux kernel using:
  pacman -S linux linux-headers
  it fails with the following error:
  (2/2) checking package integrity                             [#################################] 100%
  error: linux: signature from "Tobias Powalowski <[email protected]>" is unknown trust
  error: linux-headers: signature from "Tobias Powalowski <[email protected]>" is invalid
  error: failed to commit transaction (invalid or corrupted package (PGP signature))
  Errors occurred, no packages were upgraded.
  I have tried deleting /etc/pacman.d/gnupg and the recreating it with
  pacman-key --init
  , I have also run
  pacman -Syy
  to make sure the repository is up to date.  I read the wiki post about time, but my ntp daemon is running, and I have confirmed that my time is exactly right.
  Last edited by MikeDacre (2013-04-01 23:32:27)

  Hi,
  Sorry, but that doesn't help me.  I can't find any reference in that post to this problem.  I get a similar issue when I try to upgrade mysql:
  >> sudo pacman -S mariadb libmariadbclient mariadb-clients 16:06 Mon 04-01-2013
  resolving dependencies...
  looking for inter-conflicts...
  :: libmariadbclient and libmysqlclient are in conflict. Remove libmysqlclient? [y/N] y
  :: mariadb-clients and mysql-clients are in conflict. Remove mysql-clients? [y/N] y
  :: mariadb and mysql are in conflict. Remove mysql? [y/N] y
  Targets (6): libmysqlclient-5.5.30-6 [removal] mysql-5.5.30-6 [removal]
  mysql-clients-5.5.30-6 [removal] libmariadbclient-5.5.30-2 mariadb-5.5.30-2
  mariadb-clients-5.5.30-2
  Total Download Size: 16.85 MiB
  Total Installed Size: 152.41 MiB
  Net Upgrade Size: 28.51 MiB
  Proceed with installation? [Y/n] y
  :: Retrieving packages from extra...
  libmariadbclient-5.5.30-2-x86_64 6.6 MiB 1479K/s 00:05 [#################################] 100%
  mariadb-clients-5.5.30-2-x86_64 871.8 KiB 421K/s 00:02 [#################################] 100%
  mariadb-5.5.30-2-x86_64 9.4 MiB 440K/s 00:22 [#################################] 100%
  (3/3) checking package integrity [#################################] 100%
  error: libmariadbclient: key "BBE43771487328A9" is unknown
  :: Import PGP key , "Bartlomiej Piotrowski <[email protected]>", created 2011-10-10? [Y/n] y
  error: key "Bartlomiej Piotrowski <[email protected]>" could not be imported
  error: mariadb-clients: key "BBE43771487328A9" is unknown
  :: Import PGP key 487328A9, "Bartlomiej Piotrowski <[email protected]>", created 2011-10-10? [Y/n] y
  (3/3) checking package integrity [#################################] 100%
  error: libmariadbclient: signature from "Bartlomiej Piotrowski <[email protected]>" is unknown trust
  error: mariadb-clients: signature from "Bartlomiej Piotrowski <[email protected]>" is unknown trust
  error: mariadb: signature from "Bartlomiej Piotrowski <[email protected]>" is unknown trust
  error: failed to commit transaction (invalid or corrupted package (PGP signature))
  Errors occurred, no packages were upgraded.

• Problem in PGP signature of a mirror - an administrative problem

  i know this is an administrative affair and i am not the administrator of our network.
  i asked our network administrator to launch a mirror of arch in our university and he kindly did it and it is know listed in arch mirror list. the problem is that when i update the package list it gives me error regarding PGP signature and i can not update or install package. when i update the database using another mirror, it works fine and even i can update the packages using our mirror. so the problem is only the PGP signature of our mirror.
  since our admin does not work with arch, i decided to ask it here and pass him the solution.
  the address of our mirror is : http://mirror.yazd.ac.ir/arch/
  and here is the output of pacman -Syyu
  [root@civil-cfd ~]# pacman -Syyu
  error: GPGME error: No data
  error: GPGME error: No data
  error: GPGME error: No data
  :: Synchronizing package databases...
  core 108.9 KiB 111K/s 00:01 [######################] 100%
  error: GPGME error: No data
  error: failed to update core (invalid or corrupted database (PGP signature))
  extra 1482.3 KiB 138K/s 00:11 [######################] 100%
  error: GPGME error: No data
  error: failed to update extra (invalid or corrupted database (PGP signature))
  community 2.1 MiB 139K/s 00:16 [######################] 100%
  error: GPGME error: No data
  error: failed to update community (invalid or corrupted database (PGP signature))
  archlinuxfr 12.2 KiB 197K/s 00:00 [######################] 100%
  error: database 'core' is not valid (invalid or corrupted database (PGP signature))
  error: database 'extra' is not valid (invalid or corrupted database (PGP signature))
  error: database 'community' is not valid (invalid or corrupted database (PGP signature))

  Allan,
  i did not change the options in pacman.conf file. and note that when i disable this mirror in "/etc/pacman.d/mirrorlist" and use other mirror, the commands work well. so the problem is related to this mirror.
  ewaller,
  it is a pure Arch installation not Antergos or any other branch of Arch.
  Last edited by hadian (2014-04-06 07:55:29)

• Packer install error pgp signature

  I was running AppSet-Qt and in Aur part it said to enable package support you have to install packer.  I tried to install packer with pacman -S but I keep getting errors
  packer-20140817-1-any      9.5 KiB   175K/s 00:00 [#####################] 100%
  (3/3) checking keys in keyring                     [#####################] 100%
  (3/3) checking package integrity                   [#####################] 100%
  error: packer: missing required signature
  :: File /var/cache/pacman/pkg/packer-20140817-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
  Do you want to delete it? [Y/n] y
  error: failed to commit transaction (invalid or corrupted package (PGP signature))
  Errors occurred, no packages were upgraded.
  I tried pacman -Sw and still the same.  I also get the same with yaourt packer.

  leonax wrote:Is aur packages a no no then?
  Please read the wiki https://wiki.archlinux.org/index.php/AUR

• Can't install anything due to PGP signature problems

  Hello,
  I followed the instructions at https://www.archlinux.org/news/gnupg-21 … n-keyring/ (without installing haveged) and now I can't install any packages anymore.
  root@horus /home/florian # rm -rf /etc/pacman.d/gnupg
  root@horus /home/florian # pacman-key --init
  gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
  gpg: no ultimately trusted keys found
  gpg: starting migration from earlier GnuPG versions
  gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
  gpg: migration succeeded
  gpg: Generating pacman keyring master key...
  gpg: key EBDCFE13 marked as ultimately trusted
  gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
  gpg: Done
  ==> Updating trust database...
  gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
  gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
  root@horus /home/florian # pacman -S archlinux-keyring
  warning: archlinux-keyring-20140908-1 is up to date -- reinstalling
  resolving dependencies...
  looking for inter-conflicts...
  Packages (1): archlinux-keyring-20140908-1
  Total Download Size: 0.43 MiB
  Total Installed Size: 0.60 MiB
  Net Upgrade Size: 0.00 MiB
  :: Proceed with installation? [Y/n]
  :: Retrieving packages ...
  archlinux-keyring-20140908-1-any 444.8 KiB 2.09M/s 00:00 [#####################################################################################################] 100%
  (1/1) checking keys in keyring [#####################################################################################################] 100%
  downloading required keys...
  :: Import PGP key 2048R/4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC, "Pierre Schmitz <[email protected]>", created: 2011-04-10? [Y/n] Y
  (1/1) checking package integrity [#####################################################################################################] 100%
  error: archlinux-keyring: signature from "Pierre Schmitz <[email protected]>" is unknown trust
  :: File /var/cache/pacman/pkg/archlinux-keyring-20140908-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
  Do you want to delete it? [Y/n] Y
  error: failed to commit transaction (invalid or corrupted package (PGP signature))
  Errors occurred, no packages were upgraded.
  Any idea?
  Thanks,
  Florian

  Osiris wrote:root@horus /home/florian # pacman -S archlinux-keyring
  That's wrong.
  You need to do this instead:
  # pacman-key --populate archlinux
  https://www.archlinux.org/news/gnupg-21 … n-keyring/

• One or more PGP signatures could not be verified!

  Trying to install anything with pacaur or using makepkg gives out this error:
  ==> Making package: cower 12-2 (Wed Jan 7 07:11:25 WET 2015)
  ==> Checking runtime dependencies...
  ==> Checking buildtime dependencies...
  ==> Retrieving sources...
  -> Downloading cower-12.tar.gz...
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  100 22636 100 22636 0 0 60301 0 --:--:-- --:--:-- --:--:-- 60362
  -> Downloading cower-12.tar.gz.sig...
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  100 287 100 287 0 0 1136 0 --:--:-- --:--:-- --:--:-- 1134
  ==> Validating source files with md5sums...
  cower-12.tar.gz ... Passed
  cower-12.tar.gz.sig ... Skipped
  ==> Verifying source file signatures with gpg...
  cower-12.tar.gz ... FAILED (unknown public key 1EB2638FF56C0C53)
  ==> ERROR: One or more PGP signatures could not be verified!
  Can someone help?

  clfarron4 wrote:
  Potomac wrote:
  jasonwryan wrote:Like everything else, this can be automated with a couple of lines in your ~/.gnupg/gpg.conf file, as described in the wiki.
  I don't find this part in the wiki, can you tell me exactly where have you read this ?
  https://wiki.archlinux.org/index.php/Gnupg
  I saw automatic importing of missing keys in this BBS thread. Don't know if it is in the ArchWiki though.
  Just found it here: https://wiki.archlinux.org/index.php/Ma … e_checking
  It is a personal preference, I don't want to import Arch/AUR keys into my normal personal keyring - but reading the gpg (and makepkg) manpage it looks like if you set GNUPGHOME=/some/path first that should work to set a special keyring just for AUR and a custom config from the wiki.

• PGP signatures could not be verified

  I'm still somewhat new on using makepkg.  I previously customized the bind pkg for samba by copying the /var/abs/extra/bind directory into my /var/abs/local and adding a couple of build options. Worked like a charm and no issues.
  Today bind 9.10.2 was released and I wanted to update my package but I get:
  ERROR: One or more PGP signatures could not be verified! when updating using the latest abs bind package.
  ==> Making package: bind 9.10.2-1 (Wed Mar 4 16:47:20 PST 2015)
  ==> Checking runtime dependencies...
  ==> Checking buildtime dependencies...
  ==> Retrieving sources...
  -> Downloading bind-9.10.2.tar.gz...
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  100 8282k 100 8282k 0 0 5669k 0 0:00:01 0:00:01 --:--:-- 5672k
  -> Downloading bind-9.10.2.tar.gz.asc...
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  100 490 100 490 0 0 6640 0 --:--:-- --:--:-- --:--:-- 6712
  -> Found tmpfiles.conf
  -> Found sysusers.conf
  -> Found named.conf
  -> Found named.service
  -> Found localhost.zone
  -> Found localhost.ip6.zone
  -> Found 127.0.0.zone
  -> Found empty.zone
  ==> Validating source files with sha1sums...
  bind-9.10.2.tar.gz ... Passed
  bind-9.10.2.tar.gz.asc ... Skipped
  tmpfiles.conf ... Passed
  sysusers.conf ... Passed
  named.conf ... Passed
  named.service ... Passed
  localhost.zone ... Passed
  localhost.ip6.zone ... Passed
  127.0.0.zone ... Passed
  empty.zone ... Passed
  ==> Verifying source file signatures with gpg...
  bind-9.10.2.tar.gz ... FAILED
  ==> ERROR: One or more PGP signatures could not be verified!
  this is the abs bind package....why is it failing?

  Same error here.
  ==> Validando arquivos fonte com sha256sums...
  firefox-36.0.1.source.tar.bz2 ... Passou
  firefox-36.0.1.source.tar.bz2.asc ... Ignorada
  mozconfig ... Passou
  firefox.desktop ... Passou
  firefox-install-dir.patch ... Passou
  vendor.js ... Passou
  rhbz-966424.patch ... Passou
  firefox-fixed-loading-icon.png ... Passou
  ==> Verificando assinatura de arquivo fonte com gpg...
  firefox-36.0.1.source.tar.bz2 ... FALHOU (chave pública desconhecida 057CC3EB15A0A4BC)
  ==> ERRO: Uma ou mais assinaturas PGP não puderam ser verificadas!
  I have checked (http://allanmcrae.com/2015/01/two-pgp-k … rch-linux/) but to no avail.
  I do not understand why complicate things when they are working perfectly how it worked before...

• Almost all installer packages are corrupt!

  Hi,
  The following installer packages are corrupt:
  J2SE SDK
  J2EE SDK
  NetBeans 3.6, 4.0
  Documentation packages
  WSDP 1.5
  etc.
  I tried downloading multiple times, with Firewall on and off, with GetRight and with SUN DOWNLOAD MANAGER but results are the same:
  either .cab file is corrupt or ZIP archive is corrupt or something like that.
  I can't install anything!
  My OS is WinXP Pro. I tried to install to Win2000 Pro, the same result.
  The only thing that installs properly and works is Wireless Toolkit.
  I would be very appreciate if someone could help.
  Regards,
  Sergei

  Sounds like your Internet connection may be noisy. Try downloading using another connection, or have your connection checked.

• Encrypt External Drive with TrueCrypt / PGP Signature

  I want to use TrueCrypt to encrypt an external drive. I understand the new version of FileVault can do this but I prefer not to upgrade to Lion. I'd rather wait till Mountain Lion comes out later this year.
  For those who have used both...Just wondering how TrueCrypt compares to FileVault in regards to encrypting an external drive.
  Also, I am trying to install or execute the PGP Signature to ensure that the TrueCrypt software that I am downloading from the TrueCrypt's Web site is authentic and has not been hacked.
  How do I run or install it? I double-click on the PGP Signature file, a window pops up and says it cannot find an application to open it. I even tried removing the ".sig" from the end of the file name and it say it cannot open the disk image.
  There are instructions on the TrueCrypt web site for Windows users but none for the Mac users that I can see.

  If you want better, more reliable security on a external drive, you should get a self encrypting external drive, these have a hardware based encryption, either a physical key and/or keypad to enter a password and do all the encryption/decryption on the drive itself.
  No need for software means you can take your data to any secure machine and the computer thinks it just another drive. Software can become unrelaible or glitchy, subjected to updates/tampering. Hardwired requires physical possession of the device.
  Also there are smalller portable USB thumb drives like Iron Key that also self-encrypt and have the advantage of being quickly discarded upon a threat.

• Cannot validate pgp signatures of microsoft security bulletins

  So I've been getting Microsoft security bulletins for years and I thought I would actually verify the PGP signature. I have not been able to yet. I found two public keys on microsoft sites:https://technet.microsoft.com/en-us/security/dn753714was the first key I imported. My PGP software says it is the wrong key for the June 2015 security bulletin:PHPWrong signature of Microsoft SecurityNotifications (Key ID: BF05BFF43AA549E5)Notably on that link above, the page says it was "Updated: December 15, 2015" (in the future). I found that page linked fromanother page.I found another key and replaced the above key with a slightly older one. I still get an "unknown" key errorTextSigned with unknown key(Key ID: BF05BFF43AA549E5)I also foundboth keyson the MIT key server.What do you get when you verify Microsoft PGP signatures?
  This topic first appeared in the Spiceworks Community

  Hi,
  Thanks for your advise. I record your feedback.
  Juke Chou
  TechNet Community Support

• How to find which package is corrupted?

  Hi,
  I'm connected to the net throught a broadband connection right for the next few days and I have the following issue: I'm trying to install libreoffice, and for this, I have about 90 Mb of packages to download. Now because the connection is not too stable, and not fast at all, I had a few tries until I got all the stuff downloaded ( 1. here I mean packman downloaded for me; 2.I set aria2 as transfer command to continue the downloads ), but now pacman says that a package is corrupted and can't install.
  The problem is that pacman does not say anything about which package is corrupted, the whole output is:
  Targets (18): graphite-1:1.0.3-1 hsqldb-java-1:1.8.0.10-2 hyphen-2.8.3-1 libidl2-0.8.14-2 libreoffice-common-3.5.1-1 libreoffice-en-US-3.5.1-1 libwpd-0.9.2-2 libwps-0.2.2-2 lpsolve-5.5.2.0-2
  neon-0.29.6-4 orbit2-2.14.19-2 libreoffice-base-3.5.1-1 libreoffice-calc-3.5.1-1 libreoffice-draw-3.5.1-1 libreoffice-gnome-3.5.1-1 libreoffice-impress-3.5.1-1
  libreoffice-math-3.5.1-1 libreoffice-writer-3.5.1-1
  Total Download Size: 0.00 MiB
  Proceed with download? [Y/n]
  (18/18) checking package integrity [##########################################################################] 100%
  error: failed to commit transaction (invalid or corrupted package)
  Errors occurred, no packages were upgraded.
  Is there a way to find which package is corrupted? Because I would not start over the whole download process if it is possible, I'd like to re-download only the corrupted ones.
  I'm using pacman 4.0.2, 32bit.
  Thank you!

  Gcool wrote:pacman --debug will tell you which package it is.
  Thanks for the tip, unfortunately did not helped me, the package, which was corrupted was not listed by the debug info. I started to manually test each package I downloaded and found the bad one that way. I kind of miss the old behavior, when pacman offered you to delete and re-download a package, if it did not passed the CRC verification.
  But thanks anyway!

• [SOLVED] PGP signature could not be verified!

  I am trying to install password safe from the AUR.
  I have downloaded and un-tarred the tar.gz file but when I execute makepkg -s I get the following error:
  $ makepkg -s
  ==> Making package: passwordsafe 0.94.1BETA-1 (Mon Dec 29 21:41:00 PST 2014)
  ==> Checking runtime dependencies...
  ==> Checking buildtime dependencies...
  ==> Retrieving sources...
  -> Found pwsafe-0.94.1BETA-src.tgz
  -> Found pwsafe-0.94.1BETA-src.tgz.sig
  ==> Validating source files with md5sums...
  pwsafe-0.94.1BETA-src.tgz ... Passed
  pwsafe-0.94.1BETA-src.tgz.sig ... Passed
  ==> Verifying source file signatures with gpg...
  pwsafe-0.94.1BETA-src.tgz ... FAILED (unknown public key 919464515CCF8BB3)
  Following the instructions on the "Package Signing" wiki, I:
  $ sudo pacman -S haveged
  $ sudo systemctl start haveged.service
  $ sudo pacman-key --init
  $ sudo pacman-key --populate archlinux
  $ sudo pacman-key --add pwsafe-0.94.1BETA-src.tgz.sig
  [sudo] password for xxxxx:
  ==> Updating trust database...
  gpg: next trustdb check due at 2016-01-22
  makepkg -s still fails at this point.
  The next steps on the wiki call for:
  1. verifying the fingerprint with: $ pacman-key -f keyid, and
  2. locally signing the imported key with: # pacman-key --lsign-key keyid
  How do I determine the "keyid"?
  If I use the 'public key' returned in the error message above, I get:
  $ pacman-key -f 919464515CCF8BB3
  gpg: Note: trustdb not writable
  gpg: error reading key: No public key
  ==> ERROR: The fingerprint of a specified key could not be determined.
  And if I use the name of the file I downloaded with the tar, I get:
  $ pacman-key -f pwsafe-0.94.1BETA-src.tgz.sig
  gpg: Note: trustdb not writable
  gpg: error reading key: No public key
  ==> ERROR: The fingerprint of a specified key could not be determined.
  I even tried un-tarring the signature... but that didn't work either.
  $ tar xzvf pwsafe-0.94.1BETA-src.tgz.sig
  gzip: stdin: not in gzip format
  tar: Child returned status 1
  tar: Error is not recoverable: exiting now
  I also searched through pacman's keyring directly with:
  $ gpg --homedir /etc/pacman.d/gnupg --list-keys
  but I didn't see the packager's name or email address anywhere.
  A nudge in the right direction would be greatly appreciated.
  Cheers,
  Last edited by sirdle (2014-12-31 01:05:32)

  Thank you to everyone who replied!
  It has taken me a while to read all the links and try to understand them.
  My main problem was that I was mixing up package signing (via pacman) with package signing (via makepkg). The two are related, but separate: they both use gpg, they both use keys that can be downloaded from key servers, they both use keys that can be locally signed, they both use key-rings... but the key-rings they use are different, and process they use to install and validate those keys is also different. (Correct me if I'm wrong.)
  From the Wiki
  The signature checking implemented in makepkg does not use pacman's keyring.
  In my case, I'm installing from the AUR. The error I received:
  FAILED (unknown public key 919464515CCF8BB3)
  was because makepkg could not find the supplied key in my personal key-ring.
  All I needed to do was:
  1. Download the key.
  2. Add it to my personal key ring.
  3. Trust it.
  Alternatively, I could build the package by skipping the check.
  Download the Key
  1. Download from the MIT key server. Enter the keyid as a 16-digit hex number, e.g., 0x919464515ccf8bb3. Right-click on the result and save to the desktop [see  Roken's post] above. Or,
  2. Try the command line per jasonwryan's post above. (This number does not need to start with 0x.)
  I tried both of these methods to verify that they work. They do.
  Add the key to my personal keyring
  With jasonwryan's method, the key is added as part of the command. With Roken's method an additional command is needed:
  gpg --import /path/to/saved/keyfile
  If I try makepkg -s at this point I still get an error... but the error is different. It is now:
  FAILED (the public key A703C1328EABC7B201753BA3919464515CCF8BB3 is not trusted)
  which brings us to the third step.
  Trust It
  $ gpg --list-keys # to get the correct keyid
  $ gpg -edit-key keyid # from the previous command
  gpg> trust
  At this point, gpg asks the user how much he trusts this key. If you're like stevenhoneyman you might say, "Er... not very much" and opt for building without trust.
  Or you can grant a lot of trust in order to create the package and then revoke the trust later (but I'm guessing this will cause problems when the package needs to be updated).
  A level of 5 "Ultimate Trust" was required to build this package.
  Thanks to everybody who helped me out with this. Definitely a learning experience!
  Last edited by sirdle (2014-12-31 01:21:53)

• Kernel broken. Pacman errors with PGP sig [solved]

  I had the unlucky situation to have a power failure in the middle of a Kernel upgrade using Pacman. System came back up and the kernel was not installed. So I have NO working OS on the machine.
  I can boot into a live USB environment and chroot into my install. I can run Pacman, and thought I could just pacman -S linux and let it do it's thing and I'd be all good. but... I get package signature PGP verification error message and cannot install anything with Pacman.
  Of course, the error with the Kernel install happened before Daylight savings time, and now we're INTO DST, so I suspect it's a "time" issue as reported on the Wiki.
  timedatectl will not work in the chroot environment. Can't connect to dbus. I am totally migrated to a systemd install, but systemctl enable dbus.service does not start the dbus from within the chroot environment.So I cannot even see if my chroot environment is on the right time. 'cal' works and shows the proper date, which I can change in the BIOS to whatever I want.
  running ntpd first doesn't fix the error with Pacman.
  Any ideas?
  Last edited by hooya (2013-03-16 20:02:35)

  I tried that and didn't work either, because there were files left behind in the initial installation that was broken. Even after removing them I got disk spacer errors (there was no disk space issue, so that's weird).
  I did get it finally though. I ended up using the initial pacstrap install script to install the base packages as per the Beginner Install Guide (and selected only option 26 "Linux") which did work, probably because it was operating from outside of the chroot environment. A bit "hacky" but I'm at least typing this message from my normal installation this time!

• Can't install confuse because there is a problem with a pgp signature

  Can anybody give me a hand with this? http://pastebin.com/g2qLLzpb

  I just confirmed I get the same error here, so that rules out the most likely problems of not having package signing properly set up or a corrupted download.
  Refreshing the keys, however, solved it.  `pacman-key --refresh-keys`
  Last edited by Trilby (2013-01-24 12:28:21)

• Corruption, crashing, signature dropping, duplicate mails sent omg

  *First the facts:*
  . Mail folder (in Library) is almost 6GB (cringe), most of which (3.1GB) is used by one of my 5 pop mail accounts
  . envelope index is 33 MB
  Crashing:
  . Occasionally mail crashes and gives me the 'Mail has quit unexpectadly...do you want to report it, reopen it or close it'
  Corruption:
  . Certain messages have become confused, specifically an email that I sent to one person may have the message body of a message i sent to another person
  .I also get the following message for a lot of old emails: 'The message from [email protected] concerning “RE: very important subject” has not been downloaded from the server. You need to take this account online in order to download it.'
  . some recipients receive my emails twice
  . the signature I assigned to one of my accounts isn't consistently available; one day I assign the signature to the profile and the sig is available to use in the top right corner of a new mail, next day it is not available in that drop down box
  I'm pretty sure the size of my mail folder has a lot to do with this so I'd appreciate any advice on how to fix this situation but also on a way to manage my mail going forward.
  Very much obliged.

  Hi normanconquest, and a warm welcome to the forums!
  First try this, Quit Mail. Move these files to the Desktop in...
  /Users/YourUserName/Library/Caches/Mail
  /Users/YourUserNameLibrary/Mail/Index