#SigLevel    = Required DatabaseOptional

and as for the other SigLevel:

it is fine the way it is:

SigLevel = Never

If you do this, you should be able to upgrade fine.

But I recommend you do a full upgrade.

if you don't think  it is a good idea, which I don't completely agree with, you can test in a vm of Hyperbola...

Usually it isn't hard to do so, just time consuming. But once you have it set up,  you can easily make a few backups, and if one breaks, delete it and use the last working one.

[core]
SigLevel = Never
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = Never
Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = Never
Include = /etc/pacman.d/mirrorlist

And remove the one line for SigLevel above.
Removing the package will restart the process itself: Download and install. You can also do it manually as the file is for real in this folder.

Please post your complete configuration-file pacman.conf

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg     = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta    = 0.7
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
Color
#TotalDownload
CheckSpace
#VerbosePkgLists

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Never
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all Arch/Hyperbola packagers
# with `pacman-key --populate arch` and `pacman-key --populate hyperbola`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

[core]
Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

[community]
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repository as required here.

#[multilib]
#Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

I tried that. pacman -Sc

Ok, I thought I had to refresh keys whenever I did anything that affected the keys. I am just following instructions I see online, I don't know the exact purpose of each step.

The best way to get out of this is for version 0.3.1 editing the file pacman.conf to be found within /etc.

There you have to set the SigLevel with:

SigLevel = Never

I'm getting the same error I posted above:

error: python-django-jinja: signature from "André Silva <emulatorman@hyperbola.info>" is unknown trust
:: File /var/cache/pacman/pkg/python-django-jinja-1.3.3-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Also the same error after I init, populate, and refresh keys.

Going to testing is not recommended from a fully installed version 0.3.1. To be a bit more clear: When you have a package with version 1.3.2-1.hyperbola.4 installed and the new version for version 0.4 (testing) is 1.3.2-1 the package-manager will for sure tell you about an incoming version-conflict and a downgrade. Technical it is an upgrade, but from the perspective of the versioning it is the opposite - and that's the only way for pacman to see it.

Mesh Malachi wrote:

pacman asked me to downgrade a bunch of packages when I did that. But the transaction could not be completed because a bunch of dependencies would have been broken.

Definitely take backup of your system before upgrade. Force the downgrade of packages and check.

Why does upgrading the system require downgrading packages?!

pacman asked me to downgrade a bunch of packages when I did that. But the transaction could not be completed because a bunch of dependencies would have been broken.

Definitely take backup of your system before upgrade. Force the downgrade of packages and check. Please remember the removal of the frameworks. So typically every package that depends on those frameworks in v0.3.1 will misfunction. If the basic parts are overwritten in the upgrade, you'll be able to use your system well. If not, you'll have to format and reinstall v0.4 from scratch.

You have to change /etc/pacman.d/mirrorlist to have just the following line uncommented. Comment everything else.

Server = https://repo.hyperbola.info:50011/gnu-plus-linux-libre/testing/$repo/os/$arch

pacman asked me to downgrade a bunch of packages when I did that. But the transaction could not be completed because a bunch of dependencies would have been broken.

I didn't even realize there was a new version.

I just upgraded (pacman -Syuu is all I need to do, right?), cleared pacman cache, populated and refreshed hyperbola keys. I'm getting the exact same error.

You are getting this error because the PGP-keys cannot be validated any longer on that base. The best way to get out of this is for version 0.3.1 editing the file pacman.conf to be found within /etc.

There you have to set the SigLevel with:

SigLevel = Never

Please try that way until version 0.4 is available as we work for now more than a year for this new version. Thanks! For version 0.4 you will have to check what kind of environment you want to use. We don't have Gnome or KDE any longer in the repositories to come, but therefore many other window-managers and Lumina included.

v0.4 beta will soon be out followed by stable. It has some major changes like removal of dbus, consolekit, elogind, pam, policykit which are frameworks within linux kernel.

You have to change /etc/pacman.d/mirrorlist to have just the following line uncommented. Comment everything else.

Server = https://repo.hyperbola.info:50011/gnu-plus-linux-libre/testing/$repo/os/$arch

There is a single DE lumina, there are many window managers which can be used. Any more packages which you think are necessary, you can request. If they're compatible with v0.4, we'll add them.

You're welcome to v0.4 Mesh Malachi. It's fantastic!

I didn't even realize there was a new version.

I just upgraded (pacman -Syuu is all I need to do, right?), cleared pacman cache, populated and refreshed hyperbola keys. I'm getting the exact same error.

SigLevel = Never

Otherwise there is no quick solution for any key within the version 0.3.1.

error: pkgfile: signature from "André Silva <emulatorman@hyperbola.info>" is unknown trust

I checked my system date and followed the wiki advice for gpg errors:

# rm -r /etc/pacman.d/gnupg/*

# pacman-key --init

# pacman-key --populate hyperbola arch

# pacman-key --refresh-keys

On the last step, refresh-keys, I receive the error

gpg: refreshing 77 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: A specified local key could not be updated from a keyserver.

I tried changing keyservers and using the default keyserver.