Packages added from local files are not checked currently. These patches also introduce changes in the handling of PM_PGP_VERIFY_UNKNOWN that are not really convincing. We could skip these changes and just apply the other patches, however we should probably give some thoughts about that. Making the check level into an argument of the check function could also be an option. Rémy Oudompheng (4): sync.c: remove duplicated code for integrity check failures handle.c: force sigverify level not to be PM_PGP_VERIFY_UNKNOWN sync.c: remove unnecessary check for PM_PGP_VERIFY_UNKNOWN sync.c: also check signatures for packages loaded from files lib/libalpm/handle.c | 1 + lib/libalpm/sync.c | 58 +++++++++++++++++++++++++------------------------- 2 files changed, 30 insertions(+), 29 deletions(-) -- 1.7.4.4