Gerhard Brauer <gerbra@archlinux.de> writes:
Seems to work here in test environment. I copied root's pubrig and trustdb to /etc/pacman.d/gnupg/ The package itself isn't checked (.sig file or signature), but that was not the reason of your patch.
If the signing key is not found in your public keyring, then pacman will install the package without checking the signature. OTOH, if the signing key is available but not trusted and valid, pacman will refuse to install the signed package. Try removing trustdb from the gpg directory, while leaving pubring intact. You'll see what I mean. To summarize, it checks the signature if the key is found in pubring. I think pacman should at least complain if the signing key is not found in the public keyring. Thoughts? -- Chris