The main change here is that pacman will now check the needed keys are in the keyring before doing package validation. Example output: :: Retrieving packages ... systemd-sysvcompat-... 5.4 KiB 671K/s 00:00 [######################] 100% (1/1) checking keys in keyring [######################] 100% :: Import PGP key 2048R/F56C0C53, "Dave Reisner <d@falconindy.com>", created: 2011-06-26? [Y/n] (1/1) checking package integrity [######################] 100% (1/1) loading package files [######################] 100% This removed the repeat validation after key downloading and made the following much easier to implement: 1) packages with bad signatures get the "pkg is corrupt, delete?" type message 2) pacman -U now downloads a signature if needed. These patches need a very good review... Allan McRae (8): Make key_in_keychain available in library Move key importing into separate function Add function to extract key id from signatures Make decode_signature available to the library Check keys are in keyring before package validation Remove retry path from signature validation Prompt to delete packages with signature fails Import key if needed when installing package from file lib/libalpm/alpm.h | 9 ++- lib/libalpm/be_package.c | 40 ++++++++++ lib/libalpm/signing.c | 197 ++++++++++++++++++++++++++++++++++++++--------- lib/libalpm/signing.h | 7 ++ lib/libalpm/sync.c | 87 ++++++++++++++++++--- src/pacman/callback.c | 9 +++ 6 files changed, 300 insertions(+), 49 deletions(-) -- 1.8.0