On 04.10.2014 12:54, stef204 wrote: > To verify integrity, the author does not provide checksums but only a > gpg .asc file.
Put the .asc file URL in the sources array and makepkg will verify it automatically. This only works if the base filenames are the same (foo.tar.gz and foo.tar.gz.asc), but that's likely the case anyway. You can use shell expansion like so: source=(http://example.com/foo.tar.gz{,.asc})
signature.asc
Description: OpenPGP digital signature
