diff --git a/scripts/pkgmeek b/scripts/pkgmeek
index c04011a..70a5ff7 100755
--- a/scripts/pkgmeek
+++ b/scripts/pkgmeek
@@ -28,7 +28,7 @@ fi
 # Read the Pkgfile to determine what to do next. But first ensure that
 # it came from a trusted source (FS#1851)
 #
-validate_pkgfile || exit $E_PKGFILE
+[ "$PKGMK_UPDATE_SIG" = "yes" ] || validate_pkgfile || exit $E_PKGFILE
 [ -f .32bit ] && PGKMK_ARCH=32 || PKGMK_ARCH=64
 . "Pkgfile"; . "$PKGMK_CONF"; set -e
 
@@ -69,7 +69,7 @@ here="${_local_[$u]}"; url="${source[$u]}";
 # appropriate name in the current directory
 [ -e "$here" ] || [ "$src_dir" = "" ] || [ ! -e "$src_dir/$here" ] || ln -sf "$src_dir/$here" ;
 [ -e "$here" ] || [ ! -e "$PKGMK_ROOT/$here" ] || ln -sf "$PKGMK_ROOT/$here" . ;
-[ -e "$here" ] || fetch_source "$url" "$here"; # <-- should also be able to resume partial downloads
+[ -e "$here" ] || fetch_url "$url" "$here"; # <-- should also be able to resume partial downloads
 [ -e "$here" ] || { error "failed to download $here. Check connection and try again."; errDL+=1; }
 done ; }
 
@@ -357,7 +357,7 @@ check_pkg_mtime() { # can be called even if some sources are missing
 	info "$msg"; return $utd
 }
 
-fetch_source() {
+fetch_url() {
 	local u="$1"; local h="$2"; local finished=0; local gitsrc tag CLONE_ARGS
 	local REPO SAVE_AS OCONTINUE OOUT; local m=0
 	[ -x "$PKGMK_GIT_COMMAND" ] || PKGMK_GIT_COMMAND="/bin/false"
@@ -398,16 +398,16 @@ fetch_source() {
 		m=$(( m+1 ))
 
 	# interrupted downloads from a previous run should be put where wget or curl will find them
-		[ -s "$src_dir/$h.partial" ] && { ln -s "$src_dir/$h.partial" . ;
+		[ -f "$src_dir/$h.partial" ] && { ln -s "$src_dir/$h.partial" . ;
 			SAVE_AS="$PKGMK_DOWNLOAD_PROG $um $OCONTINUE $OOUT"; } \
 			|| SAVE_AS="$PKGMK_DOWNLOAD_PROG $um $OOUT"
 
 		if $SAVE_AS "$h.partial"; then
 			finished=1
-			[ "$src_dir" = "" ] || [ ! -w "$src_dir"/ ] || { mv "$h.partial" "$src_dir/$h";
-				ln -sf "$src_dir/$h" . ; }
+			[ "$src_dir" = "" ] || [ ! -w "$src_dir"/ ] || \
+			{ mv "$h.partial" "$src_dir/$h"; ln -sf "$src_dir/$h" . ; }
 		else # an interrupted download should not have its efforts destroyed by cleanup_work()
-			[ ! -e "$h.partial" ] || [ "$src_dir" = "" ] || [ ! -w "$src_dir"/ ] \
+			[ ! -s "$h.partial" ] || [ "$src_dir" = "" ] || [ ! -w "$src_dir"/ ] \
 				|| mv "$h.partial" "$src_dir"
 		fi
 	done
@@ -519,7 +519,8 @@ cat_signature() {
 			for f in "$PKGMK_ROOT/Pkgfile" "$PKGMK_ROOT/.footprint"; do
 					[ -e $f ] && ordered+=( "$f" )
 			done
-			for ((si=0; si < ${#source[@]}; si++)); do ordered+=("${_local_[$si]}"); done
+			for ((si=0; si < ${#source[@]}; si++)); do
+	[[ ${source[$si]} =~ ^(http|https|ssh|git)://.+/.+\.git($|#.*) ]] || ordered+=("${_local_[$si]}"); done
 			sha256sum --tag "${ordered[@]}" \
 					| sed 's|^SHA256 (.*/\(.*\))\(.* = .*\)|SHA256 (\1)\2|' \
 					| /usr/bin/signify -S -e -x - -q -s "$key" -m -                  \
@@ -582,7 +583,7 @@ error() {
 ######################## end of subroutines ###########################
 ## Now ensure that they cannot be overwritten when sourcing Pkgfile  ##
 readonly -f main info warning error print_help parse_options validate_pkgfile \
-	check_reqvars check_pkg_mtime fetch_source cat_manifest check_manifest \
+	check_reqvars check_pkg_mtime fetch_url cat_manifest check_manifest \
 	cat_signature check_signature parse_signify_output refresh_signature \
 	cleanup_work recursive