pacman keyrings should be initialized after time is synced
In current archiso releases, pacman-init.service runs on boot, before system time is synced, and the initialized keys are copied to the newly installed system later. This unfortunately causes future
archlinux-keyring updates and installing foreign keyring packages to result in failing to be locally signed when timezone is UTC+x. The culprit is that most of the users would have Windows installed on their system before installing Arch, so the system time is in local timezone. The only way to resolve this is to reset all the keys.
To avoid this, we should wait for NTP service to complete syncing before running
pacman-key --init. For example, systemd provides
systemd-time-wait-sync.service. Because NTP services require network connection, perhaps the service can be removed and we can let users do that manually instead.