Total (135/135) 350.0 MiB 41.8 MiB/s 00:08 [##########################################################] 100%
(135/135) checking keys in keyring [##########################################################] 100%
downloading required keys...
:: Import PGP key 139B09DA5BF0D338, "David Runge dvzrv@archlinux.org"? [Y/n]
(135/135) checking package integrity [##########################################################] 100%
error: libcap: signature from "David Runge dvzrv@archlinux.org" is marginal trust
:: File /mnt/var/cache/pacman/pkg/libcap-2.65-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
==> ERROR: Failed to install packages to new root

It's really unfortunate that the keyring package shipped in the latest archiso tarball could not run pacstrap already.

The pacstrap logic here looks really complex so I'm not sure what to act on. It should be hopefully fixed in next month's monthly tarball though.