Why?

I'm currently post-extracting the .MTREE file out of the binary package using a combination of tar and gzip (due to double compression). This task would not be necessary if makepkg could be dictated to generate a .MTREE file in a similar fashion as one can dictate makepkg to sign a package and therefore generate a '.sig'. The use case for needing the .MTREE file is to extract all sha256 checksums and post-compare them to checksums of installed binaries at a later stage for integrity verification related purposes. So actually the real feature request here is the generation of a package specific checksum file containing SHA-2 checksums for packaged files.

As i'm currently already extracting the .MTREE file using a wrapper and then feeding it to sed, it is not, necessary, functionality and in addition to that, not necessarily functionality makepkg should be able to provide. However, I wanted to pitch the idea anyways just in case my specific use case wouldn't be as specific as i've initially believed it to be. Assuming backing for such an idea would not be overwhelming (according to some sources), i'll request a closure of the request leaving it referenced as a 'pitched idea' as it seems logical to generate a checksum file during package creation, instead of afterwards.

Maybe I misunderstood your use case, but I still do not understand why you are extracting the mtree file. The mtree file for installed packages is stored in the local database.

However secondary, because the locally available mtree files in '/var/lib/pacman' are only available after package installation, i'm extracting the .MTREE file directly from the binary packages files (after generation) as they are being generated on a single 'package build machine', but not necessarily installed on that same machine. Most importantly, it would be a better (security) practice generating a checksum file during package creation as this stage would be less prone to modification of checksums relative to a situation reading checksums from the local database. Especially if those checksums are post-stored in some sort of generally available read-only network-wide 'database'.

Building the mtree file requires building the package anyway, the only step you could save is the call to tar, but you seem to want the actual package too. So, I think it makes more sense to just copy the mtree file out of $pkgdir or extract it from the archive as you are doing now.