+++ This bug was initially created as a clone of Bug #1274064 +++
Description of problem:
When adding repos to a kickstart file, there is no way to pass a GPG key for validation of packages.
As a result, it is difficult to verify the authenticity of packages
installed from kickstart repos.
Version-Release number of selected component (if applicable):pykickstart-126.96.36.199-1.el7
Steps to Reproduce:
1.Build a kickstart file which adds EPEL to the list of repos
( repo --name=EPEL --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch )
2.look for way to specify all packages in this repo must be signed by a specific key
There is no way to pass a GPG key for validation of packages for kickstart.
Ability to GPG verify packages within kickstart repos
This would have to be implemented in anaconda as well. pykickstart just provides the kickstart file parsing functionality. If anaconda is unable to do this, we should close out the bug.
It's best to have this implemented upstream in Fedora first. In fact, that's the only way this is going to happen.
Jiri Konecny has a more generic proposal for handling all of the other repo settings here - https://hackmd.io/@prJIqOTeSxC-W0RNGKIGbQ/ByzIz3kIH/edit