Hide Forgot
+++ This bug was initially created as a clone of Bug #1274064 +++ Description of problem: When adding repos to a kickstart file, there is no way to pass a GPG key for validation of packages. As a result, it is difficult to verify the authenticity of packages installed from kickstart repos. Version-Release number of selected component (if applicable):pykickstart-1.99.43.17-1.el7 How reproducible: 100% Steps to Reproduce: 1.Build a kickstart file which adds EPEL to the list of repos ( repo --name=EPEL --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch ) 2.look for way to specify all packages in this repo must be signed by a specific key 3. Actual results: There is no way to pass a GPG key for validation of packages for kickstart. Expected results: Ability to GPG verify packages within kickstart repos Additional info:
This would have to be implemented in anaconda as well. pykickstart just provides the kickstart file parsing functionality. If anaconda is unable to do this, we should close out the bug. It's best to have this implemented upstream in Fedora first. In fact, that's the only way this is going to happen.
Jiri Konecny has a more generic proposal for handling all of the other repo settings here - https://hackmd.io/@prJIqOTeSxC-W0RNGKIGbQ/ByzIz3kIH/edit