This is a little OT but I don't know where else to ask. In an autoyast script, how can I add a trusted key that rug/yast will use to verify signed ZYPP repositories? I am trying to add ZYPP repositories in an autoinstall script. (I can do it manually using YaST 'Installation Sources' and it asks me if I want to trust the key used to sign the repository. But I don't want to have to do this manually every time I install a machine.) The repository is one I have created myself using createrepo and signed as described here: http://en.opensuse.org/Secure_Installation_Sources#The_.22repomd.22_or_.22YU... To sign the repository I 'cd' to the top-level directory and ran gpg -a -u rpm-packager --detach-sign repodata/repomd.xml gpg -a --export rpm-packager > repodata/repomd.xml.key So I have the key in repodata/repomd.xml.key On the new machine (in an autoyast post-init script) I want to add the key to the rug keyring. I have tried gpg --homedir /root/.gnupg \ --import repodata/repomd.xml.key to add it to root's keyring, and I have tried adding the key to the zmd whitelist using rug ka packager 68C0D40964D6D632 "6E55 E6C6 8A0D 5557 C10D 571B 68C0 D409 64D6 D632" But neither work. When I run rug --quiet sa -t zypp \ nfs://repo.host/path/suse-10.1/extras \ SUSE-10.1-extras I get an error 'parsing metadata: Untrusted key rpm-packager ... (I am paraphrasing, I don't have a copy of the message and can't reproduce it without re-installing.) However, if I delete an installation source added using YaST 'Installation Source' graphical tool and then run the above 'rug sa' command it works, presumably because the key has been kept.