I have created a YaST client module that snaps into the AutoYaST workflow
<-- snip -->
While this works fine for SLES 10, SLES 11 is more careful. First it gave me an error like this : <instsrc>/control.xml : SHA1 sum wrong. If you really trust your repository, you may continue in an insecure mode. (OK/Back)
The easy and fast way around - boot with 'insecure=1' option appended to your BL parameters. This tells Linuxrc (http://en.opensuse.org/Linuxrc) not to check SHA1 sums of every file it downloads, so it won't complain anymore.
I see there is a content.key file, but since I don't know the password to it, it guess it is useless to try to generate a new content.asc.
Is there any way around this, or do we not want customer's to port their customizations to SLE 11 ?
In general, if you modify a control file, you have to sign again the whole repository with a key available to you, that is, compute again all the checksums, replace content.key, content.asc ... erm ... you don't want to do that :) it is rather cumbersome.
Looking at the initial description, inserting a new step into workflow (more generally, modifying an installation workflow) is a good candidate for creating an add-on media, be it only very simplistic one. And this can also be signed, so you are on a safe side:
Here is a how-to for signing add-ons, maybe some parts of it will be helpful to you: http://ugansert.blogspot.com/2009/01/opensuse-111-sles11-and-add-ons.html