Hello List, I'm just wondering how you deal with GPG keys when using config management. In my case, that's CFEngine, but I guess the issue would be quite similar with Puppet, Chef, or whatever you happen to be using. I can add required repositories simply by copying the .repo to /etc/zypp/repos.d. I can then install any packages via zypper, but only after the appropriate public key has been installed. Right now, I do this in a semi-manual way: The .repo and the packages are handled by CFEngine, but I need to call zypper ref once per machine and repository in order to import the key. This is feasible (but not elegant) because machines are installed with a fairly complete set of repositories from an image, and "extra" repositories typically are required only on a handful of clients. A solution I'd prefer woul look like this: -download the pubkey, once, on the policy server; -distribute it to the clients using CFEngine; -install away, again using CFE. Is there any way to do that? Thanks, A. -- Ansgar Esztermann Sysadmin Dep. Theoretical and Computational Biophysics http://www.mpibpc.mpg.de/grubmueller/esztermann