Comment 1 for bug 1265850

So there are a couple of things to look at here....I think basically what we want to do is:

1.) In the preseed, deliver the key as well. It's currently allowed to load packages unauthenticated which works, but has obvious implications.
2.) In the preseed, figure out a way to get the repo set up in /etc/apt/sources.list.d/... instead of sources.list. That makes the puppet run later basically a no-op. I'd rather not remove the puppet code that adds the repo as that allows the repo to be set up on preconfigured nodes (e.g. nodes not provisioned by cobbler).

Alternately, we can change the puppet code to put the repo info in sources.list. That might theoretically be a bit easier since preseed is basically a travesty when it comes to flexibility and documentation. =)

If we do want to put the key in preseed: AFAIK you can't include a key directly in a preseed, but instead have to include a URL from which it can be fetched (I need to verify this). That will be ugly in no-net situations, so we'll probably want to provision it to the build node's http server as part of the build node profile, then serve it from there.