Getting cd:/repodata/repomd.xml: Invalid signature Installation aborted

I create a custom iso based on openSUSE-Leap-15.5-DVD-x86_64-Build491.1-Media. I created the repodata and created my own gpg key to sign repodata/repomd.xml.

When installing my custom iso, I get the error message in a red window “cd:/repodata/repomd.xml: Invalid signature Installation aborted”. I hit the ok button, the installation continues and succeeds.

Does anyone know what is going on for the error red window and how to solve this issue?

Thanks in advance.

How did you expect installation image to become aware of this key?

The linuxrc is using key(s) from the keyring /installkey.gpg in initrd to verify files it opens. Booting with insecure=1 should disable these checks. Or add your key to the keyring.

As far as I can tell, it is initialized at run-time from the other content:

if [ -d /usr/lib/rpm/gnupg/keys ] ; then
  touch /installkey.gpg
  gpg --batch --homedir /root/.gnupg --no-default-keyring --ignore-time-conflict --ignore-valid-from --keyring /installkey.gpg --import /usr/lib/rpm/gnupg/keys/*
  mkdir -p /pubkeys
  for i in /usr/lib/rpm/gnupg/keys/*.asc ; do
    [ -f "$i" ] && ln -s "$i" "/pubkeys/${i##*/}.key"
elif [ -f /usr/lib/rpm/gnupg/suse-build-key.gpg ] ; then
  cp /usr/lib/rpm/gnupg/suse-build-key.gpg /installkey.gpg