With the new `repo_gpgcheck` attribute, a signing key can now be implicated in fetching the repository metadata. If this is a previously un-imported key, a prompt is generated by `yum makecache`, which fails in a chef run due to the non-interactive context. This results in the `yum_repository` resource failing if a previously un-imported key is used in tandem with `repo_gpgcheck = true`. Cookbook users should be responsible for ensuring that keys they refer to in their resources can be trusted, either by referring to keys at secure URLs, or by creating a local, trusted file using managed secrets, and referring directly to that. Therefore, add the `-y` flag to the `yum makecache` command, allowing repo metadata to be fetched without manual intervention.