Fixed initializing the GPG callbacks during registration

rust/agama-software/src/callbacks/security.rs

@@ -22,10 +22,12 @@ impl Security {
     }
 
     pub fn set_trusted_gpg_keys(&mut self, trusted_gpg_keys: Vec<RepoKey>) {
+        tracing::info!("Configured trusted GPG keys: {:?}", trusted_gpg_keys);
         self.trusted_gpg_keys = trusted_gpg_keys;
     }
 
     pub fn set_unsigned_repos(&mut self, unsigned_repos: Vec<String>) {
+        tracing::info!("Allowed unsigned repositories: {:?}", unsigned_repos);
         self.unsigned_repos = unsigned_repos;
     }
 }
@@ -110,7 +112,7 @@ impl security::Callback for Security {
             .with_data(&[
                 ("id", key_id.as_str()),
                 ("name", key_name.as_str()),
-                ("fingerprint", key_fingerprint.as_str()),
+                ("fingerprint", human_fingerprint.as_str()),
             ])
             .with_default_action("Skip");
         let result = ask_software_question(&self.questions, question);
@@ -119,6 +121,7 @@ impl security::Callback for Security {
             return security::GpgKeyTrust::Reject;
         };
 
+        tracing::info!("Received answer: {:?}", answer);
         answer
             .action
             .as_str()

rust/agama-software/src/model/registration.rs

@@ -35,6 +35,7 @@ use openssl::x509::X509;
 use suseconnect_agama::{self, ConnectParams, Credentials};
 use url::Url;
 
+use crate::callbacks;
 use crate::state::Addon;
 
 #[derive(thiserror::Error, Debug)]
@@ -91,12 +92,13 @@ impl Registration {
     pub fn register_addon(
         &mut self,
         zypp: &zypp_agama::Zypp,
+        security: &mut callbacks::Security,
         addon: &Addon,
     ) -> RegistrationResult<()> {
         // Use the product's version as default.
         let version = addon.version.clone().unwrap_or(self.version.clone());
         let code = addon.code.as_deref();
-        self.activate_product(zypp, &addon.id, &version, code)?;
+        self.activate_product(zypp, security, &addon.id, &version, code)?;
         self.addons.push(addon.clone());
         Ok(())
     }
@@ -114,6 +116,7 @@ impl Registration {
     fn activate_product(
         &mut self,
         zypp: &zypp_agama::Zypp,
+        security: &mut callbacks::Security,
         name: &str,
         version: &str,
         code: Option<&str>,
@@ -153,11 +156,8 @@ impl Registration {
         self.services.push(service.clone());
         zypp.refresh_service(&name)
             .map_err(|e| RegistrationError::RefreshService(name.clone(), e))?;
-        zypp.load_source(
-            zypp_agama::callbacks::empty_progress,
-            &mut zypp_agama::callbacks::security::EmptyCallback,
-        )
-        .map_err(|e| RegistrationError::RefreshService(name, e))?;
+        zypp.load_source(zypp_agama::callbacks::empty_progress, security)
+            .map_err(|e| RegistrationError::RefreshService(name, e))?;
 
         // skip for the first service (base product), the base product is selected differently
         if self.services.len() > 1 {
@@ -359,6 +359,7 @@ impl RegistrationBuilder {
     pub fn register(
         &self,
         zypp: &zypp_agama::Zypp,
+        security: &mut callbacks::Security,
         security_srv: &Handler<security::Service>,
     ) -> RegistrationResult<Registration> {
         let params = suseconnect_agama::ConnectParams {
@@ -401,7 +402,7 @@ impl RegistrationBuilder {
             config_files: vec![suseconnect_agama::GLOBAL_CREDENTIALS_FILE.into()],
         };
 
-        registration.activate_product(zypp, &self.product, &self.version, None)?;
+        registration.activate_product(zypp, security, &self.product, &self.version, None)?;
         Ok(registration)
     }
 }

rust/agama-software/src/zypp_server.rs

@@ -345,7 +345,13 @@ impl ZyppServer {
         // TODO: add information about the current registration state
         let old_state = self.read(zypp)?;
         if let Some(registration_config) = &state.registration {
-            self.update_registration(registration_config, zypp, &security_srv, &mut issues);
+            self.update_registration(
+                registration_config,
+                zypp,
+                security,
+                &security_srv,
+                &mut issues,
+            );
 
             if !issues.is_empty() {
                 return Self::send_issues_and_finish(issues, tx, progress);
@@ -903,25 +909,27 @@ impl ZyppServer {
         &mut self,
         state: &RegistrationState,
         zypp: &zypp_agama::Zypp,
+        security: &mut callbacks::Security,
         security_srv: &Handler<security::Service>,
         issues: &mut WriteIssues,
     ) {
         match &self.registration {
             RegistrationStatus::Failed(_) | RegistrationStatus::NotRegistered => {
-                self.register_base_system(state, zypp, security_srv, issues);
+                self.register_base_system(state, zypp, security, security_srv, issues);
             }
             RegistrationStatus::Registered(_) => {}
         };
 
         if !state.addons.is_empty() {
-            self.register_addons(&state.addons, zypp, issues);
+            self.register_addons(&state.addons, zypp, security, issues);
         }
     }
 
     fn register_base_system(
         &mut self,
         state: &RegistrationState,
         zypp: &zypp_agama::Zypp,
+        security: &mut callbacks::Security,
         security_srv: &Handler<security::Service>,
         issues: &mut WriteIssues,
     ) {
@@ -940,7 +948,7 @@ impl ZyppServer {
             registration = registration.with_url(url);
         }
 
-        match registration.register(zypp, security_srv) {
+        match registration.register(zypp, security, security_srv) {
             Ok(registration) => {
                 self.registration = RegistrationStatus::Registered(Box::new(registration));
             }
@@ -961,6 +969,7 @@ impl ZyppServer {
         &mut self,
         addons: &Vec<Addon>,
         zypp: &zypp_agama::Zypp,
+        security: &mut callbacks::Security,
         issues: &mut WriteIssues,
     ) {
         let RegistrationStatus::Registered(registration) = &mut self.registration else {
@@ -973,7 +982,7 @@ impl ZyppServer {
                 tracing::info!("Skipping already registered add-on {}", &addon.id);
                 continue;
             }
-            if let Err(error) = registration.register_addon(zypp, addon) {
+            if let Err(error) = registration.register_addon(zypp, security, addon) {
                 let message = format!("Failed to register the add-on {}", addon.id);
                 let issue_id = format!("addon_registration_failed[{}]", &addon.id);
                 let issue = Issue::new(&issue_id, &message).with_details(&error.to_string());

rust/agama-utils/src/question/service.rs

@@ -76,6 +76,7 @@ impl Service {
 
         self.config.as_ref().and_then(|config| {
             if let Some(Policy::Auto) = config.policy {
+                tracing::info!("Returning automatic answer: {:?}", &spec.default_action);
                 spec.default_action.clone().map(|action| Answer {
                     action,
                     value: None,

rust/package/agama.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Apr 17 15:34:33 UTC 2026 - Ladislav Slezák <lslezak@suse.com>
+
+- Properly initialize the GPG callbacks during registration so the
+  PackageHub GPG key can be imported from the autoinstallation
+  profile (bsc#1261351)
+
 -------------------------------------------------------------------
 Fri Apr 17 10:29:38 UTC 2026 - José Iván López González <jlopez@suse.com>
 

rust/zypp-agama/src/callbacks/security.rs

@@ -53,11 +53,13 @@ pub trait Callback {
     /// or permanently import the key.
     fn accept_key(
         &self,
-        _key_id: String,
-        _key_name: String,
-        _key_fingerprint: String,
-        _repository_alias: String,
+        key_id: String,
+        key_name: String,
+        key_fingerprint: String,
+        repository_alias: String,
     ) -> GpgKeyTrust {
+        tracing::info!("Default action: rejecting GPG key for repository {}: id='{}', name='{}', fingerprint='{}'",
+            repository_alias, key_id, key_name, key_fingerprint);
         GpgKeyTrust::Reject
     }
 

rust/zypp-agama/zypp-agama-sys/c-layer/callbacks.cxx

@@ -5,6 +5,7 @@
 #include <zypp/ZYppCallbacks.h>
 
 #include "callbacks.h"
+#include "internal/logging.hxx"
 
 // _1
 using namespace boost::placeholders;
@@ -342,18 +343,43 @@ struct KeyRingReport
   askUserToAcceptKey(const zypp::PublicKey &key,
                      const zypp::KeyContext &context) override {
     if (callbacks == NULL || callbacks->accept_key == NULL) {
+      LOG(LOG_DEBUG, "Callback askUserToAcceptKey is not set, using defaults");
       return zypp::KeyRingReport::askUserToAcceptKey(key, context);
     }
     enum GPGKeyTrust response = callbacks->accept_key(
         key.id().c_str(), key.name().c_str(), key.fingerprint().c_str(),
         context.repoInfo().alias().c_str(), callbacks->accept_key_data);
 
+    std::string message = "Callback askUserToAcceptKey(id: ";
+    message.append(key.id());
+    message.append(", name: \"");
+    message.append(key.name());
+    message.append("\", fingerprint: ");
+    message.append(key.fingerprint());
+    message.append(", repository: ");
+    message.append(context.repoInfo().alias());
+    message.append(") result: ");
+    switch (response) {
+    case GPGKT_REJECT:
+      message.append("REJECT");
+      break;
+    case GPGKT_TEMPORARY:
+      message.append("TEMPORARY");
+      break;
+    case GPGKT_IMPORT:
+      message.append("IMPORT");
+      break;
+    }
+    LOG(LOG_DEBUG, message.c_str());
+
     return into_trust(response);
   }
 
   bool askUserToAcceptUnsignedFile(const std::string &file,
                                    const zypp::KeyContext &context) override {
     if (callbacks == NULL || callbacks->unsigned_file == NULL) {
+      LOG(LOG_DEBUG,
+          "Callback askUserToAcceptUnsignedFile is not set, using defaults");
       return zypp::KeyRingReport::askUserToAcceptUnsignedFile(file, context);
     }
     return callbacks->unsigned_file(file.c_str(),
@@ -364,6 +390,8 @@ struct KeyRingReport
   bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id,
                                  const zypp::KeyContext &context) override {
     if (callbacks == NULL || callbacks->unknown_key == NULL) {
+      LOG(LOG_DEBUG,
+          "Callback askUserToAcceptUnknownKey is not set, using defaults");
       return zypp::KeyRingReport::askUserToAcceptUnknownKey(file, id, context);
     }
     return callbacks->unknown_key(file.c_str(), id.c_str(),
@@ -376,6 +404,8 @@ struct KeyRingReport
                                     const zypp::PublicKey &key,
                                     const zypp::KeyContext &context) override {
     if (callbacks == NULL || callbacks->verification_failed == NULL) {
+      LOG(LOG_DEBUG, "Callback askUserToAcceptVerificationFailed is not set, "
+                     "using defaults");
       return zypp::KeyRingReport::askUserToAcceptVerificationFailed(file, key,
                                                                     context);
     }

rust/zypp-agama/zypp-agama-sys/c-layer/internal/logging.hxx

@@ -0,0 +1,18 @@
+#ifndef C_LOGGING_HXX_
+#define C_LOGGING_HXX_
+
+#include <string>
+
+#include <systemd/sd-journal.h>
+
+// helper macro for logging messages to systemd journal
+#define LOG(level, message)                                                    \
+  do {                                                                         \
+    std::string line("CODE_LINE=");                                            \
+    line.append(std::to_string(__LINE__));                                     \
+    sd_journal_send_with_location(                                             \
+        "CODE_FILE=" __FILE__, line.c_str(), __func__, "PRIORITY=%i", (level), \
+        "MESSAGE=%s", (message), "COMPONENT=zypp-agama-sys", NULL);            \
+  } while (0)
+
+#endif