agama-project · imobachgs · Jan 21, 2026 · Jan 13, 2026 · Jan 12, 2026 · Jan 12, 2026
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
@@ -9,6 +9,7 @@ members = [
     "agama-locale-data",
     "agama-manager",
     "agama-network",
+    "agama-security",
     "agama-server",
     "agama-software",
     "agama-storage",

diff --git a/rust/agama-manager/Cargo.toml b/rust/agama-manager/Cargo.toml
@@ -10,6 +10,7 @@ agama-files = { path = "../agama-files" }
 agama-hostname = { path = "../agama-hostname" }
 agama-l10n = { path = "../agama-l10n" }
 agama-network = { path = "../agama-network" }
+agama-security = { path = "../agama-security" }
 agama-software = { path = "../agama-software" }
 agama-storage = { path = "../agama-storage" }
 agama-utils = { path = "../agama-utils" }

diff --git a/rust/agama-manager/src/lib.rs b/rust/agama-manager/src/lib.rs
@@ -30,6 +30,7 @@ pub use agama_files as files;
 pub use agama_hostname as hostname;
 pub use agama_l10n as l10n;
 pub use agama_network as network;
+pub use agama_security as security;
 pub use agama_software as software;
 pub use agama_storage as storage;
 pub use agama_users as users;

diff --git a/rust/agama-manager/src/service.rs b/rust/agama-manager/src/service.rs
@@ -19,7 +19,8 @@
 // find current contact information at www.suse.com.
 
 use crate::{
-    bootloader, files, hardware, hostname, l10n, message, network, software, storage, users,
+    bootloader, files, hardware, hostname, l10n, message, network, security, software, storage,
+    users,
 };
 use agama_utils::{
     actor::{self, Actor, Handler, MessageHandler},
@@ -57,6 +58,8 @@ pub enum Error {
     #[error(transparent)]
     L10n(#[from] l10n::service::Error),
     #[error(transparent)]
+    Security(#[from] security::service::Error),
+    #[error(transparent)]
     Software(#[from] software::service::Error),
     #[error(transparent)]
     Storage(#[from] storage::service::Error),
@@ -94,6 +97,7 @@ pub struct Starter {
     hostname: Option<Handler<hostname::Service>>,
     l10n: Option<Handler<l10n::Service>>,
     network: Option<NetworkSystemClient>,
+    security: Option<Handler<security::Service>>,
     software: Option<Handler<software::Service>>,
     storage: Option<Handler<storage::Service>>,
     files: Option<Handler<files::Service>>,
@@ -117,6 +121,7 @@ impl Starter {
             hostname: None,
             l10n: None,
             network: None,
+            security: None,
             software: None,
             storage: None,
             files: None,
@@ -140,6 +145,11 @@ impl Starter {
         self
     }
 
+    pub fn with_security(mut self, security: Handler<security::Service>) -> Self {
+        self.security = Some(security);
+        self
+    }
+
     pub fn with_software(mut self, software: Handler<software::Service>) -> Self {
         self.software = Some(software);
         self
@@ -217,6 +227,11 @@ impl Starter {
             }
         };
 
+        let security = match self.security {
+            Some(security) => security,
+            None => security::Service::starter(self.questions.clone()).start()?,
+        };
+
         let software = match self.software {
             Some(software) => software,
             None => {
@@ -225,6 +240,7 @@ impl Starter {
                     issues.clone(),
                     progress.clone(),
                     self.questions.clone(),
+                    security.clone(),
                 )
                 .start()
                 .await?
@@ -285,6 +301,7 @@ impl Starter {
             hostname,
             l10n,
             network,
+            security,
             software,
             storage,
             files,
@@ -306,6 +323,7 @@ pub struct Service {
     bootloader: Handler<bootloader::Service>,
     hostname: Handler<hostname::Service>,
     l10n: Handler<l10n::Service>,
+    security: Handler<security::Service>,
     software: Handler<software::Service>,
     network: NetworkSystemClient,
     storage: Handler<storage::Service>,
@@ -374,6 +392,10 @@ impl Service {
             return Err(Error::MissingProduct);
         };
 
+        self.security
+            .call(security::message::SetConfig::new(config.security.clone()))
+            .await?;
+
         self.hostname
             .call(hostname::message::SetConfig::new(config.hostname.clone()))
             .await?;
@@ -551,6 +573,7 @@ impl MessageHandler<message::GetExtendedConfig> for Service {
             .to_option();
         let hostname = self.hostname.call(hostname::message::GetConfig).await?;
         let l10n = self.l10n.call(l10n::message::GetConfig).await?;
+        let security = self.security.call(security::message::GetConfig).await?;
         let questions = self.questions.call(question::message::GetConfig).await?;
         let network = self.network.get_config().await?;
         let storage = self.storage.call(storage::message::GetConfig).await?;
@@ -570,6 +593,7 @@ impl MessageHandler<message::GetExtendedConfig> for Service {
             l10n: Some(l10n),
             questions,
             network: Some(network),
+            security: Some(security),
             software,
             storage,
             files: None,

diff --git a/rust/agama-manager/src/test_utils.rs b/rust/agama-manager/src/test_utils.rs
@@ -26,6 +26,7 @@ use agama_bootloader::test_utils::start_service as start_bootloader_service;
 use agama_hostname::test_utils::start_service as start_hostname_service;
 use agama_l10n::test_utils::start_service as start_l10n_service;
 use agama_network::test_utils::start_service as start_network_service;
+use agama_security::test_utils::start_service as start_security_service;
 use agama_software::test_utils::start_service as start_software_service;
 use agama_storage::test_utils::start_service as start_storage_service;
 use agama_utils::{actor::Handler, api::event, issue, progress, question};
@@ -38,6 +39,7 @@ pub async fn start_service(events: event::Sender, dbus: zbus::Connection) -> Han
     let issues = issue::Service::starter(events.clone()).start();
     let questions = question::start(events.clone()).await.unwrap();
     let progress = progress::Service::starter(events.clone()).start();
+    let security = start_security_service(questions.clone()).await;
 
     Service::starter(questions.clone(), events.clone(), dbus.clone())
         .with_hostname(start_hostname_service(events.clone(), issues.clone()).await)
@@ -53,6 +55,7 @@ pub async fn start_service(events: event::Sender, dbus: zbus::Connection) -> Han
         )
         .with_bootloader(start_bootloader_service(issues.clone(), dbus.clone()).await)
         .with_network(start_network_service(events.clone(), progress.clone()).await)
+        .with_security(security.clone())
         .with_software(start_software_service(events, issues, progress, questions).await)
         .with_hardware(hardware::Registry::new_from_file(
             fixtures.join("lshw.json"),

diff --git a/rust/agama-security/Cargo.toml b/rust/agama-security/Cargo.toml
@@ -0,0 +1,18 @@
+[package]
+name = "agama-security"
+version = "0.1.0"
+rust-version.workspace = true
+edition.workspace = true
+
+[dependencies]
+agama-utils = { path = "../agama-utils" }
+async-trait = "0.1.89"
+gettext-rs = { version = "0.7.1", features = ["gettext-system"] }
+openssl = "0.10.75"
+thiserror = "2.0.17"
+tracing = "0.1.44"
+
+[dev-dependencies]
+test-context = "0.4.1"
+tempfile = "3.10.1"
+tokio = { version = "1.47.1", features = ["macros"] }