agama-project · lslezak · Feb 2, 2026 · Feb 2, 2026
diff --git a/rust/agama-users/src/model.rs b/rust/agama-users/src/model.rs
@@ -186,40 +186,27 @@ impl Model {
         let firewall_cmd = self
             .chroot_command()
             .args(["firewall-offline-cmd", "--add-service=ssh"])
-            .output();
-
-        match firewall_cmd {
-            Ok(output) => {
-                if !output.status.success() {
-                    tracing::error!(
-                        "Opening SSH port in firewall failed: exit: {}, stderr: {}",
-                        output.status,
-                        String::from_utf8_lossy(&output.stderr)
-                    );
-
-                    return Err(service::Error::CommandFailed(String::from(
-                        "Cannot open SSH port in firewall",
-                    )));
-                } else {
-                    tracing::info!("The SSH port has been successfully opened in the firewall");
-                }
-            }
-
-            Err(e) => {
-                // ignore the error and just log a warning if the firewall is not installed,
-                // in that case we do need to open the port
-                if e.kind() == std::io::ErrorKind::NotFound {
-                    tracing::warn!(
-                        "Command firewall-offline-cmd not found, firewall not installed?"
-                    );
-                } else {
-                    tracing::error!("Running firewall-offline-cmd failed: {}", e);
-
-                    return Err(service::Error::CommandFailed(String::from(
-                        "Cannot open SSH port in the firewall",
-                    )));
-                }
-            }
+            .output()?;
+
+        // ignore error if the firewall is not installed, in that case we do need to open the port,
+        // chroot returns exit status 127 if the command is not found
+        if firewall_cmd.status.code() == Some(127) {
+            tracing::warn!("Command firewall-offline-cmd not found, firewall not installed?");
+            return Ok(());
+        }
+
+        if firewall_cmd.status.success() {
+            tracing::info!("The SSH port has been successfully opened in the firewall");
+        } else {
+            tracing::error!(
+                "Opening SSH port in firewall failed: exit: {}, stderr: {}",
+                firewall_cmd.status,
+                String::from_utf8_lossy(&firewall_cmd.stderr)
+            );
+
+            return Err(service::Error::CommandFailed(String::from(
+                "Cannot open SSH port in firewall",
+            )));
         }
 
         Ok(())

diff --git a/rust/package/agama.changes b/rust/package/agama.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Feb  2 11:56:24 UTC 2026 - Ladislav Slezák <lslezak@suse.com>
+
+- Fixed opening the SSH firewall port when the firewall is not
+  installed because of the set "onlyRequires" flag in the software
+  configuration (bsc#1257212)
+
 -------------------------------------------------------------------
 Mon Feb  2 08:13:10 UTC 2026 - Josef Reidinger <jreidinger@suse.com>