Hi,
On an install of the RC of the forthcoming Debian 13, I just installed
fwupd. I now go to refresh its database and get:
$ sudo fwupdmgr refresh
Updating lvfs
Failed to download metadata for lvfs: network is unreachable: Host unreachable
I am not aware of any reason why this host would have limited network
connectivity.
There is one thing in the syslog which seems relevant (at the end):
2025-07-19T12:49:25.033904+00:00 pisang dbus-daemon[752]: [system] Activating
via systemd: service name='org.freedesktop.fwupd' unit='fwupd.service'
requested by ':1.1537' (uid=0 pid=1475723 comm="fwupdmgr refresh")
2025-07-19T12:49:25.041785+00:00 pisang systemd[1]: Starting
modprobe@sd_mod.service - Load Kernel Module sd_mod...
2025-07-19T12:49:25.067776+00:00 pisang systemd[1]: modprobe@sd_mod.service:
Deactivated successfully.
2025-07-19T12:49:25.068281+00:00 pisang systemd[1]: Finished
modprobe@sd_mod.service - Load Kernel Module sd_mod.
2025-07-19T12:49:25.080713+00:00 pisang systemd[1]: Starting fwupd.service -
Firmware update daemon...
2025-07-19T12:49:25.278265+00:00 pisang fwupd[1475735]: 12:49:25.278
FuPluginUefiCapsule skipping device that failed coldplug: ESRT GUID
'00000000-0000-0000-0000-000000000000' was not valid
2025-07-19T12:49:25.347381+00:00 pisang fwupd[1475735]: 12:49:25.347 FuEngine
failed to add device
/sys/devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8.3/1-8.3:1.0/host8/target8:0:0/8:0:0:0/block/sr0:
failed to subclass open: failed to open /dev/sr0: Operation not permitted
2025-07-19T12:49:25.349405+00:00 pisang fwupd[1475735]: 12:49:25.349 FuEngine
failed to add device
/sys/devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8.3/1-8.3:1.0/host8/target8:0:0/8:0:0:0/block/sr0:
failed to subclass open: failed to open /dev/sr0: Operation not permitted
2025-07-19T12:49:25.353111+00:00 pisang fwupd[1475735]: 12:49:25.353 FuEngine
failed to add device
/sys/devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8.3/1-8.3:1.0/host8/target8:0:0/8:0:0:0/block/sr0:
failed to subclass open: failed to open /dev/sr0: Operation not permitted
2025-07-19T12:49:25.492070+00:00 pisang fwupd[1475735]: 12:49:25.490 FuMain
fwupd 2.0.8 ready for requests (locale en_GB.UTF-8)
2025-07-19T12:49:25.495938+00:00 pisang dbus-daemon[752]: [system] Successfully
activated service 'org.freedesktop.fwupd'
2025-07-19T12:49:25.495977+00:00 pisang systemd[1]: Started fwupd.service -
Firmware update daemon.
2025-07-19T12:49:26.225653+00:00 pisang polkitd[1471658]: Unregistered
Authentication Agent for unix-process:1475723:65858054 (system bus name
:1.1536, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale
en_GB.UTF-8) (disconnected from bus)
I'm guessing that only the last line is relevant. The lines about
/dev/sr0 are I think just it looking for a UEFI ESP on a DVD drive which
isn't even present¹.
Maybe there is some problem with policykit and it's ending up as a "host
unreachable" somehow?
I tried to find out if it's actually trying to reach a network host. As
far as I can see it is able to request the URI of the firmware database:
$ cat /etc/fwupd/remotes.d/lvfs.conf
[fwupd Remote]
# this remote provides metadata and firmware marked as 'stable' from the LVFS
Enabled=true
Title=Linux Vendor Firmware Service
MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.zst
ReportURI=https://fwupd.org/lvfs/firmware/report
PrivacyURI=https://lvfs.readthedocs.io/en/latest/privacy.html
AutomaticReports=false
AutomaticSecurityReports=false
ApprovalRequired=false
$ HEAD https://cdn.fwupd.org/downloads/firmware.xml.zst
200 OK
Cache-Control: public, max-age=14400
Connection: close
Date: Sat, 19 Jul 2025 13:01:39 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 4125
Server: gunicorn
Content-Length: 1627469
Content-Type: application/zstd
Client-Date: Sat, 19 Jul 2025 13:01:39 GMT
Client-Peer: 151.101.62.49:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS
CA 2025 Q1
Client-SSL-Cert-Subject: /CN=cdn.fwupd.org
Client-SSL-Cipher: ECDHE-RSA-CHACHA20-POLY1305
Client-SSL-Socket-Class: IO::Socket::SSL
Client-SSL-Version: TLSv1_2
Content-Disposition: attachment; filename=firmware.xml.zst
X-Cache: HIT
X-Cache-Hits: 0
X-Served-By: cache-lcy-egml8630096-LCY
I tried to strace the actual fwupd process for network calls:
$ sudo strace -e trace=network -ff -p 1465184
but it doesn't actually do any apart from talking to the system's DBUS
daemon over a UNIX socket.
My best guess so far then is that it talks to DBUS to try to
authenticate with polkitd but this fails so it reports host unreachable.
But I'm not really sure of that and even if that's right, I don't know
what to try next.
Any ideas?
Note that this system is a server and doesn't have any desktop
environment installed, so it is possible that some part of polkitd
wasn't installed, though I would expect anything that's truly needed to
have been brought in by package dependencies.
Thanks,
Andy
¹ The firmware of the server added a network filesystem as a fake
USB optical disc for installation purposes.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
