Hi,
On an install of the RC of the forthcoming Debian 13, I just installed
fwupd. I now go to refresh its database and get:
$ sudo fwupdmgr refresh
Updating lvfs
Failed to download metadata for lvfs: network is unreachable: Host unreachable
I am not aware of any reason why this host would have limited network connectivity.
There is one thing in the syslog which seems relevant (at the end):
2025-07-19T12:49:25.033904+00:00 pisang dbus-daemon[752]: [system] Activating via systemd: service name='org.freedesktop.fwupd' unit='fwupd.service' requested by ':1.1537' (uid=0 pid=1475723 comm="fwupdmgr refresh")
2025-07-19T12:49:25.041785+00:00 pisang systemd[1]: Starting
modprobe@sd_mod.service - Load Kernel Module sd_mod...
2025-07-19T12:49:25.067776+00:00 pisang systemd[1]:
modprobe@sd_mod.service: Deactivated successfully.
2025-07-19T12:49:25.068281+00:00 pisang systemd[1]: Finished
modprobe@sd_mod.service - Load Kernel Module sd_mod.
2025-07-19T12:49:25.080713+00:00 pisang systemd[1]: Starting fwupd.service - Firmware update daemon...
2025-07-19T12:49:25.278265+00:00 pisang fwupd[1475735]: 12:49:25.278 FuPluginUefiCapsule skipping device that failed coldplug: ESRT GUID '00000000-0000-0000-0000-000000000000' was not valid
2025-07-19T12:49:25.347381+00:00 pisang fwupd[1475735]: 12:49:25.347 FuEngine failed to add device /sys/devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8.3/1-8.3:1.0/host8/target8:0:0/8:0:0:0/block/sr0: failed to subclass open: failed to open /dev/
sr0: Operation not permitted
2025-07-19T12:49:25.349405+00:00 pisang fwupd[1475735]: 12:49:25.349 FuEngine failed to add device /sys/devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8.3/1-8.3:1.0/host8/target8:0:0/8:0:0:0/block/sr0: failed to subclass open: failed to open /dev/
sr0: Operation not permitted
2025-07-19T12:49:25.353111+00:00 pisang fwupd[1475735]: 12:49:25.353 FuEngine failed to add device /sys/devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8.3/1-8.3:1.0/host8/target8:0:0/8:0:0:0/block/sr0: failed to subclass open: failed to open /dev/
sr0: Operation not permitted
2025-07-19T12:49:25.492070+00:00 pisang fwupd[1475735]: 12:49:25.490 FuMain fwupd 2.0.8 ready for requests (locale en_GB.UTF-8)
2025-07-19T12:49:25.495938+00:00 pisang dbus-daemon[752]: [system] Successfully activated service 'org.freedesktop.fwupd'
2025-07-19T12:49:25.495977+00:00 pisang systemd[1]: Started fwupd.service - Firmware update daemon.
2025-07-19T12:49:26.225653+00:00 pisang polkitd[1471658]: Unregistered Authentication Agent for unix-process:1475723:65858054 (system bus name :1.1536, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8) (disconnected from
bus)
I'm guessing that only the last line is relevant. The lines about
/dev/sr0 are I think just it looking for a UEFI ESP on a DVD drive which
isn't even present¹.
Maybe there is some problem with policykit and it's ending up as a "host unreachable" somehow?
I tried to find out if it's actually trying to reach a network host. As
far as I can see it is able to request the URI of the firmware database:
$ cat /etc/fwupd/remotes.d/lvfs.conf
[fwupd Remote]
# this remote provides metadata and firmware marked as 'stable' from the LVFS Enabled=true
Title=Linux Vendor Firmware Service MetadataURI=
https://cdn.fwupd.org/downloads/firmware.xml.zst ReportURI=
https://fwupd.org/lvfs/firmware/report PrivacyURI=
https://lvfs.readthedocs.io/en/latest/privacy.html AutomaticReports=false
AutomaticSecurityReports=false
ApprovalRequired=false
$ HEAD
https://cdn.fwupd.org/downloads/firmware.xml.zst
200 OK
Cache-Control: public, max-age=14400
Connection: close
Date: Sat, 19 Jul 2025 13:01:39 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 4125
Server: gunicorn
Content-Length: 1627469
Content-Type: application/zstd
Client-Date: Sat, 19 Jul 2025 13:01:39 GMT
Client-Peer: 151.101.62.49:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
Client-SSL-Cert-Subject: /CN=cdn.fwupd.org
Client-SSL-Cipher: ECDHE-RSA-CHACHA20-POLY1305
Client-SSL-Socket-Class: IO::Socket::SSL
Client-SSL-Version: TLSv1_2
Content-Disposition: attachment; filename=firmware.xml.zst
X-Cache: HIT
X-Cache-Hits: 0
X-Served-By: cache-lcy-egml8630096-LCY
I tried to strace the actual fwupd process for network calls:
$ sudo strace -e trace=network -ff -p 1465184
but it doesn't actually do any apart from talking to the system's DBUS
daemon over a UNIX socket.
My best guess so far then is that it talks to DBUS to try to
authenticate with polkitd but this fails so it reports host unreachable.
But I'm not really sure of that and even if that's right, I don't know
what to try next.
Any ideas?
Note that this system is a server and doesn't have any desktop
environment installed, so it is possible that some part of polkitd
wasn't installed, though I would expect anything that's truly needed to
have been brought in by package dependencies.
Thanks,
Andy
¹ The firmware of the server added a network filesystem as a fake
USB optical disc for installation purposes.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)