Search Criteria
Package Details: sbupdate-git 0.r113.4e6d106-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/sbupdate-git.git (read-only, click to copy) |
---|---|
Package Base: | sbupdate-git |
Description: | Generate and sign kernel images for UEFI Secure Boot |
Upstream URL: | https://github.com/andreyv/sbupdate |
Keywords: | boot uefi |
Licenses: | GPL3 |
Conflicts: | sbupdate |
Provides: | sbupdate |
Submitter: | andreyv |
Maintainer: | andreyv |
Last Packager: | andreyv |
Votes: | 35 |
Popularity: | 1.21 |
First Submitted: | 2016-08-19 10:22 (UTC) |
Last Updated: | 2021-03-19 17:20 (UTC) |
Latest Comments
andreyv commented on 2022-04-05 18:46 (UTC)
@traysh sbupdate does not sign extra files in hook mode (see README for details), so renaming the hook will not help. I intend to add specific support for
systemd-boot-update.service
later, but for now you cansystemctl edit systemd-boot-update.service
and add a manual sign command.traysh commented on 2022-04-05 17:55 (UTC) (edited on 2022-04-05 17:58 (UTC) by traysh)
Hello!
I use systemd-boot with Secure Boot, so I installed the aur package
systemd-boot-pacman-hook
, as sugested in the wiki.It installs
/usr/share/libalpm/hooks/95-systemd-boot.hook
, which runs/usr/bin/systemctl restart systemd-boot-update.service
whenever systemd is updated.But that is incompatible with this package due to a small detail:
95-systemd-boot.hook
is sorted after95-sbupdate.hook
, so the new systemd binary on the EFI partition will be installed aftersbupdate
is run, thus will not be signed. And that will my system unable to Secure Boot until I manually runsbupdate
.Would you consider renaming
95-sbupdate.hook
to96-sbupdate.hook
, which would eliminate this problem? Pretty please?Thank you
ranixon commented on 2021-06-25 14:38 (UTC)
Thanks @petercxy, now is installed.
petercxy commented on 2021-06-25 08:50 (UTC)
The GPG key F6532C30466E8B3E seems to be unavailable for now due to issues with the MIT keyserver (?).
As a temporary workaround, the key is available via GitHub at https://github.com/andreyv.gpg, so something like
would allow the signature checks to pass.
@ranixon
ranixon commented on 2021-06-24 18:46 (UTC) (edited on 2021-06-24 18:53 (UTC) by ranixon)
I tried to install it using makepkg -si and i got this error
andreyv commented on 2021-03-19 17:24 (UTC)
I think trusting GitHub's key would be no better than fetching the GitHub source with HTTPS.
So I added just the main key — thanks.
VannTen commented on 2021-03-15 08:44 (UTC) (edited on 2021-03-15 08:45 (UTC) by VannTen)
with the validpgpkeys part yes (it constrains which keys are allowed to validate the commits)
However Github sign the merges done on github.com with :
So adding your key and this one to validpgpkeys should to the trick.
andreyv commented on 2021-03-14 17:56 (UTC)
Thanks.
Sometimes there are also commits from other people. Merging on GitHub won't sign them with the needed key. Would makepkg abort in such case?
VannTen commented on 2021-03-02 20:36 (UTC)
I noticed that you sign your commits. So could you maybe use
in the PKGBUILD ?
andreyv commented on 2019-12-01 09:56 (UTC)
Fixed.
bbaserdem commented on 2019-11-12 18:33 (UTC)
There is no official release version, but usually git packages should conflict and provide the base form, so that they are interchangeable with stable release packages in the future.
andreyv commented on 2019-11-10 09:55 (UTC) (edited on 2019-11-10 09:55 (UTC) by andreyv)
Configuration changes in version 0.r98.be9c5ea:
INITRD
variable no longer accepts multiple initramfs files. Use the newCONFIGS
variable instead.andreyv commented on 2019-05-25 18:25 (UTC) (edited on 2019-05-25 18:56 (UTC) by andreyv)
Configuration changes in version 0.r84.aa95459:
/etc/sbupdate.conf
/etc/efi-keys
KEYFILE
andCRTFILE
options are removed. The script now handles lowercase and uppercase variants automatically.wincraft71 commented on 2018-02-01 13:42 (UTC)
@andreyv
That is awesome, thank you. It worked with the new options
andreyv commented on 2018-01-24 21:47 (UTC)
@wincraft71 Should work now, see new configuration options.
andreyv commented on 2018-01-22 06:52 (UTC)
@wincraft71 There is a pull request for that, I'll get to it soon. Now the script follows Rodsbooks' convention.
wincraft71 commented on 2018-01-22 06:27 (UTC)
The script should be changed to look for "db." files in the KEY_DIR /boot/efikeys instead of "DB." files for compatibility with cryptboot (https://aur.archlinux.org/packages/cryptboot/).