The package does not follow the PKGBUILD man page and recommended guidelines.
You are supposed to use an arch=('any')
if the pacakge contains no architecture specific files. This is not true here because it contains binaries for either x86_64 or aarch64.
You can make a proper multi-arch PKGBUILD i.e. that builds either a x86_64 package or an aarch64 one with this patch applied:
--- PKGBUILD 2024-03-21 19:19:03.227604132 +0100
+++ PKGBUILD.new 2024-03-21 19:17:58.894824873 +0100
@@ -3,34 +3,33 @@
pkgname='shim-signed'
pkgver='15.8+ubuntu+1.57'
pkgrel='1'
-pkgdesc='Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments (prebuilt x64 and AA64 binaries from Ubuntu)'
+pkgdesc='Secure Boot chain-loading bootloader (Microsoft-signed binary from Ubuntu)'
url='https://packages.ubuntu.com/noble/shim-signed'
-arch=('any')
+arch=('x86_64' 'aarch64')
license=('BSD-2-Clause')
options=('!strip' '!debug')
install="${pkgname}.install"
-source=("http://archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_${pkgver##*+ubuntu+}+${pkgver%%+ubuntu*}-0ubuntu1_amd64.deb"
- "http://ports.ubuntu.com/pool/main/s/shim-signed/shim-signed_${pkgver##*+ubuntu+}+${pkgver%%+ubuntu*}-0ubuntu1_arm64.deb")
-noextract=("shim-signed_${pkgver##*+ubuntu+}+${pkgver%%+ubuntu*}-0ubuntu1_arm64.deb")
-sha256sums=('532a97f7376ac8e5d7bedb8b2d4283769251266d19a78e3e12ec44f53a1dab6a'
- '5f942542c21c41ffa14d22b890a6f51ccbfa0b3231f8a475265f90cb6e1cb924')
-sha512sums=('de1c60b442d7484aa210c308ca422fe0d93439b50aeba192d2bbec7ec4d92779355d6ca838bb3d221fad8c4ea343dae37c13606200daf6f8f1436b120a4e9690'
- 'ed0c856460c5a2aef8d9c4214ee9f2ba0c4926c4efec8add7171c0adada68f6c87f43461d67f8ca8747e9eaa037b2b90810d8daebecbc1c3a67bea34f781ea3e')
+source_x86_64=("http://archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_${pkgver##*+ubuntu+}+${pkgver%%+ubuntu*}-0ubuntu1_amd64.deb")
+source_aarch64=("http://ports.ubuntu.com/pool/main/s/shim-signed/shim-signed_${pkgver##*+ubuntu+}+${pkgver%%+ubuntu*}-0ubuntu1_arm64.deb")
+sha256sums_x86_64=('532a97f7376ac8e5d7bedb8b2d4283769251266d19a78e3e12ec44f53a1dab6a')
+sha256sums_aarch64=('5f942542c21c41ffa14d22b890a6f51ccbfa0b3231f8a475265f90cb6e1cb924')
+sha512sums_x86_64=('de1c60b442d7484aa210c308ca422fe0d93439b50aeba192d2bbec7ec4d92779355d6ca838bb3d221fad8c4ea343dae37c13606200daf6f8f1436b120a4e9690')
+sha512sums_aarch64=('ed0c856460c5a2aef8d9c4214ee9f2ba0c4926c4efec8add7171c0adada68f6c87f43461d67f8ca8747e9eaa037b2b90810d8daebecbc1c3a67bea34f781ea3e')
prepare() {
local debfile
cd "$srcdir"
bsdtar -xf data.tar.xz
- for debfile in ${noextract[@]}; do
- bsdtar -xOf "$debfile" data.tar.xz | bsdtar -x usr/lib/shim/
- done
}
-
package() {
- install -Dm0644 "${srcdir}/usr/lib/shim/shimx64.efi.signed.latest" "${pkgdir}/usr/share/${pkgname}/shimx64.efi"
- install -Dm0644 "${srcdir}/usr/lib/shim/shimaa64.efi.signed.latest" "${pkgdir}/usr/share/${pkgname}/shimaa64.efi"
- install -Dm0644 "${srcdir}/usr/lib/shim/"{mm,fb}{x64,aa64}".efi" "${pkgdir}/usr/share/${pkgname}/"
+ if [ $CARCH == "x86_64" ] ;then
+ install -Dm0644 "${srcdir}/usr/lib/shim/shimx64.efi.signed.latest" "${pkgdir}/usr/share/${pkgname}/shimx64.efi"
+ install -Dm0644 "${srcdir}/usr/lib/shim/"{mm,fb}x64".efi" "${pkgdir}/usr/share/${pkgname}/"
+ elif [ "$CARCH" == "aarch64" ] ;then
+ install -Dm0644 "${srcdir}/usr/lib/shim/shimaa64.efi.signed.latest" "${pkgdir}/usr/share/${pkgname}/shimaa64.efi"
+ install -Dm0644 "${srcdir}/usr/lib/shim/"{mm,fb}aa64".efi" "${pkgdir}/usr/share/${pkgname}/"
+ fi
install -Dm0644 "${srcdir}/usr/share/doc/shim-signed/copyright" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
The pkgdesc is also quite long and could be shorter than 100 characters.
Pinned Comments
nl6720 commented on 2021-05-28 11:19 (UTC)
shim 15.4 requires SBAT. It will not launch EFI binaries without a
.sbat
section.nl6720 commented on 2016-12-07 13:17 (UTC) (edited on 2023-12-15 09:27 (UTC) by nl6720)
shimx64.efi
is signed with Microsoft key, they also have a hardcoded Ubuntu key inside. MokManager (mmx64.efi
) is signed with Ubuntu's key.shimx64.efi
can launch any EFI binary signed with Microsoft keys.More information is available on the wiki: Secure Boot#shim.
fbx64.efi
scan the ESP for CSV files with bootloader information and adds boot entries to the NVRAM. Read README.fallback.