diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fbff945..76090f3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -44,26 +44,15 @@ jobs:
             podman build -t build --build-arg base="$(cat .container)" .
             podman run --rm -e GH_TOKEN build /fetch_releases > package-releases
           fi
-      - name: download amd64 packages
+      - name: download packages
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           container="$(cat .container)"
-          podman pull --arch amd64 "$container"
+          podman pull "$container"
           podman build -t build --build-arg base="$container" .
           mkdir repo
           podman run --rm -v "$PWD/repo:/repo" -v "$PWD/package-releases:/package-releases" -v "$PWD/package-imports:/package-imports" -v "$PWD/package-exclude:/package-exclude" -e GH_TOKEN build /download_pkgs /repo /package-releases /package-imports /package-exclude
-      - name: download arm64 packages
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          container="$(cat .container)"
-          podman pull --arch arm64 "$container"
-          podman build -t build --build-arg base="$container" .
-          mkdir repo_arm64
-          podman run --rm -v "$PWD/repo_arm64:/repo" -v "$PWD/package-releases:/package-releases" -v "$PWD/package-imports:/package-imports" -v "$PWD/package-exclude:/package-exclude" -e GH_TOKEN build /download_pkgs /repo /package-releases /package-imports /package-exclude
-          cp -r --no-clobber repo_arm64/. repo/.
-          rm -rf repo_arm64
       - name: build kms signing container
         run: |
           podman build -t kms kms
diff --git a/Containerfile b/Containerfile
index 94b8351..24d4f90 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,4 +1,5 @@
 ARG base
 FROM $base
 RUN DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y aptitude ca-certificates dpkg-dev gh jq
+RUN dpkg --add-architecture amd64 && dpkg --add-architecture arm64 && apt-get update
 COPY fetch_releases download_pkgs create_dist /
diff --git a/download_pkgs b/download_pkgs
index d2bd37e..36e6546 100755
--- a/download_pkgs
+++ b/download_pkgs
@@ -11,8 +11,6 @@ dir="$(mktemp -d)"
 trap 'cd / && rm -rf "$dir"' EXIT
 cd "$dir"
 
-arch="$(dpkg --print-architecture)"
-
 mkdir download
 while read -r repo tag; do
 	gh release download --dir download --repo "$repo" "$tag"
@@ -33,10 +31,10 @@ done < "$releases"
 
 truncate -s 0 pkgs depends
 
-find download -name "*_all.deb" -or -name "*_$arch.deb" | sort | while read -r pkg; do
+find download -name "*.deb" | sort | while read -r pkg; do
 	control="$(dpkg-deb -I "$pkg" control)"
-	awk -F ': ' '$1 == "Package" { print $2 }' <<< "$control" >> pkgs
-	awk -F ': ' '$1 == "Depends" || $1 == "Pre-Depends" { print $2 }' <<< "$control" | tr ',' '\n' | awk '{ print $1 }' >> depends
+	awk -F ': ' '$1 == "Package" { print $2 }' <<< "$control" | awk '{ print $1; print $1 ":amd64"; print $1 ":arm64" }' >> pkgs
+	awk -F ': ' '$1 == "Depends" || $1 == "Pre-Depends" { print $2 }' <<< "$control" | tr ',' '\n' | awk '{ print $1; print $1 ":amd64"; print $1 ":arm64" }' >> depends
 
 	hash="$(sha256sum < "$pkg" | head -c 64)"
 	mkdir -p "$target/pool/$hash"
@@ -55,15 +53,20 @@ done
 rm -rf download
 sort -o pkgs -u pkgs
 
-sed 's/^#'"$(dpkg --print-architecture)"' //;/^#/d' < "$import_list" > arch_import_list
-cat arch_import_list >> depends
+awk '{ print $1; print $1 ":amd64"; print $1 ":arm64" }' < "$import_list" >> depends
 aptitude search '?priority(required)|?priority(important)' -F '%p' -q | cut -d : -f 1 >> depends
 
 sort -o depends -u depends
-join -v 1 depends pkgs > needed
+comm -23 depends pkgs > needed
+
+xargs apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances < needed | grep '^\w' | sort | uniq > recursive_depends
+
+# double evaluation needed to work around broken dependency definitions in Debian lacking proper :any specifiers in _all packages
+awk '{ print $1; print $1 ":amd64"; print $1 ":arm64" }' < recursive_depends > recursive_depends_extended
+xargs apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances < recursive_depends_extended | grep '^\w' | sort | uniq > recursive_depends_real
 
-xargs apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances < needed | grep '^\w' | cut -d : -f 1 | sort | uniq > recursive_depends
-join -v 1 <(cat arch_import_list recursive_depends | sort | uniq) pkgs | { grep -v -x -f "$exclude_patterns" || true; } > recursive_needed
+sed 's/$/:.*/' < "$exclude_patterns" > exclude_extended
+comm -23 recursive_depends_real pkgs | { grep -v -x -f exclude_extended || true; } > recursive_needed
 
 mkdir apt_download
 (cd apt_download && xargs apt-get download) < recursive_needed
diff --git a/package-imports b/package-imports
index 1ace316..aca6306 100644
--- a/package-imports
+++ b/package-imports
@@ -142,8 +142,8 @@ sssd
 strace
 sudo
 swtpm
-#amd64 syslinux
-#amd64 syslinux-common
+syslinux
+syslinux-common
 sysstat
 systemd-cron
 tcpd