From 1624af0cc780b147128a65468a74b294503d190d Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Mon, 6 Mar 2023 13:29:15 +0100
Subject: [PATCH] image: pin aws uefivars version and install new deps (#1345)

---
 .github/workflows/build-os-image.yml     | 3 ++-
 image/secure-boot/aws/create_uefivars.sh | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
index e82092ac4..c70b398f6 100644
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@@ -397,7 +397,8 @@ jobs:
           sudo apt-get install -y \
             pigz \
             qemu-utils \
-            python3-crc32c
+            python3-pip
+          pip install google_crc32c
           echo "::endgroup::"
 
       - name: Login to AWS
diff --git a/image/secure-boot/aws/create_uefivars.sh b/image/secure-boot/aws/create_uefivars.sh
index 982ec15bc..8e4df51e7 100755
--- a/image/secure-boot/aws/create_uefivars.sh
+++ b/image/secure-boot/aws/create_uefivars.sh
@@ -4,7 +4,8 @@ set -euo pipefail
 shopt -s inherit_errexit
 
 TMPDIR=$(mktemp -d /tmp/uefivars-XXXXXXXXXXXXXX)
-git clone https://github.com/awslabs/python-uefivars "${TMPDIR}"
+git clone --branch v1.0.0 https://github.com/awslabs/python-uefivars "${TMPDIR}"
+cd "${TMPDIR}" && git reset 9679002a4392d8e7831d2dbda3fab41ccc5c6b8c --hard
 
 "${TMPDIR}/uefivars.py" -i none -o aws -O "$1" -P "${PKI}"/PK.esl -K "${PKI}"/KEK.esl --db "${PKI}"/db.esl