balena-config-vars: customize for secure boot support

Specify defaults for both the encrypted and non-encrypted boot mount
points. On a non-secure boot system these will be set the same.

Change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>

meta-balena-common/recipes-support/balena-config-vars/balena-config-vars.bb

@@ -27,6 +27,7 @@ DEPENDS = "bash-native jq-native coreutils-native"
 RDEPENDS:${PN} = "bash udev coreutils fatrw"
 PACKAGES =+ "${PN}-config"
 RDEPENDS:${PN}-config = "jq"
+RDEPENDS:${PN}-config:append = "${@oe.utils.conditional('SIGN_API','','',' os-helpers-sb',d)}"
 RDEPENDS:${PN} += " ${PN}-config"
 
 do_patch[noexec] = "1"
@@ -45,6 +46,10 @@ do_install() {
     install -d ${D}${sbindir}
     install -m 0755 ${WORKDIR}/balena-config-vars ${D}${sbindir}/
     install -m 0755 ${WORKDIR}/balena-config-defaults ${D}${sbindir}/
+    sed -i -e 's:@@BALENA_NONENC_BOOT_MOUNT@@:${BALENA_NONENC_BOOT_MOUNT}:g' ${D}${sbindir}/balena-config-defaults
+    sed -i -e 's:@@BALENA_NONENC_BOOT_LABEL@@:${BALENA_NONENC_BOOT_LABEL}:g' ${D}${sbindir}/balena-config-defaults
+    sed -i -e 's:@@BALENA_BOOT_MOUNT@@:${BALENA_BOOT_MOUNT}:g' ${D}${sbindir}/balena-config-defaults
+    sed -i -e 's:@@BALENA_BOOT_LABEL@@:${BALENA_BOOT_LABEL}:g' ${D}${sbindir}/balena-config-defaults
     install -m 0755 ${WORKDIR}/os-networkmanager ${D}${sbindir}/
     install -m 0755 ${WORKDIR}/os-udevrules ${D}${sbindir}/
     install -m 0755 ${WORKDIR}/os-sshkeys ${D}${sbindir}/

meta-balena-common/recipes-support/balena-config-vars/balena-config-vars/balena-config-defaults

@@ -1,7 +1,20 @@
 #!/bin/sh
 
+# shellcheck disable=SC1091
+[ -f "/usr/libexec/os-helpers-sb" ] && . /usr/libexec/os-helpers-sb
+
 # Default values
-BALENA_BOOT_MOUNTPOINT="/mnt/boot"
+BALENA_BOOT_MOUNTPOINT="@@BALENA_BOOT_MOUNT@@"
+BALENA_BOOT_LABEL="@@BALENA_BOOT_LABEL@@"
+BALENA_NONENC_BOOT_MOUNTPOINT="${BALENA_BOOT_MOUNTPOINT}"
+BALENA_NONENC_BOOT_LABEL="${BALENA_BOOT_LABEL}"
+if type is_secured >/dev/null 2>&1; then
+    # LUKS only defined if sourced from flasher script
+    if is_secured || [ "${LUKS}" = "1" ]; then
+        BALENA_NONENC_BOOT_MOUNTPOINT="@@BALENA_NONENC_BOOT_MOUNT@@"
+        BALENA_NONENC_BOOT_LABEL="@@BALENA_NONENC_BOOT_LABEL@@"
+    fi
+fi
 # Do not use - left here for backwards compatibility - use BALENA_BOOT_MOUNTPOINT instead
 BOOT_MOUNTPOINT="${BALENA_BOOT_MOUNTPOINT}"
 FLASHER_FILEFLAG="$BALENA_BOOT_MOUNTPOINT/balena-image-flasher"