trivial: Allow running on an older systemd

Build the path list dynamically based on enabled plugins and use options that are compatible with older systemd when appropriate
2025-08-13 21:35:02 +00:00 · 2018-07-09 17:09:41 -05:00 · 2018-07-09 17:09:41 -05:00 · 10a4824cb0
commit 10a4824cb0
parent fd65ddda8a
3 changed files with 40 additions and 27 deletions
--- a/data/fwupd.service.in
+++ b/data/fwupd.service.in
@ -8,13 +8,9 @@ Before=gdm.service
 Type=dbus
 BusName=org.freedesktop.fwupd
 ExecStart=@libexecdir@/fwupd/fwupd
-MemoryDenyWriteExecute=yes
 PrivateTmp=yes
-ProtectControlGroups=yes
 ProtectHome=yes
-ProtectKernelModules=yes
 ProtectSystem=full
 RestrictAddressFamilies=AF_NETLINK AF_UNIX
-RestrictRealtime=yes
-ReadWritePaths=@localstatedir@/lib/fwupd @sysconfdir@/fwupd/remotes.d -/boot/efi -/boot -/efi
 SystemCallFilter=~@mount
+@dynamic_options@
--- a/data/meson.build
+++ b/data/meson.build
@ -30,25 +30,44 @@ if get_option('daemon')
  )
 endif

-con2 = configuration_data()
-con2.set('libexecdir', libexecdir)
-con2.set('bindir', bindir)
-con2.set('localstatedir', localstatedir)
-con2.set('datadir', datadir)
-con2.set('sysconfdir', default_sysconfdir)
-
-# replace @libexecdir@
-configure_file(
-  input : 'org.freedesktop.fwupd.service.in',
-  output : 'org.freedesktop.fwupd.service',
-  configuration : con2,
-  install: true,
-  install_dir: join_paths(datadir,
-                          'dbus-1',
-                          'system-services'),
-)
-
 if get_option('systemd')
+  con2 = configuration_data()
+  con2.set('libexecdir', libexecdir)
+  con2.set('bindir', bindir)
+  con2.set('datadir', datadir)
+
+  rw_directories = []
+  rw_directories += join_paths (localstatedir, 'lib', 'fwupd')
+  rw_directories += join_paths (default_sysconfdir, 'fwupd', 'remotes.d')
+  if get_option('plugin_uefi')
+    rw_directories += ['-/boot/efi', '-/boot', '-/efi']
+  endif
+
+  dynamic_options = []
+  if systemd.version().version_compare('>= 232')
+    dynamic_options += 'ProtectControlGroups=yes'
+    dynamic_options += 'ProtectKernelModules=yes'
+  endif
+  if systemd.version().version_compare('>= 231')
+    dynamic_options += 'RestrictRealtime=yes'
+    dynamic_options += 'MemoryDenyWriteExecute=yes'
+    dynamic_options += ['ReadWritePaths=' + ' '.join(rw_directories)]
+  else
+    dynamic_options += ['ReadWriteDirectories=' + ' '.join(rw_directories)]
+  endif
+  con2.set('dynamic_options', '\n'.join(dynamic_options))
+
+  # replace @libexecdir@
+  configure_file(
+    input : 'org.freedesktop.fwupd.service.in',
+    output : 'org.freedesktop.fwupd.service',
+    configuration : con2,
+    install: true,
+    install_dir: join_paths(datadir,
+                            'dbus-1',
+                            'system-services'),
+  )
+
  # replace @bindir@
  configure_file(
    input : 'fwupd-offline-update.service.in',
@ -57,10 +76,8 @@ if get_option('systemd')
    install: true,
    install_dir: systemdunitdir,
  )
-endif

-if get_option('systemd')
-  # replace @localstatedir@, @sysconfdir@
+  # replace @dynamic_options@
  configure_file(
    input : 'fwupd.service.in',
    output : 'fwupd.service',
--- a/meson.build
+++ b/meson.build
@ -266,7 +266,7 @@ if get_option('plugin_thunderbolt')
 endif

 if get_option('systemd')
-  systemd = dependency('systemd', version : '>= 231')
+  systemd = dependency('systemd', version : '>= 211')
  conf.set('HAVE_SYSTEMD' , '1')
 endif