trivial: Allow running on an older systemd

Build the path list dynamically based on enabled plugins and use options
that are compatible with older systemd when appropriate

data/fwupd.service.in

@@ -8,13 +8,9 @@ Before=gdm.service
 Type=dbus
 BusName=org.freedesktop.fwupd
 ExecStart=@libexecdir@/fwupd/fwupd
-MemoryDenyWriteExecute=yes
 PrivateTmp=yes
-ProtectControlGroups=yes
 ProtectHome=yes
-ProtectKernelModules=yes
 ProtectSystem=full
 RestrictAddressFamilies=AF_NETLINK AF_UNIX
-RestrictRealtime=yes
-ReadWritePaths=@localstatedir@/lib/fwupd @sysconfdir@/fwupd/remotes.d -/boot/efi -/boot -/efi
 SystemCallFilter=~@mount
+@dynamic_options@

data/meson.build

@@ -30,25 +30,44 @@ if get_option('daemon')
   )
 endif
 
-con2 = configuration_data()
-con2.set('libexecdir', libexecdir)
-con2.set('bindir', bindir)
-con2.set('localstatedir', localstatedir)
-con2.set('datadir', datadir)
-con2.set('sysconfdir', default_sysconfdir)
-
-# replace @libexecdir@
-configure_file(
-  input : 'org.freedesktop.fwupd.service.in',
-  output : 'org.freedesktop.fwupd.service',
-  configuration : con2,
-  install: true,
-  install_dir: join_paths(datadir,
-                          'dbus-1',
-                          'system-services'),
-)
-
 if get_option('systemd')
+  con2 = configuration_data()
+  con2.set('libexecdir', libexecdir)
+  con2.set('bindir', bindir)
+  con2.set('datadir', datadir)
+
+  rw_directories = []
+  rw_directories += join_paths (localstatedir, 'lib', 'fwupd')
+  rw_directories += join_paths (default_sysconfdir, 'fwupd', 'remotes.d')
+  if get_option('plugin_uefi')
+    rw_directories += ['-/boot/efi', '-/boot', '-/efi']
+  endif
+
+  dynamic_options = []
+  if systemd.version().version_compare('>= 232')
+    dynamic_options += 'ProtectControlGroups=yes'
+    dynamic_options += 'ProtectKernelModules=yes'
+  endif
+  if systemd.version().version_compare('>= 231')
+    dynamic_options += 'RestrictRealtime=yes'
+    dynamic_options += 'MemoryDenyWriteExecute=yes'
+    dynamic_options += ['ReadWritePaths=' + ' '.join(rw_directories)]
+  else
+    dynamic_options += ['ReadWriteDirectories=' + ' '.join(rw_directories)]
+  endif
+  con2.set('dynamic_options', '\n'.join(dynamic_options))
+
+  # replace @libexecdir@
+  configure_file(
+    input : 'org.freedesktop.fwupd.service.in',
+    output : 'org.freedesktop.fwupd.service',
+    configuration : con2,
+    install: true,
+    install_dir: join_paths(datadir,
+                            'dbus-1',
+                            'system-services'),
+  )
+
   # replace @bindir@
   configure_file(
     input : 'fwupd-offline-update.service.in',
@@ -57,10 +76,8 @@ if get_option('systemd')
     install: true,
     install_dir: systemdunitdir,
   )
-endif
 
-if get_option('systemd')
+  # replace @dynamic_options@
-  # replace @localstatedir@, @sysconfdir@
   configure_file(
     input : 'fwupd.service.in',
     output : 'fwupd.service',

meson.build

@@ -266,7 +266,7 @@ if get_option('plugin_thunderbolt')
 endif
 
 if get_option('systemd')
-  systemd = dependency('systemd', version : '>= 231')
+  systemd = dependency('systemd', version : '>= 211')
   conf.set('HAVE_SYSTEMD' , '1')
 endif