From 246ba5fed9f67047179f11a85c5fa4c869b62840 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 9 Jul 2018 17:09:41 -0500 Subject: [PATCH] Allow running on an older systemd Build the path list dynamically based on enabled plugins and use options that are compatible with older systemd when appropriate --- data/fwupd.service.in | 6 +---- data/meson.build | 61 ++++++++++++++++++++++++++++--------------- meson.build | 2 +- 3 files changed, 42 insertions(+), 27 deletions(-) diff --git a/data/fwupd.service.in b/data/fwupd.service.in index 7785439f..996ff4cf 100644 --- a/data/fwupd.service.in +++ b/data/fwupd.service.in @@ -8,13 +8,9 @@ Before=gdm.service Type=dbus BusName=org.freedesktop.fwupd ExecStart=@libexecdir@/fwupd/fwupd -MemoryDenyWriteExecute=yes PrivateTmp=yes -ProtectControlGroups=yes ProtectHome=yes -ProtectKernelModules=yes ProtectSystem=full RestrictAddressFamilies=AF_NETLINK AF_UNIX -RestrictRealtime=yes -ReadWritePaths=@localstatedir@/lib/fwupd @sysconfdir@/fwupd/remotes.d -@bootdir@ SystemCallFilter=~@mount +@dynamic_options@ diff --git a/data/meson.build b/data/meson.build index 7adc0c05..c40b132b 100644 --- a/data/meson.build +++ b/data/meson.build @@ -30,26 +30,47 @@ if get_option('daemon') ) endif -con2 = configuration_data() -con2.set('libexecdir', libexecdir) -con2.set('bindir', bindir) -con2.set('localstatedir', localstatedir) -con2.set('datadir', datadir) -con2.set('bootdir', get_option('bootdir')) -con2.set('sysconfdir', default_sysconfdir) +if get_option('systemd') + con2 = configuration_data() + con2.set('libexecdir', libexecdir) + con2.set('bindir', bindir) + con2.set('localstatedir', localstatedir) + con2.set('datadir', datadir) + con2.set('bootdir', get_option('bootdir')) + con2.set('sysconfdir', default_sysconfdir) -# replace @libexecdir@ -configure_file( - input : 'org.freedesktop.fwupd.service.in', - output : 'org.freedesktop.fwupd.service', - configuration : con2, - install: true, - install_dir: join_paths(datadir, - 'dbus-1', - 'system-services'), -) + rw_directories = [] + rw_directories += join_paths (localstatedir, 'lib', 'fwupd') + rw_directories += join_paths (default_sysconfdir, 'fwupd', 'remotes.d') + rw_directories += ['-/boot/efi', '-/boot', '-/efi'] + + + + dynamic_options = [] + if systemd.version().version_compare('>= 232') + dynamic_options += 'ProtectControlGroups=yes' + dynamic_options += 'ProtectKernelModules=yes' + endif + if systemd.version().version_compare('>= 231') + dynamic_options += 'RestrictRealtime=yes' + dynamic_options += 'MemoryDenyWriteExecute=yes' + dynamic_options += ['ReadWritePaths=' + ' '.join(rw_directories)] + else + dynamic_options += ['ReadWriteDirectories=' + ' '.join(rw_directories)] + endif + con2.set('dynamic_options', '\n'.join(dynamic_options)) + + # replace @libexecdir@ + configure_file( + input : 'org.freedesktop.fwupd.service.in', + output : 'org.freedesktop.fwupd.service', + configuration : con2, + install: true, + install_dir: join_paths(datadir, + 'dbus-1', + 'system-services'), + ) -if get_option('systemd') # replace @bindir@ configure_file( input : 'fwupd-offline-update.service.in', @@ -58,10 +79,8 @@ if get_option('systemd') install: true, install_dir: systemdunitdir, ) -endif -if get_option('systemd') - # replace @localstatedir@, @sysconfdir@ and @bootdir@ + # replace @dynamic_options@ configure_file( input : 'fwupd.service.in', output : 'fwupd.service', diff --git a/meson.build b/meson.build index 2f2710c2..fecdfca5 100644 --- a/meson.build +++ b/meson.build @@ -225,7 +225,7 @@ if get_option('plugin_thunderbolt') endif if get_option('systemd') - systemd = dependency('systemd', version : '>= 231') + systemd = dependency('systemd', version : '>= 211') conf.set('HAVE_SYSTEMD' , '1') endif -- 2.17.1