Sync contrib service with static systemd args

And add comments in both places so we remember to keep them in sync. Signed-off-by: Colin Walters <walters@verbum.org>
coreos · Jan 9, 2025 · c9b7964 · c9b7964
1 parent 9c56839
commit c9b7964
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 8 deletions.
diff --git a/contrib/packaging/bootloader-update.service b/contrib/packaging/bootloader-update.service
@@ -6,6 +6,10 @@ Documentation=https://github.com/coreos/bootupd
 Type=oneshot
 ExecStart=/usr/bin/bootupctl update
 RemainAfterExit=yes
+# Keep this stuff in sync with SYSTEMD_ARGS_BOOTUPD in general
+PrivateNetwork=yes
+ProtectHome=yes
+KillMode=mixed
 MountFlags=slave
 
 [Install]

diff --git a/src/cli/bootupctl.rs b/src/cli/bootupctl.rs
@@ -6,20 +6,17 @@ use log::LevelFilter;
 use std::os::unix::process::CommandExt;
 use std::process::{Command, Stdio};
 
-static SYSTEMD_ARGS_BOOTUPD: &[&str] = &[
-    "--unit",
-    "bootupd",
-    "--property",
+static SYSTEMD_ARGS_BOOTUPD: &[&str] = &["--unit", "bootupd", "--pipe"];
+
+/// Keep these properties (isolation/runtime state) in sync with
+/// the systemd units in contrib/packaging/*.service
+static SYSTEMD_PROPERTIES: &[&str] = &[
     "PrivateNetwork=yes",
-    "--property",
     "ProtectHome=yes",
     // While only our main process during update catches SIGTERM, we don't
     // want systemd to send it to other processes.
-    "--property",
     "KillMode=mixed",
-    "--property",
     "MountFlags=slave",
-    "--pipe",
 ];
 
 /// `bootupctl` sub-commands.
@@ -171,6 +168,11 @@ fn ensure_running_in_systemd() -> Result<()> {
             .wait()?;
         let r = Command::new("systemd-run")
             .args(SYSTEMD_ARGS_BOOTUPD)
+            .args(
+                SYSTEMD_PROPERTIES
+                    .into_iter()
+                    .flat_map(|&v| ["--property", v]),
+            )
             .args(std::env::args())
             .exec();
         // If we got here, it's always an error