meson: use jinja2 for unit templates

We don't need two (and half) templating systems anymore, yay! I'm keeping the changes minimal, to make the diff manageable. Some enhancements due to a better templating system might be possible in the future. For handling of '## ' — see the next commit.
2025-01-03 01:17:45 +03:00 · 2021-05-16 11:55:36 +02:00 · 2021-05-16 11:55:36 +02:00 · 059cc610b7
commit 059cc610b7
parent 6b1aac3ccf
65 changed files with 133 additions and 160 deletions
--- a/meson.build
+++ b/meson.build
@ -242,6 +242,7 @@ conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH',               join_paths(rootlib
 conf.set_quoted('SYSTEMCTL_BINARY_PATH',                      join_paths(rootbindir, 'systemctl'))
 conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', join_paths(rootbindir, 'systemd-tty-ask-password-agent'))
 conf.set_quoted('SYSTEMD_STDIO_BRIDGE_BINARY_PATH',           join_paths(bindir, 'systemd-stdio-bridge'))
 conf.set_quoted('ROOTBINDIR',                                 rootbindir)
 conf.set_quoted('ROOTPREFIX',                                 rootprefixdir)
 conf.set_quoted('ROOTPREFIX_NOSLASH',                         rootprefixdir_noslash)
 conf.set_quoted('RANDOM_SEED_DIR',                            randomseeddir)
@ -842,6 +843,7 @@ substs.set('TTY_GID', tty_gid)
 # Ensure provided GID argument is numeric, otherwise fall back to default assignment
 users_gid = get_option('users-gid')
 conf.set('USERS_GID', users_gid < 0 ? '-' : users_gid)
 substs.set('USERS_GID', users_gid < 0 ? '-' : users_gid)
 conf.set10('ENABLE_ADM_GROUP', get_option('adm-group'))
@ -887,6 +889,7 @@ if localegen_path != ''
        writable = ' /usr/lib/locale'
 endif
 substs.set('SERVICE_LOCALEGEN_WRITABLE', writable)
 conf.set_quoted('SERVICE_LOCALEGEN_WRITABLE', writable)
 conf.set10('HAVE_LOCALEGEN', have)
 conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
@ -894,7 +897,9 @@ conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
 service_watchdog = get_option('service-watchdog')
 watchdog_value = service_watchdog == '' ? '' : 'WatchdogSec=' + service_watchdog
 substs.set('SERVICE_WATCHDOG', watchdog_value)
 conf.set_quoted('SERVICE_WATCHDOG', watchdog_value)
 conf.set_quoted('SUSHELL', get_option('debug-shell'))
 substs.set('SUSHELL', get_option('debug-shell'))
 substs.set('DEBUGTTY', get_option('debug-tty'))
 conf.set_quoted('DEBUGTTY', get_option('debug-tty'))
@ -3741,7 +3746,7 @@ status = [
        'debug shell:                       @0@ @ @1@'.format(get_option('debug-shell'),
                                                              get_option('debug-tty')),
        'TTY GID:                           @0@'.format(tty_gid),
-        'users GID:                         @0@'.format(substs.get('USERS_GID')),
+        'users GID:                         @0@'.format(conf.get('USERS_GID')),
        'system UIDs:                       <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_UID_MAX'),
                                                                        conf.get('SYSTEM_ALLOC_UID_MIN')),
        'system GIDs:                       <=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_GID_MAX'),
--- a/units/console-getty.service.in
+++ b/units/console-getty.service.in
@ -11,9 +11,9 @@
 Description=Console Getty
 Documentation=man:agetty(8) man:systemd-getty-generator(8)
 After=systemd-user-sessions.service plymouth-quit-wait.service
-m4_ifdef(`HAVE_SYSV_COMPAT',
+{% if HAVE_SYSV_COMPAT %}
 After=rc-local.service getty-pre.target
-)m4_dnl
+{% endif %}
 Before=getty.target
 # OCI containers may be run without a console
@ -30,9 +30,9 @@ UtmpIdentifier=cons
 TTYPath=/dev/console
 TTYReset=yes
 TTYVHangup=yes
-m4_ifdef(`ENABLE_LOGIND',,
+{% if not ENABLE_LOGIND %}
 KillMode=process
-)m4_dnl
+{% endif %}
 IgnoreSIGPIPE=no
 SendSIGHUP=yes
--- a/units/container-getty@.service.in
+++ b/units/container-getty@.service.in
@ -12,9 +12,9 @@ Description=Container Getty on /dev/pts/%I
 Documentation=man:agetty(8) man:systemd-getty-generator(8)
 Documentation=man:machinectl(1)
 After=systemd-user-sessions.service plymouth-quit-wait.service
-m4_ifdef(`HAVE_SYSV_COMPAT',
+{% if HAVE_SYSV_COMPAT %}
 After=rc-local.service getty-pre.target
-)m4_dnl
+{% endif %}
 Before=getty.target
 IgnoreOnIsolate=yes
 ConditionPathExists=/dev/pts/%I
@ -36,8 +36,8 @@ UtmpIdentifier=pts/%I
 TTYPath=/dev/pts/%I
 TTYReset=yes
 TTYVHangup=yes
-m4_ifdef(`ENABLE_LOGIND',,
+{% if not ENABLE_LOGIND %}
 KillMode=process
-)m4_dnl
+{% endif %}
 IgnoreSIGPIPE=no
 SendSIGHUP=yes
--- a/units/debug-shell.service.in
+++ b/units/debug-shell.service.in
@ -8,19 +8,19 @@
 #  (at your option) any later version.
 [Unit]
-Description=Early root shell on @DEBUGTTY@ FOR DEBUGGING ONLY
+Description=Early root shell on {{DEBUGTTY}} FOR DEBUGGING ONLY
 Documentation=man:systemd-debug-generator(8)
 DefaultDependencies=no
 IgnoreOnIsolate=yes
-ConditionPathExists=@DEBUGTTY@
+ConditionPathExists={{DEBUGTTY}}
 [Service]
 Environment=TERM=linux
-ExecStart=@SUSHELL@
+ExecStart={{SUSHELL}}
 Restart=always
 RestartSec=0
 StandardInput=tty
-TTYPath=@DEBUGTTY@
+TTYPath={{DEBUGTTY}}
 TTYReset=yes
 TTYVHangup=yes
 KillMode=process
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@ -19,8 +19,8 @@ Before=rescue.service
 [Service]
 Environment=HOME=/root
 WorkingDirectory=-/root
-ExecStartPre=-@rootbindir@/plymouth --wait quit
+ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit
-ExecStart=-@rootlibexecdir@/systemd-sulogin-shell emergency
+ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell emergency
 Type=idle
 StandardInput=tty-force
 StandardOutput=inherit
--- a/units/getty@.service.in
+++ b/units/getty@.service.in
@ -12,9 +12,9 @@ Description=Getty on %I
 Documentation=man:agetty(8) man:systemd-getty-generator(8)
 Documentation=http://0pointer.de/blog/projects/serial-console.html
 After=systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
-m4_ifdef(`HAVE_SYSV_COMPAT',
+{% if HAVE_SYSV_COMPAT %}
 After=rc-local.service
-)m4_dnl
+{% endif %}
 # If additional gettys are spawned during boot then we should make
 # sure that this is synchronized before getty.target, even though
@ -47,9 +47,9 @@ TTYPath=/dev/%I
 TTYReset=yes
 TTYVHangup=yes
 TTYVTDisallocate=yes
-m4_ifdef(`ENABLE_LOGIND',,
+{% if not ENABLE_LOGIND %}
 KillMode=process
-)m4_dnl
+{% endif %}
 IgnoreSIGPIPE=no
 SendSIGHUP=yes
--- a/units/kmod-static-nodes.service.in
+++ b/units/kmod-static-nodes.service.in
@ -17,4 +17,4 @@ ConditionFileNotEmpty=/lib/modules/%v/modules.devname
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@KMOD@ static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf
+ExecStart={{KMOD}} static-nodes --format=tmpfiles --output=/run/tmpfiles.d/static-nodes.conf
--- a/units/meson.build
+++ b/units/meson.build
@ -165,13 +165,18 @@ units = [
 ]
 in_units = [
        ['console-getty.service',                ''],
        ['container-getty@.service',             ''],
        ['debug-shell.service',                  ''],
        ['emergency.service',                    ''],
        ['getty@.service',                       '',
         'autovt@.service'],
        ['kmod-static-nodes.service',            'HAVE_KMOD ENABLE_TMPFILES',
         'sysinit.target.wants/'],
        ['quotaon.service',                      'ENABLE_QUOTACHECK'],
        ['rc-local.service',                     'HAVE_SYSV_COMPAT'],
        ['rescue.service',                       ''],
        ['serial-getty@.service',                ''],
        ['systemd-backlight@.service',           'ENABLE_BACKLIGHT'],
        ['systemd-binfmt.service',               'ENABLE_BINFMT',
         'sysinit.target.wants/'],
@ -247,14 +252,6 @@ in_units = [
        ['user@.service',                        ''],
 ]
 m4_units = [
        ['console-getty.service',              ''],
        ['container-getty@.service',           ''],
        ['getty@.service',                     '',
         'autovt@.service '],
        ['serial-getty@.service',              ''],
 ]
 add_wants = []
 foreach tuple : in_units
@ -265,15 +262,11 @@ foreach tuple : in_units
        install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and
                   (conds.get(1, '') == '' or conf.get(conds[1]) == 1))
-        gen1 = configure_file(
+        custom_target(
                input : file + '.in',
                output : file + '.tmp',
                configuration : substs)
        gen2 = custom_target(
                file,
-                input : gen1,
+                input : file + '.in',
                output : file,
-                command : [sed, '/^## /d', '@INPUT@'],
+                command : [meson_render_jinja2, config_h, '@INPUT@'],
                capture : true,
                install : install,
                install_dir : systemunitdir)
@ -285,31 +278,6 @@ foreach tuple : in_units
        endif
 endforeach
 foreach tuple : m4_units
        file = tuple[0]
        input = tuple.get(3, file + '.m4')
        # we do this here because install_data does not accept custom_target output
        conds = tuple[1].split(' ')
        install = ((conds.get(0, '') == '' or conf.get(conds[0]) == 1) and
                   (conds.get(1, '') == '' or conf.get(conds[1]) == 1))
        custom_target(
                file,
                input : input,
                output: file,
                command : [meson_apply_m4, config_h, '@INPUT@'],
                capture : true,
                install : install,
                install_dir : systemunitdir)
        if tuple.length() > 2 and install
                foreach target : tuple[2].split()
                        add_wants += [systemunitdir, target, file]
                endforeach
        endif
 endforeach
 foreach tuple : units
        file = tuple[0]
        input = tuple.get(3, file)
--- a/units/quotaon.service.in
+++ b/units/quotaon.service.in
@ -13,9 +13,9 @@ Documentation=man:quotaon(8)
 DefaultDependencies=no
 After=systemd-quotacheck.service
 Before=remote-fs.target shutdown.target
-ConditionPathExists=@QUOTAON@
+ConditionPathExists={{QUOTAON}}
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@QUOTAON@ -aug
+ExecStart={{QUOTAON}} -aug
--- a/units/rc-local.service.in
+++ b/units/rc-local.service.in
@ -8,16 +8,16 @@
 #  (at your option) any later version.
 # This unit gets pulled automatically into multi-user.target by
-# systemd-rc-local-generator if @RC_LOCAL_PATH@ is executable.
+# systemd-rc-local-generator if {{RC_LOCAL_PATH}} is executable.
 [Unit]
-Description=@RC_LOCAL_PATH@ Compatibility
+Description={{RC_LOCAL_PATH}} Compatibility
 Documentation=man:systemd-rc-local-generator(8)
-ConditionFileIsExecutable=@RC_LOCAL_PATH@
+ConditionFileIsExecutable={{RC_LOCAL_PATH}}
 After=network.target
 [Service]
 Type=forking
-ExecStart=@RC_LOCAL_PATH@ start
+ExecStart={{RC_LOCAL_PATH}} start
 TimeoutSec=0
 RemainAfterExit=yes
 GuessMainPID=no
--- a/units/rescue.service.in
+++ b/units/rescue.service.in
@ -18,8 +18,8 @@ Before=shutdown.target
 [Service]
 Environment=HOME=/root
 WorkingDirectory=-/root
-ExecStartPre=-@rootbindir@/plymouth --wait quit
+ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit
-ExecStart=-@rootlibexecdir@/systemd-sulogin-shell rescue
+ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell rescue
 Type=idle
 StandardInput=tty-force
 StandardOutput=inherit
--- a/units/serial-getty@.service.in
+++ b/units/serial-getty@.service.in
@ -13,9 +13,9 @@ Documentation=man:agetty(8) man:systemd-getty-generator(8)
 Documentation=http://0pointer.de/blog/projects/serial-console.html
 BindsTo=dev-%i.device
 After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
-m4_ifdef(`HAVE_SYSV_COMPAT',
+{% if HAVE_SYSV_COMPAT %}
 After=rc-local.service
-)m4_dnl
+{% endif %}
 # If additional gettys are spawned during boot then we should make
 # sure that this is synchronized before getty.target, even though
@ -40,9 +40,9 @@ UtmpIdentifier=%I
 TTYPath=/dev/%I
 TTYReset=yes
 TTYVHangup=yes
-m4_ifdef(`ENABLE_LOGIND',,
+{% if not ENABLE_LOGIND %}
 KillMode=process
-)m4_dnl
+{% endif %}
 IgnoreSIGPIPE=no
 SendSIGHUP=yes
--- a/units/systemd-backlight@.service.in
+++ b/units/systemd-backlight@.service.in
@ -17,7 +17,7 @@ Before=sysinit.target shutdown.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-backlight load %i
+ExecStart={{ROOTLIBEXECDIR}}/systemd-backlight load %i
-ExecStop=@rootlibexecdir@/systemd-backlight save %i
+ExecStop={{ROOTLIBEXECDIR}}/systemd-backlight save %i
 TimeoutSec=90s
 StateDirectory=systemd/backlight
--- a/units/systemd-binfmt.service.in
+++ b/units/systemd-binfmt.service.in
@ -27,6 +27,6 @@ ConditionDirectoryNotEmpty=|/run/binfmt.d
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-binfmt
+ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt
-ExecStop=@rootlibexecdir@/systemd-binfmt --unregister
+ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister
 TimeoutSec=90s
--- a/units/systemd-bless-boot.service.in
+++ b/units/systemd-bless-boot.service.in
@ -19,4 +19,4 @@ Before=shutdown.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-bless-boot good
+ExecStart={{ROOTLIBEXECDIR}}/systemd-bless-boot good
--- a/units/systemd-boot-check-no-failures.service.in
+++ b/units/systemd-boot-check-no-failures.service.in
@ -18,7 +18,7 @@ Before=shutdown.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-boot-check-no-failures
+ExecStart={{ROOTLIBEXECDIR}}/systemd-boot-check-no-failures
 [Install]
 RequiredBy=boot-complete.target
--- a/units/systemd-coredump@.service.in
+++ b/units/systemd-coredump@.service.in
@ -17,7 +17,7 @@ Requires=systemd-journald.socket
 Before=shutdown.target
 [Service]
-ExecStart=-@rootlibexecdir@/systemd-coredump
+ExecStart=-{{ROOTLIBEXECDIR}}/systemd-coredump
 IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
--- a/units/systemd-fsck-root.service.in
+++ b/units/systemd-fsck-root.service.in
@ -18,5 +18,5 @@ ConditionPathIsReadWrite=!/
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-fsck
+ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck
 TimeoutSec=0
--- a/units/systemd-fsck@.service.in
+++ b/units/systemd-fsck@.service.in
@ -19,5 +19,5 @@ Before=systemd-quotacheck.service shutdown.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-fsck %f
+ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck %f
 TimeoutSec=0
--- a/units/systemd-hibernate-resume@.service.in
+++ b/units/systemd-hibernate-resume@.service.in
@ -19,4 +19,4 @@ AssertPathExists=/etc/initrd-release
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-hibernate-resume %f
+ExecStart={{ROOTLIBEXECDIR}}/systemd-hibernate-resume %f
--- a/units/systemd-hibernate.service.in
+++ b/units/systemd-hibernate.service.in
@ -16,4 +16,4 @@ After=sleep.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-sleep hibernate
+ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hibernate
--- a/units/systemd-homed.service.in
+++ b/units/systemd-homed.service.in
@ -20,10 +20,10 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FS
 DeviceAllow=/dev/loop-control rw
 DeviceAllow=/dev/mapper/control rw
 DeviceAllow=block-* rw
-ExecStart=@rootlibexecdir@/systemd-homed
+ExecStart={{ROOTLIBEXECDIR}}/systemd-homed
 IPAddressDeny=any
 KillMode=mixed
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
@ -34,7 +34,7 @@ StateDirectory=systemd/home
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service @mount
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 [Install]
 WantedBy=multi-user.target
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.resolve1(5)
 [Service]
 BusName=org.freedesktop.hostname1
 CapabilityBoundingSet=CAP_SYS_ADMIN
-ExecStart=@rootlibexecdir@/systemd-hostnamed
+ExecStart={{ROOTLIBEXECDIR}}/systemd-hostnamed
 IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
@ -40,4 +40,4 @@ RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service sethostname
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
--- a/units/systemd-hwdb-update.service.in
+++ b/units/systemd-hwdb-update.service.in
@ -15,7 +15,7 @@ Conflicts=shutdown.target
 After=systemd-remount-fs.service
 Before=sysinit.target shutdown.target systemd-update-done.service
 ConditionNeedsUpdate=/etc
-ConditionPathExists=|!@udevlibexecdir@/hwdb.bin
+ConditionPathExists=|!{{UDEVLIBEXECDIR}}/hwdb.bin
 ConditionPathExists=|/etc/udev/hwdb.bin
 ConditionDirectoryNotEmpty=|/etc/udev/hwdb.d/
--- a/units/systemd-hybrid-sleep.service.in
+++ b/units/systemd-hybrid-sleep.service.in
@ -16,4 +16,4 @@ After=sleep.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-sleep hybrid-sleep
+ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hybrid-sleep
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@ -13,7 +13,7 @@ Documentation=man:systemd-importd.service(8)
 Documentation=man:org.freedesktop.import1(5)
 [Service]
-ExecStart=@rootlibexecdir@/systemd-importd
+ExecStart={{ROOTLIBEXECDIR}}/systemd-importd
 BusName=org.freedesktop.import1
 KillMode=mixed
 CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
@ -27,4 +27,4 @@ SystemCallFilter=@system-service @mount
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native
 LockPersonality=yes
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
--- a/units/systemd-initctl.service.in
+++ b/units/systemd-initctl.service.in
@ -13,7 +13,7 @@ Documentation=man:systemd-initctl.service(8)
 DefaultDependencies=no
 [Service]
-ExecStart=@rootlibexecdir@/systemd-initctl
+ExecStart={{ROOTLIBEXECDIR}}/systemd-initctl
 NoNewPrivileges=yes
 NotifyAccess=all
 SystemCallArchitectures=native
--- a/units/systemd-journal-gatewayd.service.in
+++ b/units/systemd-journal-gatewayd.service.in
@ -14,7 +14,7 @@ Requires=systemd-journal-gatewayd.socket
 [Service]
 DynamicUser=yes
-ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
+ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-gatewayd
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 PrivateDevices=yes
@ -35,7 +35,7 @@ User=systemd-journal-gateway
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
 [Install]
 Also=systemd-journal-gatewayd.socket
--- a/units/systemd-journal-remote.service.in
+++ b/units/systemd-journal-remote.service.in
@ -13,7 +13,7 @@ Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
 Requires=systemd-journal-remote.socket
 [Service]
-ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/
+ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/
 LockPersonality=yes
 LogsDirectory=journal/remote
 MemoryDenyWriteExecute=yes
@ -36,11 +36,11 @@ RestrictRealtime=yes
 RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 User=systemd-journal-remote
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
 [Install]
 Also=systemd-journal-remote.socket
--- a/units/systemd-journal-upload.service.in
+++ b/units/systemd-journal-upload.service.in
@ -15,7 +15,7 @@ After=network-online.target
 [Service]
 DynamicUser=yes
-ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state
+ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-upload --save-state
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 PrivateDevices=yes
@ -33,11 +33,11 @@ StateDirectory=systemd/journal-upload
 SupplementaryGroups=systemd-journal
 SystemCallArchitectures=native
 User=systemd-journal-upload
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
 [Install]
 WantedBy=multi-user.target
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@ -17,7 +17,7 @@ Before=sysinit.target
 [Service]
 DeviceAllow=char-* rw
-ExecStart=@rootlibexecdir@/systemd-journald
+ExecStart={{ROOTLIBEXECDIR}}/systemd-journald
 FileDescriptorStoreMax=4224
 IPAddressDeny=any
 LockPersonality=yes
@ -39,7 +39,7 @@ SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # In case you're wondering why CAP_SYS_PTRACE is needed, access to
 # /proc/<pid>/exe requires this capability. Thus if this capability is missing
@ -48,4 +48,4 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
--- a/units/systemd-journald@.service.in
+++ b/units/systemd-journald@.service.in
@ -16,7 +16,7 @@ After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket
 [Service]
 CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
 DevicePolicy=closed
-ExecStart=@rootlibexecdir@/systemd-journald %i
+ExecStart={{ROOTLIBEXECDIR}}/systemd-journald %i
 FileDescriptorStoreMax=4224
 Group=systemd-journal
 IPAddressDeny=any
@ -37,8 +37,8 @@ SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # If there are many split up journal files we need a lot of fds to access them
 # all in parallel.
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.locale1(5)
 [Service]
 BusName=org.freedesktop.locale1
 CapabilityBoundingSet=
-ExecStart=@rootlibexecdir@/systemd-localed
+ExecStart={{ROOTLIBEXECDIR}}/systemd-localed
 IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
@ -33,7 +33,7 @@ ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
-ReadWritePaths=/etc@SERVICE_LOCALEGEN_WRITABLE@
+ReadWritePaths=/etc{{SERVICE_LOCALEGEN_WRITABLE}}
 RestrictAddressFamilies=AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes
@ -41,4 +41,4 @@ RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@ -30,7 +30,7 @@ DeviceAllow=char-drm rw
 DeviceAllow=char-input rw
 DeviceAllow=char-tty rw
 DeviceAllow=char-vcs rw
-ExecStart=@rootlibexecdir@/systemd-logind
+ExecStart={{ROOTLIBEXECDIR}}/systemd-logind
 FileDescriptorStoreMax=512
 IPAddressDeny=any
 LockPersonality=yes
@ -58,8 +58,8 @@ StateDirectory=systemd/linger
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # Increase the default a bit in order to allow many simultaneous logins since
 # we keep one fd open per session.
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@ -19,7 +19,7 @@ RequiresMountsFor=/var/lib/machines
 [Service]
 BusName=org.freedesktop.machine1
 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
-ExecStart=@rootlibexecdir@/systemd-machined
+ExecStart={{ROOTLIBEXECDIR}}/systemd-machined
 IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
@ -30,7 +30,7 @@ RestrictRealtime=yes
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service @mount
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # Note that machined cannot be placed in a mount namespace, since it
 # needs access to the host's mount namespace in order to implement the
--- a/units/systemd-modules-load.service.in
+++ b/units/systemd-modules-load.service.in
@ -25,5 +25,5 @@ ConditionKernelCommandLine=|rd.modules-load
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-modules-load
+ExecStart={{ROOTLIBEXECDIR}}/systemd-modules-load
 TimeoutSec=90s
--- a/units/systemd-network-generator.service.in
+++ b/units/systemd-network-generator.service.in
@ -17,7 +17,7 @@ Wants=network-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-network-generator
+ExecStart={{ROOTLIBEXECDIR}}/systemd-network-generator
 [Install]
 WantedBy=sysinit.target
--- a/units/systemd-networkd-wait-online.service.in
+++ b/units/systemd-networkd-wait-online.service.in
@ -18,7 +18,7 @@ Before=network-online.target shutdown.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-networkd-wait-online
+ExecStart={{ROOTLIBEXECDIR}}/systemd-networkd-wait-online
 RemainAfterExit=yes
 [Install]
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@ -23,7 +23,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET
 BusName=org.freedesktop.network1
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
 DeviceAllow=char-* rw
-ExecStart=!!@rootlibexecdir@/systemd-networkd
+ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-networkd
 ExecReload=networkctl reload
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
@ -49,7 +49,7 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
 User=systemd-network
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 [Install]
 WantedBy=multi-user.target
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@ -26,7 +26,7 @@ SuccessExitStatus=133
 Slice=machine.slice
 Delegate=yes
 TasksMax=16384
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 # Enforce a strict device policy, similar to the one nspawn configures when it
 # allocates its own scope unit. Make sure to keep these policies in sync if you
--- a/units/systemd-oomd.service.in
+++ b/units/systemd-oomd.service.in
@ -22,7 +22,7 @@ ConditionPathExists=/proc/pressure/memory
 AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE
 BusName=org.freedesktop.oom1
 CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE
-ExecStart=@rootlibexecdir@/systemd-oomd
+ExecStart={{ROOTLIBEXECDIR}}/systemd-oomd
 IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
@ -51,7 +51,7 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
 User=systemd-oom
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 [Install]
 WantedBy=multi-user.target
--- a/units/systemd-portabled.service.in
+++ b/units/systemd-portabled.service.in
@ -13,7 +13,7 @@ Documentation=man:systemd-portabled.service(8)
 RequiresMountsFor=/var/lib/portables
 [Service]
-ExecStart=@rootlibexecdir@/systemd-portabled
+ExecStart={{ROOTLIBEXECDIR}}/systemd-portabled
 BusName=org.freedesktop.portable1
 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
 MemoryDenyWriteExecute=yes
@ -26,4 +26,4 @@ SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
--- a/units/systemd-pstore.service.in
+++ b/units/systemd-pstore.service.in
@ -18,7 +18,7 @@ Before=sysinit.target shutdown.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-pstore
+ExecStart={{ROOTLIBEXECDIR}}/systemd-pstore
 RemainAfterExit=yes
 StateDirectory=systemd/pstore
--- a/units/systemd-quotacheck.service.in
+++ b/units/systemd-quotacheck.service.in
@ -13,10 +13,10 @@ Documentation=man:systemd-quotacheck.service(8)
 DefaultDependencies=no
 After=systemd-remount-fs.service
 Before=remote-fs.target shutdown.target
-ConditionPathExists=@QUOTACHECK@
+ConditionPathExists={{QUOTACHECK}}
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-quotacheck
+ExecStart={{ROOTLIBEXECDIR}}/systemd-quotacheck
 TimeoutSec=0
--- a/units/systemd-random-seed.service.in
+++ b/units/systemd-random-seed.service.in
@ -11,7 +11,7 @@
 Description=Load/Save Random Seed
 Documentation=man:systemd-random-seed.service(8) man:random(4)
 DefaultDependencies=no
-RequiresMountsFor=@RANDOM_SEED@
+RequiresMountsFor={{RANDOM_SEED}}
 Conflicts=shutdown.target
 After=systemd-remount-fs.service
 Before=first-boot-complete.target shutdown.target
@ -21,8 +21,8 @@ ConditionVirtualization=!container
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-random-seed load
+ExecStart={{ROOTLIBEXECDIR}}/systemd-random-seed load
-ExecStop=@rootlibexecdir@/systemd-random-seed save
+ExecStop={{ROOTLIBEXECDIR}}/systemd-random-seed save
 # This service waits until the kernel's entropy pool is initialized, and may be
 # used as ordering barrier for service that require an initialized entropy
--- a/units/systemd-remount-fs.service.in
+++ b/units/systemd-remount-fs.service.in
@ -20,4 +20,4 @@ Wants=local-fs-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-remount-fs
+ExecStart={{ROOTLIBEXECDIR}}/systemd-remount-fs
--- a/units/systemd-repart.service.in
+++ b/units/systemd-repart.service.in
@ -28,7 +28,7 @@ ConditionDirectoryNotEmpty=|/sysusr/usr/local/lib/repart.d
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootbindir@/systemd-repart --dry-run=no
+ExecStart={{ROOTBINDIR}}/systemd-repart --dry-run=no
 # The tool returns 77 if there's no existing GPT partition table
 SuccessExitStatus=77
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@ -24,7 +24,7 @@ Wants=nss-lookup.target
 AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
 BusName=org.freedesktop.resolve1
 CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
-ExecStart=!!@rootlibexecdir@/systemd-resolved
+ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-resolved
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
@ -51,7 +51,7 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
 User=systemd-resolve
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 [Install]
 WantedBy=multi-user.target
--- a/units/systemd-rfkill.service.in
+++ b/units/systemd-rfkill.service.in
@ -17,7 +17,7 @@ After=sys-devices-virtual-misc-rfkill.device
 Before=shutdown.target
 [Service]
-ExecStart=@rootlibexecdir@/systemd-rfkill
+ExecStart={{ROOTLIBEXECDIR}}/systemd-rfkill
 NoNewPrivileges=yes
 StateDirectory=systemd/rfkill
 TimeoutSec=30s
--- a/units/systemd-suspend-then-hibernate.service.in
+++ b/units/systemd-suspend-then-hibernate.service.in
@ -16,4 +16,4 @@ After=sleep.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-sleep suspend-then-hibernate
+ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep suspend-then-hibernate
--- a/units/systemd-suspend.service.in
+++ b/units/systemd-suspend.service.in
@ -16,4 +16,4 @@ After=sleep.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-sleep suspend
+ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep suspend
--- a/units/systemd-sysctl.service.in
+++ b/units/systemd-sysctl.service.in
@ -19,5 +19,5 @@ ConditionPathIsReadWrite=/proc/sys/net/
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-sysctl
+ExecStart={{ROOTLIBEXECDIR}}/systemd-sysctl
 TimeoutSec=90s
--- a/units/systemd-time-wait-sync.service.in
+++ b/units/systemd-time-wait-sync.service.in
@ -28,7 +28,7 @@ Conflicts=shutdown.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-time-wait-sync
+ExecStart={{ROOTLIBEXECDIR}}/systemd-time-wait-sync
 TimeoutStartSec=infinity
 RemainAfterExit=yes
--- a/units/systemd-timedated.service.in
+++ b/units/systemd-timedated.service.in
@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.timedate1(5)
 BusName=org.freedesktop.timedate1
 CapabilityBoundingSet=CAP_SYS_TIME
 DeviceAllow=char-rtc r
-ExecStart=@rootlibexecdir@/systemd-timedated
+ExecStart={{ROOTLIBEXECDIR}}/systemd-timedated
 IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
@ -39,4 +39,4 @@ RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service @clock
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@ -26,7 +26,7 @@ CapabilityBoundingSet=CAP_SYS_TIME
 # correct time to work, but we likely won't acquire that without NTP. Let's
 # break this chicken-and-egg cycle here.
 Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0
-ExecStart=!!@rootlibexecdir@/systemd-timesyncd
+ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-timesyncd
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
@ -53,7 +53,7 @@ SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service @clock
 Type=notify
 User=systemd-timesync
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 [Install]
 WantedBy=sysinit.target
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@ -24,7 +24,7 @@ OOMScoreAdjust=-1000
 Sockets=systemd-udevd-control.socket systemd-udevd-kernel.socket
 Restart=always
 RestartSec=0
-ExecStart=@rootlibexecdir@/systemd-udevd
+ExecStart={{ROOTLIBEXECDIR}}/systemd-udevd
 ExecReload=udevadm control --reload --timeout 0
 KillMode=mixed
 TasksMax=infinity
@ -40,4 +40,4 @@ SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
--- a/units/systemd-update-done.service.in
+++ b/units/systemd-update-done.service.in
@ -20,4 +20,4 @@ ConditionNeedsUpdate=|/var
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-update-done
+ExecStart={{ROOTLIBEXECDIR}}/systemd-update-done
--- a/units/systemd-update-utmp-runlevel.service.in
+++ b/units/systemd-update-utmp-runlevel.service.in
@ -20,4 +20,4 @@ Before=shutdown.target
 [Service]
 Type=oneshot
-ExecStart=@rootlibexecdir@/systemd-update-utmp runlevel
+ExecStart={{ROOTLIBEXECDIR}}/systemd-update-utmp runlevel
--- a/units/systemd-update-utmp.service.in
+++ b/units/systemd-update-utmp.service.in
@ -19,5 +19,5 @@ Before=sysinit.target shutdown.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-update-utmp reboot
+ExecStart={{ROOTLIBEXECDIR}}/systemd-update-utmp reboot
-ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown
+ExecStop={{ROOTLIBEXECDIR}}/systemd-update-utmp shutdown
--- a/units/systemd-user-sessions.service.in
+++ b/units/systemd-user-sessions.service.in
@ -15,5 +15,5 @@ After=remote-fs.target nss-user-lookup.target network.target home.mount
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-user-sessions start
+ExecStart={{ROOTLIBEXECDIR}}/systemd-user-sessions start
-ExecStop=@rootlibexecdir@/systemd-user-sessions stop
+ExecStop={{ROOTLIBEXECDIR}}/systemd-user-sessions stop
--- a/units/systemd-userdbd.service.in
+++ b/units/systemd-userdbd.service.in
@ -17,9 +17,9 @@ DefaultDependencies=no
 [Service]
 CapabilityBoundingSet=CAP_DAC_READ_SEARCH
-ExecStart=@rootlibexecdir@/systemd-userdbd
+ExecStart={{ROOTLIBEXECDIR}}/systemd-userdbd
 IPAddressDeny=any
-LimitNOFILE=@HIGH_RLIMIT_NOFILE@
+LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
@ -39,7 +39,7 @@ SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service
 Type=notify
-@SERVICE_WATCHDOG@
+{{SERVICE_WATCHDOG}}
 [Install]
 Also=systemd-userdbd.socket
--- a/units/systemd-vconsole-setup.service.in
+++ b/units/systemd-vconsole-setup.service.in
@ -17,4 +17,4 @@ ConditionPathExists=/dev/tty0
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-vconsole-setup
+ExecStart={{ROOTLIBEXECDIR}}/systemd-vconsole-setup
--- a/units/systemd-volatile-root.service.in
+++ b/units/systemd-volatile-root.service.in
@ -19,4 +19,4 @@ AssertPathExists=/etc/initrd-release
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=@rootlibexecdir@/systemd-volatile-root yes /sysroot
+ExecStart={{ROOTLIBEXECDIR}}/systemd-volatile-root yes /sysroot
--- a/units/user-runtime-dir@.service.in
+++ b/units/user-runtime-dir@.service.in
@ -15,8 +15,8 @@ StopWhenUnneeded=yes
 IgnoreOnIsolate=yes
 [Service]
-ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i
+ExecStart={{ROOTLIBEXECDIR}}/systemd-user-runtime-dir start %i
-ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i
+ExecStop={{ROOTLIBEXECDIR}}/systemd-user-runtime-dir stop %i
 Type=oneshot
 RemainAfterExit=yes
 Slice=user-%i.slice
--- a/units/user@.service.in
+++ b/units/user@.service.in
@ -18,7 +18,7 @@ IgnoreOnIsolate=yes
 User=%i
 PAMName=systemd-user
 Type=notify
-ExecStart=@rootlibexecdir@/systemd --user
+ExecStart={{ROOTLIBEXECDIR}}/systemd --user
 Slice=user-%i.slice
 KillMode=mixed
 Delegate=pids memory