Merge remote-tracking branch 'origin/pr/239'

* origin/pr/239:
  xendriverdomain: remove placeholder for sbinpath
  Fix regex in qubes-fix-nm-conf.sh
  Update travis
  xendriverdomain: remove Requires and After proc-xen.mount
  Drop legacy xen entry in fstab

.travis.yml

@@ -1,16 +1,8 @@
-sudo: required
-dist: bionic
+import:
+  - source: QubesOS/qubes-continuous-integration:R4.1/travis-base-r4.1.yml
+  - source: QubesOS/qubes-continuous-integration:R4.1/travis-vms-r4.1.yml
 language: python
 python: '3.5'
-install: git clone https://github.com/QubesOS/qubes-builder ~/qubes-builder
-script: ~/qubes-builder/scripts/travis-build
-env:
- - DISTS_VM=fc29 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=fc30 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=stretch USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=buster USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
- - DISTS_VM=centos7 USE_QUBES_REPO_VERSION=4.1 USE_QUBES_REPO_TESTING=1
-
 jobs:
   include:
     - python: '3.6'  # needs to match bionic
@@ -29,9 +21,3 @@ jobs:
       python: '3.5'
       env: DIST_DOM0=fc31 TESTS_ONLY=
       script: ~/qubes-builder/scripts/travis-deploy
-
-
-branches:
-  except:
-    - /.*_.*/
-    - build

Makefile

@@ -106,11 +106,12 @@ SYSTEMD_NETWORK_SERVICES := vm-systemd/qubes-firewall.service vm-systemd/qubes-i
 SYSTEMD_CORE_SERVICES := $(filter-out $(SYSTEMD_NETWORK_SERVICES), $(SYSTEMD_ALL_SERVICES))
 
 install-systemd: install-init
-	install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system{,-preset} $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d
+	install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system{,-preset} $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d $(DESTDIR)/etc/systemd/system
 	install -m 0644 $(SYSTEMD_CORE_SERVICES) $(DESTDIR)$(SYSLIBDIR)/systemd/system/
 	install -m 0644 vm-systemd/qubes-*.timer $(DESTDIR)$(SYSLIBDIR)/systemd/system/
 	install -m 0644 vm-systemd/75-qubes-vm.preset $(DESTDIR)$(SYSLIBDIR)/systemd/system-preset/
 	install -m 0644 vm-systemd/qubes-core.conf $(DESTDIR)$(SYSLIBDIR)/modules-load.d/
+	install -m 0644 vm-systemd/xendriverdomain.service $(DESTDIR)/etc/systemd/system/
 
 install-sysvinit: install-init
 	install -d $(DESTDIR)/etc/init.d

debian/qubes-core-agent.install

@@ -57,6 +57,7 @@ etc/sudoers.d/umask
 etc/sysctl.d/20_tcp_timestamps.conf
 etc/sysctl.d/80-qubes.conf
 etc/systemd/system/haveged.service
+etc/systemd/system/xendriverdomain.service
 lib/modules-load.d/qubes-core.conf
 lib/systemd/system-preset/75-qubes-vm.preset
 lib/systemd/system/boot.automount.d/30_qubes.conf

filesystem/fstab

@@ -10,5 +10,4 @@ tmpfs                   /dev/shm                tmpfs   defaults,size=1G
 devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
 sysfs                   /sys                    sysfs   defaults        0 0
 proc                    /proc                   proc    defaults        0 0
-xen                     /proc/xen               xenfs   defaults        0 0
 /dev/xvdi	/mnt/removable	auto noauto,user,rw 0 0

network/qubes-fix-nm-conf.sh

@@ -17,6 +17,6 @@ if ! grep -q "^unmanaged-devices.*$VIFMAC" $FILE ; then
 	sed -i 's/^unmanaged-devices.*$/&,'$VIFMAC/ $FILE
 fi
 if ! grep -q "^dns=" $FILE ; then
-	sed -i '/\[main\] a dns=default' $FILE
+	sed -i '/\[main\]/a dns=default' $FILE
 fi
 exit 0

rpm_spec/core-agent.spec.in

@@ -863,6 +863,7 @@ The Qubes core startup configuration for SystemD init.
 
 %files systemd
 %defattr(-,root,root,-)
+/etc/systemd/system/xendriverdomain.service
 /lib/systemd/system/qubes-misc-post.service
 /lib/systemd/system/qubes-mount-dirs.service
 /lib/systemd/system/qubes-rootfs-resize.service

vm-systemd/75-qubes-vm.preset

@@ -108,3 +108,4 @@ enable qubes-sync-time.timer
 # Disable useless Xen services in Qubes VM
 disable xenstored.service
 disable xenconsoled.service
+disable proc-xen.mount

vm-systemd/qubes-sysinit.service

@@ -2,7 +2,7 @@
 Description=Init Qubes Services settings
 DefaultDependencies=no
 Before=sysinit.target
-After=proc-xen.mount systemd-modules-load.service qubes-db.service
+After=systemd-modules-load.service qubes-db.service
 
 [Service]
 Type=oneshot

vm-systemd/qubes-sysinit.sh

@@ -17,7 +17,7 @@ if systemd_version_changed ; then
 fi
 
 # Wait for xenbus initialization
-while [ ! -e /dev/xen/xenbus ] && [ -e /proc/xen/xenbus ]; do
+while [ ! -e /dev/xen/xenbus ]; do
   sleep 0.1
 done
 
@@ -27,15 +27,6 @@ chmod 0775 /var/run/qubes
 mkdir -p /var/run/qubes-service
 mkdir -p /var/run/xen-hotplug
 
-# Set permissions to /proc/xen/xenbus, so normal user can talk to xenstore, to
-# open vchan connection. Note that new code uses /dev/xen/xenbus (which have
-# permissions set by udev), so this probably can go away soon
-chmod 666 /proc/xen/xenbus
-
-# Set permissions to /proc/xen/privcmd, so a user in qubes group can access
-chmod 660 /proc/xen/privcmd
-chgrp qubes /proc/xen/privcmd
-
 # Set default services depending on VM type
 is_appvm && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM && touch /var/run/qubes/this-is-appvm
 is_netvm && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM && touch /var/run/qubes/this-is-netvm

vm-systemd/xendriverdomain.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Xen driver domain device daemon
+ConditionVirtualization=xen
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/xl devd
+
+[Install]
+WantedBy=multi-user.target