fix(packaging/windows): vendor SudoVDA driver (no upstream release) + real nefcon URL
android / android (push) Successful in 4m38s
apple / swift (push) Successful in 58s
windows-host / package (push) Failing after 3m2s
ci / rust (push) Successful in 4m39s
ci / web (push) Successful in 30s
deb / build-publish (push) Successful in 2m4s
decky / build-publish (push) Successful in 22s
ci / bench (push) Successful in 4m39s
ci / docs-site (push) Successful in 31s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 16s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 3m8s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m29s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m19s
docker / deploy-docs (push) Has been cancelled
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 6m52s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 6m58s
android / android (push) Successful in 4m38s
apple / swift (push) Successful in 58s
windows-host / package (push) Failing after 3m2s
ci / rust (push) Successful in 4m39s
ci / web (push) Successful in 30s
deb / build-publish (push) Successful in 2m4s
decky / build-publish (push) Successful in 22s
ci / bench (push) Successful in 4m39s
ci / docs-site (push) Successful in 31s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 16s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 3m8s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m29s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m19s
docker / deploy-docs (push) Has been cancelled
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 6m52s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 6m58s
The first CI run failed only on the SudoVDA download: SudoMaker/SudoVDA has no releases (source-only repo; Apollo embeds the driver in its installer), so there was nothing to fetch. Vendor the prebuilt SIGNED driver in-repo instead. - packaging/windows/sudovda/: SudoVDA.inf/.cat/.dll + sudovda.cer (derived from the .cat signer CN=sudovda@su.mk), pulled from the dev-box driver store. v1.10.9.289, Class=Display, HWID Root\SudoMaker\SudoVDA, MIT/CC0. - fetch-sudovda.ps1 -> stage-sudovda.ps1: stage the vendored driver + fetch nefcon from its real pinned release (v1.17.40, sha256 812bae7e…, x64/nefconc.exe). - pack-host-installer.ps1: call stage-sudovda.ps1; README updated with the driver-refresh recipe. The rest of the pipeline already passed on the first run (host built --features nvenc via the llvm-dlltool import lib; ISCC + signtool found; signed with the real CN=unom cert). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -44,13 +44,20 @@ Silent install: `punktfunk-host-setup-<ver>.exe /VERYSILENT` (omit the driver wi
|
||||
| File | Role |
|
||||
|------|------|
|
||||
| `punktfunk-host.iss` | Inno Setup script (the installer definition). |
|
||||
| `pack-host-installer.ps1` | Orchestrator: cert + sign, fetch/stage SudoVDA, run ISCC, sign setup.exe, emit registry paths. |
|
||||
| `fetch-sudovda.ps1` | Download + SHA-256-verify the **pinned** SudoVDA + nefcon releases; stage the driver payload. |
|
||||
| `pack-host-installer.ps1` | Orchestrator: cert + sign, stage the driver bundle, run ISCC, sign setup.exe, emit registry paths. |
|
||||
| `stage-sudovda.ps1` | Stage the **vendored** SudoVDA driver + fetch/verify the **pinned** nefcon release into the bundle. |
|
||||
| `install-sudovda.ps1` | Runs at install time (elevated): trust cert → gated device-node create → `pnputil` install. |
|
||||
| `sudovda/` | **Vendored** prebuilt SudoVDA driver: `SudoVDA.inf` / `sudovda.cat` / `SudoVDA.dll` / `sudovda.cer`. |
|
||||
| `nvenc/nvenc.def`, `nvenc/gen-nvenc-importlib.ps1` | Synthesise `nvencodeapi.lib` for the `--features nvenc` link (llvm-dlltool / lib.exe). |
|
||||
|
||||
> **Pinning:** the SudoVDA / nefcon release URLs + SHA-256s in `fetch-sudovda.ps1` are the source of
|
||||
> truth for what ships. Confirm the latest asset URLs and fill the SHA-256s to lock a release.
|
||||
> **Vendored driver:** SudoVDA has no upstream release (its repo is a source-only VS solution; Apollo
|
||||
> embeds the driver in its own installer), so the prebuilt **signed** driver is checked in under
|
||||
> `sudovda/` (MIT/CC0; v1.10.9.289, signer `CN=sudovda@su.mk`, Class=Display, HWID
|
||||
> `Root\SudoMaker\SudoVDA`). To refresh it, copy the four files out of a box's driver store
|
||||
> (`C:\Windows\System32\DriverStore\FileRepository\sudovda.inf_amd64_*`) and re-derive `sudovda.cer`
|
||||
> from the `.cat` signer (`(Get-AuthenticodeSignature sudovda.cat).SignerCertificate | Export-Certificate`).
|
||||
> nefcon (the device-node tool) **is** fetched + SHA-256-verified from its pinned release in
|
||||
> `stage-sudovda.ps1`.
|
||||
|
||||
## Build locally (Windows, MSVC + Windows SDK + Inno Setup)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user