unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 4 Wiki Activity
Files
372b27540b5369020229fd6f038d5074d7ff7d76
punktfunk/design/windows-service.md
T
enricobuehler 7b99b41ede docs(design): trim shipped plans, consolidate cluster, add index 
Much of design/ described work that has since shipped. Trim each doc to
its durable rationale + still-open items (the code is the source of truth
for shipped detail; git history holds the full originals).

- Shipped plans -> status stubs: stats-capture, gamestream-host-plan,
  apple-stage2-presenter, windows-service.
- Trimmed completed-out / open-kept: implementation-plan, hdr-pipeline,
  host-latency, gpu-contention (fixed stale status table), game-library,
  linux-setup (fixed m0->spike + stale zero-copy claim),
  session-aware-host-followups, windows-client-bootstrap,
  windows-dualsense-{scoping,game-detection}, windows-virtual-display,
  security-review (per-finding status table; #12 still open),
  apollo-comparison (shipped backlog collapsed to one-liners).
- Windows-host cluster consolidated: windows-host.md -> redirect into
  windows-host-rewrite.md (whose stale scorecard is corrected -- goal1 is
  merged, M4 done); windows-secure-desktop.md archived (now a fallback
  behind IDD-push primary).
- Kept evergreen: ci.md, gamescope-multiuser.md, windows-build-and-packaging.md.
- New design/README.md: per-doc status table + consolidated open-items
  roll-up so nothing is tracked in only one buried doc.
- Repoint 5 code comments to the archived secure-desktop doc path.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-26 16:39:06 +00:00

30 lines
1.7 KiB
Markdown
Raw Blame History

# Windows service (deployment)
**Status: SHIPPED.** The `PunktfunkHost` LocalSystem SCM service is the end-user way to run the host
on Windows, installed by the signed Inno Setup installer. Sources / details:
- `crates/punktfunk-host/src/windows/service.rs` — the supervisor.
- [`packaging/windows/README.md`](../packaging/windows/README.md) — installer + driver packaging.
- `punktfunk-host service --help` — install / start / stop / status / uninstall.
## Why it works the way it does (the durable rationale)
The host must capture the **secure desktop** (UAC / lock / login) and inject input there. Desktop
Duplication of the secure desktop and `SendInput` both require **SYSTEM**, while capture and injection
require the **interactive console session** — which a plain Session-0 service is *not* in. One process
must therefore be SYSTEM *and* in the interactive session.
The service resolves this the same way Sunshine/Apollo do: it runs as **LocalSystem in Session 0** but
**never captures**. Instead it duplicates its own LocalSystem token, retargets it to the active console
session (`SetTokenInformation(TokenSessionId)`), and launches the host there with
`CreateProcessAsUserW` (`lpDesktop = winsta0\default`) — supervising it across exits and console-session
switches, with a kill-on-close Job Object so a service crash never orphans the SYSTEM host.
`service run` is the **SCM entry point only** — don't run it by hand (it errors with a hint).
## Open item — graceful stop
A service stop currently `TerminateProcess`es the host, which **skips RAII teardown**, so a stale
virtual monitor can linger until the next start. The follow-up is a cooperative-stop signal
(event/pipe) that lets the host unwind cleanly before exit.
Reference in New Issue View Git Blame Copy Permalink