unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases 4 Wiki Activity
Files
708c62788d4f93a3e2105bf087b6eb9309807db4
punktfunk/packaging/windows/stage-sudovda.ps1
T
enricobuehler 68744d5743
android / android (push) Successful in 4m38s
Details
apple / swift (push) Successful in 58s
Details
windows-host / package (push) Failing after 3m2s
Details
ci / rust (push) Successful in 4m39s
Details
ci / web (push) Successful in 30s
Details
deb / build-publish (push) Successful in 2m4s
Details
decky / build-publish (push) Successful in 22s
Details
ci / bench (push) Successful in 4m39s
Details
ci / docs-site (push) Successful in 31s
Details
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 16s
Details
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 3m8s
Details
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m29s
Details
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 4s
Details
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m19s
Details
docker / deploy-docs (push) Has been cancelled
Details
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 6m52s
Details
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 6m58s
Details
fix(packaging/windows): vendor SudoVDA driver (no upstream release) + real nefcon URL 
The first CI run failed only on the SudoVDA download: SudoMaker/SudoVDA has no
releases (source-only repo; Apollo embeds the driver in its installer), so there
was nothing to fetch. Vendor the prebuilt SIGNED driver in-repo instead.

- packaging/windows/sudovda/: SudoVDA.inf/.cat/.dll + sudovda.cer (derived from
  the .cat signer CN=sudovda@su.mk), pulled from the dev-box driver store.
  v1.10.9.289, Class=Display, HWID Root\SudoMaker\SudoVDA, MIT/CC0.
- fetch-sudovda.ps1 -> stage-sudovda.ps1: stage the vendored driver + fetch
  nefcon from its real pinned release (v1.17.40, sha256 812bae7e…, x64/nefconc.exe).
- pack-host-installer.ps1: call stage-sudovda.ps1; README updated with the
  driver-refresh recipe.

The rest of the pipeline already passed on the first run (host built --features
nvenc via the llvm-dlltool import lib; ISCC + signtool found; signed with the
real CN=unom cert).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 07:22:52 +00:00

66 lines
3.4 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
Stage the driver bundle the installer ships into -OutDir: the VENDORED SudoVDA driver + the
fetched nefcon device tool.
.DESCRIPTION
SudoVDA has no upstream release (its repo is a source-only VS solution; Apollo embeds the driver in
its single installer), so the prebuilt, signed driver is VENDORED in this repo under
packaging/windows/sudovda/ (MIT/CC0; SudoVDA v1.10.9.289, signer CN=sudovda@su.mk, Class=Display,
HWID Root\SudoMaker\SudoVDA). nefcon DOES publish a pinned release, so we fetch + SHA-256-verify it
(it provides nefconc.exe, used to create the root-enumerated device node — pnputil can't).
Output (consumed by punktfunk-host.iss): -OutDir gets SudoVDA.inf/.cat/.dll + sudovda.cer and
nefconc.exe (x64). pack-host-installer.ps1 also drops install-sudovda.ps1 in.
.EXAMPLE
pwsh -File stage-sudovda.ps1 -OutDir C:\t\out\stage
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true)][string]$OutDir,
[string]$VendorDir = (Join-Path $PSScriptRoot 'sudovda'),
# PINNED nefcon release (https://github.com/nefarius/nefcon/releases). MIT-licensed.
[string]$NefconUrl = 'https://github.com/nefarius/nefcon/releases/download/v1.17.40/nefcon_v1.17.40.zip',
[string]$NefconSha256 = '812bae7ed7dfb7d6d2284bc7de2f8ccebc92ed2a0b1ae893c53b337096e50c1a'
)
$ErrorActionPreference = 'Stop'
$ProgressPreference = 'SilentlyContinue'
$PSNativeCommandUseErrorActionPreference = $false
if (Test-Path $OutDir) { Remove-Item -Recurse -Force $OutDir }
New-Item -ItemType Directory -Force -Path $OutDir | Out-Null
# --- vendored SudoVDA driver ------------------------------------------------------------------
$inf = Get-ChildItem -Path $VendorDir -Filter *.inf -ErrorAction SilentlyContinue | Select-Object -First 1
if (-not $inf) { throw "no vendored SudoVDA .inf under $VendorDir — see packaging/windows/README.md" }
Copy-Item (Join-Path $VendorDir '*') $OutDir -Force
Write-Host "==> vendored SudoVDA staged from $VendorDir"
# --- nefcon (fetched + verified) --------------------------------------------------------------
$work = Join-Path ([IO.Path]::GetTempPath()) ('nefcon-' + [IO.Path]::GetRandomFileName())
New-Item -ItemType Directory -Force -Path $work | Out-Null
try {
$zip = Join-Path $work 'nefcon.zip'
Write-Host "==> downloading $NefconUrl"
Invoke-WebRequest -Uri $NefconUrl -OutFile $zip -UseBasicParsing
$got = (Get-FileHash $zip -Algorithm SHA256).Hash.ToLowerInvariant()
if ($NefconSha256) {
if ($got -ne $NefconSha256.ToLowerInvariant()) {
throw "nefcon SHA-256 mismatch`n expected $NefconSha256`n got $got"
}
Write-Host " sha256 ok ($got)"
}
else { Write-Warning "no pinned nefcon SHA-256 — computed $got (PIN THIS in stage-sudovda.ps1)" }
Expand-Archive -Path $zip -DestinationPath $work -Force
$nefc = Get-ChildItem -Path $work -Recurse -Filter 'nefconc.exe' |
Where-Object { $_.FullName -match '(?i)\\x64\\' } | Select-Object -First 1
if (-not $nefc) { $nefc = Get-ChildItem -Path $work -Recurse -Filter 'nefconc.exe' | Select-Object -First 1 }
if (-not $nefc) { throw "nefconc.exe not found in $NefconUrl" }
Copy-Item $nefc.FullName (Join-Path $OutDir 'nefconc.exe') -Force
}
finally { Remove-Item -Recurse -Force $work -ErrorAction SilentlyContinue }
Write-Host "==> staged driver bundle in $OutDir :"
Get-ChildItem $OutDir -File | ForEach-Object { " $($_.Name)" }
Reference in New Issue View Git Blame Copy Permalink