We agreed to fix this issue by deleting the package folder every time we begin the packaging phase
Originally posted by @gurry in #649 (comment)
Summary
cargo-wdk's PackageTask copies build artifacts into the final package folder first and then runs stampinf, inf2cat, infverify, and signtool against the files already inside this folder. This ordering produces several issues (listed below) and were flagged in PR #649:
- Partial state on failure: If
stampinf / inf2cat / infverif fails, the package folder is left with a raw .sys/.dll, an unstamped .inf file, no .cat file.
- Unsigned output: Between
inf2cat and the signtool invocations, the package folder contains the unsigned .sys/.dll and .cat files. If signing fails, those unsigned files remain on disk.
- Stale signing artifacts when switching modes between builds: If a previous build ran with
--sign-mode test, the package folder contains the cer file. A subsequent build with sign-mode off does not clean it up.
Proposed Solution
-
Run stampinf / inf2cat / infverif / signtool sign / signtool verify against files in target/<triple>/<profile>/ (the intermediate build dir), not against copies inside the package folder.
-
Create/recreate the package folder as the last step, then copy only the final artifacts into it: .sys, .inf, .cat.
Additional Info & References
Current cargo-wdk flow:
check_inx_exists
→ create package folder (if missing)
→ rename .dll → .sys (in target dir)
→ copy .sys / .pdb / .inx→.inf / .map into package folder
→ stampinf (operates on dest .inf in package folder)
→ inf2cat (writes .cat into package folder)
→ infverif (operates on dest .inf in package folder)
→ sign_and_verify
if SignMode::Test:
generate_certificate
copy .cer into package folder
signtool sign .sys (in package folder)
signtool sign .cat (in package folder)
optionally signtool verify
if SignMode::Off: no-op
Source: PackageTask::run [1]
MSBuild flow (C/C++ driver targets):
build/link → .sys + .pdb in intermediate dir
→ StampInf (intermediate .inf)
→ Inf2Cat (intermediate .cat)
→ InfVerif (intermediate .inf)
→ SignTask: .sys (intermediate dir)
→ SignTask: .cat (intermediate dir)
→ optional signature verify
→ Package assembly: copy final .sys / .inf / .cat → $(OutDir)\$(TargetName)\
Source: WindowsDriver.Common.targets
Originally posted by @gurry in #649 (comment)
Summary
cargo-wdk'sPackageTaskcopies build artifacts into the final package folder first and then runsstampinf,inf2cat,infverify, andsigntoolagainst the files already inside this folder. This ordering produces several issues (listed below) and were flagged in PR #649:stampinf/inf2cat/infveriffails, the package folder is left with a raw.sys/.dll, an unstamped.inffile, no.catfile.inf2catand thesigntoolinvocations, the package folder contains the unsigned.sys/.dlland.catfiles. If signing fails, those unsigned files remain on disk.--sign-mode test, the package folder contains thecerfile. A subsequent build withsign-mode offdoes not clean it up.Proposed Solution
Run
stampinf/inf2cat/infverif/signtool sign/signtool verifyagainst files intarget/<triple>/<profile>/(the intermediate build dir), not against copies inside the package folder.Create/recreate the package folder as the last step, then copy only the final artifacts into it: .sys, .inf, .cat.
Additional Info & References
Current
cargo-wdkflow:Source:
PackageTask::run[1]MSBuild flow (C/C++ driver targets):
Source:
WindowsDriver.Common.targets