feat: introduce sign mode for driver packaging, allowing skipping of signing steps#649
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new build-time signing mode to cargo-wdk so production packaging can skip test-signing (and associated certificate generation/verification), aligning with the request in #588 to produce unsigned driver binaries for external signing.
Changes:
- Introduces
SignMode(testdefault,off) and wires it through CLI →BuildAction→PackageTask. - Updates packaging flow to conditionally skip certificate generation, signtool signing, and signature verification when
--sign-mode=off. - Adds unit + integration tests covering
--sign-mode=off, CLI validation, and help-surface expectations.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| crates/cargo-wdk/tests/build_command_test.rs | Adds integration tests for --sign-mode=off, including “not Authenticode signed” validation. |
| crates/cargo-wdk/src/cli.rs | Adds --sign-mode flag, passes it into build params, and rejects --verify-signature with --sign-mode=off. |
| crates/cargo-wdk/src/actions/mod.rs | Defines the SignMode enum with parsing/display behavior. |
| crates/cargo-wdk/src/actions/build/tests.rs | Extends build action tests/mocks to cover sign-mode off behavior and propagation. |
| crates/cargo-wdk/src/actions/build/package_task.rs | Implements sign-mode branching in packaging, skipping signing steps when off. |
| crates/cargo-wdk/src/actions/build/mod.rs | Threads sign_mode from build action into package task params. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #649 +/- ##
==========================================
+ Coverage 79.45% 79.61% +0.16%
==========================================
Files 26 26
Lines 5500 5544 +44
Branches 5500 5544 +44
==========================================
+ Hits 4370 4414 +44
Misses 1001 1001
Partials 129 129 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Co-authored-by: Copilot <copilot@github.com>
…ification enabled Co-authored-by: Copilot <copilot@github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gurry
reviewed
May 7, 2026
Contributor
|
It's odd that we're printing the error twice: Why is that? Is this true for other errors as well? What can we do to fix it? |
gurry
reviewed
May 7, 2026
krishnakumar4a4
requested changes
May 12, 2026
gurry
reviewed
May 13, 2026
svasista-ms
commented
May 19, 2026
…signing documentation
gurry
reviewed
May 19, 2026
gurry
reviewed
May 20, 2026
gurry
reviewed
May 20, 2026
gurry
reviewed
May 20, 2026
gurry
reviewed
May 22, 2026
krishnakumar4a4
previously approved these changes
May 22, 2026
gurry
previously approved these changes
May 23, 2026
gurry
approved these changes
May 25, 2026
krishnakumar4a4
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a
--sign-modeoption to thecargo wdk buildcommand that lets you turn off test signing which is useful for production/HLK scenarios.Resolves #588
Functionality
--sign-modetakes two values:test: generates a self-signed cert and signs artifacts with it. Same behavior as todayoff: skips all signing including cert generationtestis the default so if--sign-modeis omitted the command behaves exactly as today and thus remains backwards compatible.An error is returned if you try to use
--verify-signaturewith--sign-mode=offbecause verification does not make sense when nothing is signed.Future Direction
This PR is part of a broader goal to replicate Visual Studio's
SignModesetting incargo-wdk. In the future we plan to:--sign-modevalue calledprodto enable a production signing mode that will not generate a test cert and will instead require a user-specified certChanges
sign_modefield inBuildArgs[1]--verify-signaturewith--sign-mode=off[2]SignModeenum withTestandOffvariants [3].SignModefromBuildActionthroughPackageTaskPackageTask::run(), gatedgenerate_certificate, the certificate copy andsigntoolinvocations onSignMode::Test[4]Screenshots
cargo wdk build --helpshowing--sign-mode:Building with
--sign-mode=off:Building with
--sign-mode=test:Building without the
--sign-modeoption -- falls back to the default (test) behavior:Error when using
--verify-signaturewith--sign-mode=off: