Release plan discussion
mcuee opened this issue ยท 59 comments
We will use 1.2.7.x as snapshot release version. Probably the next formal version should be labeled as 1.2.8.0.
V1.2.7.3 (11/13/2021) - SNAPSHOT RELEASE
-
driver: sign the drivers using SHA1 as well as SHA256
-
driver: sign the drivers after microsoft and not before (win7 fix)
V1.2.7.2 (10/25/2021) - SNAPSHOT RELEASE
-
driver: sign the drivers using EV certificate: #24
-
driver: fix possible stack corruption: #19
-
lib: fix missing check for failed CloseHandle(): #12
V1.2.7.1 (09/18/2019) - SNAPSHOT RELEASE
- Removed support for IA64
- Removed support for W2K
- Properly allocate NX pool memory on Win8+
V1.2.6.0 (01/17/2012)
- Official release.
- Removed ISO maximum transfer size restrictions/transfer splitting.
- Fixed inf-wizard device notification issue.
@dontech Please also help to check those I marked as "wontfix" before you took over from Travis. If you think some of them are worth implementing, then please go ahead to remove the "wontfix" label. Thanks.
Would be nice if we can have debug versions also.
Would be nice if we can have debug versions also.
Good point.
Release related work to be done.
- update changelog
- including the change log in the installer
- create debug version of bin and installer
@dontech Please also help to check those I marked as "wontfix" before you took over from Travis. If you think some of them are worth implementing, then please go ahead to remove the "wontfix" label. Thanks.
I have removed most of the "wontfix" labels except a few like USB hub support.
@dontech I have changed to the libusb-win32 Sourceforge default download version from 1.2.6.0 release to 1.2.7.3 snapshot release so that the people out there can use the the updated version. It should work for Windows 7/8/8.1/10 so we should still be okay.
@dontech
For the next release, Windows 7 support may be difficult as the cross-certification expired in Dec 2021.
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64> .\signtool.exe verify /v /kp C:\temp\libusb-win32-bin-1.2.7.3\bin\amd64\libusb0.sys
Verifying: C:\temp\libusb-win32-bin-1.2.7.3\bin\amd64\libusb0.sys
Signature Index: 0 (Primary Signature)
Hash of file (sha256): 2148A71E5EF84643B11A1A528E421B3860D2D07831FB7BCECA9D0E5DE7B4AC43
Signing Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Fri Dec 03 06:25:28 2021
SHA1 hash: 984E03B613E8C2AE9C692F0DB2C031BF3EE3A0FA
The signature is timestamped: Sat Nov 13 19:54:14 2021
Timestamp Verified by:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Time-Stamp PCA 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Wed Jul 02 05:46:55 2025
SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Time-Stamp PCA 2010
Expires: Thu Jan 13 01:28:25 2022
SHA1 hash: A04C15E8F4C630938C2935B1375329AF93CC90D4
Cross Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Fri Dec 03 06:25:28 2021
SHA1 hash: 984E03B613E8C2AE9C692F0DB2C031BF3EE3A0FA
Successfully verified: C:\temp\libusb-win32-bin-1.2.7.3\bin\amd64\libusb0.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
Further discussions here.
https://community.osr.com/discussion/293709/signing-driver-for-win7
If in the end there is no solution, we have to drop Windows 7 support.
@mcuee yes there clearly is a problem there. I have not been able to solve this either.
Either i am missing something or Microsoft made a huge backwards compability support blunder, which is problematic when you consider how many people still use that....
AFAIK drivers for Windows 7 can only be signed using their cross-certificate, and since they have stopped issueing those, then i fail to see how that would work.
They need to issue a new cross-certificate or patch up Windows-7 to ignore that check.... i guess the odds of any of those two are smaller than my odds of becoming the president of Mars.
So i think, unless something happens, that we have to drop support for Windows 7.
I would suggest that we announce that this is the last version supporting Windows 7, and then remove it in the next release. We can state in the release notes that it must be signed manually (local signing), or installed using the "disable driver signing" options.
@dontech
I agree with you to annonuce libusb-win32 1.2.7.3 to be the last version to support Windows 7.
I have updated the github release page.
https://github.com/mcuee/libusb-win32/releases/tag/snapshot_1.2.7.3
Or probably we should re-tag it as official 1.2.7.3 release and not call it a snapshot.
I have just upload 1.2.7.3 again to Sourceforge as a formal release and mentioned it as the last release with Windows 7 support.
https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/1.2.7.3/
Interesting that I saw SHA1 signature on the 1.2.7.4 release along with SHA256 signature. Are you able to sort the issue for Windows 7? Does 1.2.7.4 work under Windows 7? Thanks.
PS C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64> .\signtool.exe verify /v /kp C:\temp\libusb-win32-bin-1.2.7.4\bin\amd64\libusb0.sys
Verifying: C:\temp\libusb-win32-bin-1.2.7.4\bin\amd64\libusb0.sys
Signature Index: 0 (Primary Signature)
Hash of file (sha256): A6D943EDAC01563EA264101EA66B80F76EBC96809A20A7A7733C33449BC4091C
Signing Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Thu Apr 04 03:16:30 2024
SHA1 hash: FAC666005546D6BE881A31C1267717879401A950
The signature is timestamped: Wed Sep 20 09:02:45 2023
Timestamp Verified by:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Time-Stamp PCA 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 01 02:32:25 2030
SHA1 hash: 36056A5662DCADECF82CC14C8B80EC5E0BCC59A6
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Time-Stamp PCA 2010
Expires: Fri Feb 02 03:12:37 2024
SHA1 hash: 315BDBA2CC6DE1118F3DB8BDAEBBE5FE986FEB75
Cross Certificate Chain:
Issued to: Microsoft Root Certificate Authority 2010
Issued by: Microsoft Root Certificate Authority 2010
Expires: Sun Jun 24 06:04:01 2035
SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Issued to: Microsoft Windows Third Party Component CA 2014
Issued by: Microsoft Root Certificate Authority 2010
Expires: Tue Oct 16 04:41:27 2029
SHA1 hash: 1906DCF62629B563252C826FDD874EFCEB6856C6
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Third Party Component CA 2014
Expires: Thu Apr 04 03:16:30 2024
SHA1 hash: FAC666005546D6BE881A31C1267717879401A950
Successfully verified: C:\temp\libusb-win32-bin-1.2.7.4\bin\amd64\libusb0.sys
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
What do we need to complete this.
@mcuee what do you think?
I think we are almost there.
Just two minor things for the installer.
- It would be nice to sign the installer. I think it will help to make Windows a bit happy.
- Add the changelog to the installer.
After the formal release, I will create a pull request to ask Pete to include it in the next official release of libwdi/Zadig.
Currently libwdi Zadig-2.8.exe has libusb-win32 1.2.7.3 release.
I can not test Windows on ARM64 as I do not have the necessary hardware. I am not so sure if you can test Windows on ARM64 or not.
There is an issue with Zadig as of now. It does not work under Windows 11 on ARM64. Power users can of course disable driver signature enforcement, but this is not a solution for normal users.
There is an issue with Zadig as of now. It does not work under Windows 11 on ARM64. Power users can of course disable driver signature enforcement, but this is not a solution for normal users.
No, that sort of makes it useless for regular users. However, for companies that officially re-sign the driver with their own INF file i guess it is OK.
Why does the changelog say "Much smaller binaries"? At least in the case of amd64 all binaries are larger in 1.3.0.0 than in 1.2.7.4...
Why does the changelog say "Much smaller binaries"? At least in the case of amd64 all binaries are larger in 1.3.0.0 than in 1.2.7.4...
@tormodvolden That's a really good question. At some point I noticed that the binaries were smaller when switching to EWDK. I just never checked it again.
Maybe I configured the project differently at some point. Not sure. I think its OK now, but I agree that the release note is misleading. Maybe some of the project parameters can be tweaked.
- It would be nice to sign the installer. I think it will help to make Windows a bit happy.
Done. The latest update to the script signs all EXE and DLL files with SHA1 and SHA256 signature.
The SYS and DLL files then additionally get signed by microsoft.
CHANGELOG.txt now a part of the archive, and should be updated with every release.
@mcuee We are ready for release. Please confirm and I will spin and sign test release
The changelog still has the dubious "Much smaller binaries due to newer compiler" ...
@mcuee We are ready for release. Please confirm and I will spin and sign test release
Thanks. Please go ahead with the new release. But maybe you can remove "Much smaller binaries due to newer compiler" as mentioned by Tormod.
Going back and changing a changelog is normally a no-go, but in this case we can make an exception as it is misleading.
A changelog is documentation and should be corrected and improved if needed. If you have a strict QM system you may need to document that the documentation has been changed, but I never heard about such a no-go rule :)
A changelog is documentation and should be corrected and improved if needed. If you have a strict QM system you may need to document that the documentation has been changed, but I never heard about such a no-go rule :)
I tried to say the same thing, but your wording is better. I agree. :-). But I would still argue that logs represent the intent and not the result. So e.g. a log entry stating "stabilized functionx()" should not be changed a year later to "destabilized functionx()" when you find out the opposite was the case. However in this case it was just misleading and wrong from the start and the intent was not to shrink the image but just an observation.
One interesting thing could be to test the ARM64 images somehow.
One interesting thing could be to test the ARM64 images somehow.
@sonatique tested 1.3.0.0 snapshot release under ARM64 and it seems to work fine. I think 1.3.0.1 shoudl be similar.
Let's wait for some time and we may want to promote 1.3.0.1 snapshot release to be a formal release, or just up-rev and create a 1.3.0.2 as formal release.
Another thing for 1.3.0.2 is probably to document the limitation for ARM64.
As of now, the work-around is to submit the generated Zadig driver package to Microsoft portal (attestation signing) or to Disable Driver Signature Enforcement.
Yet another thing for 1.3.0.2 is to fix the issue with Zadig (but it may be a Zadig problem and not libusb-win32 problem).
Not sure if we can adopt the following.
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/static-tools-and-codeql#driver-verification-log-dvl-consumption-of-sarif-output)
V1.3.0.2 (02/15/2024) - SNAPSHOT RELEASE
- Fix Linux build: #42
- Fix missing data in large transfers: #45
- Fix BSOD for large transfers: #51
- Replace pipeinfo transfer size with MS rules: #52
- Fix async API data order: #54
- Fix missing PDB files for release: #55
- Fix MINGW build: #58
V1.3.0.1 (10/20/2023) - SNAPSHOT RELEASE
- Automate the driver signing process more
- Sign all executables
- Fix changelog in build system
V1.2.7.4 (9/20/2023) - SNAPSHOT RELEASE
- driver: fix various hang issues: #38
BTW, version 1.3.0.2 installer is missing the changelog for 1.3.0.2. You may want to add that in the next version.
Yeah i committed it after release, and obviously is should do it before release... doh! :-)
If there are no new problems, I think we are ready to release 1.4.0.0 as the next official release
If there are no new problems, I think we are ready to release 1.4.0.0 as the next official release
Yes, it will be good to have a real official release.
Thanks a lot for your contributions as well.
I think this is an example why open source works. My customers are happy, @sonatique is happy, @mcuee is happy. Everyone is contributing to each others success. Great work guys! ๐
Feel free to join me on linkedin: https://www.linkedin.com/in/peter-dons-tychsen-ab7236/?originalSubdomain=dk
Just wondering if you can add the "libusb-win32-devel-filter-1.4.0.0.exe" installer release as well. Thanks.
Hi,
Thanks for the great work!
While exploring the content of release 1.4.0.0, i noticed to new files in the bin
folder:
libusb0.inf
libusb0.cat
The INF-file mentions DeviceID = "VID_0B05&PID_190E"
, so my guess is that this INF + catalog file serves as a template for installing the driver for our own devices, am i right?
Is the purpose of these two files documented somewhere but I couldn't find it?
Best,
Hugo
You can ignore the two files. It is part of the attestation signing package to get the signed libusb0.sys from Microsoft portal.
You should use Zadig 2.9 release to install libusb-win32 device driver for your device.
https://github.com/pbatard/libwdi/releases/tag/v1.5.1
The inf file is useful for people who want to sign their own driver packages (if they have the necessary EV digital certiticate to registered for the Microsoft portal for attestation signing).
https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-attestation
Thanks for the prompt reply. This is clear now.
Btw, is the -devel-filter.exe scheduled for release somewhen?