docs: add CHANGELOG.md covering 2026-05-29..2026-06-02
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
X9 Dev
parent
41f6d27275
commit
3fc8c31032
1 changed files with 85 additions and 0 deletions
85
CHANGELOG.md
Normal file
85
CHANGELOG.md
Normal file
|
|
@ -0,0 +1,85 @@
|
||||||
|
# Changelog
|
||||||
|
|
||||||
|
All notable changes to xetup. Dates are when the change landed on `main`.
|
||||||
|
|
||||||
|
Builds are continuous: every push to `main` produces a signed `xetup.exe`
|
||||||
|
published as the `latest` release. No diacritics anywhere (project rule).
|
||||||
|
|
||||||
|
## 2026-06-02
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- **Accent color now reliable in all profiles** (`04-default-profile.ps1`):
|
||||||
|
write `AccentPalette` (REG_BINARY, 8 shades from #223B47) alongside
|
||||||
|
`AccentColor`/`AccentColorMenu`. Without `AccentPalette`, Win11 ignores the
|
||||||
|
custom accent on Start/taskbar and falls back to the default - the cause of
|
||||||
|
"colors not applied everywhere". The full theme (Custom mode: dark system +
|
||||||
|
light apps, accent on Start/taskbar and title bars/borders) is written to the
|
||||||
|
Default hive (new users), the current user (HKCU) and `HKU\.DEFAULT`
|
||||||
|
(lock/welcome screen) so all profiles match. (`4d08d0c`)
|
||||||
|
- **BackInfo background color** (`assets/Backinfo/BackInfo.ini`):
|
||||||
|
`BackgroundColor 4668194 -> 2243399`. BackInfo reads the value as 0xRRGGBB
|
||||||
|
(RGB), not COLORREF/BGR, so #223B47 = 0x223B47 = 2243399; the BGR value
|
||||||
|
rendered with red/blue swapped. (`4d08d0c`)
|
||||||
|
|
||||||
|
### Docs
|
||||||
|
- Web (spec, descriptions.json) updated for AccentPalette / all-profile theme
|
||||||
|
and the BackInfo background fix. (`917fc89`)
|
||||||
|
- `SPEC.md` + `CLAUDE.md` synced with all changes from this period. (`41f6d27`)
|
||||||
|
|
||||||
|
## 2026-06-01
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- **Taskbar File Explorer pin** (`04-default-profile.ps1`): pin Explorer via its
|
||||||
|
AppUserModelID (`DesktopApplicationID="Microsoft.Windows.Explorer"`) instead of
|
||||||
|
a hand-made `File Explorer.lnk`. The custom shortcut pinned as a separate app -
|
||||||
|
clicking it launched a second Explorer that did not group with the running
|
||||||
|
window, and the icon could not be unpinned normally. (`451b9e2`)
|
||||||
|
- **Atera installed under SYSTEM** (`02-software.ps1`): install the Atera MSI via
|
||||||
|
a one-shot scheduled task running as `NT AUTHORITY\SYSTEM` (`msiexec /qn`), then
|
||||||
|
remove the task. Under SYSTEM the agent registers silently with no interactive
|
||||||
|
MFA window, so no technician input is needed. MSI staged in `C:\Windows\Temp`. (`451b9e2`)
|
||||||
|
|
||||||
|
### Docs
|
||||||
|
- Web (spec, descriptions.json, navod) updated for the Explorer AUMID pin and
|
||||||
|
Atera-under-SYSTEM. (`603fba5`)
|
||||||
|
|
||||||
|
## 2026-05-29
|
||||||
|
|
||||||
|
### Added
|
||||||
|
- **Code signing in CI**: the release workflow now signs `xetup.exe` on every push
|
||||||
|
(and via `workflow_dispatch`) using Azure Trusted Signing (certificate
|
||||||
|
"X9.cz s.r.o.") through jsign, plus an RFC3161 timestamp
|
||||||
|
(`timestamp.acs.microsoft.com`). jsign is pinned by version + sha256. Trusted
|
||||||
|
Signing certs are short-lived (~3 days); the timestamp keeps the signature valid
|
||||||
|
past expiry. Only `AZURE_CLIENT_SECRET` is a Forgejo Actions secret. (`853908b`)
|
||||||
|
- `workflow_dispatch` trigger for manual release runs. (`cdad15a`)
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
Field fixes from the first fresh Win11 deployment (Dell Latitude 5521 / GLBNTB63) (`94b7786`):
|
||||||
|
- **winget**: pass `--source winget` to every install (02, 11). Fresh Win11 ISOs
|
||||||
|
ship an App Installer with a stale pinned cert, so the msstore source fails with
|
||||||
|
`0x8a15005e` and aborts the install; forcing the winget source bypasses it.
|
||||||
|
- **Network Discovery** (10): enable by resource-string group
|
||||||
|
`-Group "@FirewallAPI.dll,-32752"` instead of `-DisplayGroup "Network Discovery"`,
|
||||||
|
which is localized and failed on Czech Windows.
|
||||||
|
- **Keyboard** (04): set CZ primary + US secondary via `Set-WinUserLanguageList`
|
||||||
|
(current user) and the `Preload` key in the Default hive and `HKU\.DEFAULT`.
|
||||||
|
- **Atera detection** (02): verify via the `AteraAgent` service (`Get-Service`)
|
||||||
|
with a path-check fallback incl. `C:\ProgramData`, since Atera no longer installs
|
||||||
|
to a fixed location.
|
||||||
|
- **Windows Update log** (12): format installed updates via `$_.Result`/`$_.Title`
|
||||||
|
instead of logging the raw objects (which printed "System.__ComObject").
|
||||||
|
- **UCPD** (02): the UCPD stop failure on Win11 24H2 (protected service) is logged
|
||||||
|
WARN, not ERROR; the system-wide HKCR write succeeds regardless.
|
||||||
|
|
||||||
|
### CI / Infra
|
||||||
|
- deploy.json update step made non-fatal (cosmetic, runs after the release is
|
||||||
|
published). (`8a7fc10`)
|
||||||
|
- Forgejo runner: bind-mount the docker socket into job containers so the
|
||||||
|
deploy.json step's `docker exec` works. (`c8c8523`, `beceeb4`)
|
||||||
|
- docker-compose: mount `web/data` read-write so CI can refresh `deploy.json`
|
||||||
|
(rest of the web docroot stays read-only). (`7becac7`)
|
||||||
|
|
||||||
|
### Docs
|
||||||
|
- Web (spec, descriptions.json, navod, landing) updated for the field fixes and
|
||||||
|
code signing. (`133fc1e`)
|
||||||
Loading…
Reference in a new issue