xetup

x9/xetup

Fork 0

Commit graph

Author	SHA1	Message	Date
X9 Dev	853908bedd	ci: sign xetup.exe via Azure Trusted Signing (jsign) Add a signing step after the build that authenticates the Entra service principal (client_credentials), fetches a Trusted Signing access token, and signs xetup.exe with jsign using the X9.cz s.r.o. certificate profile plus an RFC3161 timestamp (timestamp.acs.microsoft.com). jsign is pinned by version and sha256. Trusted Signing certs are short-lived (~3 days); the timestamp keeps the signature valid past expiry, so timestamping must succeed and the step fails hard otherwise. Only AZURE_CLIENT_SECRET needs to be set as a Forgejo Actions secret; the non-secret identifiers are inlined in the workflow. gitignore the local manual-signing helpers (sign.sh) and the .unsigned build backup. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-05-29 15:00:12 +02:00
X9 Dev	8b795547d3	chore: save Claude Code conversation history + ignore runtime artifacts Add all Claude Code session JSONL files to .claude/sessions/ for full conversation history archival. Ignore scheduled_tasks.lock and web/data/deploy.json as runtime/CI-generated artifacts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-16 17:21:49 +02:00
Filip Zubik	c42943cfa8	PS scripts, web platform, Forgejo CI, xetup.exe launcher Initial deployment suite for X9.cz MSP Windows 10/11 deployment: - PowerShell scripts 00-11: admin account, bloatware removal, software (winget+Atera), system registry tweaks, default profile, personalization, scheduled tasks, BackInfo desktop info, Windows activation, PC identity/rename, network, Dell Update - Web platform: xetup.x9.cz (nginx), spec/annotation page, /dl shortlink, GitHub mirror - Forgejo Actions CI: auto-build xetup.exe on push, publish to releases/latest - Go xetup.exe: embeds all scripts/assets, per-feature checkboxes, load/save config	2026-04-16 14:49:41 +02:00

Author

SHA1

Message

Date

X9 Dev

853908bedd

ci: sign xetup.exe via Azure Trusted Signing (jsign)

Add a signing step after the build that authenticates the Entra service
principal (client_credentials), fetches a Trusted Signing access token, and
signs xetup.exe with jsign using the X9.cz s.r.o. certificate profile plus an
RFC3161 timestamp (timestamp.acs.microsoft.com). jsign is pinned by version
and sha256. Trusted Signing certs are short-lived (~3 days); the timestamp
keeps the signature valid past expiry, so timestamping must succeed and the
step fails hard otherwise.

Only AZURE_CLIENT_SECRET needs to be set as a Forgejo Actions secret; the
non-secret identifiers are inlined in the workflow.

gitignore the local manual-signing helpers (sign*.sh) and the *.unsigned
build backup.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-05-29 15:00:12 +02:00

X9 Dev

8b795547d3

chore: save Claude Code conversation history + ignore runtime artifacts

Add all Claude Code session JSONL files to .claude/sessions/ for
full conversation history archival. Ignore scheduled_tasks.lock and
web/data/deploy.json as runtime/CI-generated artifacts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-16 17:21:49 +02:00

Filip Zubik

c42943cfa8

PS scripts, web platform, Forgejo CI, xetup.exe launcher

Initial deployment suite for X9.cz MSP Windows 10/11 deployment:
- PowerShell scripts 00-11: admin account, bloatware removal, software (winget+Atera),
  system registry tweaks, default profile, personalization, scheduled tasks,
  BackInfo desktop info, Windows activation, PC identity/rename, network, Dell Update
- Web platform: xetup.x9.cz (nginx), spec/annotation page, /dl shortlink, GitHub mirror
- Forgejo Actions CI: auto-build xetup.exe on push, publish to releases/latest
- Go xetup.exe: embeds all scripts/assets, per-feature checkboxes, load/save config

2026-04-16 14:49:41 +02:00

3 commits