# Changelog All notable changes to xetup. Format based on [Keep a Changelog](https://keepachangelog.com). No diacritics anywhere (project rule). Builds are continuous: every push to `main` produces a signed `xetup.exe` published as the `latest` release. Version tags (e.g. `v0.7`) mark notable milestones. ## [Unreleased] ### Changed - **Photos now kept** (01): `Microsoft.Windows.Photos` is added to the always-keep list (`KeepPackages`), so the default image viewer is no longer removed - like Calculator. It stays in the removal list but the keep-guard skips it and logs `KEEP Microsoft.Windows.Photos`. ## [0.9] - 2026-06-03 ### Added - **Bloatware feature toggles** (01): the bloatware step now exposes three GUI checkboxes - `standardBloatware` (default on, the bulk AppX/capability/feature list), `removeNewOutlook` (default on, the new Outlook for Windows app `Microsoft.OutlookForWindows`) and `removeSnippingTool` (default OFF). Each toggle is independent, so a technician can spare Outlook or remove the Snipping Tool without affecting the rest. ### Changed - **Snipping Tool now kept by default** (01): `Microsoft.ScreenSketch` (the modern Snipping Tool app) plus the legacy capability and optional feature are no longer removed unless `removeSnippingTool` is checked - it is a commonly used productivity tool, like Calculator. Classic Outlook from M365 was never removed (it is a Win32 app, not an AppX package); only the bundled new Outlook is, and that is now toggleable. ### Fixed - **`bloatware.keepPackages` was dropped at runtime**: the Go `Config` struct had no `Bloatware` field, so the GUI's runtime-config regeneration silently discarded `keepPackages`. Added the field so the keep-list survives and is honored by `01-bloatware.ps1`. ## [0.8] - 2026-06-02 ### Added - **Web changelog page** (`/changelog/`) that renders `CHANGELOG.md` from the repo (Forgejo raw API via the `/forgejo-api` proxy) - single source of truth. Linked from the site nav. - **CI release automation**: the release workflow derives the release notes from `CHANGELOG.md`, and a version tag (`vX.Y`) builds, signs and publishes a named (non-prerelease) release for that version; `main`/dispatch keep the rolling `latest` prerelease. ### Fixed - **BackInfo background color**: use the COLORREF value `4668194` for #223B47. BackInfo uses a COLORREF (`0x00BBGGRR` / BGR), so the 0.7 value `2243399` (`0x223B47`) was read with red/blue swapped and rendered olive-brown (#473B22). Reverts the 0.7 change. - **BackInfo black border in some profiles** (04): BackInfo paints a centered bitmap; when it is smaller than the screen, the surrounding desktop showed black in profiles whose `Control Panel\Colors\Background` was not set. The solid desktop background color (#223B47) is now written to HKU\.DEFAULT and to every existing user profile (loading each hive as needed), in addition to the Default hive and current user, so the area around the bitmap blends in. ## [0.7] - 2026-06-02 ### Added - **Code signing in CI**: the release workflow signs `xetup.exe` on every push (and via `workflow_dispatch`) using Azure Trusted Signing (certificate "X9.cz s.r.o.") through jsign, plus an RFC3161 timestamp (`timestamp.acs.microsoft.com`). jsign is pinned by version + sha256. Trusted Signing certs are short-lived (~3 days); the timestamp keeps the signature valid past expiry. Only `AZURE_CLIENT_SECRET` is a Forgejo Actions secret. (`853908b`) - `workflow_dispatch` trigger for manual release runs. (`cdad15a`) - **Keyboard layout**: CZ primary + US secondary, applied to all profiles via `Set-WinUserLanguageList` (current user) and the `Preload` key in the Default hive and `HKU\.DEFAULT`. (`94b7786`) ### Fixed - **winget** (02, 11): pass `--source winget` to every install. Fresh Win11 ISOs ship an App Installer with a stale pinned cert, so the msstore source fails with `0x8a15005e` and aborts the install; forcing the winget source bypasses it. (`94b7786`) - **Network Discovery** (10): enable by resource-string group `-Group "@FirewallAPI.dll,-32752"` instead of `-DisplayGroup "Network Discovery"`, which is localized and failed on Czech Windows. (`94b7786`) - **Atera detection** (02): verify via the `AteraAgent` service (`Get-Service`) with a path-check fallback incl. `C:\ProgramData`, since Atera no longer installs to a fixed location. (`94b7786`) - **Windows Update log** (12): format installed updates via `$_.Result`/`$_.Title` instead of logging the raw objects (which printed "System.__ComObject"). (`94b7786`) - **UCPD** (02): the UCPD stop failure on Win11 24H2 (protected service) is logged WARN, not ERROR; the system-wide HKCR write succeeds regardless. (`94b7786`) - **Atera under SYSTEM** (02): install the MSI via a one-shot scheduled task running as `NT AUTHORITY\SYSTEM` (`msiexec /qn`). Under SYSTEM the agent registers silently with no interactive MFA window. (`451b9e2`) - **Taskbar File Explorer pin** (04): pin Explorer via its AppUserModelID (`DesktopApplicationID="Microsoft.Windows.Explorer"`) instead of a hand-made `.lnk`. The custom shortcut launched a second Explorer that did not group with the running window and could not be unpinned. (`451b9e2`) - **Accent color in all profiles** (04): write `AccentPalette` (REG_BINARY, 8 shades from #223B47) alongside `AccentColor`. Without it Win11 drops the custom accent on Start/taskbar and falls back to the default. The full theme (Custom mode: dark system + light apps; accent on Start/taskbar and title bars/borders) is written to the Default hive, the current user (HKCU) and `HKU\.DEFAULT` so all profiles match. (`4d08d0c`) - **BackInfo background color**: changed `BackgroundColor` to 2243399 (later found wrong - BackInfo uses COLORREF/BGR; corrected in [Unreleased]). (`4d08d0c`) ### CI / Infra - deploy.json update step made non-fatal (cosmetic, runs after the release is published). (`8a7fc10`) - Forgejo runner: bind-mount the docker socket into job containers so the deploy.json step's `docker exec` works. (`c8c8523`, `beceeb4`) - docker-compose: mount `web/data` read-write so CI can refresh `deploy.json` (rest of the web docroot stays read-only). (`7becac7`) ### Docs - Web (spec, descriptions.json, navod, landing) updated for all of the above. - `SPEC.md` + `CLAUDE.md` synced. Added this `CHANGELOG.md`. ## [0.6] - 2026-04-28 ### Added - Step 03: disable hibernation and Smart App Control; reworked Edge configuration (mandatory policies + initial_preferences). (`0cfe751`) ### Fixed - Reliability and robustness pass: watchdog kills a stalled script after 30 min of silence; reboot-loop protection caps each step at 5 restarts; atomic `state.json` writes (tmp+rename); email report retried 3x with a local HTML fallback; Default-hive unload retried; resume mode fixed to actually run pending steps. (`d30767e`) --- Earlier history (pre-0.6): see the git log - initial Go launcher, embedded PowerShell steps, reboot-resume cycle, Forgejo CI build, and the static site at xetup.x9.cz.