5 releases 5 tags

RSS feed

• v0.7 0d5289937b

  Compare

  v0.7 Stable

  x9 released this 2026-06-02 14:19:16 +02:00 | 10 commits to main since this release

  Added

  • Code signing in CI: the release workflow signs xetup.exe on every push (and via
    workflow_dispatch) using Azure Trusted Signing (certificate "X9.cz s.r.o.") through jsign,
    plus an RFC3161 timestamp (timestamp.acs.microsoft.com). jsign is pinned by version + sha256.
    Trusted Signing certs are short-lived (~3 days); the timestamp keeps the signature valid past
    expiry. Only AZURE_CLIENT_SECRET is a Forgejo Actions secret. (853908b)
  • workflow_dispatch trigger for manual release runs. (cdad15a)
  • Keyboard layout: CZ primary + US secondary, applied to all profiles via
    Set-WinUserLanguageList (current user) and the Preload key in the Default hive and
    HKU\.DEFAULT. (94b7786)

  Fixed

  • winget (02, 11): pass --source winget to every install. Fresh Win11 ISOs ship an App
    Installer with a stale pinned cert, so the msstore source fails with 0x8a15005e and aborts
    the install; forcing the winget source bypasses it. (94b7786)
  • Network Discovery (10): enable by resource-string group -Group "@FirewallAPI.dll,-32752"
    instead of -DisplayGroup "Network Discovery", which is localized and failed on Czech Windows. (94b7786)
  • Atera detection (02): verify via the AteraAgent service (Get-Service) with a path-check
    fallback incl. C:\ProgramData, since Atera no longer installs to a fixed location. (94b7786)
  • Windows Update log (12): format installed updates via $_.Result/$_.Title instead of
    logging the raw objects (which printed "System.__ComObject"). (94b7786)
  • UCPD (02): the UCPD stop failure on Win11 24H2 (protected service) is logged WARN, not
    ERROR; the system-wide HKCR write succeeds regardless. (94b7786)
  • Atera under SYSTEM (02): install the MSI via a one-shot scheduled task running as
    NT AUTHORITY\SYSTEM (msiexec /qn). Under SYSTEM the agent registers silently with no
    interactive MFA window. (451b9e2)
  • Taskbar File Explorer pin (04): pin Explorer via its AppUserModelID
    (DesktopApplicationID="Microsoft.Windows.Explorer") instead of a hand-made .lnk. The custom
    shortcut launched a second Explorer that did not group with the running window and could not be
    unpinned. (451b9e2)
  • Accent color in all profiles (04): write AccentPalette (REG_BINARY, 8 shades from #223B47)
    alongside AccentColor. Without it Win11 drops the custom accent on Start/taskbar and falls back
    to the default. The full theme (Custom mode: dark system + light apps; accent on Start/taskbar and
    title bars/borders) is written to the Default hive, the current user (HKCU) and HKU\.DEFAULT so
    all profiles match. (4d08d0c)
  • BackInfo background color: BackgroundColor 4668194 -> 2243399. BackInfo reads the value as
    0xRRGGBB (RGB), not COLORREF/BGR, so #223B47 = 2243399; the BGR value swapped red/blue. (4d08d0c)

  CI / Infra

  • deploy.json update step made non-fatal (cosmetic, runs after the release is published). (8a7fc10)
  • Forgejo runner: bind-mount the docker socket into job containers so the deploy.json step's
    docker exec works. (c8c8523, beceeb4)
  • docker-compose: mount web/data read-write so CI can refresh deploy.json (rest of the web
    docroot stays read-only). (7becac7)

  Docs

  • Web (spec, descriptions.json, navod, landing) updated for all of the above.
  • SPEC.md + CLAUDE.md synced. Added this CHANGELOG.md.

  Built from 0d52899

  Downloads

  • Source code (ZIP)
    1 download
  • Source code (TAR.GZ)
    1 download

  ---

  • xetup.exe
    1 download · 9.2 MiB