x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions
xetup/CHANGELOG.md
X9 Dev f89093212f docs: version changelog as 0.7 + add web changelog page 
- CHANGELOG.md: switch to Keep a Changelog versioning ([Unreleased], [0.7], [0.6]).
- web/changelog/: new page that fetches CHANGELOG.md from Forgejo (raw API via the
  /forgejo-api proxy) and renders it - single source of truth.
- Add Changelog to the nav on landing, navod and spec pages.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 14:07:27 +02:00

79 lines
4.4 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to xetup. Format based on [Keep a Changelog](https://keepachangelog.com).
No diacritics anywhere (project rule).
Builds are continuous: every push to `main` produces a signed `xetup.exe` published as the
`latest` release. Version tags (e.g. `v0.7`) mark notable milestones.
## [Unreleased]
_Nothing yet._
## [0.7] - 2026-06-02
### Added
- **Code signing in CI**: the release workflow signs `xetup.exe` on every push (and via
`workflow_dispatch`) using Azure Trusted Signing (certificate "X9.cz s.r.o.") through jsign,
plus an RFC3161 timestamp (`timestamp.acs.microsoft.com`). jsign is pinned by version + sha256.
Trusted Signing certs are short-lived (~3 days); the timestamp keeps the signature valid past
expiry. Only `AZURE_CLIENT_SECRET` is a Forgejo Actions secret. (`853908b`)
- `workflow_dispatch` trigger for manual release runs. (`cdad15a`)
- **Keyboard layout**: CZ primary + US secondary, applied to all profiles via
`Set-WinUserLanguageList` (current user) and the `Preload` key in the Default hive and
`HKU\.DEFAULT`. (`94b7786`)
### Fixed
- **winget** (02, 11): pass `--source winget` to every install. Fresh Win11 ISOs ship an App
Installer with a stale pinned cert, so the msstore source fails with `0x8a15005e` and aborts
the install; forcing the winget source bypasses it. (`94b7786`)
- **Network Discovery** (10): enable by resource-string group `-Group "@FirewallAPI.dll,-32752"`
instead of `-DisplayGroup "Network Discovery"`, which is localized and failed on Czech Windows. (`94b7786`)
- **Atera detection** (02): verify via the `AteraAgent` service (`Get-Service`) with a path-check
fallback incl. `C:\ProgramData`, since Atera no longer installs to a fixed location. (`94b7786`)
- **Windows Update log** (12): format installed updates via `$_.Result`/`$_.Title` instead of
logging the raw objects (which printed "System.__ComObject"). (`94b7786`)
- **UCPD** (02): the UCPD stop failure on Win11 24H2 (protected service) is logged WARN, not
ERROR; the system-wide HKCR write succeeds regardless. (`94b7786`)
- **Atera under SYSTEM** (02): install the MSI via a one-shot scheduled task running as
`NT AUTHORITY\SYSTEM` (`msiexec /qn`). Under SYSTEM the agent registers silently with no
interactive MFA window. (`451b9e2`)
- **Taskbar File Explorer pin** (04): pin Explorer via its AppUserModelID
(`DesktopApplicationID="Microsoft.Windows.Explorer"`) instead of a hand-made `.lnk`. The custom
shortcut launched a second Explorer that did not group with the running window and could not be
unpinned. (`451b9e2`)
- **Accent color in all profiles** (04): write `AccentPalette` (REG_BINARY, 8 shades from #223B47)
alongside `AccentColor`. Without it Win11 drops the custom accent on Start/taskbar and falls back
to the default. The full theme (Custom mode: dark system + light apps; accent on Start/taskbar and
title bars/borders) is written to the Default hive, the current user (HKCU) and `HKU\.DEFAULT` so
all profiles match. (`4d08d0c`)
- **BackInfo background color**: `BackgroundColor 4668194 -> 2243399`. BackInfo reads the value as
0xRRGGBB (RGB), not COLORREF/BGR, so #223B47 = 2243399; the BGR value swapped red/blue. (`4d08d0c`)
### CI / Infra
- deploy.json update step made non-fatal (cosmetic, runs after the release is published). (`8a7fc10`)
- Forgejo runner: bind-mount the docker socket into job containers so the deploy.json step's
`docker exec` works. (`c8c8523`, `beceeb4`)
- docker-compose: mount `web/data` read-write so CI can refresh `deploy.json` (rest of the web
docroot stays read-only). (`7becac7`)
### Docs
- Web (spec, descriptions.json, navod, landing) updated for all of the above.
- `SPEC.md` + `CLAUDE.md` synced. Added this `CHANGELOG.md`.
## [0.6] - 2026-04-28
### Added
- Step 03: disable hibernation and Smart App Control; reworked Edge configuration
(mandatory policies + initial_preferences). (`0cfe751`)
### Fixed
- Reliability and robustness pass: watchdog kills a stalled script after 30 min of silence;
reboot-loop protection caps each step at 5 restarts; atomic `state.json` writes (tmp+rename);
email report retried 3x with a local HTML fallback; Default-hive unload retried; resume mode
fixed to actually run pending steps. (`d30767e`)
---
Earlier history (pre-0.6): see the git log - initial Go launcher, embedded PowerShell steps,
reboot-resume cycle, Forgejo CI build, and the static site at xetup.x9.cz.
Reference in a new issue View git blame Copy permalink