This website requires JavaScript.
6aa963f024
docs(tests): document branding test suite + elevation requirement
2026-06-09 14:14:13 +01:00
bd5d82f6b4
feat(build): wire branding into Invoke-ServiceWim (offline hive bake)
2026-06-09 14:13:30 +01:00
50856b8f28
feat(branding): Apply-Branding orchestrator (offline/online) + placeholder assets
2026-06-09 14:12:45 +01:00
320b4c675a
feat(branding): OEM/lockscreen/desktop/bitlocker layer writers + tests
2026-06-09 14:10:17 +01:00
7de5262c43
feat(branding): registry helper + Pester harness
2026-06-09 14:08:34 +01:00
73d6611ab5
feat(branding): manifest + module skeleton for SilverMetal Windows branding
2026-06-09 14:06:46 +01:00
e4241f7f59
docs(windows): first-boot branding implementation plan
2026-06-09 13:59:29 +01:00
66e7fd4ae8
docs(windows): first-boot experience & branding design spec
2026-06-09 13:53:58 +01:00
a9c26d842d
Merge pull request 'fix(welcome): eject optical install media before BitLocker enrollment' (#5 ) from feat/welcome-app into main
SilverLABS
2026-06-09 12:26:25 +00:00
bf21eababe
fix(welcome): make bootstrap teardown best-effort (LogonCount=1 already disables auto-logon; cleanup must not fail the apply)
2026-06-09 12:15:56 +01:00
25b02d20ff
fix(welcome): eject optical install media before BitLocker enroll (it refuses TPM+PIN with bootable media present — found in live e2e)
2026-06-09 11:47:38 +01:00
394804f379
Merge pull request 'feat(welcome): SilverOS Welcome first-logon wizard (flavour engine + apply orchestrator + MAUI UI + image bake)' (#4 ) from feat/welcome-app into main
SilverLABS
2026-06-09 10:31:34 +00:00
2b2214c124
fix(welcome): apply services check PowerShell exit codes + throw on failure (no more silent privileged-op failures)
2026-06-09 11:21:46 +01:00
a47345887c
fix(welcome): enforce BitLocker TPM+PIN — set FVE startup-PIN policy, add protector if auto-DE pre-encrypted, strip TPM-only protector
2026-06-09 11:15:13 +01:00
4f3e25e816
docs(welcome): record VM e2e validation + 3 bugs found/fixed + BitLocker-PIN follow-up
2026-06-09 11:02:52 +01:00
4a5bd96ef8
fix(welcome): notify wizard host on AccountStep validity change so Next enables (live e2e blocker) + regression test
2026-06-09 10:25:38 +01:00
166e4d8d0c
fix(welcome): silent admin elevation via offline UAC auto-approve policy + Start-Process RunAs launch (scheduled-task approach failed un-elevated)
2026-06-09 09:51:24 +01:00
4435f6e1c4
fix(welcome): redirect WebView2 data dir off Program Files + launch wizard elevated via scheduled task
2026-06-09 09:43:46 +01:00
b1226d2bed
fix(welcome): extract wizard components to Razor Class Library so bUnit tests don't load WindowsAppSDK (fixes CI DllNotFound on clean runner)
2026-06-09 08:12:37 +01:00
ee3528f360
ci(welcome): fail the build if the Welcome payload isn't baked (guard against green-but-broken image)
2026-06-09 04:02:50 +01:00
f39823339f
ci(welcome): pin .NET 9 SDK via setup-dotnet so MAUI workload band matches
2026-06-09 03:54:18 +01:00
0b1057d0fa
ci(welcome): build + test the Welcome solution before the ISO build
2026-06-09 03:50:35 +01:00
bafdf88fa9
feat(welcome): build bakes the published Welcome app + flavours into the image
2026-06-09 03:46:02 +01:00
5715e55694
feat(welcome): SetupComplete defers hardening to Welcome when present
2026-06-09 03:41:45 +01:00
efdaffa73f
feat(welcome): bootstrap auto-login launches the Welcome app
2026-06-09 03:36:46 +01:00
346abc3676
fix(welcome): apply re-entrancy guard, scrub error output, lock nav during apply, offline-bundle fonts
2026-06-09 03:34:34 +01:00
ea5adacac3
feat(welcome): apply step wiring + Mercury styling
2026-06-09 03:20:39 +01:00
a393ded7c6
fix(welcome): touched-gated account errors, flavour-load retry, flavour Next-gate, drop dead inject
2026-06-09 03:12:41 +01:00
1630bde1ee
feat(welcome): wizard steps + flavour selection UI
2026-06-09 03:03:13 +01:00
1f8ada3a45
feat(welcome): MAUI Blazor app skeleton + DI wiring
2026-06-09 02:50:42 +01:00
b1b278bb8d
fix(welcome): correct -Modules arg encoding so hardening subset actually runs (+ real integration test)
2026-06-09 02:46:00 +01:00
8fe577e0bf
feat(welcome): ApplyService orchestrator (modules->accounts->bitlocker->teardown)
2026-06-09 02:33:39 +01:00
3be703d5c9
fix(welcome): escape bootstrapUser + assert daily user is not admin
2026-06-09 02:30:35 +01:00
62f66490d1
feat(welcome): account + BitLocker + bootstrap services
2026-06-09 02:26:35 +01:00
64b9e3c5f4
feat(welcome): Invoke-Hardening accepts -Modules subset + -ParamsJson
2026-06-09 02:22:04 +01:00
017eaf4d96
feat(welcome): process runner abstraction
2026-06-09 02:18:52 +01:00
6f454fe957
feat(welcome): author Daily-Driver/Privacy-Max/Journalist/Developer flavours
2026-06-09 02:15:46 +01:00
dd1e5faf9c
feat(welcome): flavour loader + validation
2026-06-09 02:11:58 +01:00
c49e1802a1
feat(welcome): flavour manifest model
2026-06-09 02:07:58 +01:00
5f0bc5553a
feat(welcome): solution + Core/Test project skeleton
2026-06-09 02:04:14 +01:00
dfbf1d1ec8
docs(windows): SilverOS Welcome app implementation plan
2026-06-09 01:53:41 +01:00
9c65c1c3a0
docs(windows): Welcome spec revisions per review
2026-06-09 01:47:45 +01:00
b5cfd26f5f
docs(windows): SilverOS Welcome app spec (v1)
2026-06-09 01:41:48 +01:00
638d08696d
feat(windows): set local-account creds + UK keyboard/region
2026-06-09 01:14:08 +01:00
a0b9c2c989
fix(windows/hardening): tolerate missing hibernation (module G)
2026-06-09 00:46:13 +01:00
ba3ef0d45a
fix(windows): hardening modules never ran (SetupComplete quoting bug)
2026-06-09 00:34:05 +01:00
d690b14fc4
feat(windows): automate OOBE region/keyboard (oobeSystem International-Core)
2026-06-09 00:16:49 +01:00
448de1c570
fix(windows/build): revert to prompt boot image (no-prompt caused reinstall loop)
2026-06-08 23:58:12 +01:00
17b2ec2be7
fix(windows/build): launch legacy Setup with explicit /unattend
2026-06-08 23:31:37 +01:00
5e6303d48e
feat(windows): force legacy Setup on 24H2 to fix hands-off install
2026-06-08 23:20:37 +01:00
b4d303cbaa
feat(windows): unattended install — noprompt boot + disk config (M2)
2026-06-08 21:55:47 +01:00
d26595d26f
ci(windows): persist validated ISO to stable runner path
2026-06-08 21:42:16 +01:00
a6afc604c5
Merge pull request 'ci(windows): M2 ISO build + Gitea Windows-runner workflow' (#3 ) from ci/build-iso-windows into main
SilverLABS
2026-06-08 20:13:11 +00:00
6d23a892b9
ci: remove throwaway runner-probe/runner-prep diagnostics
2026-06-08 21:13:06 +01:00
5dbbaaf22c
fix(windows/build): drop oscdimg -bootdata inner quotes (PS arg mangling)
2026-06-08 21:08:33 +01:00
3effd5e338
ci(windows): pin base-ISO SHA + verify; ISO staged locally on runner
2026-06-08 20:58:07 +01:00
ee34b8e373
ci: probe credential-less net use as SYSTEM (stored cmdkey)
2026-06-08 20:54:33 +01:00
78d4d84f88
ci: runner-prep workflow (extend C: only); drop in-CI ISO staging
2026-06-08 19:47:56 +01:00
cc01675056
ci: add throwaway runner-probe workflow to discover runner topology
2026-06-08 19:33:37 +01:00
5e42da619e
ci(windows): make base-ISO acquire step path-aware (UNC/local + optional SMB creds)
2026-06-08 19:19:40 +01:00
1c886deca3
ci(windows): implement M2 ISO build + Gitea Windows-runner workflow
2026-06-08 18:11:05 +01:00
d58aa3ec17
Merge pull request 'docs(windows): Enhanced-Windows hardening spec (GPD Pocket 4 reference)' (#2 ) from docs/enhanced-windows-hardening-spec into main
SilverLABS
2026-06-08 14:45:15 +00:00
3a30a0421e
docs(windows): add ISO-builder design + scaffold the windows/ tree
2026-06-08 15:35:13 +01:00
ea2de4339d
docs(windows): add Enhanced-Windows hardening spec (Pocket 4 reference)
2026-06-08 15:19:37 +01:00
303f602d38
fix(linux/build): keep file handle open through TF patch loop (M1.1 iter38)
SysAdmin
2026-05-08 16:06:45 +01:00
6bafa85231
fix(linux/build): byte-patch Rock Ridge TF dates after xorriso (M1.1 iter37)
SysAdmin
2026-05-08 02:22:56 +01:00
60384e70c8
fix(linux/build): explicit -alter_date all on updated squashfs node (M1.1 iter36)
SysAdmin
2026-05-08 01:44:58 +01:00
1b1a1eabed
fix(linux/build): touch squashfs to SOURCE_DATE_EPOCH before xorriso (M1.1 iter35)
SysAdmin
2026-05-08 01:06:45 +01:00
34bc442dd8
fix(linux/build): cover all ISO9660 dates + locate residual byte drift (M1.1 iter34)
SysAdmin
2026-05-08 00:29:37 +01:00
33e1501611
fix(linux/build): scrub apt lists + apt/dpkg logs from chroot (M1.1 iter33)
SysAdmin
2026-05-07 23:50:14 +01:00
5e5026088d
fix(linux/build): terminate xorriso -alter_date_r path list with -- (M1.1 iter32)
SysAdmin
2026-05-07 23:10:02 +01:00
d354040bd6
fix(linux/build): scrub apt/ldconfig caches + force xorriso mtimes (M1.1 iter31)
SysAdmin
2026-05-07 22:50:28 +01:00
84179b3642
fix(linux/build): xorriso -return_with SORRY 0 to tolerate MBR size warning (M1.1 iter30)
SysAdmin
2026-05-07 22:09:55 +01:00
10e099fcf9
fix(linux/build): scrub nvme/hostid + dkms logs, rebuild squashfs (M1.1 iter29)
SysAdmin
2026-05-07 21:49:25 +01:00
c8eac79afc
fix(linux/build): xorriso -extract needs -osirrox on (M1.1 iter28)
SysAdmin
2026-05-07 21:07:39 +01:00
a2bee4b5dc
fix(linux/build): better squashfs extraction + dump TOC sample (M1.1 iter27)
SysAdmin
2026-05-07 20:32:01 +01:00
c9e67d8b47
fix(linux/build): staged divergence diagnostic, avoid OOM (M1.1 iter26)
SysAdmin
2026-05-07 19:54:35 +01:00
3f51b2fd7f
feat(linux/build): run diffoscope inside silvermetal-builder + tail diff to log (M1.1 iter25)
SysAdmin
2026-05-07 19:14:44 +01:00
5bb24235bd
fix(linux/build): tolerate find perm-denied in chroot scan (M1.1 iter24)
SysAdmin
2026-05-07 18:32:00 +01:00
b0f1ab30f4
fix(linux/build): symlink /home/user/derivative-maker to checkout (M1.1 iter23)
SysAdmin
2026-05-07 18:11:58 +01:00
5918305fd7
fix(linux/build): find self via docker inspect, cgroupns hides cgroup path (M1.1 iter22)
SysAdmin
2026-05-07 18:04:41 +01:00
4a837e07ed
fix(linux/build): discover job container ID from cgroup, not hostname (M1.1 iter21)
SysAdmin
2026-05-07 17:59:48 +01:00
ec942b7698
fix(linux/build): bind only config.json, not whole /root/.docker (M1.1 iter20)
SysAdmin
2026-05-07 17:52:35 +01:00
ced77e305f
fix(linux/build): valid_volumes takes source paths, not bind specs (M1.1 iter19)
SysAdmin
2026-05-07 17:51:17 +01:00
c205139e86
fix(linux/build): drop duplicate docker.sock mount from runner options (M1.1 iter18)
SysAdmin
2026-05-07 17:49:51 +01:00
f66585e0b1
fix(linux/build): wire config.yaml into act_runner via CONFIG_FILE env
SysAdmin
2026-05-07 17:48:07 +01:00
e7a5fdd629
fix(linux/build): mount /root/.docker into job containers (M1.1 iter17)
SysAdmin
2026-05-07 17:33:35 +01:00
e260fe1c81
ci(linux/build): self-host the builder image build + iter16 reprepro wrap (M1.1)
SysAdmin
2026-05-07 17:30:08 +01:00
4aa59ba633
fix(linux/build): non-interactive mode + visible output + key import (M1.1)
SysAdmin
2026-05-07 14:05:49 +01:00
9c406598e2
fix(linux/build): pin user_name=user, mkdir derivative-binary (M1.1)
SysAdmin
2026-05-07 12:47:47 +01:00
38ac4f8a96
fix(linux/build): systemd-in-container build host (M1.1)
SysAdmin
2026-05-07 12:06:47 +01:00
7058fb775c
fix(linux/build): add systemctl no-op shim for the build container (M1.1)
SysAdmin
2026-05-07 11:45:13 +01:00
8a3cd0ba22
fix(linux/build): allow untagged / uncommitted submodule commits (M1.1)
SysAdmin
2026-05-07 11:35:27 +01:00
2a163bb9e7
fix(linux/build): install sq-git/Sequoia stack for derivative-maker (M1.1)
SysAdmin
2026-05-07 11:31:03 +01:00
433eb18947
fix(linux/build): bump builder base bookworm → trixie (M1.1)
SysAdmin
2026-05-07 11:25:40 +01:00
4a3971cb06
fix(linux/build): correct derivative-maker CLI invocation (M1.1)
SysAdmin
2026-05-07 11:18:38 +01:00
bf55a3f81c
fix(linux/build): mark build-inner.sh executable (M1.1)
SysAdmin
2026-05-07 11:13:02 +01:00
b20e568b19
fix(linux/build): run derivative-maker as unprivileged builder user (M1.1)
SysAdmin
2026-05-07 11:09:42 +01:00
1d0e58739c
fix(linux/build): handle DooD bind-mount in CI (M1.1)
SysAdmin
2026-05-07 11:01:06 +01:00
eae2b98906
fix(linux/build): re-pin BUILDER_IMAGE to amd64 registry digest
SysAdmin
2026-04-26 11:59:52 +01:00
sysadmin
SilverLABS
SysAdmin