SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f44fa150e2c85bc8e8444bdc31333c787cec8195
SilverMetal/windows/installer
History
sysadmin f44fa150e2 fix(first-boot): run hardening from toolbox, repair branding online re-apply, bake winget into image, Apply UX 
Three regressions surfaced by VM 102 validation, plus the winget reliability fix:

- Hardening never ran. SetupComplete.cmd DEFERS hardening to the toolbox when the
  Welcome app is present ("hardening deferred to SilverOS Welcome"), but ApplyService
  only did apps->bitlocker->done — the call was dropped in the collector slim-down, so
  all 8 modules were staged-but-never-executed. Add IHardeningService/HardeningService
  and run it (with the flavour's module selection) as the last Apply step.

- Branding disappeared. Apply-Branding.ps1 -Mode Online crashed looking for
  C:\branding.manifest.json (param default's $PSScriptRoot came back unrooted under
  -File), so the post-OOBE re-apply never ran and personalization reverted. Resolve the
  manifest/assets robustly in the body, falling back to the script's own directory.

- Apps didn't install. The runtime winget bootstrap failed silently on IoT LTSC
  (exit 1, no diag). Provision App Installer + VCLibs + UI.Xaml into the offline image
  at build time (Add-AppxProvisionedPackage) so winget is present at first boot. The
  runtime bootstrap remains as a non-fatal fallback.

- Apply UX looked hung. Add a continuous progress-bar sheen + spinner + "this can take
  several minutes" hint, and make the percentages monotonic (apps 30->70, bitlocker 75,
  hardening 90, done 100).

Tests: 32 passing (ApplyService now verifies apps->bitlocker->hardening order + that
hardening receives the flavour modules).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 01:34:07 +01:00
..
autounattend
perf(welcome): cut first-boot cold-start + add loading affordance
2026-06-10 09:06:02 +01:00
oem
feat(build): scrub Panther unattend + assert collector baked into boot.wim
2026-06-10 09:28:45 +01:00
.gitignore
ci(windows): implement M2 ISO build + Gitea Windows-runner workflow
2026-06-08 18:11:05 +01:00
build.ps1
fix(first-boot): run hardening from toolbox, repair branding online re-apply, bake winget into image, Apply UX
2026-06-11 01:34:07 +01:00
inputs.manifest.json
ci(windows): pin base-ISO SHA + verify; ISO staged locally on runner
2026-06-08 20:58:07 +01:00
README.md
docs(windows): add ISO-builder design + scaffold the windows/ tree
2026-06-08 15:35:13 +01:00

README.md

windows/installer

The custom packed-ISO build pipeline. See ../iso-builder.md for the design.

File Role
build.ps1 Pipeline orchestrator (7 stages). Run on Windows + Windows ADK.
inputs.manifest.json Pinned inputs — base ISO SHA-256, driver-pack/Stack/tool versions. The Microsoft ISO is an input, never committed.
autounattend/autounattend.xml OOBE automation — local account (no MSA), regional, BitLocker-ready disk layout, hands off to first-boot.
oem/SetupComplete.cmd First-boot entry point — runs the shared ../hardening/ modules, then schedules Verify.

Usage (M2+):

.\build.ps1 -SourceIso 'D:\Win11_IoT_Enterprise_LTSC_x64.iso'

Current status: M0 scaffold — stages 27 throw NotImplemented until M2/M3.

Reference in New Issue View Git Blame Copy Permalink