Skip to content

fix(build): reg.exe-only offline-hive access fixes Dismount-WindowsImage -Save lock (v1.0.30)#21

Merged
bilbospocketses merged 2 commits into
mainfrom
fix/v1.0.30-dismount-reg-exe-lock
May 31, 2026
Merged

fix(build): reg.exe-only offline-hive access fixes Dismount-WindowsImage -Save lock (v1.0.30)#21
bilbospocketses merged 2 commits into
mainfrom
fix/v1.0.30-dismount-reg-exe-lock

Conversation

@bilbospocketses
Copy link
Copy Markdown
Owner

@bilbospocketses bilbospocketses commented May 31, 2026

Summary

Fixes the Dismount-WindowsImage -Save lock that broke Standard ISO creation in v1.0.29 (now retracted), at its real root cause. Validated end-to-end: clean ISO built -> Windows 11 installed -> post-boot cleanup task in place and working.

Root cause

Invoke-RegistryPatternZeroAction read the loaded offline NTUSER hive through the .NET PowerShell registry provider (Test-Path/Get-Item HKLM:\z*). The provider caches an in-process RegistryKey handle that survives reg unload and keeps the hive file (inside the mount) open, so Dismount-WindowsImage -Save fails with "The process cannot access the file because it is being used by another process." Latent since v1.0.3; surfaced intermittently via GC non-determinism. v1.0.29's -Save retry could never clear a handle held by the same long-lived process -- this corrects the prior "transient file-lock" hypothesis.

Fix

  • Offline-hive access is now reg.exe-only -- new Tiny11.Hives helpers Get-Tiny11RegValueNames / Test-Tiny11HiveLoaded / Invoke-Tiny11RegExe; Invoke-RegistryPatternZeroAction rewritten onto reg query; Clear-Tiny11StaleHives no longer probes via Test-Path. Matches upstream tiny11builder + Microsoft's offline-servicing docs. No change to a successful build's output image.
  • v1.0.29's WIM-integrity gate + -Save retry kept as defense-in-depth.
  • local-deps: reg.exe/dism.exe/robocopy.exe in the build process now resolve from %SystemRoot%\System32 by absolute path, not %PATH% (supersedes the 2026-05-30 bare-PATH waiver). DISM *-WindowsImage cmdlets unchanged.

Tests

  • New static drift guard tests/Tiny11.OfflineHive.NoProvider.Drift.Tests.ps1 fails if any HK*:\z provider access reappears in src.
  • reg.exe-only unit coverage for the new helpers + the rewritten pattern-zero (the v1.0.29 synthetic harness never loaded a hive, so it could not catch this class).
  • Pester 521/0 local (non-elevated; +2 admin-gated Synthetic run in CI). Version bumped to 1.0.30.

Context

v1.0.29's GitHub release + Velopack feed assets + signed tag were retracted. v1.0.30 ships the validated fix.

@bilbospocketses
fix(build): reg.exe-only offline-hive access fixes Dismount-WindowsIm…
7861911 
…age -Save lock (v1.0.30)

v1.0.29 broke Standard ISO creation: Dismount-WindowsImage -Save failed with "The
process cannot access the file because it is being used by another process."

Root cause: Invoke-RegistryPatternZeroAction read the loaded offline NTUSER hive via
the .NET PowerShell registry provider (Test-Path/Get-Item HKLM:\z*), which caches an
in-process RegistryKey handle that survives `reg unload` and locks the mount at
dismount-save. Latent since v1.0.3; intermittent via GC non-determinism. v1.0.29's
-Save retry cannot clear a same-process handle.

Fix: offline-hive access is reg.exe-only (Get-Tiny11RegValueNames /
Test-Tiny11HiveLoaded / Invoke-Tiny11RegExe); Invoke-RegistryPatternZeroAction
rewritten; Clear-Tiny11StaleHives no longer probes via Test-Path. Matches upstream
tiny11builder + Microsoft offline-servicing docs. v1.0.29 integrity gate + retry kept
as defense-in-depth.

local-deps: reg.exe/dism.exe/robocopy.exe in the build process now resolve from
%SystemRoot%\System32 by absolute path, not %PATH%.

Adds a static drift guard that fails if HK*:\z provider access reappears in src.
Validated end-to-end: clean ISO built + Windows 11 installed + post-boot task working.
Pester 521/0 (non-elevated; +2 admin-gated Synthetic run in CI).
@bilbospocketses
docs(contributing): fix Invoke-RegCommand module path + record reg.ex…
c9ce118 
…e-only offline-hive convention
@bilbospocketses bilbospocketses merged commit 93fb3df into main May 31, 2026
6 checks passed
@bilbospocketses bilbospocketses deleted the fix/v1.0.30-dismount-reg-exe-lock branch May 31, 2026 05:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bilbospocketses