From 03075cd1f946bb1d2befc6d950d4934e8eb96560 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 20 Feb 2026 13:50:49 +0100
Subject: [PATCH 01/11] test workflow

---
 .../workflows/update-chocolatey-dry-run.yml   | 84 +++++++++++++++++++
 .github/workflows/update-chocolatey.yml       | 73 ++++++++++++++++
 chocolatey/defguard/README.md                 | 27 ++++++
 chocolatey/defguard/defguard.nuspec           | 77 +++++++++++++++++
 chocolatey/defguard/tools/LICENSE.txt         | 11 +++
 .../defguard/tools/chocolateybeforemodify.ps1 |  9 ++
 .../defguard/tools/chocolateyinstall.ps1      | 23 +++++
 .../defguard/tools/chocolateyuninstall.ps1    | 32 +++++++
 8 files changed, 336 insertions(+)
 create mode 100644 .github/workflows/update-chocolatey-dry-run.yml
 create mode 100644 .github/workflows/update-chocolatey.yml
 create mode 100644 chocolatey/defguard/README.md
 create mode 100755 chocolatey/defguard/defguard.nuspec
 create mode 100755 chocolatey/defguard/tools/LICENSE.txt
 create mode 100755 chocolatey/defguard/tools/chocolateybeforemodify.ps1
 create mode 100755 chocolatey/defguard/tools/chocolateyinstall.ps1
 create mode 100755 chocolatey/defguard/tools/chocolateyuninstall.ps1

diff --git a/.github/workflows/update-chocolatey-dry-run.yml b/.github/workflows/update-chocolatey-dry-run.yml
new file mode 100644
index 00000000..94581949
--- /dev/null
+++ b/.github/workflows/update-chocolatey-dry-run.yml
@@ -0,0 +1,84 @@
+name: Chocolatey update dry run
+
+on:
+  push:
+    branches:
+      - chocolatey-update
+
+jobs:
+  chocolatey-dry-run:
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Resolve latest release tag
+        shell: pwsh
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          $tag = gh release list --limit 20 --exclude-drafts --json tagName,isPrerelease --jq '.[] | select(.isPrerelease==false) | .tagName' | Select-Object -First 1
+          if (-not $tag) { throw "No non-prerelease tags found." }
+          "RELEASE_TAG=$tag" | Out-File -FilePath $env:GITHUB_ENV -Append
+          $version = $tag.TrimStart('v').Split('-')[0]
+          "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+      - name: Download MSI asset
+        shell: pwsh
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
+          gh release download "$env:RELEASE_TAG" --pattern $msiName --dir "$pwd"
+
+      - name: Calculate MSI checksum
+        shell: pwsh
+        run: |
+          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
+          $hash = (Get-FileHash -Algorithm SHA256 -Path $msiName).Hash.ToLower()
+          "MSI_SHA256=$hash" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+      - name: Update Chocolatey package files
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: |
+          $msiUrl = "https://github.com/DefGuard/client/releases/download/v$env:VERSION/Defguard_$env:VERSION_x64_en-US.msi"
+          $nuspecPath = "defguard.nuspec"
+          $installPath = "tools\chocolateyinstall.ps1"
+
+          (Get-Content -Raw $nuspecPath) `
+            -replace '<version>[^<]+</version>', "<version>$env:VERSION</version>" `
+            -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$msiUrl</packageSourceUrl>" |
+            Set-Content -NoNewline -Encoding UTF8 $nuspecPath
+
+          (Get-Content -Raw $installPath) `
+            -replace "^\$url\s*=\s*'.*'$", "`$url        = '$msiUrl'" `
+            -replace "checksum\s*=\s*'[^']+'", "checksum      = '$env:MSI_SHA256'" |
+            Set-Content -NoNewline -Encoding UTF8 $installPath
+
+      - name: Debug updated files
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: |
+          Write-Output "=== defguard.nuspec ==="
+          Get-Content defguard.nuspec
+          Write-Output "=== tools\chocolateyinstall.ps1 ==="
+          Get-Content tools\chocolateyinstall.ps1
+
+      - name: Refresh local nupkg
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: |
+          $old = Get-ChildItem -Filter "defguard.*.nupkg" | Where-Object { $_.Name -ne "defguard.$env:VERSION.nupkg" }
+          if ($old) { $old | Remove-Item -Force }
+
+      - name: Pack Chocolatey package
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: choco pack
+
+      - name: Dry run complete
+        shell: pwsh
+        run: Write-Output "Dry run finished successfully. No push executed."
diff --git a/.github/workflows/update-chocolatey.yml b/.github/workflows/update-chocolatey.yml
new file mode 100644
index 00000000..ffd34ede
--- /dev/null
+++ b/.github/workflows/update-chocolatey.yml
@@ -0,0 +1,73 @@
+# name: Update Chocolatey package
+
+# on:
+#   release:
+#     types: [published]
+
+# jobs:
+#   update-chocolatey:
+#     if: github.event.release.prerelease == false
+#     runs-on: windows-latest
+#     steps:
+#       - name: Checkout
+#         uses: actions/checkout@v6
+
+#       - name: Set release version
+#         shell: pwsh
+#         run: |
+#           $version = "${{ github.event.release.tag_name }}".TrimStart('v').Split('-')[0]
+#           "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+#       - name: Download MSI asset
+#         shell: pwsh
+#         env:
+#           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#         run: |
+#           $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
+#           gh release download "${{ github.event.release.tag_name }}" --pattern $msiName --dir "$pwd"
+
+#       - name: Calculate MSI checksum
+#         shell: pwsh
+#         run: |
+#           $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
+#           $hash = (Get-FileHash -Algorithm SHA256 -Path $msiName).Hash.ToLower()
+#           "MSI_SHA256=$hash" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+#       - name: Update Chocolatey package files
+#         shell: pwsh
+#         working-directory: chocolatey/defguard
+#         run: |
+#           $msiUrl = "https://github.com/DefGuard/client/releases/download/v$env:VERSION/Defguard_$env:VERSION_x64_en-US.msi"
+#           $nuspecPath = "defguard.nuspec"
+#           $installPath = "tools\chocolateyinstall.ps1"
+
+#           (Get-Content -Raw $nuspecPath) `
+#             -replace '<version>[^<]+</version>', "<version>$env:VERSION</version>" `
+#             -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$msiUrl</packageSourceUrl>" |
+#             Set-Content -NoNewline -Encoding UTF8 $nuspecPath
+
+#           (Get-Content -Raw $installPath) `
+#             -replace "^\$url\s*=\s*'.*'$", "`$url        = '$msiUrl'" `
+#             -replace "checksum\s*=\s*'[^']+'", "checksum      = '$env:MSI_SHA256'" |
+#             Set-Content -NoNewline -Encoding UTF8 $installPath
+
+#       - name: Refresh local nupkg
+#         shell: pwsh
+#         working-directory: chocolatey/defguard
+#         run: |
+#           $old = Get-ChildItem -Filter "defguard.*.nupkg" | Where-Object { $_.Name -ne "defguard.$env:VERSION.nupkg" }
+#           if ($old) { $old | Remove-Item -Force }
+
+#       - name: Pack Chocolatey package
+#         shell: pwsh
+#         working-directory: chocolatey/defguard
+#         run: choco pack
+
+#       - name: Push Chocolatey package
+#         shell: pwsh
+#         working-directory: chocolatey/defguard
+#         env:
+#           CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
+#         run: |
+#           $nupkg = "defguard.$env:VERSION.nupkg"
+#           choco push $nupkg --source "https://push.chocolatey.org/" -k="$env:CHOCO_API_KEY"
diff --git a/chocolatey/defguard/README.md b/chocolatey/defguard/README.md
new file mode 100644
index 00000000..a09694c4
--- /dev/null
+++ b/chocolatey/defguard/README.md
@@ -0,0 +1,27 @@
+# Defguard Chocolatey package
+
+This directory contains the Chocolatey package source for Defguard.
+The GitHub Actions workflow updates version, MSI URL, and checksum after a release is published.
+
+## Workflow behavior
+
+- Trigger: GitHub release `published` (non-prerelease).
+- Source MSI: Release asset named `Defguard_<version>_x64_en-US.msi`.
+- Updated files:
+  - `defguard.nuspec` (`<version>`, `<packageSourceUrl>`)
+  - `tools/chocolateyinstall.ps1` (`$url`, `checksum`)
+- Package build: `choco pack`.
+- Package push: `choco push` to `https://push.chocolatey.org/`.
+
+## Required secret
+
+- `CHOCO_API_KEY` in GitHub repo secrets.
+
+## Local testing (Windows)
+
+From this directory:
+
+```
+choco pack
+choco install defguard --source .
+```
diff --git a/chocolatey/defguard/defguard.nuspec b/chocolatey/defguard/defguard.nuspec
new file mode 100755
index 00000000..88ff54d1
--- /dev/null
+++ b/chocolatey/defguard/defguard.nuspec
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Read this before creating packages: https://docs.chocolatey.org/en-us/create/create-packages -->
+<!-- It is especially important to read the above link to understand additional requirements when publishing packages to the community feed aka dot org (https://community.chocolatey.org/packages). -->
+
+<!-- Test your packages in a test environment: https://github.com/chocolatey/chocolatey-test-environment -->
+
+<!--
+This is a nuspec. It mostly adheres to https://docs.nuget.org/create/Nuspec-Reference. Chocolatey uses a special version of NuGet.Core that allows us to do more than was initially possible. As such there are certain things to be aware of:
+
+* the package xmlns schema url may cause issues with nuget.exe
+* Any of the following elements can ONLY be used by choco tools - projectSourceUrl, docsUrl, mailingListUrl, bugTrackerUrl, packageSourceUrl, provides, conflicts, replaces
+* nuget.exe can still install packages with those elements but they are ignored. Any authoring tools or commands will error on those elements
+-->
+
+<!-- You can embed software files directly into packages, as long as you are not bound by distribution rights. -->
+<!-- * If you are an organization making private packages, you probably have no issues here -->
+<!-- * If you are releasing to the community feed, you need to consider distribution rights. -->
+<!-- Do not remove this test for UTF-8: if “Ω” doesn’t appear as greek uppercase omega letter enclosed in quotation marks, you should use an editor that supports UTF-8, not this one. -->
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <!-- == PACKAGE SPECIFIC SECTION == -->
+    <!-- This section is about this package, although id and version have ties back to the software -->
+    <!-- id is lowercase and if you want a good separator for words, use '-', not '.'. Dots are only acceptable as suffixes for certain types of packages, e.g. .install, .portable, .extension, .template -->
+    <!-- If the software is cross-platform, attempt to use the same id as the debian/rpm package(s) if possible. -->
+    <id>defguard</id>
+    <!-- version should MATCH as closely as possible with the underlying software -->
+    <!-- Is the version a prerelease of a version? https://docs.nuget.org/create/versioning#creating-prerelease-packages -->
+    <!-- Note that unstable versions like 0.0.1 can be considered a released version, but it's possible that one can release a 0.0.1-beta before you release a 0.0.1 version. If the version number is final, that is considered a released version and not a prerelease. -->
+    <version>1.6.5</version>
+    <packageSourceUrl>https://github.com/DefGuard/client/releases/download/v1.6.5/Defguard_1.6.5_x64_en-US.msi</packageSourceUrl>
+    <!-- owners is a poor name for maintainers of the package. It sticks around by this name for compatibility reasons. It basically means you. -->
+    <!--<owners>Defguard</owners>-->
+    <!-- ============================== -->
+
+    <!-- == SOFTWARE SPECIFIC SECTION == -->
+    <!-- This section is about the software itself -->
+    <title>Defguard</title>
+    <authors>Defguard</authors>
+    <!-- projectUrl is required for the community feed -->
+    <projectUrl>https://defguard.net</projectUrl>
+    <!-- There are a number of CDN Services that can be used for hosting the Icon for a package. More information can be found here: https://docs.chocolatey.org/en-us/create/create-packages#package-icon-guidelines -->
+    <!-- Here is an example using Githack -->
+    <iconUrl>http://rawcdn.githack.com/defguard/client/main/src/shared/images/png/logo_256-256.png</iconUrl>
+    <copyright>2026</copyright>
+    <!-- If there is a license Url available, it is required for the community feed -->
+    <licenseUrl>https://github.com/DefGuard/client/blob/main/LICENSE.md</licenseUrl>
+    <requireLicenseAcceptance>true</requireLicenseAcceptance>
+    <projectSourceUrl>https://github.com/DefGuard/client</projectSourceUrl>
+    <docsUrl>https://docs.defguard.net/</docsUrl>
+    <!--<mailingListUrl></mailingListUrl>-->
+    <bugTrackerUrl>https://github.com/DefGuard/client/issues</bugTrackerUrl>
+    <tags>defguard vpn wireguard sso mfa</tags>
+    <summary>Desktop client for Defguard - Wireguard VPN with MFA</summary>
+    <description>Desktop client provides an easy way to access VPN locations of multiple Defguard instances via user-friendly UI.</description>
+    <releaseNotes>https://github.com/DefGuard/client/releases</releaseNotes>
+    <!-- =============================== -->
+
+    <!-- Specifying dependencies and version ranges? https://docs.nuget.org/create/versioning#specifying-version-ranges-in-.nuspec-files -->
+    <!--<dependencies>
+      <dependency id="" version="__MINIMUM_VERSION__" />
+      <dependency id="" version="[__EXACT_VERSION__]" />
+      <dependency id="" version="[_MIN_VERSION_INCLUSIVE, MAX_VERSION_INCLUSIVE]" />
+      <dependency id="" version="[_MIN_VERSION_INCLUSIVE, MAX_VERSION_EXCLUSIVE)" />
+      <dependency id="" />
+      <dependency id="chocolatey-core.extension" version="1.1.0" />
+    </dependencies>-->
+    <!-- chocolatey-core.extension - https://community.chocolatey.org/packages/chocolatey-core.extension -->
+
+    <!--<provides>NOT YET IMPLEMENTED</provides>-->
+    <!--<conflicts>NOT YET IMPLEMENTED</conflicts>-->
+    <!--<replaces>NOT YET IMPLEMENTED</replaces>-->
+  </metadata>
+  <files>
+    <!-- this section controls what actually gets packaged into the Chocolatey package -->
+    <file src="tools\**" target="tools" />
+  </files>
+</package>
diff --git a/chocolatey/defguard/tools/LICENSE.txt b/chocolatey/defguard/tools/LICENSE.txt
new file mode 100755
index 00000000..444947a5
--- /dev/null
+++ b/chocolatey/defguard/tools/LICENSE.txt
@@ -0,0 +1,11 @@
+
+Note: Include this file if including binaries you have the right to distribute.
+Otherwise delete. this file.
+
+===DELETE ABOVE THIS LINE AND THIS LINE===
+
+From: <insert applicable license url here>
+
+LICENSE
+
+<Insert License Here>
diff --git a/chocolatey/defguard/tools/chocolateybeforemodify.ps1 b/chocolatey/defguard/tools/chocolateybeforemodify.ps1
new file mode 100755
index 00000000..3ff14ff1
--- /dev/null
+++ b/chocolatey/defguard/tools/chocolateybeforemodify.ps1
@@ -0,0 +1,9 @@
+# This runs before upgrade or uninstall.
+# Use this file to do things like stop services prior to upgrade or uninstall.
+# NOTE: It is an anti-pattern to call chocolateyUninstall.ps1 from here. If you
+#  need to uninstall an MSI prior to upgrade, put the functionality in this
+#  file without calling the uninstall script. Make it idempotent in the
+#  uninstall script so that it doesn't fail when it is already uninstalled.
+# NOTE: For upgrades - like the uninstall script, this script always runs from
+#  the currently installed version, not from the new upgraded package version.
+
diff --git a/chocolatey/defguard/tools/chocolateyinstall.ps1 b/chocolatey/defguard/tools/chocolateyinstall.ps1
new file mode 100755
index 00000000..922458bf
--- /dev/null
+++ b/chocolatey/defguard/tools/chocolateyinstall.ps1
@@ -0,0 +1,23 @@
+$ErrorActionPreference = 'Stop'
+$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
+$url        = 'https://github.com/DefGuard/client/releases/download/v1.6.5/Defguard_1.6.5_x64_en-US.msi'
+
+
+$packageArgs = @{
+  packageName   = $env:ChocolateyPackageName
+  unzipLocation = $toolsDir
+  fileType      = 'msi'
+  url           = $url
+
+  softwareName  = 'defguard*'
+
+  checksum      = 'be99afe71ab88e0add4905721471d0d40935c33ae7cdb47084ba53a91d675cc7'
+  checksumType  = 'sha256'
+
+
+  silentArgs    = "/qn /norestart /l*v `"$($env:TEMP)\$($packageName).$($env:chocolateyPackageVersion).MsiInstall.log`""
+  validExitCodes= @(0, 3010, 1641)
+}
+
+Install-ChocolateyPackage @packageArgs
+Write-Warning "IMPORTANT: Reboot or Re-login Required: On initial install the user is added to the defguard group.A reboot or logging out and back in is required for group membership changes to take effect. This is not required on subsequent updates."
\ No newline at end of file
diff --git a/chocolatey/defguard/tools/chocolateyuninstall.ps1 b/chocolatey/defguard/tools/chocolateyuninstall.ps1
new file mode 100755
index 00000000..cc8b69e8
--- /dev/null
+++ b/chocolatey/defguard/tools/chocolateyuninstall.ps1
@@ -0,0 +1,32 @@
+$ErrorActionPreference = 'Stop'
+$packageArgs = @{
+  packageName   = $env:ChocolateyPackageName
+  softwareName  = 'defguard*'
+  fileType      = 'msi'
+  silentArgs    = "/qn /norestart"
+  validExitCodes= @(0, 3010, 1605, 1614, 1641)
+}
+
+[array]$key = Get-UninstallRegistryKey -SoftwareName $packageArgs['softwareName']
+
+if ($key.Count -eq 1) {
+  $key | % {
+    $packageArgs['file'] = "$($_.UninstallString)"
+
+    if ($packageArgs['fileType'] -eq 'MSI') {
+      $packageArgs['silentArgs'] = "$($_.PSChildName) $($packageArgs['silentArgs'])"
+
+      $packageArgs['file'] = ''
+    } else {
+    }
+
+    Uninstall-ChocolateyPackage @packageArgs
+  }
+} elseif ($key.Count -eq 0) {
+  Write-Warning "$packageName has already been uninstalled by other means."
+} elseif ($key.Count -gt 1) {
+  Write-Warning "$($key.Count) matches found!"
+  Write-Warning "To prevent accidental data loss, no programs will be uninstalled."
+  Write-Warning "Please alert package maintainer the following keys were matched:"
+  $key | % {Write-Warning "- $($_.DisplayName)"}
+}

From dbebd36959880ee3e5ada9f623385f8fe93a0342 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 20 Feb 2026 14:06:48 +0100
Subject: [PATCH 02/11] test 2

---
 .github/workflows/update-chocolatey-dry-run.yml | 6 +++---
 .github/workflows/update-chocolatey.yml         | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update-chocolatey-dry-run.yml b/.github/workflows/update-chocolatey-dry-run.yml
index 94581949..57ace8f1 100644
--- a/.github/workflows/update-chocolatey-dry-run.yml
+++ b/.github/workflows/update-chocolatey-dry-run.yml
@@ -2,8 +2,8 @@ name: Chocolatey update dry run
 
 on:
   push:
-    branches:
-      - chocolatey-update
+    tags-ignore:
+      - v*.*.*
 
 jobs:
   chocolatey-dry-run:
@@ -44,7 +44,7 @@ jobs:
         shell: pwsh
         working-directory: chocolatey/defguard
         run: |
-          $msiUrl = "https://github.com/DefGuard/client/releases/download/v$env:VERSION/Defguard_$env:VERSION_x64_en-US.msi"
+          $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
           $nuspecPath = "defguard.nuspec"
           $installPath = "tools\chocolateyinstall.ps1"
 
diff --git a/.github/workflows/update-chocolatey.yml b/.github/workflows/update-chocolatey.yml
index ffd34ede..dde5cacd 100644
--- a/.github/workflows/update-chocolatey.yml
+++ b/.github/workflows/update-chocolatey.yml
@@ -37,7 +37,7 @@
 #         shell: pwsh
 #         working-directory: chocolatey/defguard
 #         run: |
-#           $msiUrl = "https://github.com/DefGuard/client/releases/download/v$env:VERSION/Defguard_$env:VERSION_x64_en-US.msi"
+#           $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
 #           $nuspecPath = "defguard.nuspec"
 #           $installPath = "tools\chocolateyinstall.ps1"
 

From 316cb93351ae85db905fcaea6d91dc42b5ddb289 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 20 Feb 2026 14:09:41 +0100
Subject: [PATCH 03/11] test 3

---
 .../workflows/update-chocolatey-dry-run.yml   | 23 +++++++++++--------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/update-chocolatey-dry-run.yml b/.github/workflows/update-chocolatey-dry-run.yml
index 57ace8f1..61468246 100644
--- a/.github/workflows/update-chocolatey-dry-run.yml
+++ b/.github/workflows/update-chocolatey-dry-run.yml
@@ -2,8 +2,8 @@ name: Chocolatey update dry run
 
 on:
   push:
-    tags-ignore:
-      - v*.*.*
+    branches:
+      - chocolatey-update
 
 jobs:
   chocolatey-dry-run:
@@ -25,36 +25,41 @@ jobs:
           $version = $tag.TrimStart('v').Split('-')[0]
           "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Append
 
+      - name: Set MSI variables
+        shell: pwsh
+        run: |
+          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
+          $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
+          "MSI_NAME=$msiName" | Out-File -FilePath $env:GITHUB_ENV -Append
+          "MSI_URL=$msiUrl" | Out-File -FilePath $env:GITHUB_ENV -Append
+
       - name: Download MSI asset
         shell: pwsh
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
-          gh release download "$env:RELEASE_TAG" --pattern $msiName --dir "$pwd"
+          gh release download "$env:RELEASE_TAG" --pattern $env:MSI_NAME --dir "$pwd"
 
       - name: Calculate MSI checksum
         shell: pwsh
         run: |
-          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
-          $hash = (Get-FileHash -Algorithm SHA256 -Path $msiName).Hash.ToLower()
+          $hash = (Get-FileHash -Algorithm SHA256 -Path $env:MSI_NAME).Hash.ToLower()
           "MSI_SHA256=$hash" | Out-File -FilePath $env:GITHUB_ENV -Append
 
       - name: Update Chocolatey package files
         shell: pwsh
         working-directory: chocolatey/defguard
         run: |
-          $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
           $nuspecPath = "defguard.nuspec"
           $installPath = "tools\chocolateyinstall.ps1"
 
           (Get-Content -Raw $nuspecPath) `
             -replace '<version>[^<]+</version>', "<version>$env:VERSION</version>" `
-            -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$msiUrl</packageSourceUrl>" |
+            -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$env:MSI_URL</packageSourceUrl>" |
             Set-Content -NoNewline -Encoding UTF8 $nuspecPath
 
           (Get-Content -Raw $installPath) `
-            -replace "^\$url\s*=\s*'.*'$", "`$url        = '$msiUrl'" `
+            -replace "^\$url\s*=\s*'.*'$", "`$url        = '$env:MSI_URL'" `
             -replace "checksum\s*=\s*'[^']+'", "checksum      = '$env:MSI_SHA256'" |
             Set-Content -NoNewline -Encoding UTF8 $installPath
 

From 4406c9e00047191de3c450d1e7e30468dcaeca67 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 20 Feb 2026 14:13:49 +0100
Subject: [PATCH 04/11] finishedw workflow

---
 .../workflows/update-chocolatey-dry-run.yml   |  89 ------------
 .github/workflows/update-chocolatey.yml       | 129 +++++++++---------
 2 files changed, 67 insertions(+), 151 deletions(-)
 delete mode 100644 .github/workflows/update-chocolatey-dry-run.yml

diff --git a/.github/workflows/update-chocolatey-dry-run.yml b/.github/workflows/update-chocolatey-dry-run.yml
deleted file mode 100644
index 61468246..00000000
--- a/.github/workflows/update-chocolatey-dry-run.yml
+++ /dev/null
@@ -1,89 +0,0 @@
-name: Chocolatey update dry run
-
-on:
-  push:
-    branches:
-      - chocolatey-update
-
-jobs:
-  chocolatey-dry-run:
-    runs-on: windows-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          submodules: recursive
-
-      - name: Resolve latest release tag
-        shell: pwsh
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          $tag = gh release list --limit 20 --exclude-drafts --json tagName,isPrerelease --jq '.[] | select(.isPrerelease==false) | .tagName' | Select-Object -First 1
-          if (-not $tag) { throw "No non-prerelease tags found." }
-          "RELEASE_TAG=$tag" | Out-File -FilePath $env:GITHUB_ENV -Append
-          $version = $tag.TrimStart('v').Split('-')[0]
-          "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Append
-
-      - name: Set MSI variables
-        shell: pwsh
-        run: |
-          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
-          $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
-          "MSI_NAME=$msiName" | Out-File -FilePath $env:GITHUB_ENV -Append
-          "MSI_URL=$msiUrl" | Out-File -FilePath $env:GITHUB_ENV -Append
-
-      - name: Download MSI asset
-        shell: pwsh
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh release download "$env:RELEASE_TAG" --pattern $env:MSI_NAME --dir "$pwd"
-
-      - name: Calculate MSI checksum
-        shell: pwsh
-        run: |
-          $hash = (Get-FileHash -Algorithm SHA256 -Path $env:MSI_NAME).Hash.ToLower()
-          "MSI_SHA256=$hash" | Out-File -FilePath $env:GITHUB_ENV -Append
-
-      - name: Update Chocolatey package files
-        shell: pwsh
-        working-directory: chocolatey/defguard
-        run: |
-          $nuspecPath = "defguard.nuspec"
-          $installPath = "tools\chocolateyinstall.ps1"
-
-          (Get-Content -Raw $nuspecPath) `
-            -replace '<version>[^<]+</version>', "<version>$env:VERSION</version>" `
-            -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$env:MSI_URL</packageSourceUrl>" |
-            Set-Content -NoNewline -Encoding UTF8 $nuspecPath
-
-          (Get-Content -Raw $installPath) `
-            -replace "^\$url\s*=\s*'.*'$", "`$url        = '$env:MSI_URL'" `
-            -replace "checksum\s*=\s*'[^']+'", "checksum      = '$env:MSI_SHA256'" |
-            Set-Content -NoNewline -Encoding UTF8 $installPath
-
-      - name: Debug updated files
-        shell: pwsh
-        working-directory: chocolatey/defguard
-        run: |
-          Write-Output "=== defguard.nuspec ==="
-          Get-Content defguard.nuspec
-          Write-Output "=== tools\chocolateyinstall.ps1 ==="
-          Get-Content tools\chocolateyinstall.ps1
-
-      - name: Refresh local nupkg
-        shell: pwsh
-        working-directory: chocolatey/defguard
-        run: |
-          $old = Get-ChildItem -Filter "defguard.*.nupkg" | Where-Object { $_.Name -ne "defguard.$env:VERSION.nupkg" }
-          if ($old) { $old | Remove-Item -Force }
-
-      - name: Pack Chocolatey package
-        shell: pwsh
-        working-directory: chocolatey/defguard
-        run: choco pack
-
-      - name: Dry run complete
-        shell: pwsh
-        run: Write-Output "Dry run finished successfully. No push executed."
diff --git a/.github/workflows/update-chocolatey.yml b/.github/workflows/update-chocolatey.yml
index dde5cacd..e6d26d27 100644
--- a/.github/workflows/update-chocolatey.yml
+++ b/.github/workflows/update-chocolatey.yml
@@ -1,73 +1,78 @@
-# name: Update Chocolatey package
+name: Update Chocolatey package
 
-# on:
-#   release:
-#     types: [published]
+on:
+  release:
+    types: [published]
 
-# jobs:
-#   update-chocolatey:
-#     if: github.event.release.prerelease == false
-#     runs-on: windows-latest
-#     steps:
-#       - name: Checkout
-#         uses: actions/checkout@v6
+jobs:
+  update-chocolatey:
+    if: github.event.release.prerelease == false
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
 
-#       - name: Set release version
-#         shell: pwsh
-#         run: |
-#           $version = "${{ github.event.release.tag_name }}".TrimStart('v').Split('-')[0]
-#           "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Append
+      - name: Set release version
+        shell: pwsh
+        run: |
+          $version = "${{ github.event.release.tag_name }}".TrimStart('v').Split('-')[0]
+          "VERSION=$version" | Out-File -FilePath $env:GITHUB_ENV -Append
 
-#       - name: Download MSI asset
-#         shell: pwsh
-#         env:
-#           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-#         run: |
-#           $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
-#           gh release download "${{ github.event.release.tag_name }}" --pattern $msiName --dir "$pwd"
+      - name: Set MSI variables
+        shell: pwsh
+        run: |
+          $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
+          $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
+          "MSI_NAME=$msiName" | Out-File -FilePath $env:GITHUB_ENV -Append
+          "MSI_URL=$msiUrl" | Out-File -FilePath $env:GITHUB_ENV -Append
 
-#       - name: Calculate MSI checksum
-#         shell: pwsh
-#         run: |
-#           $msiName = "Defguard_${env:VERSION}_x64_en-US.msi"
-#           $hash = (Get-FileHash -Algorithm SHA256 -Path $msiName).Hash.ToLower()
-#           "MSI_SHA256=$hash" | Out-File -FilePath $env:GITHUB_ENV -Append
+      - name: Download MSI asset
+        shell: pwsh
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release download "${{ github.event.release.tag_name }}" --pattern $env:MSI_NAME --dir "$pwd"
 
-#       - name: Update Chocolatey package files
-#         shell: pwsh
-#         working-directory: chocolatey/defguard
-#         run: |
-#           $msiUrl = "https://github.com/DefGuard/client/releases/download/v${env:VERSION}/Defguard_${env:VERSION}_x64_en-US.msi"
-#           $nuspecPath = "defguard.nuspec"
-#           $installPath = "tools\chocolateyinstall.ps1"
+      - name: Calculate MSI checksum
+        shell: pwsh
+        run: |
+          $hash = (Get-FileHash -Algorithm SHA256 -Path $env:MSI_NAME).Hash.ToLower()
+          "MSI_SHA256=$hash" | Out-File -FilePath $env:GITHUB_ENV -Append
 
-#           (Get-Content -Raw $nuspecPath) `
-#             -replace '<version>[^<]+</version>', "<version>$env:VERSION</version>" `
-#             -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$msiUrl</packageSourceUrl>" |
-#             Set-Content -NoNewline -Encoding UTF8 $nuspecPath
+      - name: Update Chocolatey package files
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: |
+          $nuspecPath = "defguard.nuspec"
+          $installPath = "tools\chocolateyinstall.ps1"
 
-#           (Get-Content -Raw $installPath) `
-#             -replace "^\$url\s*=\s*'.*'$", "`$url        = '$msiUrl'" `
-#             -replace "checksum\s*=\s*'[^']+'", "checksum      = '$env:MSI_SHA256'" |
-#             Set-Content -NoNewline -Encoding UTF8 $installPath
+          (Get-Content -Raw $nuspecPath) `
+            -replace '<version>[^<]+</version>', "<version>$env:VERSION</version>" `
+            -replace '<packageSourceUrl>[^<]+</packageSourceUrl>', "<packageSourceUrl>$env:MSI_URL</packageSourceUrl>" |
+            Set-Content -NoNewline -Encoding UTF8 $nuspecPath
 
-#       - name: Refresh local nupkg
-#         shell: pwsh
-#         working-directory: chocolatey/defguard
-#         run: |
-#           $old = Get-ChildItem -Filter "defguard.*.nupkg" | Where-Object { $_.Name -ne "defguard.$env:VERSION.nupkg" }
-#           if ($old) { $old | Remove-Item -Force }
+          (Get-Content -Raw $installPath) `
+            -replace "^\$url\s*=\s*'.*'$", "`$url        = '$env:MSI_URL'" `
+            -replace "checksum\s*=\s*'[^']+'", "checksum      = '$env:MSI_SHA256'" |
+            Set-Content -NoNewline -Encoding UTF8 $installPath
 
-#       - name: Pack Chocolatey package
-#         shell: pwsh
-#         working-directory: chocolatey/defguard
-#         run: choco pack
+      - name: Refresh local nupkg
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: |
+          $old = Get-ChildItem -Filter "defguard.*.nupkg" | Where-Object { $_.Name -ne "defguard.$env:VERSION.nupkg" }
+          if ($old) { $old | Remove-Item -Force }
 
-#       - name: Push Chocolatey package
-#         shell: pwsh
-#         working-directory: chocolatey/defguard
-#         env:
-#           CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
-#         run: |
-#           $nupkg = "defguard.$env:VERSION.nupkg"
-#           choco push $nupkg --source "https://push.chocolatey.org/" -k="$env:CHOCO_API_KEY"
+      - name: Pack Chocolatey package
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        run: choco pack
+
+      - name: Push Chocolatey package
+        shell: pwsh
+        working-directory: chocolatey/defguard
+        env:
+          CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
+        run: |
+          $nupkg = "defguard.$env:VERSION.nupkg"
+          choco push $nupkg --source "https://push.chocolatey.org/" -k="$env:CHOCO_API_KEY"

From 72fc5f53bab9690021e8ff9a4a072968f3434f18 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Mon, 23 Feb 2026 09:35:48 +0100
Subject: [PATCH 05/11] change copyright

---
 chocolatey/defguard/defguard.nuspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chocolatey/defguard/defguard.nuspec b/chocolatey/defguard/defguard.nuspec
index 88ff54d1..d68bb37a 100755
--- a/chocolatey/defguard/defguard.nuspec
+++ b/chocolatey/defguard/defguard.nuspec
@@ -41,7 +41,7 @@ This is a nuspec. It mostly adheres to https://docs.nuget.org/create/Nuspec-Refe
     <!-- There are a number of CDN Services that can be used for hosting the Icon for a package. More information can be found here: https://docs.chocolatey.org/en-us/create/create-packages#package-icon-guidelines -->
     <!-- Here is an example using Githack -->
     <iconUrl>http://rawcdn.githack.com/defguard/client/main/src/shared/images/png/logo_256-256.png</iconUrl>
-    <copyright>2026</copyright>
+    <copyright>Copyright 2026 Defguard Sp. z o.o.</copyright>
     <!-- If there is a license Url available, it is required for the community feed -->
     <licenseUrl>https://github.com/DefGuard/client/blob/main/LICENSE.md</licenseUrl>
     <requireLicenseAcceptance>true</requireLicenseAcceptance>

From dc89f3537c23c9810b6109cb6cc52c2284caa3bb Mon Sep 17 00:00:00 2001
From: Kuba <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Apr 2026 14:39:14 +0200
Subject: [PATCH 06/11] remove file, update nuspec

---
 chocolatey/defguard/defguard.nuspec           | 55 +------------------
 .../defguard/tools/chocolateybeforemodify.ps1 |  9 ---
 2 files changed, 1 insertion(+), 63 deletions(-)
 delete mode 100755 chocolatey/defguard/tools/chocolateybeforemodify.ps1

diff --git a/chocolatey/defguard/defguard.nuspec b/chocolatey/defguard/defguard.nuspec
index d68bb37a..dcf4cba7 100755
--- a/chocolatey/defguard/defguard.nuspec
+++ b/chocolatey/defguard/defguard.nuspec
@@ -1,77 +1,24 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- Read this before creating packages: https://docs.chocolatey.org/en-us/create/create-packages -->
-<!-- It is especially important to read the above link to understand additional requirements when publishing packages to the community feed aka dot org (https://community.chocolatey.org/packages). -->
-
-<!-- Test your packages in a test environment: https://github.com/chocolatey/chocolatey-test-environment -->
-
-<!--
-This is a nuspec. It mostly adheres to https://docs.nuget.org/create/Nuspec-Reference. Chocolatey uses a special version of NuGet.Core that allows us to do more than was initially possible. As such there are certain things to be aware of:
-
-* the package xmlns schema url may cause issues with nuget.exe
-* Any of the following elements can ONLY be used by choco tools - projectSourceUrl, docsUrl, mailingListUrl, bugTrackerUrl, packageSourceUrl, provides, conflicts, replaces
-* nuget.exe can still install packages with those elements but they are ignored. Any authoring tools or commands will error on those elements
--->
-
-<!-- You can embed software files directly into packages, as long as you are not bound by distribution rights. -->
-<!-- * If you are an organization making private packages, you probably have no issues here -->
-<!-- * If you are releasing to the community feed, you need to consider distribution rights. -->
-<!-- Do not remove this test for UTF-8: if “Ω” doesn’t appear as greek uppercase omega letter enclosed in quotation marks, you should use an editor that supports UTF-8, not this one. -->
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
-    <!-- == PACKAGE SPECIFIC SECTION == -->
-    <!-- This section is about this package, although id and version have ties back to the software -->
-    <!-- id is lowercase and if you want a good separator for words, use '-', not '.'. Dots are only acceptable as suffixes for certain types of packages, e.g. .install, .portable, .extension, .template -->
-    <!-- If the software is cross-platform, attempt to use the same id as the debian/rpm package(s) if possible. -->
     <id>defguard</id>
-    <!-- version should MATCH as closely as possible with the underlying software -->
-    <!-- Is the version a prerelease of a version? https://docs.nuget.org/create/versioning#creating-prerelease-packages -->
-    <!-- Note that unstable versions like 0.0.1 can be considered a released version, but it's possible that one can release a 0.0.1-beta before you release a 0.0.1 version. If the version number is final, that is considered a released version and not a prerelease. -->
     <version>1.6.5</version>
-    <packageSourceUrl>https://github.com/DefGuard/client/releases/download/v1.6.5/Defguard_1.6.5_x64_en-US.msi</packageSourceUrl>
-    <!-- owners is a poor name for maintainers of the package. It sticks around by this name for compatibility reasons. It basically means you. -->
-    <!--<owners>Defguard</owners>-->
-    <!-- ============================== -->
-
-    <!-- == SOFTWARE SPECIFIC SECTION == -->
-    <!-- This section is about the software itself -->
     <title>Defguard</title>
     <authors>Defguard</authors>
-    <!-- projectUrl is required for the community feed -->
     <projectUrl>https://defguard.net</projectUrl>
-    <!-- There are a number of CDN Services that can be used for hosting the Icon for a package. More information can be found here: https://docs.chocolatey.org/en-us/create/create-packages#package-icon-guidelines -->
-    <!-- Here is an example using Githack -->
     <iconUrl>http://rawcdn.githack.com/defguard/client/main/src/shared/images/png/logo_256-256.png</iconUrl>
-    <copyright>Copyright 2026 Defguard Sp. z o.o.</copyright>
-    <!-- If there is a license Url available, it is required for the community feed -->
+    <copyright>Copyright 2026 Defguard Sp. z o.o.</copyright>>
     <licenseUrl>https://github.com/DefGuard/client/blob/main/LICENSE.md</licenseUrl>
     <requireLicenseAcceptance>true</requireLicenseAcceptance>
     <projectSourceUrl>https://github.com/DefGuard/client</projectSourceUrl>
     <docsUrl>https://docs.defguard.net/</docsUrl>
-    <!--<mailingListUrl></mailingListUrl>-->
     <bugTrackerUrl>https://github.com/DefGuard/client/issues</bugTrackerUrl>
     <tags>defguard vpn wireguard sso mfa</tags>
     <summary>Desktop client for Defguard - Wireguard VPN with MFA</summary>
     <description>Desktop client provides an easy way to access VPN locations of multiple Defguard instances via user-friendly UI.</description>
     <releaseNotes>https://github.com/DefGuard/client/releases</releaseNotes>
-    <!-- =============================== -->
-
-    <!-- Specifying dependencies and version ranges? https://docs.nuget.org/create/versioning#specifying-version-ranges-in-.nuspec-files -->
-    <!--<dependencies>
-      <dependency id="" version="__MINIMUM_VERSION__" />
-      <dependency id="" version="[__EXACT_VERSION__]" />
-      <dependency id="" version="[_MIN_VERSION_INCLUSIVE, MAX_VERSION_INCLUSIVE]" />
-      <dependency id="" version="[_MIN_VERSION_INCLUSIVE, MAX_VERSION_EXCLUSIVE)" />
-      <dependency id="" />
-      <dependency id="chocolatey-core.extension" version="1.1.0" />
-    </dependencies>-->
-    <!-- chocolatey-core.extension - https://community.chocolatey.org/packages/chocolatey-core.extension -->
-
-    <!--<provides>NOT YET IMPLEMENTED</provides>-->
-    <!--<conflicts>NOT YET IMPLEMENTED</conflicts>-->
-    <!--<replaces>NOT YET IMPLEMENTED</replaces>-->
   </metadata>
   <files>
-    <!-- this section controls what actually gets packaged into the Chocolatey package -->
     <file src="tools\**" target="tools" />
   </files>
 </package>
diff --git a/chocolatey/defguard/tools/chocolateybeforemodify.ps1 b/chocolatey/defguard/tools/chocolateybeforemodify.ps1
deleted file mode 100755
index 3ff14ff1..00000000
--- a/chocolatey/defguard/tools/chocolateybeforemodify.ps1
+++ /dev/null
@@ -1,9 +0,0 @@
-# This runs before upgrade or uninstall.
-# Use this file to do things like stop services prior to upgrade or uninstall.
-# NOTE: It is an anti-pattern to call chocolateyUninstall.ps1 from here. If you
-#  need to uninstall an MSI prior to upgrade, put the functionality in this
-#  file without calling the uninstall script. Make it idempotent in the
-#  uninstall script so that it doesn't fail when it is already uninstalled.
-# NOTE: For upgrades - like the uninstall script, this script always runs from
-#  the currently installed version, not from the new upgraded package version.
-

From f2c0ddf48651fffb6e3a8c1b14ed5aa748a5c57a Mon Sep 17 00:00:00 2001
From: Kuba <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Apr 2026 14:41:19 +0200
Subject: [PATCH 07/11] remove >

---
 chocolatey/defguard/defguard.nuspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chocolatey/defguard/defguard.nuspec b/chocolatey/defguard/defguard.nuspec
index dcf4cba7..a3cf7fdb 100755
--- a/chocolatey/defguard/defguard.nuspec
+++ b/chocolatey/defguard/defguard.nuspec
@@ -7,7 +7,7 @@
     <authors>Defguard</authors>
     <projectUrl>https://defguard.net</projectUrl>
     <iconUrl>http://rawcdn.githack.com/defguard/client/main/src/shared/images/png/logo_256-256.png</iconUrl>
-    <copyright>Copyright 2026 Defguard Sp. z o.o.</copyright>>
+    <copyright>Copyright 2026 Defguard Sp. z o.o.</copyright>
     <licenseUrl>https://github.com/DefGuard/client/blob/main/LICENSE.md</licenseUrl>
     <requireLicenseAcceptance>true</requireLicenseAcceptance>
     <projectSourceUrl>https://github.com/DefGuard/client</projectSourceUrl>

From 54dd9aea4eb5528bb68da26311b0d96dd77952a1 Mon Sep 17 00:00:00 2001
From: Kuba <78603704+jakub-tldr@users.noreply.github.com>
Date: Mon, 18 May 2026 15:37:58 +0200
Subject: [PATCH 08/11] remove license.txt

---
 chocolatey/defguard/tools/LICENSE.txt | 11 -----------
 1 file changed, 11 deletions(-)
 delete mode 100755 chocolatey/defguard/tools/LICENSE.txt

diff --git a/chocolatey/defguard/tools/LICENSE.txt b/chocolatey/defguard/tools/LICENSE.txt
deleted file mode 100755
index 444947a5..00000000
--- a/chocolatey/defguard/tools/LICENSE.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-
-Note: Include this file if including binaries you have the right to distribute.
-Otherwise delete. this file.
-
-===DELETE ABOVE THIS LINE AND THIS LINE===
-
-From: <insert applicable license url here>
-
-LICENSE
-
-<Insert License Here>

From 4ed42af996f919b8178d86d092e7f862a42fbf18 Mon Sep 17 00:00:00 2001
From: Kuba <78603704+jakub-tldr@users.noreply.github.com>
Date: Mon, 18 May 2026 15:41:58 +0200
Subject: [PATCH 09/11] bump to 1.6.8

---
 chocolatey/defguard/defguard.nuspec             | 2 +-
 chocolatey/defguard/tools/chocolateyinstall.ps1 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/chocolatey/defguard/defguard.nuspec b/chocolatey/defguard/defguard.nuspec
index a3cf7fdb..87d98666 100755
--- a/chocolatey/defguard/defguard.nuspec
+++ b/chocolatey/defguard/defguard.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>defguard</id>
-    <version>1.6.5</version>
+    <version>1.6.8</version>
     <title>Defguard</title>
     <authors>Defguard</authors>
     <projectUrl>https://defguard.net</projectUrl>
diff --git a/chocolatey/defguard/tools/chocolateyinstall.ps1 b/chocolatey/defguard/tools/chocolateyinstall.ps1
index 922458bf..2b39e41d 100755
--- a/chocolatey/defguard/tools/chocolateyinstall.ps1
+++ b/chocolatey/defguard/tools/chocolateyinstall.ps1
@@ -1,6 +1,6 @@
 $ErrorActionPreference = 'Stop'
 $toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
-$url        = 'https://github.com/DefGuard/client/releases/download/v1.6.5/Defguard_1.6.5_x64_en-US.msi'
+$url        = 'https://github.com/DefGuard/client/releases/download/v1.6.8/Defguard_1.6.8_x64_en-US.msi'
 
 
 $packageArgs = @{
@@ -20,4 +20,4 @@ $packageArgs = @{
 }
 
 Install-ChocolateyPackage @packageArgs
-Write-Warning "IMPORTANT: Reboot or Re-login Required: On initial install the user is added to the defguard group.A reboot or logging out and back in is required for group membership changes to take effect. This is not required on subsequent updates."
\ No newline at end of file
+Write-Warning "IMPORTANT: Reboot or Re-login Required: On initial install the user is added to the defguard group.A reboot or logging out and back in is required for group membership changes to take effect. This is not required on subsequent updates."

From c6bdeddf5ec71467e320b158f70cc2bed71be021 Mon Sep 17 00:00:00 2001
From: Kuba <78603704+jakub-tldr@users.noreply.github.com>
Date: Mon, 18 May 2026 16:14:53 +0200
Subject: [PATCH 10/11] update ignore

---
 .trivyignore.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index 67f4f502..68b81068 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -1,4 +1,4 @@
 vulnerabilities:
   - id: GHSA-wrw7-89jp-8q8g
-    expired_at: 2026-05-16
+    expired_at: 2026-08-18
     statement: 'glib is a transitive dependency of Tauri which we cannot update ourselves. Waiting for tauri to finish migration to gtk4-rs: https://github.com/tauri-apps/tauri/issues/12563'

From 1c251cca2888a2db0da67a6b585ce0bcaa9b6a0f Mon Sep 17 00:00:00 2001
From: Kuba <78603704+jakub-tldr@users.noreply.github.com>
Date: Mon, 18 May 2026 18:47:26 +0200
Subject: [PATCH 11/11] update checksum

---
 chocolatey/defguard/tools/chocolateyinstall.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chocolatey/defguard/tools/chocolateyinstall.ps1 b/chocolatey/defguard/tools/chocolateyinstall.ps1
index 2b39e41d..54b77a52 100755
--- a/chocolatey/defguard/tools/chocolateyinstall.ps1
+++ b/chocolatey/defguard/tools/chocolateyinstall.ps1
@@ -11,7 +11,7 @@ $packageArgs = @{
 
   softwareName  = 'defguard*'
 
-  checksum      = 'be99afe71ab88e0add4905721471d0d40935c33ae7cdb47084ba53a91d675cc7'
+  checksum      = 'f7291e9d74cc270445bc1adc2624c2b74289f2276221f1c355f96d1db021871b'
   checksumType  = 'sha256'