Good call. Burn explicitly marks the package cache unencrypted to avoid this
problem (Windows Installer won’t install MSIs from encrypted drives, for some
reason). However, I guess it doesn’t surprise me that attribute would follow
with a move of a package.
_______________________________________________________________
FireGiant | Dedicated support for the WiX toolset |
http://www.firegiant.com/
From: Sean Hall [mailto:r.sean.h...@gmail.com]
Sent: Friday, June 27, 2014 7:32 PM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
I was able to reproduce it, so I created a bug:
http://wixtoolset.org/issues/4459/. And then it was a simple fix:
https://github.com/wixtoolset/wix3/pull/93.
On Fri, Jun 27, 2014 at 4:24 PM, Hoover, Jacob
<jacob.hoo...@greenheck.com<mailto:jacob.hoo...@greenheck.com>> wrote:
On your test machine, did you encrypt the source file (MSI) and the source
folder (data) of your bundle's layout before running your tests?
-----Original Message-----
From: Wesley Manning [mailto:wmann...@dynagen.ca<mailto:wmann...@dynagen.ca>]
Sent: Friday, June 27, 2014 10:44 AM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
No they are manually downloading a zip file of the installer to their desktop
and unzipping. I don't the windows installer versions.
-----Original Message-----
From: Hoover, Jacob
[mailto:jacob.hoo...@greenheck.com<mailto:jacob.hoo...@greenheck.com>]
Sent: June-27-14 12:23 PM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
Are they manually doing it or are they using /Layout to do it? If they are
using /Layout, is it the machine that is performing the layout that is creating
encrypted MSI's, or is this on a "secure" PC where they layout from a different
PC and then copy the files manually to the internal PC? Are the Windows
Installer versions identical between the two machines?
-----Original Message-----
From: Wesley Manning [mailto:wmann...@dynagen.ca<mailto:wmann...@dynagen.ca>]
Sent: Friday, June 27, 2014 10:16 AM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
They download the install files from us to their local desktop so the MSIs are
all local. From what I understand on one computer they can install each MSI
manually but if they try through burn they get the error. On another computer
when they place the files they are all encrypted.
It's a bit confusing because I don't have direct access to the customer. I
will move this to wix-users when/if I have more information.
Wes
-----Original Message-----
From: Hoover, Jacob
[mailto:jacob.hoo...@greenheck.com<mailto:jacob.hoo...@greenheck.com>]
Sent: June-27-14 11:29 AM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
Is this happening because the MSI is already on disk locally (encrypted) before
the bundle is ran? Then when it goes to cache the file it's just copying the
file (with encryption) from "
C:\Users\bobbyranker\Documents\1.60.08\ConfigInstaller_v2_0_3_4\data\" to
.unverified and then to the cache?
-----Original Message-----
From: Wesley Manning [mailto:wmann...@dynagen.ca<mailto:wmann...@dynagen.ca>]
Sent: Friday, June 27, 2014 8:39 AM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
Hi,
It's a per machine install. I'll ask our customer if they have an IT dept.
that sets policies and see if they can get any information on what they do with
EFS. I also asked them to browse to the Package Cache folder and see if it's
encrypted.
I know there is a bug in windows were it an MSI will fail to install if it's
encrypted by EPS. It's a permission issue, once MSIexec goes into the server
side it is running as System and the MSI is encrypted with a user key by EFS.
You see in the MSI log below the message " The system cannot open the device or
file specified.".
I have the logs and the main burn log shows my two optional MSI packages being
skipped by failing on the third MSI package which is required.
Snippet of Burn log:
-----Original Message-----
From: Hoover, Jacob
[mailto:jacob.hoo...@greenheck.com<mailto:jacob.hoo...@greenheck.com>]
Sent: June-26-14 10:31 PM
To: WiX toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
Blind fixes are never a good thing. Is this a use case where the admin has
encryption turned on and it's a different user account that is escalating "as
admin" using the encrypted admin credentials? Is this a per user install or a
per machine install that you are seeing the issue? Do you have it logged with
what artifacts you do have from the sample of failed installs?
-----Original Message-----
From: Wesley Manning [mailto:wmann...@dynagen.ca<mailto:wmann...@dynagen.ca>]
Sent: Thursday, June 26, 2014 6:05 PM
To: Windows Installer XML toolset developer mailing list
Subject: Re: [WiX-devs] Windows 7 Professional - Package Cache and Encryption
I just got the below issue again with a different customer (see end of e-mail):
Installer fails because MSI is encrypted. This is the third time now in about
a year. Anybody else seen this? I never seen anybody talk about it on any of
the mailing lists. Pretty weird if I'm the only one seeing it.
I remember reviewing the burn code and saw maybe there was a potential weakness
where encryption is not being removed from the cache folder. It was being
removed from the working folder. Rob asked me for a test case and I did set up
a VM of Win 7 Professional but was never able to reproduce it. I pasted that
conversion below.
I'm going to look into it again but posted here in the hopes someone else ran
into this. Is this something worth changing in the burn code even without a
repro? What are the risks?
Wes
---------------------------------------
Investigation:
From: Rob Mensching [mailto:r...@robmensching.com<mailto:r...@robmensching.com>]
Hmm, that's a good point. It looks like Decrypt is only being done on the
working folder. It's possible we're not preventing the inheritance from the
LocalAppDataFolder!
Do you have a consistent repro of this issue?
On Mon, May 6, 2013 at 1:47 PM, Wesley Manning
<wmann...@dynagen.ca<mailto:wmann...@dynagen.ca>> wrote:
Can anyone tell me where the burn code checks/removes encryption from the
Package Cache? I see that encryption is removed from the working folder by the
method CacheEnsureWorkingFolder via method DecryptFileW but nothing for the
cache folder.
For the "Package Cache" folder the CreateCompletedPath method is used to create
the Package Cache directory and set ACL permissions.
Wes
---------------------------------------
Issue description:
-----Original Message-----
From: Wesley Manning [mailto:wmann...@dynagen.ca<mailto:wmann...@dynagen.ca>]
I had a second customer where our burn installer failed on Windows 7
Professional x64. I had him go into the "Package Cache" folder and encryption
was not set on it and all subfolders but was set on the one remaining msi file.
I had him remove the encryption from the file and rerun the installer and it
then installed successfully. Must be a bug in rollback also because it left
one MSI there (I cache 3 in total). I guess good thing otherwise I wouldn't
have found the cause.
Has there been any problems with Visual Studio install for Windows 7
professional? If I've seen this twice Visual Studio team must have seen this
before. I tried reproducing this on my Windows 7 Ultimate x64 computer by
encrypting the package cache folder and then installing but it installed fine
(as you would expect).
Where is the encryption code located in the burn source code?
Maybe it should be changed to check MSI files before they are run from the
cache and decrypt them. What do you guys think?
Wes
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
WiX-devs mailing list
WiX-devs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-devs
