PDA

View Full Version : verifying file integrity?



planders
11-24-2003, 06:30 PM
Hello everyone.

We are using IS 7.x for our product's installer. Overall it works fine.

However, there's been a couple of instances where some kind of networking problem corrupted an installer. The file corruption obviously is not Installshields' fault, but the installer does not seem to be able to detect this situation as I think it should.

The strange thing is that this corrupted version gave no errors whatsoever during install, but problems started showing up when you tried to run the program.

At that point I checked the md5sum signatures of the source setup.exe and my copy and discovered that they were different, hence some kind of corruption in transmission. (We later isolated the cause of the network problem.)

My question is, why can't the installer detect when it's corrupted? There are a number of file formats out there with built-in integrity checking.

We are generating our own MD5 signatures for our installers, but none of the end-users will ever bother to check that since it's not integrated.

Am I just thick, and this feature already exists somewhere? I haven't been able to find it.

Surely someone out there has requested this before, but my searches on the support.installshield.com site have turned up nothing.

thanks!
planders

_doog_
11-26-2003, 08:44 AM
you could digitally sign your setup.

installer will check the signature during setup and detect any tampering of your setup package

with a little bit of work, it is possible to not only sign the cab files, but also the installer package and check the signature from the setup.exe, making it possible to detect any corruption.

planders
12-03-2003, 05:36 PM
Thanks for the reply. We will look into using the Digital Signatures feature. It does look like it's going to cost a minimum of about $200/year to get the certificate.

Does anyone recommend a particular certification authority? (Or more to the point, does anyone recommend NOT going with a particular CA?)

Also, can you use the "Microsoft Authenticode" type certificates with Installshield, or do you need another particular kind of certificate?

_doog_
12-04-2003, 05:58 AM
the authenticode certificate will do it.