Building customer based installation packages with install4j - install4j

I am developing an application which has customer specific configuration (2 text and 2 binary files). The use case supposes that customer downloads an installation package (I am going to use install4j) and install it on target platform (Mac or Windows). So all installation packages should be different for different customers.
I am considering 2 possible scenarios for implementation:
Generate new installation package per customer request on server side (cons: I need to have install4j for Linux, which is server platform)
Have a half-generated installation package and inject customer data somehow to the package by customer request (cons: I am not sure this is quite possible at all)
I never used install4j before and don't know how to implement 1 or 2. Their documentation is far from ideal. They doesn't have examples or consider cases like this, so any suggestion is very appreciated.

You cannot modify an installer after it has been built. The main reason is that it would break code signing. So you would need to generate a new installer for each configuration. If you deploy on Mac OS X and Windows, you need install4j Multi-Platform Edition which also works on Linux.
Alternatively, you could ask the user to provide credentials in the installer, then you could download the appropriate files on demand with "Download file" actions.

Related

Prevent user from changing ClickOnce application files after installation

I'm developing a WPF application that I deploy with ClickOnce to a network share on the intranet from which clients can install it.
I need to make sure that the user can't modify any of the application files (especially DLLs and the main executable) on their machine. That is, if any of the application files have changed, the application should refuse to run. I was under the impression that, when using ClickOnce, this was available out of the box and that the application would refuse to start if the file hashes didn't match the manifest.
However, I tried to manually replace the executable or a DLL with a slightly different version after installation and the application still ran fine (executing the modified code).
Does ClickOnce provide what I'm looking for?
How can I enable the functionality?
I'm using a level 2 StartSSL code-signing certificate to sign the application manifest if this matters.
P.S.: just to be sure: I'm talking about the installed application files, not the installation files.
You can sign AND strong name each one of DLLs to prevent tampering but then, doing so has its own pain points when it comes to upgrades and distribution in general. Note that even doing so, doesn't entirely prevent someone from injecting code into your running process. It's a sticky subject.
I recommend going thru this question which already discusses these points in detail. Does code-signing without strong-naming leave your app open to abuse?
I think it will be a fairly manual process.
Doesn't look like the VS2013 deployment tools handle code obfuscation but they do support signing and app permissions. Start with that, then you might have to get the generated manifest as a starting point to build your own with obfuscated assemblies.
MS docs break it into 3 steps: 1. obfuscate, 2. build manifest, 3. manually publish
Here is what MS docs say...
Securing ClickOnce Applications
Deploying Obfuscated Assemblies
You might want to obfuscate your application by using Dotfuscator to prevent others from reverse engineering the code. However, assembly obfuscation is not integrated into the Visual Studio IDE or the ClickOnce deployment process. Therefore, you will have to perform the obfuscation outside of the deployment process, perhaps using a post-build step. After you build the project, you would perform the following steps manually, outside of Visual Studio:
Perform the obfuscation by using Dotfuscator.
Use Mage.exe or MageUI.exe to generate the ClickOnce manifests and sign them. For more information, see Mage.exe (Manifest Generation and Editing Tool) and MageUI.exe (Manifest Generation and Editing Tool, Graphical Client).
Manually publish (copy) the files to your deployment source location (Web server, UNC share, or CD-ROM).

Replacing splash screen and license text after installer generation - Supporting Rebranding

What strategies have your tried when designing installers capable of rebranding? For OEM etc, I may want the customer to be able to replace license text, splash screen images etc but use my stock installer so we know we have the same binaries and installer logic.
I imagine I can achieve this through on of the following:
externalize license text, splash screens etc and ship installer in a zip with an executable and a configuration directory containing these file.
break installer into merged modules and ship as a zip with an executable install and replaceable merge modules (the OEM partner would need to purchase install4j to build their merge modules)
Please let me know if you've found a strategy for customized installers.
While it would be possible in principle to do this with external data files, they cannot be shipped efficiently. Most importantly that strategy would not work for downloading.
Changing the installer later on is not possible due to the signature. If anything in the installer is changed, it would have to be signed again. You cannot hand out your private key of your code signing certificate to your partners, so everybody needs their own code-signing certificate.
So the only possiblity for rebranding is to use the install4j compiler to recompile the installers.
If my installer could run in quiet mode and I my product included a rebranding tool then I could do something like this:
my installer contains the following:
application
application/resourceFiles (including license)
application/util/rebrander.jar
OEM partner creates its own installer which
runs my unmodified installer in quiet / unattended mode
deposits its own rebrandingFiles
runsRebrander to update application/resourceFiles with its content
handles failure cases
This means my installer is unmodified so no issues with signing. Partner's installer is up to them to handle. Not sure how to handle uninstall cleanly since the user could see and uninstall my installer from add-Remove programs.

Distributing Windows Application through internet

We have window application developed in .Net and want perfect deployment technology
which enables easy application installation and upgrading.
The client can be accessed from anywhere in the world where an Internet connection is available.
In future we want the same deployment technology for provide support user's who use Window 7 and
Window 8
Looking at the the initial requirement we have decided to use Click Once technology
but found many issues in the deployment. They are below
You will need to sign a Click Once application with trusted certificate
otherwise it is blocked and instantly removed by Antivirus program.
ClickOnce may not be supported by all browsers , the behavior are different in IE and
other browser
ClickOnce to doesn't install components into the GAC , doesn't installed in the program
files rather it install and maintain user wise in the client machine.
ClickOnce has issue with proxy network and unable to customize the setup screen.
Community has faced many issues with ClickOnce Setup and does not have enough solution or
updates on Click Once technology solution
Do we have perfect deployment solution for window app over internet other than ClickOnce? Which methodology is widely used for window app deployment over internet?
Which deployment technology provide better success rate for easily maintenance and version update for the Window app over internet ?
You could build it as a standard executable and create an installer. A good way to make an installer is InnoSetup. However, the user has to have .Net Framework already installed.
As of Windows Vista, version 2.0 is included, Windows 7 includes 3.5, and Windows 8 includes 4.5. If you change the target .Net Framework of your application you can target these systems. Go to Properties > Target Framework > Choose 2.0, 3.5, or 4.5 (client profile if available).
As for updates, you should implement this in your application on your own or get another third-party updater. I don't know any good ones though.

How to Update the installed Window Application (Creating Patches)

i have requirement. i have created the window application and i have created the setup of that application that has been installed to client machine.
Now the requirement is that if i will do the further modification to the project the client not need to install whole application again instead client only need to install Update of new version. like using Patches or something. How can i do this is there and tool in VS from which we can create the update patches or something.
Please Help..
There are several options, but they depend on which installer you used in the first place.
It is very easy with Inno Setup, as (if the file items are configured correctly) InnoSetup will detect that the application is already installed and only copy modified files, even though you publish the entire setup. This will be automatic.
If you used the built-in Visual Studio setup project, it is also possible, but you must set a different "upgrade id" in the setup properties. I haven't worked much with this, yet.
A third option is using Windows Installer XML (WIX), which is able to generate patch installers, but I haven't worked much with WIX yet.
One last option would be to write something yourself that is able to exchange old files against new files, but you'd have to keep UAC in mind for newer Windows versions.
I have solved the problem...using ClickOne Setup of VS. i publish the win form to a specific URl and each time when application launchs its check the Upgraded version if available it install and run.
http://www.15seconds.com/issue/041229.htm

Can a ClickOnce deployed app be silently mass installed?

I have a smart client app (WinForms/WPF) currently deployed using ClickOnce.
A particular client has expressed the desire to silently deploy the app to it's intranet network users as part of its nightly/weekly client PC update service - presumably via MS Systems Management Server (SMS) and Group Policy or similar (I don't understand the exact mechanisms). As such, they've requested a .MSI installer instead.
So a few questions for confirmation (along with my thoughts on answer - am more than happy to be wrong!):
Can a ClickOnce app be silently installed en-mass by admin???
My thoughts: No, because ClickOnce is a per-user installation this would be difficult unless the user is actually logged in at time of remote installation.
Is there a tool to convert a ClickOnce app/project's settings to a simple MSI installer project (e.g. Visual Studio Deployment Project)???
My thoughts: Not in the box, but would love a tool to repeatedly copy/use settings from the ClickOnce config to the deployment project - e.g. ProductName, Version, File Associations etc. This way we only maintain one set of deployment settings.
Any other alternatives for this scenario to get 'er done quick...?
I don't think you can install a ClickOnce application silently, certainly not with SMS. And I don't know of any tool that does that, but it doesn't mean it doesn't exist. ;-)
The idea of deploying a shortcut is an interesting thought. Have you ever noticed that if you leave a shortcut on the desktop even after the application is uninstalled, if the user clicks on it, it reinstalls the application?