[wix-devs] Running WiX on Linux using Mono

[Simon Tatham]

Christopher Painter <chrpai at iswix.com> wrote:
> I'm sorry, maybe I'm just old, but I can't understand the desire of
> wanting to avoid windows when building windows apps.

I must say that your answer involving casually instantiating multiple
containers makes _me_ feel old, because in my head only people a decade
younger than me think that's the kind of thing you can do in passing
without any noticeable cost :-)

> I could easily create a pipeline where resources are pulled from
> GitHub, pulled into a Linux container to compile and then shuttled
> over to a Windows container ( say Windows Server 2016 with a docker
> container containin WiX ) to build the MSI and then sent off to a
> GitHub release resource for publishing.

I suppose that if I were only concerned about _my_ build setup, then
that sort of thing might be viable - assuming also that I could find
some kind of CI provider who had most of the setup already, _and_ who I
trusted, and also presumably I'd have to pay for it (if only because
someone has to pay the Win2016 licence fee somewhere in this story).

But as a free software maintainer, I'm not just interested in my own
build convenience: an unknown number of people _other_ than me also want
to build PuTTY - and my other projects - from the same sources I do.
What I'd really like is to get to a place where I can say 'Here is how
to build the software from source, exactly the same way I do (so you
won't have to start by fixing 100 code incompatibilities with some other
compiler), using just one Linux machine with the following list of stuff
installed: [enumerate 10 Ubuntu packages and a couple of manual
download+unpacks]'. Then all the people downstream of me can do the same
thing, on their own home machine, without being forced to do the same
multi-machine CI setup and cloud hosting and etc that you just
described.

> I'm pretty sure this would mitigate your malware concerns.

I'm not so sure, actually, because my malware concerns don't stop at
'make it very unlikely that malware has infected the build'. I agree
that if that's the sole concern it isn't necessary to go quite this far.
But also, I've been having an ongoing problem with people _accusing_ my
compiled binaries of containing malware, for no reason I can discern; so
to help counter those accusations in future, I'd really like to have as
convincing an account as possible of how I am confident that malware did
not affect my Windows build machine. I think the best possible answer to
that is 'there isn't one'; if there is one and it's a container image
provided by some cloud-hosted CI setup, then perhaps that is more likely
to be virus-free than a stock Windows box in my own home maintained by
me, but it still gives accusers a loophole to say 'Ah, but how do you
know that container image started off clean, eh?'.

But yes, I can quite see that my case for wanting to do what I'm doing
may not be convincing to you, and in particular not convincing enough to
make you willing to accept disruptive patches to WiX to make it easier
for me. All I can say is that it's convincing enough to _me_ to have
made it worth developing my current WiX/Mono shim layer in the first
place, and that going by the bug tracker thread, at least a couple of
other people are interested in doing something along these lines (though
not all for exactly the same reasons as me).

Cheers,
Simon

-- 
import hashlib; print (lambda p,q,g,y,r,s,m: m if (lambda w:(pow(g,int(hashlib.
 sha1(m).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r else "!"
 )(0xb80b5dacabab6145, 0xf70027d345023, 0x7643bc4018957897, 0x11c2e5d9951130c9,
 0xa54d9cbe4e8ab, 0x746c50eaa1910, "Simon Tatham <anakin at pobox.com>")