[wix-devs] 4822 - Delay ARP registration in Bundles until a non-permanent package is installed
Bob Arnson
bob at firegiant.com
Sun Jun 28 14:59:58 PDT 2020
Could the bundle not trigger an uncache? If not, it's a nonstarter: Leaving cache behind is how "registry cleaners" start to legitimately target Burn and make everyone's life miserable.
-----Original Message-----
From: wix-devs <wix-devs-bounces at lists.wixtoolset.org> On Behalf Of Sean Hall via wix-devs
Sent: Sunday, 28 June, 2020 17:33
To: WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
Cc: Sean Hall <r.sean.hall at gmail.com>
Subject: Re: [wix-devs] 4822 - Delay ARP registration in Bundles until a non-permanent package is installed
No, it doesn't need to be registered in ARP for anything but allowing the user to remove the bundle from the cache. The bundle can be run from the RunOnce key after the reboot without having an ARP entry. But it does need to stay in the cache. For security, the RunOnce key must point to the cached bundle. There's no way to do automatic uncache in this scenario.
On Mon, Jun 29, 2020 at 6:39 AM Bob Arnson <bob at firegiant.com> wrote:
> It needs to register and be cached to restart on reboot, right? If all
> packages are permanent and not cached, then automatic
> unregiration/uncache seems reasonable.
>
> -----Original Message-----
> From: wix-devs <wix-devs-bounces at lists.wixtoolset.org> On Behalf Of
> Sean Hall via wix-devs
> Sent: Sunday, 28 June, 2020 07:17
> To: WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
> Cc: Sean Hall <r.sean.hall at gmail.com>
> Subject: [wix-devs] 4822 - Delay ARP registration in Bundles until a
> non-permanent package is installed
>
> I'm interested in implementing
> https://github.com/wixtoolset/issues/issues/4822. This is the hard
> scenario that needs to be solved:
>
> 1. User starts the per-machine bundle on a clean machine.
> 2. The bundle has an MBA and needs to install the .NET Framework.
> 3. The bundle caches itself into the package cache.
> 4. The bundle registers in ARP.
> 5. The bundle creates a RunOnce key.
> 6. The bundle installs the permanent .NET package, which requires a reboot.
> 7. The bundle updates the RunOnce key to resume after the reboot.
> 8. The user allows the prereq BA to reboot the machine.
> 9. RunOnce starts the bundle elevated.
>
> Because RunOnce always starts the target program elevated, we need to
> cache the bundle into the package cache (or other protected area) to
> be secure.
> In order to allow the user to clean up their machine, we are
> registering in ARP to give them a way to clean the cache.
>
> If we want to implement this feature, I think we're going to have to
> allow the possibility of the bundle being cached without an ARP entry.
> Either Burn removes the ARP registration somewhere between 6 and 8, or
> it never registers in the first place (because all planned packages are permanent).
> Is this acceptable or is this feature not possible?
> ____________________________________________________________________
> WiX Toolset Developer Mailing List provided by FireGiant
> http://www.firegiant.com/
>
____________________________________________________________________
WiX Toolset Developer Mailing List provided by FireGiant http://www.firegiant.com/
More information about the wix-devs
mailing list