remote installer - using signed/encrypted packages
Hi,
someone might find this useful - it is a automatic, remote installer. It downloads packages from some locations, verifies and install them. If you have comments on how to improve it, make it suck less, please share them. Thanx!
roman
here from readme:
Remote installer components:
----------------------------
installer: installs the two components in their place
checker: run in the background, periodically starts updater as a background process
updater: when started, checks urls as given in the updater.ini file
What it does:
1. updater has a configuration file installer.ini which lives in the same directory
- it holds section "Download locations"
- there up to 50 url links (http, ftp (not tested) and file:///)
- file:/// can be relative or absolute path
- e.g. file:///components.txt.asc
2. updater consults installer.ini
- downloads the "manifest" from the first valid url into a temporary location
- it should be signed with a private key of a TRUSTED_SIGNATORY (see source)
- the downloaded file is verified, if the signature is not recognized, downloader tries next url(s)
- if no valid manifest is downloaded, program aborts
3. the downloaded manifest contains "changesets" in the ini structure
- name of the section is the name of the feature
- eg. [001 - Silent changes]
- it is a good idea to put numbers, sections are sorted alphabetically
- each section should contain: url, md5, args, onfailure keys
- url: where to download the new/changed feature
- md5: checksum of the downloaded file
- args: instructions how to execute the downloaded file, in case of 7z, it is a directory where it will be unpacked
- onfailure: continue|stop|retry
4. updater first sorts sections alphabetically and starts from the first
- if already installed (it will be skipped)
- records of the installed features are kept in a separate ini: updated.ini
- if not installed:
- url is downloaded into temporary location
- downloaded file is checked against the md5 checksum
- if the file has .gpg suffix, it is decrypted
- e.g. "program.exe.gpg" will become "program.exe"
- decryption uses gpg and a private key of the program
- package should be encrypted for ID of the installer
- installer also checks if the file was encrypted by TRUSTED_SIGNATORY
- "args" are expanded (ie. args=%(DOWNLOADED_FILE)s /S becomes "some_path\ns6984.exe /S")
- file is in a temporary location is executed (based on the suffix)
- exe files: run using ExecTimeout
- 7z files: output dir is set to the path in "args" and run Extract
- more actions could be added later
- if everything goes fine, package name is added into the updated.ini
- ID = date (eg. 001 - Silent changes=07.07.2009 22:41:28)
- if anything went wrong:
- package installation is ended
- no records is written in the updated.ini
- based on the onfailure value, installation stops or continuew with a next package
- it is up to you to solve the failure states
How to make a distribution:
---------------------------
1. prepare a manifest:
- e.g. .\tests\components.0.01.txt
2. sign the manifest with gpg
- e.g. .\gpg\gpg.exe --homedir .\gpg_local_side --clearsign .\tests\components.0.01.txt
3. check the updater.ini file
- it must contain valid future URL locations of the manifest
4. check the installer.ini file
- it must have a valid args in the section [Checker]
- this tells installer what to put in the Run section of the registry
- and also how to start checker after the installation
5. compile the scripts, in this order:
a) checker.nsi --> semanchk.exe
b) updater.nsi --> updater.win32.0.01.exe
c) installer.nsi --> installer.win32.0.01.exe
To encrypt a file:
------------------
- you have to encrypt and sign it
- the SIGNATORY must be known to the updater
- see updater.nsi, search for TRUSTED_SIGNATORY
- the file must be addressed to the updater
- you must have the public key of the recipient in the keyring
example:
.\gpg\gpg.exe --homedir .\gpg_local_side -r "John the Recipient" -se .\tests\program.exe