#At file:///C:/Users/Reggie/work/wex/installer-updated/ based on revid:reggie.burnett@stripped
263 Reggie Burnett 2011-01-24
the updater tool now reads the manifest to do it's work. It also now checks the downloaded file's hash against the manifest
modified:
Setup_Net/products.xml
WexInstaller/Program.cs
WexInstallerUpdater/MainForm.cs
WexInstallerUpdater/WexInstallerUpdater.csproj
=== modified file 'Setup_Net/products.xml'
=== modified file 'Setup_Net/products.xml'
--- a/Setup_Net/products.xml 2011-01-24 15:28:26 +0000
+++ b/Setup_Net/products.xml 2011-01-24 20:56:55 +0000
@@ -1,6 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<ProductManifest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" format="1">
+ <UpdateURL>file://C:\Users\Reggie\work\wex\installer-updated\Setup_Net\Output\mysql-universal-installer-1.0.5.exe</UpdateURL>
+ <UpdateVersion>1.0.7</UpdateVersion>
+ <UpdateHash>CB69C60143875DA4A6CDCA6E6C9FDC60BFC9853C</UpdateHash>
<ProductCatalogs>
+ <ProductCatalogs>
<ProductCatalog id="mysql-5.5-gpl" name="MySQL 5.5" description="MySQL 5.5 Community Edition" commercial="false">
<SetupTypes>
<SetupType flag="1" name="Developer Default" description="Installs all products needed for MySQL development, including" />
=== modified file 'WexInstaller/Program.cs'
--- a/WexInstaller/Program.cs 2011-01-24 17:24:16 +0000
+++ b/WexInstaller/Program.cs 2011-01-24 20:56:55 +0000
@@ -57,7 +57,6 @@
}
ProcessStartInfo psi = new ProcessStartInfo();
psi.FileName = updateTool;
- psi.Arguments = ProductManager.Manifest.UpdateUrl;
Process.Start(psi);
return true;
}
=== modified file 'WexInstallerUpdater/MainForm.cs'
--- a/WexInstallerUpdater/MainForm.cs 2011-01-24 18:24:06 +0000
+++ b/WexInstallerUpdater/MainForm.cs 2011-01-24 20:56:55 +0000
@@ -10,6 +10,9 @@
using System.IO;
using System.Diagnostics;
using System.Threading;
+using System.Xml.Serialization;
+using WexInstaller.Core;
+using System.Security.Cryptography;
namespace WexInstallerUpdater
{
@@ -19,26 +22,59 @@
private WebClient client;
private int counter;
private bool processingTimer;
+ private ProductManifest manifest;
public MainForm()
{
InitializeComponent();
+ LoadManifest();
StartDownload();
}
+ private void LoadManifest()
+ {
+ string fileName = String.Format("{0}\\MySQL\\MySQL Universal Installer\\products.xml",
+ Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData));
+
+ if (!File.Exists(fileName))
+ {
+ MessageBox.Show("Unable to locate MySQL Universal Installer product cache");
+ Close();
+ }
+
+ try
+ {
+ XmlRootAttribute productManifest = new XmlRootAttribute("ProductManifest");
+ XmlSerializer s = new XmlSerializer(typeof(ProductManifest));
+ TextReader w = new StreamReader(fileName);
+ manifest = (ProductManifest)s.Deserialize(w);
+ w.Close();
+ }
+ catch (Exception ex)
+ {
+ MessageBox.Show("There was an error loading the MySQL Universal Installer product cache");
+ Close();
+ }
+ }
+
private void StartDownload()
{
- string[] args = Environment.GetCommandLineArgs();
- string url = args[1];
client = new WebClient();
client.DownloadProgressChanged += new DownloadProgressChangedEventHandler(client_DownloadProgressChanged);
client.DownloadFileCompleted += new AsyncCompletedEventHandler(client_DownloadFileCompleted);
tempFile = Path.GetTempFileName().Replace(".tmp", ".exe");
- client.DownloadFileAsync(new Uri(url), tempFile);
+ client.DownloadFileAsync(new Uri(manifest.UpdateUrl), tempFile);
}
private void Install()
{
+ if (!VerifyHash())
+ {
+ MessageBox.Show("Update download failed security check");
+ Close();
+ return;
+ }
+
label1.Text = "Installing...";
downloadProgress.Value = 0;
ProcessStartInfo psi = new ProcessStartInfo();
@@ -47,6 +83,32 @@
Close();
}
+ private bool VerifyHash()
+ {
+ string hash = GetSHAHash(tempFile);
+ return String.Compare(hash, manifest.UpdateHash, false) == 0;
+ }
+
+ public static string GetSHAHash(string pathName)
+ {
+ SHA1CryptoServiceProvider hasher = new SHA1CryptoServiceProvider();
+
+ try
+ {
+ Stream stream = new FileStream(pathName, FileMode.Open);
+ byte[] hash = hasher.ComputeHash(stream);
+ stream.Close();
+
+ string stringHash = BitConverter.ToString(hash);
+ stringHash = stringHash.Replace("-", "");
+ return stringHash;
+ }
+ catch (Exception)
+ {
+ return null;
+ }
+ }
+
void client_DownloadFileCompleted(object sender, AsyncCompletedEventArgs e)
{
if (e.Cancelled)
=== modified file 'WexInstallerUpdater/WexInstallerUpdater.csproj'
--- a/WexInstallerUpdater/WexInstallerUpdater.csproj 2011-01-24 16:20:32 +0000
+++ b/WexInstallerUpdater/WexInstallerUpdater.csproj 2011-01-24 20:56:55 +0000
@@ -52,6 +52,7 @@
<Compile Include="MainForm.Designer.cs">
<DependentUpon>MainForm.cs</DependentUpon>
</Compile>
+ <Compile Include="ProductManifest.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<EmbeddedResource Include="MainForm.resx">
Attachment: [text/bzr-bundle] bzr/reggie.burnett@oracle.com-20110124205655-quamgqr1coyytnge.bundle
| Thread |
|---|
| • bzr commit into wex-installer-1.0 branch (reggie.burnett:263) | Reggie Burnett | 24 Jan |
