This is an automatic, remote installer. It downloads packages from some locations, verifies and installs them.

The source code is here:

• Auto remote installer.zip (68 KB)
• http://forums.winamp.com/showthread.php?s=&threadid=308388

Readme

Remote installer components

• installer: installs the two components in their place.
• updater: when started, checks urls as given in the updater.ini file.
• checker: runs in the background, periodically starts updater as a background process.

What it does:

1. updater has a configuration file installer.ini which lives in the same directory
   • it holds section "Download locations"
   • there up to 50 url links (http, ftp (not tested) and file:///)
   • file:/// can be relative or absolute path
   • e.g. file:///components.txt.asc
2. updater consults installer.ini
   • downloads the "manifest" from the first valid url into a temporary location
   • it should be signed with a private key of a TRUSTED_SIGNATORY (see source)
   • the downloaded file is verified, if the signature is not recognized, downloader tries next url(s)
   • if no valid manifest is downloaded, program aborts
3. the downloaded manifest contains "changesets" in the ini structure
   • name of the section is the name of the feature
   • eg. [001 - Silent changes]
   • it is a good idea to put numbers, sections are sorted alphabetically
   • each section should contain: url, md5, args, onfailure keys
     • url: where to download the new/changed feature
     • md5: checksum of the downloaded file
     • args: instructions how to execute the downloaded file, in case of 7z, it is a directory where it will be unpacked
   • onfailure: continue|stop|retry
4. updater first sorts sections alphabetically and starts from the first
   • if already installed (it will be skipped)
     • records of the installed features are kept in a separate ini: updated.ini
   • if not installed:
     • url is downloaded into temporary location
     • downloaded file is checked against the md5 checksum
     • if the file has .gpg suffix, it is decrypted
     • e.g. "program.exe.gpg" will become "program.exe"
     • decryption uses gpg and a private key of the program
     • package should be encrypted for ID of the installer
     • installer also checks if the file was encrypted by TRUSTED_SIGNATORY
     • "args" are expanded (ie. args=%(DOWNLOADED_FILE)s /S becomes "some_path\ns6984.exe /S")
     • file is in a temporary location is executed (based on the suffix)
     • exe files: run using ExecTimeout
     • 7z files: output dir is set to the path in "args" and run Extract
     • more actions could be added later
     • if everything goes fine, package name is added into the updated.ini
     • ID = date (eg. 001 - Silent changes=07.07.2009 22:41:28)
   • if anything went wrong:
     • package installation is ended
     • no records is written in the updated.ini
     • based on the onfailure value, installation stops or continuew with a next package
     • it is up to you to solve the failure states

How to make a distribution

1. prepare a manifest:
   • e.g. .\tests\components.0.01.txt
2. sign the manifest with gpg
   • e.g. .\gpg\gpg.exe --homedir .\gpg_local_side --clearsign .\tests\components.0.01.txt
3. check the updater.ini file
   • it must contain valid future URL locations of the manifest
4. check the installer.ini file
   • it must have a valid args in the section [Checker]
   • this tells installer what to put in the Run section of the registry
   • and also how to start checker after the installation
5. compile the scripts, in this order:
   1. checker.nsi --> semanchk.exe
   2. updater.nsi --> updater.win32.0.01.exe
   3. installer.nsi --> installer.win32.0.01.exe

To encrypt a file

• you have to encrypt and sign it
• the SIGNATORY must be known to the updater
• see updater.nsi, search for TRUSTED_SIGNATORY
• the file must be addressed to the updater
• you must have the public key of the recipient in the keyring

example

.\gpg\gpg.exe --homedir .\gpg_local_side -r "John the Recipient" -se .\tests\program.exe