You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Heat currently supports generating a RemotePayload of a .msi and .cab file, and if the files are not code-signed then a hash is generated in the RemotePayload. But in 3.10 RemotePayload can only be used for ExePackage or MsuPackage, per the chm. I know that there are security concerns about downloading a raw msi, but if MsiPackage used the RemotePayload hash would that address that concern?
The reason I was thinking about this is that I have a third-party msi with .cab file which is of significant size, that I use in many bundles as external, not compressed packages. The cab in particular is significant size. There are also a lot of small mst files, but I typically compress them. Since this is used in many bundles, on my web-deployment release server each bundle tree has this large msi and cab in the bundles subfolder tree. So I was thinking of moving this rarely changing msi/.cab file to its own folder on the release CDN and using a RemotePayload in each bundle to get this msi and cab file. The current approach of using MsiPackage and PayloadGroup works find but uses a fair amount of CDN resources. This third-party msi also has a lot of smaller mst files, which I typically compress into the bundle (but others might want to have them remote also).
Originally opened by phogland
The text was updated successfully, but these errors were encountered:
Note that you don't need RemotePayload support to have a payload only via download. RemotePayload is only to cover the case when you don't have a file locally during bundle build time. If you have the file, you can specify @SourceFile for WiX to harvest the information it needs and @DownloadUrl to specify the URL at install time.
Heat currently supports generating a RemotePayload of a .msi and .cab file, and if the files are not code-signed then a hash is generated in the RemotePayload. But in 3.10 RemotePayload can only be used for ExePackage or MsuPackage, per the chm. I know that there are security concerns about downloading a raw msi, but if MsiPackage used the RemotePayload hash would that address that concern?
The reason I was thinking about this is that I have a third-party msi with .cab file which is of significant size, that I use in many bundles as external, not compressed packages. The cab in particular is significant size. There are also a lot of small mst files, but I typically compress them. Since this is used in many bundles, on my web-deployment release server each bundle tree has this large msi and cab in the bundles subfolder tree. So I was thinking of moving this rarely changing msi/.cab file to its own folder on the release CDN and using a RemotePayload in each bundle to get this msi and cab file. The current approach of using MsiPackage and PayloadGroup works find but uses a fair amount of CDN resources. This third-party msi also has a lot of smaller mst files, which I typically compress into the bundle (but others might want to have them remote also).
The text was updated successfully, but these errors were encountered: