RemotePayload support for .msi and .cab files.

[wixbot]

Heat currently supports generating a RemotePayload of a .msi and .cab file, and if the files are not code-signed then a hash is generated in the RemotePayload. But in 3.10 RemotePayload can only be used for ExePackage or MsuPackage, per the chm. I know that there are security concerns about downloading a raw msi, but if MsiPackage used the RemotePayload hash would that address that concern?

The reason I was thinking about this is that I have a third-party msi with .cab file which is of significant size, that I use in many bundles as external, not compressed packages. The cab in particular is significant size. There are also a lot of small mst files, but I typically compress them. Since this is used in many bundles, on my web-deployment release server each bundle tree has this large msi and cab in the bundles subfolder tree. So I was thinking of moving this rarely changing msi/.cab file to its own folder on the release CDN and using a RemotePayload in each bundle to get this msi and cab file. The current approach of using MsiPackage and PayloadGroup works find but uses a fair amount of CDN resources. This third-party msi also has a lot of smaller mst files, which I typically compress into the bundle (but others might want to have them remote also).

Originally opened by phogland

[wixbot]

Note that you don't need RemotePayload support to have a payload only via download. RemotePayload is only to cover the case when you don't have a file locally during bundle build time. If you have the file, you can specify @SourceFile for WiX to harvest the information it needs and @DownloadUrl to specify the URL at install time.

Originally posted by barnson