1 / 52

Customizing Installers for OpenAFS and MIT Kerberos for Windows

Customizing Installers for OpenAFS and MIT Kerberos for Windows. Asanka C Herath Secure Endpoints Inc. Why transforms?. Original installer.msi. Transform 1.mst. Customized Installer 1.msi . Original installer.msi. Transform 2.mst. Customized Installer 2.msi . New installer.msi.

london
Download Presentation

Customizing Installers for OpenAFS and MIT Kerberos for Windows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc.

  2. Why transforms?

  3. Original installer.msi Transform 1.mst Customized Installer 1.msi Original installer.msi Transform 2.mst Customized Installer 2.msi New installer.msi Transform 1.mst Customized New Installer 1.msi

  4. Transforms are … • Packaged customizations • Can be applied to newer installers • Manage and document • Supported • Used with Group Policy software assignment

  5. Not a complete Windows Installer guide Essential windows installer

  6. Refer to the Windows Installer documentation onMicrosoft Developer Network or the Windows Platform SDK Documentation for more details

  7. Windows Installer Packages are … • Based on a relational database model • Each installer ‘database’ contains information and data files used to install a product • Declarative • Organized into features and components

  8. A Component A piece of an application that is versioned and installed as a coherent whole.

  9. A Component {E353AA81-667F-44a1-8C04-133FCDD42E5E} Identified by a GUID

  10. A Component {E353AA81-667F-44a1-8C04-133FCDD42E5E} File A Registry setting 1 Registry setting 2 Can contain a single file, a group of files, a file and a group of registry settings, a single registry setting, a shortcut, etc…

  11. A Component {E353AA81-667F-44a1-8C04-133FCDD42E5E} File A Registry setting 1 Registry setting 2 Has a “key path”

  12. A Component Can be shared across features, products and companies

  13. A Component Has rules … (In brief, from ‘Windows Installer Components’, Microsoft Developer Network Library) • Each component must be stored in a single directory. • No file, registry entry, shortcut, or other resources should ever be shipped as a member of more than one component. This applies across products, product versions and companies.

  14. A Feature A high-level user-visible hierarchical grouping of components and other features

  15. Features and Components afsd_service.exe Service install for TransarcAFSDaemon afslogon.dll HKLM\...\WinLogon\Notify\..., DLLName HKLM\...\WinLogon\Notify\..., Startup

  16. Properties • Are strings • Can be specified at runtime or via a transform • Only “public” properties can be specified at runtime • Can be used to condition the installation of components

  17. Customization via Transforms

  18. How transforms work • Installer databases consist of a ‘relational-type’ database and an associated file storage. • OpenAFS for Windows and MIT Kerberos for Windows use cabinets. • A transform is a set of changes that is made to the database contents. • The file storage is unaffected.

  19. Making a transform • Make a copy of the original • Make any required changes to the copy • ‘Diff’ the twoor • Use ORCA.exe to edit and generate the transform…

  20. Ingredients • Windows Installer SDK (Part of the Windows SDK) • ORCA.exe • MsiTran.exe (optional) • MsiDb.exe (optional) • WiLstXfm.vbs (optional) • Original MSI installers

  21. A walkthrough Customization using properties

  22. 1/3

  23. 2/3

  24. 3/3

  25. Original installer.msi Transform.mst

  26. Modified installer.msi Original Installer.msi Transform.mst msitran -g OriginalInstaller.msi ModifiedInstaller.msi Transform.mst Modified Installer.msi Original installer.msi Transform.mst copy OriginalInstaller.msi ModifiedInstaller.msi msitran -a Transform.mst ModifiedInstaller.msi

  27. A walkthrough Adding registry keys

  28. Overview • OpenAFS • Add a set of domain specific registry keys to enable integrated logon for EXAMPLE.COM realm.

  29. HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COMHKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM LogonOptions = 1 According to Appendix A section 2.1 of the OpenAFS for Windows Release Notes.

  30. HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COMHKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM (Create key) HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM LogonOptions = 1 Creating the key becomes a separate registry entry.

  31. HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COMHKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM (Create key) HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM LogonOptions = 1 We need a component to hold the registry entries. (Don’t forget the key path and GUID)

  32. HKLM\...\Domain\EXAMPLE.COM (Create key) HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Create a new feature to keep our component separate from the rest of the feature-component hierarchy.

  33. OpenAFS Client HKLM\...\Domain\EXAMPLE.COM (Create key) HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Attach the feature to the rest of the feature-component hierarchy.

  34. HKLM\...\Domain\EXAMPLE.COM (Create key) HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 And again from the top, but this time with Windows Installer tables …

  35. HKLM\...\Domain\EXAMPLE.COM (Create key) HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Component (Attributes value 4 = msidbComponentAttributesRegistryKeyPath)

  36. HKLM\...\Domain\EXAMPLE.COM (Create key) HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 FeatureComponents

  37. OpenAFS Client HKLM\...\Domain\EXAMPLE.COM (Create key) HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Feature (Attribute value 10 = msidbFeatureAttributesFollowParent + msidbFeatureAttributesDisallowAdvertise)

  38. A walkthrough Replacing configuration files

  39. Overview • OpenAFS • Replace the CellServDB in the installer with a custom file.

  40. A problem • Since Windows Installer transforms do not change the embedded cabinet or source files, we can’t change the CellServDB that is included in the installer.

  41. A solution • Block the CellServDB file in the installer • Include a new CellServDB file • We can either embed the new CellServDB file in the installer or we can place it in the same location as the installer.

  42. The ‘Condition’ column

  43. Non-existent or empty properties evaluate to FALSE.

  44. OpenAFS Client CellServDB File table (Attribute 8192=msidbFileAttributesNoncompressed)

  45. OpenAFS Client CellServDB Component table (Attributes value 144 = msidbComponentAttributesPermanent + msidbComponentAttributesNeverOverwrite)

  46. OpenAFS Client CellServDB Media table (LastSequence = sequence number of last file in media. The value of 1000 makes this the source media for the newly added CellServDB file.)

  47. Useful Resources

  48. Useful Resources • Windows Installer documentation • OpenAFS for Windows release notes • MIT Kerberos for Windows MSI Deployment Guide

  49. Q?

More Related