Bug #36409 Windows installer changes needed for Vista Certification.
Submitted: 29 Apr 2008 19:45 Modified: 13 Oct 12:10
Reporter: Iggy Galarza
Status: Closed
Category:Server: Packaging Severity:S3 (Non-critical)
Version:5.1 OS:Microsoft Windows
Assigned to: Iggy Galarza Target Version:5.1+
Triage: Triaged: D3 (Medium)

[29 Apr 2008 19:45] Iggy Galarza 
Description:
1. The Setup.exe that we provide as a complement to our essentials MSI installer  will
cause us to fail Vista certification.  "Applications must use the Windows Installer (MSI)
or ClickOnce for installation."(ii)  Additionally "Test Case 13. Verify application's
installer contains an embedded manifest".(i)  Setup.exe fails both. The best way to meet
both requirements is to stop producing Setup.exe and simply distribute the MSI that is
contained inside the self extracting archive.

Also, Setup.exe does not allow the user to pass command line parameters to the MSI inside
which violates "Test Case 26. Verify the application can be installed quietly from the
command line."(i)

2. The mysql Windows MSI files available at dev.mysql.com are not signed with our digital
certificate.  This causes an additional UAC prompt that could be avoided by simply signing
the executables.  

i. CertifiedforWindowsVistaProgramTestCases.doc from
http://download.microsoft.com/download/a/5/d/a5d3d02a-fd03-466f-9ba8-97f5e7a90a98/Certifie...
ii. Windows Vista Software Logo Spec 1.1 from
http://download.microsoft.com/download/8/e/4/8e4c929d-679a-4238-8c21-2dcc8ed1f35c/Windows%...

How to repeat:
1. Browse dev.mysql.com
2. Download the MSI on a Windows machine and view the file's properties.  The MSI should
have a Digital certificate tab.

Suggested fix:
1. Stop producing setup.exe.  Instead, just produce the MSI that's inside.
2. Sign the MSIs that we produce with our digital certificate.
[27 Jan 13:29] Patrick Crews 
Verified that the .msi files for 5.1.31 were digitally signed, and that we are not
producing setup.exe files for 5.1.31.

The one note I do have is that the email section of the digital signature is blank.  Do
we want to supply a contact?  Just bringing this up in the event this was an
unintentional omission.
[13 Oct 12:10] MC Brown 
A note has been added to the 5.1.31 changelog: 

The MSI installer packages for Windows are now digitally signed with a certificate,
allowing installation on Windows where only certified packages are allowed by group
policy or configuration. 
 
As part of this change, and to comply with the certified installer requirements, the
<command>Setup.exe</command> versions of the MySQL installer have been discontinued. You
must have Windows Installer support in your Windows installation to use the MSI install
package. This is a standard component on Windows XP SP2 and higher. For earlier versions,
you can download the Microsoft Installer support from Microsoft.com.