Bug #36409 Windows installer changes needed for Vista Certification.
Submitted: 29 Apr 2008 17:45 Modified: 13 Oct 2009 10:10
Reporter: Iggy Galarza Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Packaging Severity:S3 (Non-critical)
Version:5.1 OS:Windows
Assigned to: Iggy Galarza CPU Architecture:Any

[29 Apr 2008 17:45] Iggy Galarza
Description:
1. The Setup.exe that we provide as a complement to our essentials MSI installer  will cause us to fail Vista certification.  "Applications must use the Windows Installer (MSI) or ClickOnce for installation."(ii)  Additionally "Test Case 13. Verify application's installer contains an embedded manifest".(i)  Setup.exe fails both. The best way to meet both requirements is to stop producing Setup.exe and simply distribute the MSI that is contained inside the self extracting archive.

Also, Setup.exe does not allow the user to pass command line parameters to the MSI inside which violates "Test Case 26. Verify the application can be installed quietly from the command line."(i)

2. The mysql Windows MSI files available at dev.mysql.com are not signed with our digital certificate.  This causes an additional UAC prompt that could be avoided by simply signing the executables.  

i. CertifiedforWindowsVistaProgramTestCases.doc from http://download.microsoft.com/download/a/5/d/a5d3d02a-fd03-466f-9ba8-97f5e7a90a98/Certifie...
ii. Windows Vista Software Logo Spec 1.1 from http://download.microsoft.com/download/8/e/4/8e4c929d-679a-4238-8c21-2dcc8ed1f35c/Windows%...

How to repeat:
1. Browse dev.mysql.com
2. Download the MSI on a Windows machine and view the file's properties.  The MSI should have a Digital certificate tab.

Suggested fix:
1. Stop producing setup.exe.  Instead, just produce the MSI that's inside.
2. Sign the MSIs that we produce with our digital certificate.
[27 Jan 2009 12:29] Patrick Crews
Verified that the .msi files for 5.1.31 were digitally signed, and that we are not producing setup.exe files for 5.1.31.

The one note I do have is that the email section of the digital signature is blank.  Do we want to supply a contact?  Just bringing this up in the event this was an unintentional omission.
[13 Oct 2009 10:10] MC Brown
A note has been added to the 5.1.31 changelog: 

The MSI installer packages for Windows are now digitally signed with a certificate, allowing installation on Windows where only certified packages are allowed by group policy or configuration. 
 
As part of this change, and to comply with the certified installer requirements, the <command>Setup.exe</command> versions of the MySQL installer have been discontinued. You must have Windows Installer support in your Windows installation to use the MSI install package. This is a standard component on Windows XP SP2 and higher. For earlier versions, you can download the Microsoft Installer support from Microsoft.com.