Bug 50757 - No integrity check of MSI package
Summary: No integrity check of MSI package
Status: RESOLVED NOTABUG
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Installation (show other bugs)
Version:
(earliest affected)
3.5.4 release
Hardware: x86 (IA32) Windows (All)
: medium normal
Assignee: Andras Timar
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-05 22:25 UTC by Timon
Modified: 2022-07-14 09:07 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Timon 2012-06-05 22:25:52 UTC 
At the beginning of LibO installation through MSI package there is no integrity check. As a result, if the packege has a checksum error, there is a risk to remain without LibO on computer. Installation will start up, request all necessary information, remove old version of LibO, try to install the new version and only at this moment reports that file(s) is corrupted. You can choose three actions: repeat, cancel, ignore. If you choose cancel, process is rolled up and the computer stays without LibO.
In old installer through EXE package, first decompress of archive occurs and only then office is installed. In this method, were also disadvantages, because after installation folders remained with data, which then had to be removed manually.
Of course, you can download the package again from the internet, but there are still places where there is no internet at all or it is very slow.

If you need, I may attach LibO_3.5.4_Win_x86_install_multi.msi with CRC errors
Comment 1 Andras Timar 2012-06-06 23:00:39 UTC 
LibreOffice MSI packages are signed by The Document Foundation. This ensures integrity of the package. If you saw the error with a signed package, than it is an isolated problem with your computer. Did you try to install an unsigned (i.e. corrupted package)?
Comment 2 Timon 2012-06-07 05:43:07 UTC 
Problem is slightly different. I downloaded the latest version of LibO 3.5.4 from official website (signed version). After download, installed LibO, tested new features, everything was fine. Copied MSI package to flash drive. Went to another place, copied file to computer and began to install. And instead of a new version of LibO I stayed without office at all. I think that something failed on a flash drive. But MSI package was copied from flash drive to computer without any errors. Installation in a new place started up without any error messages, requested all
necessary information about version update, removed old version of LibO, tryed to install  new version and only at this moment reported that cab file and some other files are corrupted. After installation fail I checked the integrity of MSI package on a flash drive and computer and saw the errors (package was corrupted). In the first place of install (where the package was downloaded) MSI package is fine and signed. I again rewrote the package on a flash drive and reinstalled in another place.
I hope, was understood. Sorry for my poor english.
Comment 3 Andras Timar 2012-06-13 03:21:03 UTC 
OK, I understand the problem better now. Unfortunately integrity check is not an option for MSI packages. There is only the signature, but Windows does not always display a warning, if signature is broken.
Comment 4 Timon 2012-06-13 03:33:03 UTC 
(In reply to comment #3)
> OK, I understand the problem better now. Unfortunately integrity check is not
> an option for MSI packages. There is only the signature, but Windows does not
> always display a warning, if signature is broken.

I can add such corrupted file as an attachment (of course, if there is a need)
Comment 5 Ian Romanick 2013-01-30 00:44:25 UTC 
*** Bug 41700 has been marked as a duplicate of this bug. ***