I work on a Windows application that has over 75 fonts embedded in the executable using Qt's resource system. We call QFontDatabase::addApplicationFont to install the fonts for the application's use, but of course, this only installs them in memory for the application and doesn't install the fonts permanently on the system. We have run into an issue where a customer's IT department has implemented the Untrusted Font Policy, which forbids using fonts that aren't installed in the %windir%\Fonts directory.
Our font "files" are specified by their path in the resource system, and they are being blocked. I presume that internally, the path to the font file is the path into Qt's resource system, which certainly isn't the Windows Fonts directory. QFontDatabase::addApplicationFont returns a -1, indicating an error in installing the font. It seems that our only recourse is to provide the individual font files in our installer so that someone with Administrator privilege can install them.
To further complicate things, due to the nature of how our application is distributed, the "installer" is a simple self-extracting archive. If there's any changes to how files are managed after extraction, it will be custom code that I have to write (as opposed to using off-the-shelf installer technology), and further, I can't guarantee the privilege level.
Is there a different way to handle this that doesn't require adding dozens of files to the installer and requiring a manual installation step that can only be done with elevated permission?
Thank you.
Related
According to the Windows installation rules, programs should be installed to
C:\Program Files (64-bit program / x86-64) or C:\Program Files (x86) (32-bit program / x86). The program is copied into a sub-sub-folder containing the vendor name and the program name.
But why doesn't Chocolatey install packages into C:\Program Files\<Vendor>\<Program>\?
10. Apps must install to the correct folders by default
Users should have a consistent and secure experience with the default installation location of files, while maintaining the option to install an app in the location of their choice. It is also necessary to store app data in the correct location to allow several people to use the same computer without corrupting or overwriting each other's data and settings. Windows provides specific locations in the file system to store programs and software components, shared app data, and app data specific to a user
10.1 Your app must be installed in the Program Files folder by default
For native 32-bit and 64-bit apps in %ProgramFiles%, and %ProgramFiles(x86)% for 32-bit apps running on x64. User data or app data must never be stored in this location because of the security permissions configured for this folder.
Source: Certification requirements for Windows desktop apps
Version: 10 (July 29, 2015)
It depends on your version of Chocolatey, it's settings and the packages themselves.
To start, see Tools vs Applications and Chocolatey's distinction (
https://github.com/chocolatey/chocolatey/wiki/ChocolateyFAQs at the
bottom).
If the package does not use a native installer (a tool), it depends on
if the package author has used the bin_root concept that is up and
coming in a future version.
For example, SysInternals will go to c:/sysinternals right now unless
you have a defined $env:chocolatey_bin_root variable. The concept in
the code will change as well as right now this requires it to be a
subfolder of the system drive and I don't see us developing the final
feature with that limitation.
If the package doesn't have that concept yet, one can always ask the
package author to incorporate it.
If the package uses a native installer (an application), one can use
installArgs to pass arguments to the native installer
(https://github.com/chocolatey/chocolatey/wiki/CommandsInstall) and
tell it the directory to install the application to. This does require
you to know what you need to pass to the native installer. If you want
your applications in a custom directory, there is an assumption that
you are already an advanced user so it is expected that you would know
what to pass the installer if you were doing a silent install.
Slightly paraphrased from: https://groups.google.com/forum/#!msg/chocolatey/uucAz8GxebA/HEPAKp69d90J
Also,
NOTICE: As of 0.9.8.24, Chocolatey's default install location is
C:\ProgramData\Chocolatey
This reduces the attack surface on a local installation of chocolatey
and limits who can make changes to the directory.
Source: https://github.com/chocolatey/chocolatey/wiki/DefaultChocolateyInstallReasoning
And from personal experience I can attest that that concept is an excellent line of defense (when properly configured, used and understood).
PS:
As you already added to your answer, technically the requirement is %ProgramFiles% and %ProgramFiles(x86)% environment variable(s where applicable).
For example, %ProgramFiles(x86)% could as well point to P:\Software\Programs\x86\ (instead of C:\Program Files (x86)\).
There is obviously a lot of legacy software (now (re-)packaged) that never used a <vendor> section in the path-name.
Hope this helps!
Portable applications can be run from USB-drives and all and are thus very convenient, but unfortunately they are slow (as a USB drive is usually slower).
How exactly does the installation of a portable app differ from that of a normal app?
I know they do not create registries and all, but then how do they achieve the same thing as other, 'normal' apps?
Any application that stores all required information in a self-contained way can be made "portable".
For exmaple, eclipse doesn't require installation and keeps all preferences within the workspace, so it could be considered portable.
An application which any of the following isn't immediately portable:
Uses the registry
Uses the user's home directory ie: "C:\Users" or "C:\Documents and Settings"
Requires installation of certain files to hard-coded locations
In order to make these applications portable they can be processed or run within a mini-VM (like ThinApp) so that calls that registry calls and file accesses are modified to refer to locations within the USB.
They don't store anything in the registry or on the hard disk. Application configuration options and other settings are saved on the USB drive, usually (but not always) in either an .INI file or an XML file.
They don't have any dependencies on system resources (such as the registry) that require a higher level of security to access, nor do they have any dependencies on any libraries not shipped with the application on the thumb drive (unless the dependencies are commonly found in a typical install).
Most simple apps meet these requirements and could hypothetically be run off a thumb drive.
I'm probably just being very thick here, but it's not clear to me where I'm supposed to install 'new' user-specific programs on Windows 7 (and presumably Vista too, though I've not specifically looked at that scenario yet).
Under Windows XP (rightly or wrongly) we always installed our programs into folders under 'Program Files' and accepted that they'd be kind-of available to everyone. From what I can gather under Windows 7 I'm supposed to install my software under the user's AppData folder (possibly AppData\Local\MyApp). That makes a degree of sense, but the fact that this folder is 'hidden' by default means that we're going to have 'fun' talking our users through support stuff.
I want to install our software so that it's user specific (the Users bit in Windows 7 makes perfect sense) but I do want the user to be able to access it if required. Our program also includes a 'data' subdirectory which it needs to write into while it's running (embedded database), but as the program is intended to be single-user/standalone, the data folder being inside a user-specific folder isn't going to be a problem.
My problem is just that whole 'hidden folder' aspect of AppData. As much as I've trawled the MSDN, I can't work out where else I'm supposed to install user-specific programs. Taken one way it would seem to be something like AppData\Local\MyApp, and another way it would seem to be just as valid under the user's My Documents\MyApp equivalent.
Has anyone got a clear guide for where all this stuff goes? I found the MSDN docs confusing. :-)
Not really.
The directory that serves as a common
repository for application-specific
data for the current roaming user.
AppData is, surprisingly, for application data, not for installation (Click Once/Silverlight applications aside). You can, and should still install into Program Files, just don't expect to write into that folder.
You can install software into AppData if you want it to follow a user about in an Active Directory environment, which happens if you put it in AppData\Roaming (the SpecialFolder.ApplicationData location).
You can also install into AppData if you want the software to be available to just the user that installs it. This can be useful if, for example, you have multiple users on the same machine, who all want to run different versions of the software in complete isolation.
If you want settings to only apply on the local machine then you use AppData\Local, which is SpecialFolders.LocalApplicationData - this will make AD administrators very happy as the roaming profile size won't suddenly jump up 50Mb or whatever the size of your software is.
If you wanted to create settings which apply to all users then you're looking at SpecialFolders.CommonApplicationData
You should remember never to rely on the actual name of the directory - localisation issues mean this can change and the location does change with OS versions two. You should be using the special folder enumeration in your software, or the equivalent in your installer.
Could you not install into Program Files, but use AppData as it's supposed to be used, and store your database in there?
Windows 7 added the FOLDERID_UserProgramFiles known folder and by default this maps to %LOCALAPPDATA%\Programs. This is used by MSI when ALLUSERS=2 & MSIINSTALLPERUSER=1.
On Vista and earlier there is no canonical per-user application folder but just using %LOCALAPPDATA% is pretty common. Sadly MSI will just use %ProgramFiles% on these systems.
It's 2019, and I just installed Visual Studio Code (a Microsoft product) in the default folder of
%userprofile%\AppData\Local\Programs\Microsoft VS Code
This is probably for getting around the requirement to have an administrator or UAC prompt authorise the installation
Windows 7 folder structure is deeply inspired on Unix structure:
/usr/ -> C:\Program Files\ -> binaries: executables and dynamically linked
/etc/ -> C:\ProgramData\ -> global settings
/home/ -> C:\Users\ -> a folder for each user
~/.* -> C:\Users\Hikari\AppData\Roaming\ -> settings for each user
Windows has more folder, like My Documents for files with content produced by user, AppData Local and Roaming (which Unix usually handles with NFS).
It's about time for us developers to start using these structures. We must separate at least binary files that don't need to be replicated, global and user settings.
When a setup is installing an app, this setup should expect to have permission to write on Program Files. Once the setup is finished, Program Files should be writable only for other setups aiming to update binaries to other versions.
Please install executable files to the %programfiles% folder in Windows - a simple MSI based install package can perform an active setup for any new user who logs onto the machine to create the user specific files and folders in their profiles %appdata% folder. You see this behaviour for Internet Explorer, Adobe reader, etc. - It's the little MSI installer window that pops up the first time you log onto a machine which has those applications installed. - Thanks - a system admin :)
My opinion, for what it's worth, is that user-specific program files is just asking for trouble and is a damn stupid thing to do.
A much more sensible approach is to install different versions of your program to:
\Program Files\Your Program\Program_v0.1\Program.exe
\Program Files\Your Program\Program_v0.2\Program.exe
\Program Files\Your Program\Program_v0.3\Program.exe
\Program Files\Your Program\Program_v0.4\Program.exe
I would then place a bootstrapping launcher at:
\Program Files\Your Program\ProgramLauncher.exe
Then, the user application data folder will only contain data, including an INI/XML/Settings file that indicates the version of the program that this user is working with.
Such an approach satisfies the core tenant of keeping data and executing code separate, allows every user to run a specific version of the code, and offers a small amount of de-duplication by ensuring the same executable code is not copied multiple times across user folders.
Otherwise, go right ahead with installing programs to AppData and undoing the years it has taken us to achieve clean separation of code and data. I found this thread because I noticed that Chromium and DropBox are installing code to AppData. I'm going to uninstall those program, and change the permissions on my AppData folder to exclude execution to ensure I can easily spot other programs attempting the same BS.
I'm coming at this from the Windows world... On Windows, we have Windows Installer packages (MSI files) that are processed by a system component (Windows Installer) to install applications (the idea being that this system component tracks references to libraries and implements transactional installation, theoretically avoiding botched installations)...
Could someone explain the architecture and process of how an application gets installed on OSX? Is there a corresponding component to Windows Installer? And if so, how would I go about using it for my applications?
This might be overkill, but check this out:
Software Delivery Guide: Introduction (Apple)
Discusses various software delivery procedures on the Mac and how it all works.
Applications are normally packaged into "bundles" with the .app extension. These bundles contain the binary (usually Mach-O) and any other resources the application needs to run; these usually include:
Resources for the application - such items as icons/images, NIB files (used to define the user interface)
Property list files defining such parameters as application name, bundle format etc
Localized files and strings which can be loaded by OS X for different locales set by the user
These bundles are normally kept in the /Applications/ folder, although they can be moved around and placed anywhere on the filesystem (the bundle format makes moving these applications around easier).
The common method to install an application is to download an Apple Disk Image file (extension .dmg) which is mounted as a disk drive on the user's OS; the application is then actually installed in two main ways:
Through the Installer app; this uses an Installation Package (extension .pkg) which provides a "Wizard" installation procedure, and is used when the installation is configurable (where the user can choose which extra dependencies to install etc). The free Apple tool PackageMaker can be used to create these packages.
By simply dragging the application icon into the Applications folder; this is for applications that do not require custom installation settings; normally a window displaying the application's icon and an icon for the Applications folder is shown, and the user drags the application's icon onto the Applications folder icon (for an example, see here)
you drag the icon into your Applications folder.
It is really a folder with a name ending in .app . The OS treats that as a single unit. Inside of the "folder" is the application distribution and metadata to tell the OS how to run it. Normally, systemwide components are installed on first-run.
You sometimes find package (.pkg) bundles that work exactly the same was as a .msi.
OS X apps are usually "xcopy deployed" and are self contained in so called bundles.
I wonder about this because we are developing an application, after installation some files were copied to program files and some to user profile directory. But, we found some issues w.r.t program files. Now all files are installed in the current user's directory. Even Google Chrome, does so. What do you think?
If you install a given application on 10 different accounts, do you really want the application to exist 10 times on disk?
The program files directory is for just that, the executable files, dlls, assemblies and other executable code and non editable configuration data associated with a program. The user profile directory is for data and code associated with the individual user.
The program files directory in Windows is a place where all the installed files go.
But there are some customizations needed depending on users. Those go into user's directory.
Like Downloads folder, customization of Mozilla firefox, Winamp, etc.
There has to be different profiles for each user to customize the applications.
But the commonly needed files of a software need not be installed in each user account; hence they are installed in Program Files
Since Vista the Program Files directory has been marked as off limits so applications can't write to it by default unless given admin privileges.
This is for better security to stop other applications manipulating existing installed applications.
There is a good write up of this here on how to work with UAC but also learning to write more secure applications.
http://msdn.microsoft.com/en-au/magazine/cc163486.aspx