Checking installation integrity with installshield

Question

For Linux packages, specifically RPMs with stored checksums, we always can check two things: the contents of package is ok and the installation from this package is ok. When someone modifies parts of the installation he shouldn't, we can see it by running rpm -Vp my-precious-package. In our busyness it is not only recommended, but obligatory to provide our packages with tools for this purpose and for Linux these are just simple bash scripts.

Now I have to do something similar for Windows. Basically what I want is to provide some batch file by running which one can get assured, the installation is the same as it meant to be in the package. I'm using InstallShield for packaging, and yet it has some great visual tools, I still haven't found a way to verify package checksums in the command line.

Is it even possible, or should I reinvent the wheel writing my own checking utils?

Answer 1

Windows Installer has a feature called resiliency that supports auto repair of products and there are ways to call it for self checks only. (This is assuming by InstallShield you mean Windows Installer based projects.)

Here's a couple links to read to get you started:

INFO: Description of Resiliency in Windows Installer

Resiliency

Application Resiliency: Unlock the Hidden Features of Windows Installer

MsiProvideComponent function (See dwInstallMode flags)

This also assumes all files are key files. Companion files are not managed by the installer. Also changes performed by custom actions outside of the installer aren't managed.

Answer 2

Take a look at MakeCat and SignTool from Microsoft, both in SDK

http://msdn.microsoft.com/en-us/library/windows/desktop/aa386967%28v=vs.85%29.aspx http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=vs.85%29.aspx