All,

a final SetupBuilder 2018 Build 6100 will be available on Friday, December
21, 2018.

Build 6100 provides detection support for Windows Server 2019 and introduces
initial support for SetupBuilder Remote Deploy (internal compiler and linker
modifications).

It also comes with a new response file feature. This allows you to
streamline the installation and configuration of your installation. A
response file is a text file that contains the variables and values needed
to install or update a product. It is useful for performing unattended
(silent) installations. The installation process reads the information from
the response file instead of prompting you to fill in the blanks. You can
also reuse a response file for future installations!

Work on SetupBuilder 2019 with Remote Deploy capability is progressing well
and we are looking forward to 2019. Thank you for your continued support
and for using SetupBuilder!

--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
Voice: +1.954.537.3701 | Fax: +1.954.537.3702

--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner

Friedrich,

> It also comes with a new response file feature.

'bout damn time, I've been doing it the hard way for years!<g>

Lee White

Hi Lee,

>
> 'bout damn time, I've been doing it the hard way for years!<g>
>

<VBG>

And the cool thing is, you have full control over this "response file"
process.

- You can decide (at script level) when to load the variables and values
from the response file.

- You can disable or enable the response file feature.

- You can let the user specify the response file name at setup.exe comment
line level -or- you pre-define the response file name at script level.

- You can even use multiple response files at script level.

Friedrich

Is it encrypted?

>
>It also comes with a new response file feature. This allows you to
>streamline the installation and configuration of your installation. A
>response file is a text file that contains the variables and values needed
>to install or update a product. It is useful for performing unattended
>(silent) installations. The installation process reads the information from
>the response file instead of prompting you to fill in the blanks. You can
>also reuse a response file for future installations!

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

Jeff,

> Is it encrypted?

Hmm, if it is how would you create it?

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Let me re-phrase:

Can any schmuck edit the file and cause your setup to do stuff that
you didn't intend for it to do?

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

Jeff,

> Let me re-phrase:
>
> Can any schmuck edit the file and cause your setup to do stuff that
> you didn't intend for it to do?

Better!<g>

In my use it would be written by the developers install immediately
before my install runs silent. Either in my install, or theirs, it is
quickly deleted. I suppose you could stick an obfuscated checksum
somewhere in the file and recalculate in the install to see if it's
been altered. In addition you could mark it read-only and check the
status within your install.

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

I'm asking about SB's new thing.

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

Jeff,

> I'm asking about SB's new thing.

That is what I was referring to but I'll step aside and let the boss
handle it!<g>


Lee White

Hi Jeff,

>
> Is it encrypted?
>

No, the new response file feature is not encrypted. It provides an
"enhanced" command line feature. Instead of passing variables and values
via a long command line to the installer, you can "load" response files to
pass the values.

BTW, you can compile a Clarion DLL that reads/writes encrypted TPS
(super)files to handle specific tasks that require encryption. This lets
you load variables and values from an encrypted source. If you are
interested, I can develop a demo.

Friedrich

Hi Friedrich -

No need to create a demo just for me, unless you already intended to
do it. Just trying to understand how you intend for this to work out
of the box.

The scenario that made me ask the question is where you "save" the
response files with the intent to re-load them at a later date. What
if someone (a "hacker" perhaps) wanted to trick the system into
thinking it performed a subsequent update, but sent the new files to a
black hole instead?
Would the initiator of the update be able to know that the files went
to the wrong place?

Thanks Friedrich.

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

Hi Jeff,

> No need to create a demo just for me, unless you already intended to
> do it. Just trying to understand how you intend for this to work out
> of the box.

I think I'll create one to demonstrate the power of SetupBuilder :-)

> The scenario that made me ask the question is where you "save" the
> response files with the intent to re-load them at a later date. What
> if someone (a "hacker" perhaps) wanted to trick the system into
> thinking it performed a subsequent update, but sent the new files to a
> black hole instead?
> Would the initiator of the update be able to know that the files went
> to the wrong place?

By default, you store the (optional) response file to the folder where the
"setup.exe" is located in. The end-user can specify another location.

For example (at command line level):

setup.exe /S /RF "my_response_file.txt"

or:

setup.exe /S /RF "c:\test\response.txt"

And you can hard-code a response file name and location into the setup.exe.

For example, this line in the script:

Load Response File ("response.txt")

setup.exe /S will automatically use a "response.txt" response file.

But here comes the interesting part. First of all, you have to ENABLE the
response file feature. It is disabled by default. Secondly, you can
"protect" variable names.

Let us assume, you have a hidden "%TOP_SECRET_UNLOCK_VAR% variable name that
unlocks specific features based on a license key. In the attached
screenshot, the variable name of this protected variable can't be changed
from a response file.

Friedrich

Thanks Friedrich.

>
>But here comes the interesting part. First of all, you have to ENABLE the
>response file feature. It is disabled by default. Secondly, you can
>"protect" variable names.
>
>Let us assume, you have a hidden "%TOP_SECRET_UNLOCK_VAR% variable name that
>unlocks specific features based on a license key. In the attached
>screenshot, the variable name of this protected variable can't be changed
>from a response file.

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes