I’m having a hard time writing this blog, so let me just ask for your prayers again. My wife’s cancer has returned and spread to her liver and lungs.
I was recently reading a blog posted by Andreas Hiltner where they made the complaint:
All of a sudden, InstallShield just died and rendered the whole binary project file useless. 6 hours of work down the drain. Of course we saved early and often, but I did not make backup copies of every single step.
It never fails to amaze me how setup development is treated as a second class development activity and relegated to second class processes. Coding without a version control system and build automation is frankly like jumping out of an airplane without a parachute. You might get away with it for awhile, but eventually you’ll crash into the ground in a horrific way.
The Tao of the Windows Installer Rule # 7 only partially addresses this:
Rule 7: Work On a Copy
“My file server won’t boot and I really need it up and running now!”
“Ok, let’s re-install Windows and restore the data from backup.”
“What backup …?”
Been there? Done that? While losing a single MSI package might not be as disastrous as losing your file server, you really don’t want to start from scratch because of some accidental corruption.
So, always make a copy of your package before you start work, then work on the copy. That way, it is easy to revert to a known good version if the working one becomes corrupt or has other problems you cannot easily correct.
Unfortunatly this rule assumes that you are editing your packages by hand via Orca ( you’ve got to be kidding me ) and that you don’t have any type of project source, project files and build output ( package ). Editing built packages with ORCA would be something like making IL changes to a compiled .NET assembly and then making copies of the assembly as checkpoints. Again, you’ve got to be kidding me.
So what should Andreas have done? First, InstallShield can save it’s project in XML format via a setting in the Product Information section. Second, the project should have been checked into a source control repository from the moment it was created. Third, build automation should have been wired up from the moment that the project was checked into source control. Now you have your parachute and it’s safe to jump out of that perfectly good airplane.
Where I work I have a standard pattern that supports of all my installs. It literally doesn’t take more then 10 minutes to get a first time build going for a new setup project. From there anyone on the team can use TFS Team Build to request an install build. Anyone with InstallShield can also check out the source, make changes, and if desired checkin a shelveset and ask for me to peer review it before committing it to the branch.
Back in my EDS days I spent a couple years on the Continental Airlines account. They were mostly a VB6 shop with a few groups exploring C# on .NET 1.0 and 1.1. I didn’t really know anything about managed code back then. I remember an excited yet sarcastic comment that my manager made about managed code `solving all of our problems`. I couldn’t tell if he was being a fan boy or if he was being sarcastic. Maybe both? I think it was the former since he later mentioned during a team meeting that we should all learn C#. A coworker and I stared at each other and later each other `Why?`. You see, this was an IT group and out of the 20 some people in the room, I don’t think more then 4 of us actually programmed in ANY language. Regardless we continued working in VB6/COM and didn’t think a whole lot else about it. Times were different back then… we owned the entire enterprise so I could actually deliver a prereq package to provide our own framework for CA support. Then our InstallScript CA’s simply had to call the COM interfaces to do our dirty work. Not something I’d do in an ISV environment, but it worked for us.
At my next job I saw exactly how ugly Installer Class custom actions were. For awhile I bought into the `managed code custom actions are evil` hype that is constantly repeated by the same three or four people. Then my new manager announced that I’d be spending a week learning C#/.NET 2.0. For the life of me I really couldn’t understand why I was going to spend a week learning .NET. After all, what possible place could managed code have in Setup after the hell I had just witnessed? In my mind the future was unmanaged Type 1 CA’s written in InstallScript since C++ is just pure hell. I even had an expert C++/C# developer validate that opinion for me.
So I went off and I learned C#/.NET 2.0. Wow, it rocks. Once I really understood it, I came to realize that it could be easily and safely used as a platform for custom actions in MSI. Frankly, C# makes horrific things in C++ look like childs’ play. Take this little quote from the WiX-Users list that I recently read:
I realise that [not using managed code] leaves you with few options, since as far as I can see
the web service is the supported API for doing this. Normally for custom
actions we recommend using unmanaged C++, but web services aren’t at all
easy to use from C++.
Last September I started another job ( I know… I move around a lot ) and I wanted to implement a pattern that took user input and connected to a server to validate the data. I quickly wrote a C# class in VS2003 that was exposed as ComVisible(true) and exposed an interface for passing data to a webservice and returning the result. Then I wired this up using InstallShields CoCreateObjectDotNet() function. This function basically allows invoking ComVisble .NET classes through reflection without actually having to register the COM for interop.
In the countless times this install has been run, I have never seen or heard of this custom action failing, period. Sure, now I have to deploy a .NET framework, but I did anyways because our software requires it.
Now I’ve also heard the argument that our CA could fail one day in the future on a newer version of the .NET framework. After all, in the COM->.NET story the latest version of the CLR is used. When I started this story our application was written in .NET 1.1 and later ported to .NET 2.0 and tested on Vista with .NET 3.0 ( CLR 2.0 ). My CA was built using .NET 1.1 and I’ve never rebuilt it for 2.0. It just works as is on 2.0.
The only advantage that I could give C++ in this story would be faster instantiation and less memory usage. I won’t agree that C++ is any more reliable then C#. In fact I would say that unless you have a very experienced C++ developer who will make sure that all errors are handled and memory properly allocated, free’d and buffers protected from overruns, that C++ could actually be less reliable then C#. I’d also say that unless the forementioned person worked in some third world company for dirt cheap that writing the code in C++ would be more costly then writing it in C#.
So if you have similar needs, I encourage you to explore managed code and not buy into the `managed code is evil and doesn’t belong in setup` myth.