Issues

Issue #67 new

msi signature check seems to fail on seemingly valid msi files

heng
created an issue

Uploading an MSI file created by distutils is rejected as an 'invalid distribution file' even though it seems to be installable just fine by windows.

I think it is the magic string comparison is failing and raising the error as noted.

The check is '\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x03\x00\xFE\xFF\x09\x00\x06'

The MSI file I have has '\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x04\x00\xFE\xFF\x0C\x00\x06'

The MSI file was created under Windows 7, with several distinct installations of Python (2.7, 3.2, 3.3). I assume the problem is down to an underlying system library, but I'm notably not a windows person.

Attached is one of the problematic msi files.

Comments (9)

  1. heng reporter

    The magic string is configured to reject all but version 3 of msi files (the first differing character). Since version 4 is supported in XP SP3 and above, it doesn't seem wholly unreasonable to allow version 4 files (not that I know what happens if you try to install a version 4 msi file on XP sp2).

    All the references I can find give me the magic bytes for MSI files as only the first 8 bytes of the string above. Is there a reason why a longer string is used?

  2. heng reporter

    Can I suggest that is modded to be '\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1'?

    Do you want me to put that in a pull request?

    To your point, what is the preferred windows distribution format?

  3. p

    I built windows binaries for pycurl and neither msi nor zip versions (matter for another issue) of them are uploadable to pypi.

    For msi, string that pypi apparently wants: '\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>\x00\x03\x00\xfe\xff\t\x00\x06'

    String that I have: '\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>\x00\x04\x00\xfe\xff\x0c\x00\x06'

    My msi files have been generated with vc 2008 (9.0) express on windows 7.

    Either these files should be accepted or distutils should provide some option to force the format to version 3, assuming that is even possible.

    Files in question:

    https://github.com/pycurl/downloads/blob/master/pycurl-7.19.0.2.win32-py2.6.msi https://github.com/pycurl/downloads/blob/master/pycurl-7.19.0.2.win32-py2.7.msi

  4. Thimo Kraemer

    Same problem here. Is it possible to fix this issue?

    Only the first 8 bytes should be checked. Alternatively the second possible byte string should be added.

  5. Richard Jones

    I've fixed the magic number by trimming it down to 8 bytes; this will be live on testpypi.python.org so I'd appreciate if people having issues would test it with their MSI files.

  6. Log in to comment