Using Catalog Files
Catalog files specify that a given set of files belongs to the same logical group of files. When more than one distribution unit is required to distribute a component using Internet Component Download, a catalog file can be used to create an association of the required distribution units.
A catalog file contains a list of files and a digest of those files. A digest is a number generated by an algorithm to uniquely identify a given file, like a fingerprint. The digest is used for security/validation purposes.
Catalog files are used to avoid multiple trust dialog boxes when users download software components from the Internet. Trust dialog boxes are modal security warnings that prompt users before software is installed on their computers. The trust dialog box identifies the distributor of the software component and indicates whether the publisher's authenticity has been verified. There is a check box on the trust dialog box that enables users to "Always trust content" from the publisher.
Catalog files are supported by the Internet Component Download service provided by Microsoft Internet Explorer 5 and later. Users with earlier versions of Windows Internet Explorer can also download distribution units that contain catalog files. Their browsers ignore the catalog files and display a trust dialog box for each distribution unit in the software distribution as if no catalog file were present.
The main distribution unit—which contains the catalog file—and the catalog file itself must have valid digital signatures to avoid multiple trust dialog boxes.
- How It's Done
- Related topics
You need the following software to create a catalog file:
MakeCat.exe is one of the CryptoAPI tools that comes with the Windows Software Development Kit (SDK). Place MakeCat.exe in the same path as the distribution units to be included in the distribution. Mscat32.dll is installed with Internet Explorer 5 and later. Its default file location is the System folder in the Windows (or WinNT) directory.
Catalog files prevent multiple trust dialog boxes, making Internet software installation simpler and less confusing for users. Users are asked to accept a trust dialog box for the main distribution unit only. Distribution units associated by a catalog file in the main distribution unit are downloaded and installed without additional trust dialog boxes.
Multiple trust dialog boxes are confusing to users. Users are generally unaware that components are downloaded using multiple distribution units, or that components may be dependent upon other components, so they often feel they are being asked to respond to the same dialog box repeatedly.
Catalog files also reduce the number of keystrokes necessary for a user downloading software components with dependencies. Multiple trust dialog boxes require additional user intervention—clicking Yes on each successive trust dialog box.
Here's a situation where you would want to use a catalog file: Your Web page instantiates an Microsoft ActiveX control. The ActiveX control is packaged with an Open Software Description (OSD) file in a distribution unit. This main distribution unit requires trust verification. But the Open Software Description (OSD) file in the main distribution unit specifies a DEPENDENCY located in another distribution unit. Without a catalog file in the main distribution unit, another trust dialog box will be displayed when the second distribution unit is downloaded.
How It's Done
To create a catalog file, you first author a text file with a .cdf extension (not to be confused with CDF files associated with Channel Definition Format). A .cdf file is a plain text file that is similar to an INF file. The .cdf file contains the name of the target catalog file, as well as a list of name-value pairs identifying the files to be included in the digest. The following is an example .cdf file.
[CatalogHeader] name=example.cat [CatalogFiles] first.cab=first.cab second.cab=second.cab third.cab=third.cab
There are two sections in the example .cdf file. The first section, [CatalogHeader], is used to specify the name of the target catalog file. In this case, the name for the resulting catalog file is "example.cat".
The second section, [CatalogFiles], specifies a list of name-value pairs that identify the files to be included in the catalog. The left-hand side of the "=" sign is a tag that can be an arbitrary string. The right-hand side of the "=" sign is the name of the file the tag identifies. By convention, the tag and the filename are the same. This convention must be followed to take advantage of catalog file support in Internet Explorer.
The files specified in the .cdf file should reside in the same directory as the .cdf file itself. Once the .cdf file is written, a catalog file can be created by running the MakeCat.exe program with the -V parameter:
MAKECAT -V EXAMPLE.CDF
When MakeCat.exe is executed, a catalog file (.cat) is created with the name specified in the .cdf file. Package the catalog file in the main distribution unit and sign the main distribution unit. The catalog file must be digitally signed to avoid multiple trust dialog boxes.