Manifest file

Last updated

In computer programming, a manifest file is a file containing metadata for a group of accompanying files that are part of a set or coherent unit. For example, the files of a computer program may have a manifest describing the name, version number, license and the constituent files of the program. [1] The term "manifest" is borrowed from a cargo shipping procedure, where a ship manifest would list the crew and/or cargo of a vessel.

Contents

Manifest files are similar in nature to declaration files in that both specify the expected structure of a computer program to be consumed by another computer program, providing additional information that allow system software, software-defined tools (e.g., compilers, linters), development environments, or other developers to understand how to interact with certain resources or code. Unlike declaration files, manifests do this in different ways and for different purposes. For instance, manifest files describe things like dependencies, permissions, or runtime settings that control the execution of code. Declaration files describe the structure of code (such as types, interfaces, or functions) to control the translation of code, support static type-checking, and enable convenient features like autocompletion and automatic code refactoring.

Build systems and operating systems may use manifest files to understand how to set up, execute, or integrate a computer program into an existing system. Furthermore, while manifest files focus on project-level or system-level information (like runtime settings or dependencies), declaration files focus on code-level details (like the types or signatures of functions and objects).

Types

Package manifest

Linux distributions rely heavily on package management systems for distributing software. In this scheme, a package is an archive file containing a manifest file. The primary purpose is to enumerate the files which are included in the distribution, either for processing by various packaging tools or for human consumption. Manifests may contain additional information; for example, in JAR (a package format for delivering software written in Java programming language), they can specify a version number and an entry point for execution. The manifest may optionally contain a cryptographic hash or checksum of each file. By creating a cryptographic signature for such a manifest file, the entire contents of the distribution package can be validated for authenticity and integrity, as altering any of the files will invalidate the checksums in the manifest file.

Application and assembly manifest

In Microsoft Windows, software that relies on Windows Side-by-Side (WinSxS) needs an application manifest, which is an XML document that is either embedded in an executable file or contained in a separate XML file that accompanies it. It bears name, version, trust information, privileges required for execution and dependencies on other components. [2]

An assembly manifest is very similar to an application manifest but describes the identity of components known as "assemblies". These assemblies are referred to in the application manifest. [3]

An example of an application manifest is as follows. This application manifest has two core parts: Security and dependency. The security part says that the application requires "asInvoker" security level; that is, it can be operated at whatever security level it is executed. The dependency part says the application needs a component called "Microsoft.VC90.CRT" with version number "9.0.21022.8".

<?xml version='1.0' encoding='UTF-8' standalone='yes'?><assemblyxmlns='urn:schemas-microsoft-com:asm.v1'manifestVersion='1.0'><trustInfoxmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><!--I am okay with whatever security privilege level--><requestedExecutionLevellevel='asInvoker'uiAccess='false'/></requestedPrivileges></security></trustInfo><dependency><dependentAssembly><!--I need Microsoft Visual C++ 2008 Runtime to run--><assemblyIdentitytype='win32'name='Microsoft.VC90.CRT'version='9.0.21022.8'processorArchitecture='x86'publicKeyToken='1fc8b3b9a1e18e3b'/></dependentAssembly></dependency></assembly>

HTML5 cache manifest

A cache manifest in HTML5 is a plain text file accompanying a web app that helps it run when there is no network connectivity. The caching mechanism reads this file and ensures that its contents are available locally. An HTML5 cache manifest is served with its content type set to "text/cache-manifest". [4]

Example of a cache manifest:

CACHE MANIFEST  /test.css /test.js /test.png

Webmanifest

A webmanifest is a JSON file used in progressive web apps to make them easily shareable via a URL, discoverable by a search engines, and alleviates complex installation procedures. Furthermore, PWAs support native app-style interactions and navigation, including being added to home screen, displaying splash screens, etc. [5]

WebExtension manifest

The WebExtension manifest is a file called manifest.json used to configure browser extensionss. The standard is currently in version 3, but version 2 is still supported by gecko-based browsers like Mozilla Firefox.

Related Research Articles

<span class="mw-page-title-main">Package manager</span> Software tools for handling software packages

A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner.

DLL hell is an umbrella term for the complications that arise when one works with dynamic-link libraries (DLLs) used with older Microsoft Windows operating systems, particularly legacy 16-bit editions, which all run in a single memory space. DLL hell can appear in many different ways, wherein affected programs may fail to run correctly, if at all. It is the Windows ecosystem-specific form of the general concept dependency hell.

<span class="mw-page-title-main">JAR (file format)</span> Java archive file format

A JAR file is a package file format typically used to aggregate many Java class files and associated metadata and resources into one file for distribution.

Extensible Application Markup Language is a declarative XML-based language developed by Microsoft for initializing structured values and objects. It is available under Microsoft's Open Specification Promise.

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application or user with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Windows Presentation Foundation (WPF) is a free and open-source user interface framework for Windows-based desktop applications. WPF applications are based in .NET, and are primarily developed using C# and XAML.

WebSphere Application Server (WAS) is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java-based web applications. It is the flagship product within IBM's WebSphere software suite. It was initially created by Donald F. Ferguson, who later became CTO of Software for Dell. The first version was launched in 1998. This project was an offshoot from IBM HTTP Server team starting with the Domino Go web server.

<span class="mw-page-title-main">ClickOnce</span>

ClickOnce is a component of Microsoft .NET Framework 2.0 and later, and supports deploying applications made with Windows Forms or Windows Presentation Foundation. It is similar to Java Web Start for the Java Platform or Zero Install for Linux.

In software engineering, a WAR file is a file used to distribute a collection of JAR-files, JavaServer Pages, Java Servlets, Java classes, XML files, tag libraries, static web pages and other resources that together constitute a web application.

<span class="mw-page-title-main">User Account Control</span> Security software

User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it.

The Open Packaging Conventions (OPC) is a container-file technology initially created by Microsoft to store a combination of XML and non-XML files that together form a single entity such as an Open XML Paper Specification (OpenXPS) document. OPC-based file formats combine the advantages of leaving the independent file entities embedded in the document intact and resulting in much smaller files compared to normal use of XML.

Microsoft Application Virtualization is an application virtualization and application streaming solution from Microsoft. It was originally developed by Softricity, a company based in Boston, Massachusetts, acquired by Microsoft on July 17, 2006. App-V represents Microsoft's entry to the application virtualization market, alongside their other virtualization technologies such as Hyper-V, Microsoft User Environment Virtualization (UE-V), Remote Desktop Services, and System Center Virtual Machine Manager.

Turbo is a set of software products and services developed by the Code Systems Corporation for application virtualization, portable application creation, and digital distribution. Code Systems Corporation is an American corporation headquartered in Seattle, Washington, and is best known for its Turbo products that include Browser Sandbox, Turbo Studio, TurboServer, and Turbo.

The Android Package with the file extension apk is the file format used by the Android operating system, and a number of other Android-based operating systems for distribution and installation of mobile apps, mobile games and middleware. A file using this format can be built from source code written in either Java or Kotlin.

<span class="mw-page-title-main">EPUB</span> E-book format

EPUB is an e-book file format that uses the ".epub" file extension. The term is short for electronic publication and is sometimes stylized as ePUB. EPUB is supported by many e-readers, and compatible software is available for most smartphones, tablets, and computers. EPUB is a technical standard published by the International Digital Publishing Forum (IDPF). It became an official standard of the IDPF in September 2007, superseding the older Open eBook (OEB) standard.

Side-by-side assembly technology is a standard for executable files in Windows 98 Second Edition, Windows 2000, and later versions of Windows that attempts to alleviate problems that arise from the use of dynamic-link libraries (DLLs) in Microsoft Windows. Such problems include version conflicts, missing DLLs, duplicate DLLs, and incorrect or missing registration. In side-by-side, Windows stores multiple versions of a DLL in the %systemroot%\WinSxS directory, and loads them on demand. This reduces dependency problems for applications that include a side-by-side manifest.

<span class="mw-page-title-main">Web Platform Installer</span>

Web Platform Installer was a freeware, closed-source package management system that installs non-commercial development tools and their dependencies that are part of Microsoft Web Platform, including:

<span class="mw-page-title-main">Spring Roo</span> Open-source software tool

Spring Roo is an open-source software tool that uses convention-over-configuration principles to provide rapid application development of Java-based enterprise software. The resulting applications use common Java technologies such as Spring Framework, Java Persistence API, Thymeleaf, Apache Maven and AspectJ. Spring Roo is a member of the Spring portfolio of projects.

<span class="mw-page-title-main">.NET Framework</span> Software platform developed by Microsoft

The .NET Framework is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until being superseded by the cross-platform .NET project. It includes a large class library called Framework Class Library (FCL) and provides language interoperability across several programming languages. Programs written for .NET Framework execute in a software environment named the Common Language Runtime (CLR). The CLR is an application virtual machine that provides services such as security, memory management, and exception handling. As such, computer code written using .NET Framework is called "managed code". FCL and CLR together constitute the .NET Framework.

Microsoft Silverlight is an application framework for writing and running rich web applications that was actively developed and marketed by Microsoft from 2007 to 2012. This is a technical overview of the platform's history.

References

  1. Ashwin (2015-08-01). "Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store". ghacks.net. G Hacks. Retrieved 2015-08-19. This Directory class contains special metadata in a manifest file. This data can be recognized by the Contact Provider, which developers can use to create a custom directory, and to transfer data between the device and online services.
  2. "Application Manifests". Side-by-side Assemblies Reference. Microsoft . Retrieved 23 December 2015.
  3. "Assembly Manifests". Side-by-side Assemblies Reference. Microsoft . Retrieved 23 December 2015.
  4. "7.7 Offline Web applications". HTML Standard. W3C. 22 December 2015.
  5. ""Web App Manifest", Working Draft". "Web App Manifest", Working Draft. W3C. 12 September 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.