Squirrel installers race for SquirrelTemp resulting in bad installations

[riverar]

Squirrel version(s) squirrel.windows.2.0.1 and possibly others

Description Squirrel uses %localappdata%\SquirrelTemp for various servicing tasks. Squirrel seems to allow simultanous installations to occur yet does not silo the temporary folder on a per-app basis. This appears to result in races for files in the temporary folder and can result in incorrect installations of various applications, wrong shortcuts, incorrect schema launches, etc. These installations are very difficult to repair and detremential to the user experience.

I believe this meets the bug bar for resolution under the Focus on the User Experience principle (https://github.com/Squirrel/Squirrel.Windows/issues/1470#issuecomment-486410297) and the product's tag line Squirrel: It's like ClickOnce but Works™.

Steps to recreate I highly recommend the use of a virtual machine or Windows Sandbox.

1. Download Teams_windows_x64.exe from https://statics.teams.microsoft.com/production-windows-x64/1.6.00.6754/Teams_windows_x64.exe
2. Download Scenario.zip (attached here) scenario.zip
3. Extract Scenario.zip to a temporary location and move Teams_windows_x64.exe into this location so all three files are side-by-side
4. Execute scenario.cmd and wait until completion
5. Run ms-settings:installed-apps or navigate to Settings > Apps > Installed Apps
6. Observe the included demo app with publisher Rafael is associated with Microsoft Teams
7. Open Start and type myapp to begin a search.
8. Observe the included demo app has incorrect shortcuts

Tip: Alternatively, you can shorten the timeout and remove the process kill to demonstrate a real race. But results may vary across machine speeds.

Screenshots

Expected behavior It should not be possible for Squirrel apps to read from or write over each other

Actual behavior Squirrel apps compete for the temporary folder and behave indeterminately

Proposal Use a product-specific (or randomly generated) path to silo apps from each other.

[anaisbetts]

While this is still a bug, MS Teams uses a forked, private copy of Squirrel that has several known bugs (some of which were self-inflicted) and we can do nothing to fix them

[riverar]

Interesting. Would the proposed silos at least shield the community from Teams and other apps using outdated Squirrel code? Or is this a set of unrelated issues?

[anaisbetts]

A quick review of the code that I wrote ~9 years ago seems to indicate that this is not super easy because of how early in the process we are, though the "randomly generated" strategy might work. I'm.....not sure why I didn't do that in the first place actually! Probably because I was trying to make the C++ section of this code As Small As Possible

The other places we use SquirrelTemp during the update process, we actually already use the "generate a unique empty subdirectory" strategy

[anaisbetts]

@robmen ^^ a Good Idea, this should fix some of the issues that people have around machine-wide installers stepping on each other

[robmen]

Yeah. I'm finally getting to the end of my WiX v4 saga and should finally have some mental energy for Squirrel.

[gwenchailleu]

Hello, With several colleagues from my company, we chose squirrel to replace clikonce for the deployment of our products. While coding a new application I came across #1853. Do you think our help in resolving it would be useful to you? We could make correction proposals in the coming months... Or do you prefer to keep your hands on this subject?