Manifest file

From Wikipedia, the free encyclopedia

A manifest file in computing is a file containing metadata for a group of accompanying files that are part of a set or coherent unit. For example, the files of a computer program may have a manifest describing the name, version number, license and the constituent files of the program.[1]

The term is borrowed from a cargo shipping procedure, where a ship manifest would list the crew and/or cargo of a vessel.

Package manifest[edit]

Linux distributions rely heavily on package management systems for distributing software. In this scheme, a package is an archive file containing a manifest file. The primary purpose is to enumerate the files which are included in the distribution, either for processing by various packaging tools or for human consumption. Manifests may contain additional information; for example, in JAR (a package format for delivering software written in Java programming language), they can specify a version number and an entry point for execution. The manifest may optionally contain a cryptographic hash or checksum of each file. By creating a cryptographic signature for such a manifest file, the entire contents of the distribution package can be validated for authenticity and integrity, as altering any of the files will invalidate the checksums in the manifest file.

Application and assembly manifest[edit]

In Microsoft Windows, software that relies on Windows Side-by-Side (WinSxS) needs an application manifest, which is an XML document that is either embedded in an executable file or contained in a separate XML file that accompanies it. It bears name, version, trust information, privileges required for execution and dependencies on other components.[2]

An assembly manifest is very similar to an application manifest but describes the identity of components known as "assemblies". These assemblies are referred to in the application manifest.[3]

An example of an application manifest is as follows. This application manifest has two core parts: Security and dependency. The security part says that the application requires "asInvoker" security level; that is, it can be operated at whatever security level it is executed. The dependency part says the application needs a component called "Microsoft.VC90.CRT" with version number "9.0.21022.8".

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
        <!--I am okay with whatever security privilege level-->
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      <!--I need Microsoft Visual C++ 2008 Runtime to run-->
      <assemblyIdentity type='win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b' />

HTML5 cache manifest[edit]

A cache manifest in HTML5 is a plain text file accompanying a web app that helps it run when there is no network connectivity. The caching mechanism reads this file and ensures that its contents are available locally. An HTML5 cache manifest is served with its content type set to "text/cache-manifest".[4]

Example of a cache manifest:



  1. ^ Ashwin (2022-08-01). "Researchers discover HiddenAds malware in a dozen Android apps that were distributed on the Google Play Store". G Hacks. Retrieved 2022-08-19. This Directory class contains special metadata in a manifest file. This data can be recognized by the Contact Provider, which developers can use to create a custom directory, and to transfer data between the device and online services.
  2. ^ "Application Manifests". Side-by-side Assemblies Reference. Microsoft. Retrieved 23 December 2015.
  3. ^ "Assembly Manifests". Side-by-side Assemblies Reference. Microsoft. Retrieved 23 December 2015.
  4. ^ "7.7 Offline Web applications". HTML Standard. W3C. 22 December 2015.