NSIS !finalize 捕获错误
NSIS !finalize catch error
如果 !finalize 没有成功签署 OUTFILE,我正在尝试捕获错误。
在我的研究中,我发现通过阅读这个 NSIS closed/fixed SourceForge 错误 #1148 可以检查 return 错误代码;对于不成功的 return.
,基本上除了 0 以外的任何东西
所以我实际上想要完成的是我希望能够检查 !finalize 是否不成功;在这种特殊情况下,这很可能是因为用户无法访问互联网,因为我让它首先使用时间戳服务,如果不是,则在不使用时间戳的情况下签署 OUTFILE。
这是我当前使用 !finalize 指令的逻辑:
!define TimestampSHA1
!define TimestampSHA256
!define CERT `Contrib\crt${DEVELOPER}.${CERT_EXT}`
!define SIGN `Contrib\bin\signtool.exe`
!define CMD `"${SIGN}" sign /f "${CERT}" /p ""`
!define SHA1 `${CMD} /t "${TimestampSHA1}" /v "${PACKAGE}${OUTFILE}"`
!define SHA256 `${CMD} /fd sha256 /tr "${TimestampSHA256}" /td sha256 /as /v "${PACKAGE}${OUTFILE}"`
#
# There's a lot more Timestamp services for this next
# !if/!else conditional check but I kept it short
# and sweet as I'm only sharing what's necessary.
#
!if "${TIMESTAMP_SVC}" == "Comodo"
!define /REDEF TimestampSHA1 "http://timestamp.comodoca.com"
!define /REDEF TimestampSHA256 "http://timestamp.comodoca.com/?td=sha256"
!else if "${TIMESTAMP_SVC}" == "Verisign"
!define /REDEF TimestampSHA1 "http://timestamp.verisign.com/scripts/timstamp.dll"
!define /REDEF TimestampSHA256 "http://sha256timestamp.ws.symantec.com/sha256/timestamp"
!endif
#
# Sign only if we can locate the certificate..
#
!if /FileExists "${CERT}"
!ifdef TIMESTAMP_SVC
#
# Sign using dual signature hashing
# algorithm standards (SHA256 and SHA1)
# along with a timestamping service.
#
!finalize `${SHA1}`
!finalize `${SHA256}`
#
# TODO: Figure out how to catch an error or
# an unsuccessful signing in order to sign
# OUTFILE without using a timestamp.
#
# The following is just me theoretically
# coding as I cannot figure out how to check
# the return of 'signtool.exe'
#
!if ! "${ERRORLEVEL}" == 0
!finalize `${CMD} /v "%1"`
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"`
!endif
!else
#
# If we're here than the end-user didn't
# declare a timestamping service so we'll
# sign it without giving it a timestamp.
#
!finalize `${CMD} /v "%1"`
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"`
!endif
!else # Cannot find the certificate..
!warning "Cannot find a certificate to code sign with. Please \
check the spelling and/or the path to your certificate \
are correct and recompile to sign ${OUTFILE}!"
!endif
我很清楚 !finalize 上的文档显示了使用 .bat 脚本的示例,但我想避免这样做,因为我已经掌握了逻辑使用 NSIS 到位。
有人可以帮帮我吗?
!finalize 发生在可执行文件生成完成之后。这样 !if ! "${ERRORLEVEL}" == 0 实际上会在您的命令执行之前进行评估。您可以让整个脚本失败:
!finalize `${CMD} /v "%1"` = 0
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"` = 0
如果你也想尝试在没有时间戳的情况下辞职,创建一个处理所有这些逻辑的批处理文件并使用 !finalize.
调用该文件可能会更容易
如果 !finalize 没有成功签署 OUTFILE,我正在尝试捕获错误。
在我的研究中,我发现通过阅读这个 NSIS closed/fixed SourceForge 错误 #1148 可以检查 return 错误代码;对于不成功的 return.
,基本上除了0 以外的任何东西
所以我实际上想要完成的是我希望能够检查 !finalize 是否不成功;在这种特殊情况下,这很可能是因为用户无法访问互联网,因为我让它首先使用时间戳服务,如果不是,则在不使用时间戳的情况下签署 OUTFILE。
这是我当前使用 !finalize 指令的逻辑:
!define TimestampSHA1
!define TimestampSHA256
!define CERT `Contrib\crt${DEVELOPER}.${CERT_EXT}`
!define SIGN `Contrib\bin\signtool.exe`
!define CMD `"${SIGN}" sign /f "${CERT}" /p ""`
!define SHA1 `${CMD} /t "${TimestampSHA1}" /v "${PACKAGE}${OUTFILE}"`
!define SHA256 `${CMD} /fd sha256 /tr "${TimestampSHA256}" /td sha256 /as /v "${PACKAGE}${OUTFILE}"`
#
# There's a lot more Timestamp services for this next
# !if/!else conditional check but I kept it short
# and sweet as I'm only sharing what's necessary.
#
!if "${TIMESTAMP_SVC}" == "Comodo"
!define /REDEF TimestampSHA1 "http://timestamp.comodoca.com"
!define /REDEF TimestampSHA256 "http://timestamp.comodoca.com/?td=sha256"
!else if "${TIMESTAMP_SVC}" == "Verisign"
!define /REDEF TimestampSHA1 "http://timestamp.verisign.com/scripts/timstamp.dll"
!define /REDEF TimestampSHA256 "http://sha256timestamp.ws.symantec.com/sha256/timestamp"
!endif
#
# Sign only if we can locate the certificate..
#
!if /FileExists "${CERT}"
!ifdef TIMESTAMP_SVC
#
# Sign using dual signature hashing
# algorithm standards (SHA256 and SHA1)
# along with a timestamping service.
#
!finalize `${SHA1}`
!finalize `${SHA256}`
#
# TODO: Figure out how to catch an error or
# an unsuccessful signing in order to sign
# OUTFILE without using a timestamp.
#
# The following is just me theoretically
# coding as I cannot figure out how to check
# the return of 'signtool.exe'
#
!if ! "${ERRORLEVEL}" == 0
!finalize `${CMD} /v "%1"`
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"`
!endif
!else
#
# If we're here than the end-user didn't
# declare a timestamping service so we'll
# sign it without giving it a timestamp.
#
!finalize `${CMD} /v "%1"`
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"`
!endif
!else # Cannot find the certificate..
!warning "Cannot find a certificate to code sign with. Please \
check the spelling and/or the path to your certificate \
are correct and recompile to sign ${OUTFILE}!"
!endif
我很清楚 !finalize 上的文档显示了使用 .bat 脚本的示例,但我想避免这样做,因为我已经掌握了逻辑使用 NSIS 到位。
有人可以帮帮我吗?
!finalize 发生在可执行文件生成完成之后。这样 !if ! "${ERRORLEVEL}" == 0 实际上会在您的命令执行之前进行评估。您可以让整个脚本失败:
!finalize `${CMD} /v "%1"` = 0
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"` = 0
如果你也想尝试在没有时间戳的情况下辞职,创建一个处理所有这些逻辑的批处理文件并使用 !finalize.