NSIS!敲定捕获错误

时间:2018-01-12 18:50:41

标签: nsis

如果!finalize没有成功签署OUTFILE,我试图发现错误。

在我的研究中,我发现通过阅读这个NSIS封闭/修复的SourceForge错误#1148,我可以检查返回错误代码;除了0以外,其他任何事情都不成功。

所以我实际想要完成的是我希望能够检查!finalize是否不成功;在这种特殊情况下,很可能是因为用户无法访问互联网,因为我首先使用时间戳服务,如果没有使用时间戳,则不使用时间戳。

这是我使用!finalize指令的当前逻辑:

!define TimestampSHA1
!define TimestampSHA256
!define CERT    `Contrib\crt\${DEVELOPER}.${CERT_EXT}`
!define SIGN    `Contrib\bin\signtool.exe`
!define CMD     `"${SIGN}" sign /f "${CERT}" /p ""`
!define SHA1    `${CMD} /t "${TimestampSHA1}" /v "${PACKAGE}\${OUTFILE}"`
!define SHA256  `${CMD} /fd sha256 /tr "${TimestampSHA256}" /td sha256 /as /v "${PACKAGE}\${OUTFILE}"`

#
# There's a lot more Timestamp services for this next
# !if/!else conditional check but I kept it short
# and sweet as I'm only sharing what's necessary. 
#
!if "${TIMESTAMP_SVC}" == "Comodo"

    !define /REDEF TimestampSHA1 "http://timestamp.comodoca.com"
    !define /REDEF TimestampSHA256 "http://timestamp.comodoca.com/?td=sha256"

!else if "${TIMESTAMP_SVC}" == "Verisign"

    !define /REDEF TimestampSHA1 "http://timestamp.verisign.com/scripts/timstamp.dll"
    !define /REDEF TimestampSHA256 "http://sha256timestamp.ws.symantec.com/sha256/timestamp"

!endif

#
# Sign only if we can locate the certificate..
#
!if /FileExists "${CERT}"


    !ifdef TIMESTAMP_SVC
        #
        # Sign using dual signature hashing 
        # algorithm standards (SHA256 and SHA1)
        # along with a timestamping service.
        #
        !finalize `${SHA1}`
        !finalize `${SHA256}`
        #
        # TODO: Figure out how to catch an error or
        # an unsuccessful signing in order to sign
        # OUTFILE without using a timestamp.
        #
        # The following is just me theoretically 
        # coding as I cannot figure out how to check
        # the return of 'signtool.exe'
        #
        !if ! "${ERRORLEVEL}" == 0

            !finalize `${CMD} /v "%1"`
            !finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"`

        !endif

    !else 

        #
        # If we're here than the end-user didn't 
        # declare a timestamping service so we'll
        # sign it without giving it a timestamp.
        #
        !finalize `${CMD} /v "%1"`
        !finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"`

    !endif

!else # Cannot find the certificate..

    !warning "Cannot find a certificate to code sign with. Please \
              check the spelling and/or the path to your certificate \
              are correct and recompile to sign ${OUTFILE}!"

!endif

我非常了解!finalize上的文档,其中显示了使用.bat脚本的示例,但我希望避免这样做,因为我已经已经使用NSIS获得了逻辑。

有人可以帮助我吗?

1 个答案:

答案 0 :(得分:2)

在可执行文件生成完成后发生

!finalize。这样在您的命令执行之前,!if ! "${ERRORLEVEL}" == 0实际上将被评估。您可以使整个脚本失败:

!finalize `${CMD} /v "%1"` = 0
!finalize `${CMD} /fd sha256 /td sha256 /as /v "%1"` = 0

如果您还想尝试在没有时间戳的情况下辞职,可能更容易创建一个处理所有这些逻辑的批处理文件,并使用!finalize调用该文件。

相关问题
最新问题