Hi Friedrich,

Sometimes the code signing process fails on one of the files or on the
install/uninstall. It's always seems to be just one item (I code sign
several files when building BA) but may or may not be the same item that
fails. The code signing process returns 1 for both the SHA1 and SHA2.
I have gone over all the #codesign items and they are all 100%
identical. My _guess_ is that for some reason it can't connect to the
time stamp server and fails. Usually I can just re-run the install
build items and they complete without errors. Is there some way to set
a timeout for the code signing so that it will try to connect for x
number of seconds in case it can't connect?

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Arnor Baldvinsson,

> a timeout for the code signing so that it will try to connect for x
> number of seconds in case it can't connect?

And a retry count would be nice too. How 'bout it Santa?!<g>

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
And, now, Windows 10 brings us "The Inch Worm, Bumper Car of Wait!"

Loop 1000 times
end

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

Grammar troll's, are the worse.

Hi Lee,

> And a retry count would be nice too. How 'bout it Santa?!<g>

Yes and perhaps if it fails, give some more information? Single 0 or 1
just don't cover much;)

I'm pretty sure it's timing out or not connecting or something. I don't
have as reliable connection here in the office as I did from my home
office, and I have noticed this more since I moved the office. It
doesn't happen always, maybe 1 in 10 builds, maybe bit more, not sure.
I just had it happen today on one file but the ones before and after
were OK.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

You could probably make your own loop to do that, Arnor, using compiler
directives.

Use the #get file info to check for Verify Trust
set #code-sign application to skip if already signed
use #sleep to pause a couple of seconds before retrying.

Or you could nag Friedrich <g>

jf

Hi Jane,

> You could probably make your own loop to do that, Arnor, using
> compiler directives.
>
> Use the #get file info to check for Verify Trust
> set #code-sign application to skip if already signed
> use #sleep to pause a couple of seconds before retrying.
>
> Or you could nag Friedrich <g>

I have had this happen when code signing the installer itself, so I'm
not sure how I could handle that unless I code signed it from BA.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Arnor,

>> Or you could nag Friedrich <g>
>
> I have had this happen when code signing the installer itself, so
> I'm not sure how I could handle that unless I code signed it from
> BA.

From the technical point-of-vie, a "retry" is not possible. If a
code-signing process fails then it leaves back a "damaged" PE Header
structure. In most cases, the protection software blocks access to the
timestamp server. As a result, you already have a signed file but
time-stamping failed. The PE Header structure is (partly) damaged and you
have to re-compile the application to create a fresh one.

Friedrich

Another interesting link:

http://www.lindersoft.com/forums/showthread.php?46833

Friedrich

Friedrich,

Could SB copy the file that is being signed to a temporary file and
then if it fails, it could copy that file back to try again. If
signing goes well, then the temp file just gets deleted.

I know it would slow down the overall process, so might make it an
option but would sure save a lot of time when the signing fails.

Barton

Hi Barton,

> Could SB copy the file that is being signed to a temporary file and
> then if it fails, it could copy that file back to try again. If
> signing goes well, then the temp file just gets deleted.
>
> I know it would slow down the overall process, so might make it an
> option but would sure save a lot of time when the signing fails.

Yes, if you do NOT enable the "Permanent" option in the compiler directive.
But this might cause even more problems with anti-virus and anti-spyware
systems. AV apps don't like such a copy and binary contents manipulation
(Authenticode code-signing).

Friedrich

Good point<bg>!

Barton Whisler
(retired<g>)

>The PE Header structure is (partly) damaged and you
>have to re-compile the application to create a fresh one.

Thats why I always work with copies!

If a code-signing failed, I alway replace it with a good copy.

And I never combine code-signing with generating a SETUP.

I code-sign my binary files with a separate SB-script before. One other reason
for this is, that I generate several different installers (different logo,
different country, different language, different distributor) from the same set
of data.

Wolfgang

+10000000

Best regards,
Jeffrey

Jeffrey,

>
> +10000000
>

Absolutely no problem. It's a built-in feature. Just disable the
"Permanent" option and it will create a temporary backup copy.

Friedrich

Hi Friedrich,

I have disabled this option, but I have noticed that when code signing
fails, the source dll (that failed to be codesigned) has been "affected"
with a new current date/time. So I lost my original dll in this case.

Best regards,
Jeffrey

Hi Friedrich,

> Another interesting link:
>
> http://www.lindersoft.com/forums/showthread.php?46833

Thanks. I _think_ I could do something in BA to check for this and
perhaps try to execute the script again if it fails on the code signing
process. It's not a big deal, but if it had been easy to add an option
to repeat the process in SB that would have been nice.

In my production I always work with copies of everything. All
development is done in a Drive:\Dev\ProductName folder and deployment in
Drive:\Products\ProductName\Latest folder ("Latest" folder is copied to
"Version_version_number" before copying anything new in) This way I
never, ever get things messed up and BA takes care of all copying of
files, setting up all version information (source files, .version files,
SB installers)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC