Update command

Usage

SignotaurTool.exe update [options]

The update command does not take file parameters. It operates on the tool itself, connecting to a Signotaur server to check and apply updates.

Options

• -s, --sign-server <URL>

  Required. Specifies the URL of the Signotaur server to update from.

• --au, --allow-untrusted

  Allow updates from a Signotaur server that uses an untrusted or invalid TLS/SSL certificate. Use with caution, as it bypasses certificate validation.

• --rf, --retries-on-failure <Count>

  Number of times to retry the update if it fails. This can help in cases of transient network or server issues.

• --um, --update-mode <Mode>

  Specifies the update strategy. Possible values:

  • Version: Always update to every new published version.
  • SourceHash (default): Only update if the hash of the source code differs from the currently installed version, ensuring updates only when the underlying source changes.

• -b, --base-directory <Directory>

  Sets the base directory for resolving relative file paths.

• --encoding <Encoding>

  Specifies the output encoding. Set to one of UTF8, UTF16, OEMCodePage or CodePage### where ### is the number of the code page to use. Defaults to UTF8.

• --theme <Theme>

  Specifies the console colour theme. Options are: General (default, suitable for most consoles), Dark (optimized for dark backgrounds), Light (optimized for light backgrounds), or None (disables colours). The default is General.

• --nc, --no-colour, --no-color

  Disables coloured output entirely. This is useful for CI/CD environments, log files, or systems that don't support ANSI colour codes. Alternatively, you can set the NO_COLOR environment variable to any non-empty value to achieve the same effect (following the no-color.org standard).

• -v, --verbose

  Enables verbose logging for the update operation, providing detailed output of the process, which can be useful for debugging.

• `--nb

  Hides the banner in the output, which may be useful for scripting or logging purposes where you want a clean output.

• --help Displays help information and usage instructions for this command.

Examples

1. Update using the default mode (SourceHash):

   SignotaurTool.exe update --sign-server https://signotaur.example.com
   

2. Always update to every new version:

   SignotaurTool.exe update --sign-server https://signotaur.example.com --update-mode Version
   

3. Retry the update up to 3 times if it fails:

   SignotaurTool.exe update --sign-server https://signotaur.example.com --retries-on-failure 3
   

4. Allow updates from a server with an untrusted certificate (for testing):

   SignotaurTool.exe update --sign-server https://dev-signotaur.local --allow-untrusted
   

Exit Codes

The update command returns the following exit codes. The most common failure is 4 Failure, which covers server-unreachable, download-failed-after-retries, and install-failure scenarios. The "no update available" case is normalised to 0 Success so scripts can run update unconditionally without special-casing it.

• 0 (Success): The update completed successfully, or no update was available (the "no update" case is normalised to Success so scripts can treat it as benign).
• 3 (AccessDenied): Access was denied while downloading or writing the new client executable (E_ACCESSDENIED).
• 4 (Failure): A non-recoverable error occurred during the update process — for example, the server was unreachable, the download failed after retries, or the new executable could not be installed (E_FAIL).
• 6 (InvalidArgument): The --sign-server URI is missing, malformed, or not https (E_INVALIDARG).
• 22 (Malformed): The downloaded update file is malformed or its hash did not match the server-supplied value (CERT_E_MALFORMED).

Typically, a more specific message is displayed before an error exit code is returned.