From b2124499c76740c60181f0fc9f04220195e4ed22 Mon Sep 17 00:00:00 2001
From: Juan Cruz Viotti <jviotti@openmailbox.org>
Date: Thu, 1 Dec 2016 10:59:26 -0400
Subject: [PATCH] chore: extract code-signing logic from `windows.bat` to
 `sign.bat` (#911)

Signed-off-by: Juan Cruz Viotti <jviotti@openmailbox.org>
---
 scripts/build/windows.bat | 32 ++++++--------------
 scripts/windows/sign.bat  | 64 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+), 22 deletions(-)
 create mode 100644 scripts/windows/sign.bat

diff --git a/scripts/build/windows.bat b/scripts/build/windows.bat
index b410fbcf..fa47201d 100644
--- a/scripts/build/windows.bat
+++ b/scripts/build/windows.bat
@@ -22,7 +22,6 @@ set output_build_directory=etcher-release
 set output_directory=%output_build_directory%\installers
 set certificate_file=certificate.p12
 set certificate_pass=1234
-set timestamp_server_url=http://timestamp.comodoca.com
 
 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 :: Validate arguments
@@ -67,13 +66,6 @@ if %ERRORLEVEL% neq 0 (
   exit /b 1
 )
 
-:: Check that signtool is installed.
-where signtool >nul 2>nul
-if %ERRORLEVEL% neq 0 (
-  echo Dependency missing: signtool 1>&2
-  exit /b 1
-)
-
 :: Check that makensis is installed.
 where makensis >nul 2>nul
 if %ERRORLEVEL% neq 0 (
@@ -202,13 +194,11 @@ call asar pack %package_output%\resources\app %package_output%\resources\app.asa
  --unpack "{*.dll,*.node}"
 call rimraf %package_output%\resources\app
 
-signtool sign^
- /t %timestamp_server_url%^
- /d "%application_name% - %etcher_version%"^
- /f %certificate_file%^
- /p %certificate_pass%^
- %package_output%\Etcher.exe
-signtool verify /pa /v %package_output%\Etcher.exe
+call scripts\windows\sign.bat^
+ -c %certificate_file%^
+ -p %certificate_pass%^
+ -f %package_output%\Etcher.exe^
+ -d "%application_name% - %etcher_version%"
 
 upx -9 %package_output%\*.dll
 
@@ -231,10 +221,8 @@ mkdir "%output_directory%"
 move "%installer_tmp_output%\%application_name% Setup.exe" "%installer_output%"
 rd /s /q "%installer_tmp_output%"
 
-signtool sign^
- /t %timestamp_server_url%^
- /d "%application_name% - %etcher_version%"^
- /f %certificate_file%^
- /p %certificate_pass%^
- %installer_output%
-signtool verify /pa /v %installer_output%
+call scripts\windows\sign.bat^
+ -c %certificate_file%^
+ -p %certificate_pass%^
+ -f %installer_output%^
+ -d "%application_name% - %etcher_version%"
diff --git a/scripts/windows/sign.bat b/scripts/windows/sign.bat
new file mode 100644
index 00000000..a438e069
--- /dev/null
+++ b/scripts/windows/sign.bat
@@ -0,0 +1,64 @@
+@echo on
+setlocal EnableDelayedExpansion
+
+:ParameterLoop
+if x%1 equ x goto :ParameterDone
+set parameter=%1
+if %parameter:~0,1% equ - goto CheckParameter
+:Usage
+echo Usage: %0
+echo.
+echo Options
+echo.
+echo     -c ^<certificate file (.p12)^>
+echo     -p ^<certificate password^>
+echo     -f ^<executable file (.exe)^>
+echo     -d ^<signature description^>
+exit /b 1
+:NextParameter
+shift /1
+goto ParameterLoop
+:CheckParameter
+if "%1" equ "-c" goto ARGV_C
+if "%1" equ "-p" goto ARGV_P
+if "%1" equ "-f" goto ARGV_F
+if "%1" equ "-d" goto ARGV_D
+goto Usage
+:ARGV_C
+  shift /1
+  set argv_certificate=%1
+  goto NextParameter
+:ARGV_P
+  shift /1
+  set argv_password=%1
+  goto NextParameter
+:ARGV_F
+  shift /1
+  set argv_file=%1
+  goto NextParameter
+:ARGV_D
+  shift /1
+  set argv_description=%1
+  goto NextParameter
+:ParameterDone
+
+if not defined argv_certificate (goto Usage)
+if not defined argv_password (goto Usage)
+if not defined argv_file (goto Usage)
+if not defined argv_description (goto Usage)
+
+:: Check that signtool is installed.
+where signtool >nul 2>nul
+if %ERRORLEVEL% neq 0 (
+  echo Dependency missing: signtool 1>&2
+  exit /b 1
+)
+
+signtool sign^
+ /t http://timestamp.comodoca.com^
+ /d %argv_description%^
+ /f %argv_certificate%^
+ /p %argv_password%^
+ %argv_file%
+
+signtool verify /pa /v %argv_file%