chore: extract code-signing logic from windows.bat to sign.bat (#911)

Signed-off-by: Juan Cruz Viotti <jviotti@openmailbox.org>

scripts/build/windows.bat

@@ -22,7 +22,6 @@ set output_build_directory=etcher-release
 set output_directory=%output_build_directory%\installers
 set certificate_file=certificate.p12
 set certificate_pass=1234
-set timestamp_server_url=http://timestamp.comodoca.com
 
 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 :: Validate arguments
@@ -67,13 +66,6 @@ if %ERRORLEVEL% neq 0 (
   exit /b 1
 )
 
-:: Check that signtool is installed.
-where signtool >nul 2>nul
-if %ERRORLEVEL% neq 0 (
-  echo Dependency missing: signtool 1>&2
-  exit /b 1
-)
-
 :: Check that makensis is installed.
 where makensis >nul 2>nul
 if %ERRORLEVEL% neq 0 (
@@ -202,13 +194,11 @@ call asar pack %package_output%\resources\app %package_output%\resources\app.asa
  --unpack "{*.dll,*.node}"
 call rimraf %package_output%\resources\app
 
-signtool sign^
+call scripts\windows\sign.bat^
- /t %timestamp_server_url%^
+ -c %certificate_file%^
- /d "%application_name% - %etcher_version%"^
+ -p %certificate_pass%^
- /f %certificate_file%^
+ -f %package_output%\Etcher.exe^
- /p %certificate_pass%^
+ -d "%application_name% - %etcher_version%"
- %package_output%\Etcher.exe
-signtool verify /pa /v %package_output%\Etcher.exe
 
 upx -9 %package_output%\*.dll
 
@@ -231,10 +221,8 @@ mkdir "%output_directory%"
 move "%installer_tmp_output%\%application_name% Setup.exe" "%installer_output%"
 rd /s /q "%installer_tmp_output%"
 
-signtool sign^
+call scripts\windows\sign.bat^
- /t %timestamp_server_url%^
+ -c %certificate_file%^
- /d "%application_name% - %etcher_version%"^
+ -p %certificate_pass%^
- /f %certificate_file%^
+ -f %installer_output%^
- /p %certificate_pass%^
+ -d "%application_name% - %etcher_version%"
- %installer_output%
-signtool verify /pa /v %installer_output%

scripts/windows/sign.bat

@@ -0,0 +1,64 @@
+@echo on
+setlocal EnableDelayedExpansion
+
+:ParameterLoop
+if x%1 equ x goto :ParameterDone
+set parameter=%1
+if %parameter:~0,1% equ - goto CheckParameter
+:Usage
+echo Usage: %0
+echo.
+echo Options
+echo.
+echo     -c ^<certificate file (.p12)^>
+echo     -p ^<certificate password^>
+echo     -f ^<executable file (.exe)^>
+echo     -d ^<signature description^>
+exit /b 1
+:NextParameter
+shift /1
+goto ParameterLoop
+:CheckParameter
+if "%1" equ "-c" goto ARGV_C
+if "%1" equ "-p" goto ARGV_P
+if "%1" equ "-f" goto ARGV_F
+if "%1" equ "-d" goto ARGV_D
+goto Usage
+:ARGV_C
+  shift /1
+  set argv_certificate=%1
+  goto NextParameter
+:ARGV_P
+  shift /1
+  set argv_password=%1
+  goto NextParameter
+:ARGV_F
+  shift /1
+  set argv_file=%1
+  goto NextParameter
+:ARGV_D
+  shift /1
+  set argv_description=%1
+  goto NextParameter
+:ParameterDone
+
+if not defined argv_certificate (goto Usage)
+if not defined argv_password (goto Usage)
+if not defined argv_file (goto Usage)
+if not defined argv_description (goto Usage)
+
+:: Check that signtool is installed.
+where signtool >nul 2>nul
+if %ERRORLEVEL% neq 0 (
+  echo Dependency missing: signtool 1>&2
+  exit /b 1
+)
+
+signtool sign^
+ /t http://timestamp.comodoca.com^
+ /d %argv_description%^
+ /f %argv_certificate%^
+ /p %argv_password%^
+ %argv_file%
+
+signtool verify /pa /v %argv_file%