Explicit select SHA256 for code signing on windows

[daschuer]

This fixes the following error message:

SignTool Error: No file digest algorithm specified. Please specify the digest algorithm with the /fd flag. Using /fd SHA256 is recommended and more secure than SHA1. Calling signtool with /fd sha1 is equivalent to the previous behavior. In order to select the hash algorithm used in the signing certificate's signature, use the /fd certHash option. 

This restores the original behavior as a band aid. I have no clue what it means to switch to the recommended /fd SHA256

[Swiftb0y]

IMO its just a change in hash strength. Changing it to the more secure sha256 should make no difference IMO. Do we hardcode the hashes somewhere else?

[daschuer]

We can just give it a try. I will add a commit on top of this for SHA256 merge it and ask a windows user if anything it wrong. In case yes, quickly revert. Unfortunately we need to do this in main because of the secrets.

[Swiftb0y]

Does it really have to be on main? Can't we just quickly create a different branch based on main in the mixxx repo?

[Swiftb0y]

https://github.com/mixxxdj/mixxx/tree/signtool_sha256

[Swiftb0y]

we also need to specify the timestamp digest algorithm.
See the note at the top of the page: https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool

[Swiftb0y]

I'm actually not sure about that anymore. We don't actually timestamp the build right now. I don't know what the purpose of that would be.

[Swiftb0y]

Nevermind, we aren't timestamping the build right now anyways.

[Swiftb0y]

You also need to set the timestamp digest algorithm
d600361
https://github.com/mixxxdj/mixxx/runs/7031560221

The build succeeded but it doesn't actually do any timestamping because we didn't specify /t.If we do specify the timestamp server, the build fails because the timestamp url is invalid?!?

[daschuer]

Closed in favor of #4824