Update Windows code signing

BUILD.md

@@ -152,21 +152,21 @@ Dangerzone uses PyInstaller to turn the python source code into Windows executab
 
 Here's how to compile the PyInstaller bootloader:
 
-Download and install [Microsoft Build Tools for Visual Studio 2019](https://www.visualstudio.com/downloads/#build-tools-for-visual-studio-2019). I downloaded `vs_buildtools__719988613.1603831511.exe`. In the installer, check the box next to "C++ build tools". Click "Individual components", and under "Compilers, build tools and runtimes", check "Windows Universal CRT SDK". Then click install. When installation is done, you may have to reboot your computer.
+Download and install [Microsoft Build Tools for Visual Studio 2022](https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2022). I downloaded `vs_BuildTools.exe`. In the installer, check the box next to "Desktop development with C++". Click "Individual components", and under "Compilers, build tools and runtimes", check "Windows Universal CRT SDK". Then click install. When installation is done, you may have to reboot your computer.
 
 Then, enable the 32-bit Visual C++ Toolset on the Command Line like this:
 
 ```
-cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\VC\Auxiliary\Build"
-vcvars32.bat
+cd 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build'
+.\vcvars32.bat
 ```
 
-Change to a folder where you keep source code, and clone the PyInstaller git repo and checkout the `v4.3` tag:
+Change to a folder where you keep source code, and clone the PyInstaller git repo and checkout the `v4.7` tag:
 
 ```
 git clone https://github.com/pyinstaller/pyinstaller.git
 cd pyinstaller
-git checkout v4.3
+git checkout v4.7
 ```
 
 The next step is to compile the bootloader. We should do this all in dangerzone's poetry shell:
@@ -180,7 +180,7 @@ cd ..\pyinstaller
 Then, compile the bootloader:
 
 ```
-cd bootloader
+cd .\bootloader\
 python waf distclean all --target-arch=32bit --msvc_targets=x86
 cd ..
 ```
@@ -202,8 +202,7 @@ Now the next time you use PyInstaller to build dangerzone, the `.exe` file shoul
 
 ### If you want to sign binaries with Authenticode
 
-* You'll need a code signing certificate. I got an open source code signing certificate from [Certum](https://www.certum.eu/certum/cert,offer_en_open_source_cs.xml).
-* Once you get a code signing key and certificate and covert it to a pfx file, import it into your certificate store.
+You'll need a code signing certificate.
 
 ## To make a .exe
 

install/windows/step1-build-exe.bat

@@ -6,4 +6,4 @@ REM build the exe with pyinstaller
 pyinstaller install\pyinstaller\pyinstaller.spec
 
 REM code sign dangerzone.exe
-signtool.exe sign /v /d "Dangerzone" /a /tr http://time.certum.pl/ dist\dangerzone\dangerzone.exe
+signtool.exe sign /v /d "Dangerzone" /sha1 28a4af3b6ba5ed0ef307e1b96a140e1b42450c3b /tr http://timestamp.digicert.com dist\dangerzone\dangerzone.exe

install/windows/step2-make-symlink.bat

@@ -1,4 +1,4 @@
 REM make dangerzone-container.exe symbolic link (as administrator)
 cd dist\dangerzone
-mklink dangerzone-container.exe dangerzone.exe
+mklink dangerzone-cli.exe dangerzone.exe
 cd ..\..

install/windows/step3-build-installer.bat

@@ -9,7 +9,7 @@ candle.exe ..\..\install\windows\Dangerzone.wxs
 light.exe -ext WixUIExtension Dangerzone.wixobj
 
 REM code sign dangerzone.msi
-signtool.exe sign /v /d "Dangerzone" /a /tr http://time.certum.pl/ Dangerzone.msi
+signtool.exe sign /v /d "Dangerzone" /sha1 28a4af3b6ba5ed0ef307e1b96a140e1b42450c3b /tr http://timestamp.digicert.com Dangerzone.msi
 
 REM moving Dangerzone.msi to dist
 cd ..\..