chore(ci): add debug logs for windows signing

ci/Jenkinsfile.windows

@@ -33,6 +33,17 @@ pipeline {
       description: 'Decides whether the mocked status-keycard-go library is built.',
       defaultValue: false
     )
+    choice(
+      name: 'WINDOWS_CODESIGN_TIMESTAMP_URL',
+      description: 'Time Stamp Authority (TSA) server for signing binaries.',
+      choices: [
+        'http://timestamp.digicert.com',
+        'http://timestamp.sectigo.com',
+        'http://timestamp.apple.com/ts01',
+        'http://time.certum.pl',
+        'https://freetsa.org',
+      ]
+    )
   }
 
   options {
@@ -66,9 +77,9 @@ pipeline {
     STATUS_CLIENT_EXE = "pkg/${utils.pkgFilename(ext: 'exe', arch: getArch())}"
     /* 7zip archive filename */
     STATUS_CLIENT_7Z = "pkg/${utils.pkgFilename(ext: '7z', arch: getArch())}"
-    /* RFC 3161 timestamping URL for DigiCert */
-    WINDOWS_CODESIGN_TIMESTAMP_URL = 'http://timestamp.digicert.com'
     STATUS_BUILD_PROXY_STAGE_NAME = "${utils.isReleaseBuild() ? 'prod' : 'test'}"
+    /* Hack-fix for params not being set in env on first job run. */
+    WINDOWS_CODESIGN_TIMESTAMP_URL = "${params.WINDOWS_CODESIGN_TIMESTAMP_URL}"
   }
 
   stages {

scripts/sign-windows-bin.sh

@@ -40,10 +40,10 @@ for FILE in ${FOUND_FILES}; do
 done
 
 # Sign all the non-signed binaries. Add -debug if need be.
-"${SIGNTOOL}" sign -v -fd SHA256 \
+"${SIGNTOOL}" sign -v -debug -fd SHA256 \
     -p "${WINDOWS_CODESIGN_PASSWORD}" \
     -f "${WINDOWS_CODESIGN_PFX_PATH}" \
     -tr "${WINDOWS_CODESIGN_TIMESTAMP_URL}" \
-    "${FILES_TO_SIGN[@]}" | dos2unix
+    "${FILES_TO_SIGN[@]}"
 
 echo "Signed successfully!"