From ffa350cf4b93360c88e03e840964ff7038667650 Mon Sep 17 00:00:00 2001 From: Max Bechtold Date: Mon, 27 Jul 2020 11:35:55 +0200 Subject: [PATCH] Add paragraph on .bat signing --- README.md | 2 +- docs/unknown-publisher-warning.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0cbae45..f0c30ea 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ In order to consolidate the database, the tool prepares update scripts for you, ## Troubleshooting Starting: -- to understand Windows SmartScreen Defender warnings for `timerecord.exe`, read [this](docs/unknown-publisher-warning.md) +- to understand Windows SmartScreen Defender warnings for *dirt-rally-time-recorder*, read [this](docs/unknown-publisher-warning.md) - if you encounter an error message about sockets, understand that this tool cannot run in parallel, but only in a single instance at the same time - unless you downloaded the bundled version, have a look at `resources/migrate.sql` to find instructions how to update to new releases - if you encounter errors at start-up, see if renaming the file `dirtrally-laptimes.db` helps (which will create a new database) diff --git a/docs/unknown-publisher-warning.md b/docs/unknown-publisher-warning.md index 4ef14c0..5fa5b57 100644 --- a/docs/unknown-publisher-warning.md +++ b/docs/unknown-publisher-warning.md @@ -2,7 +2,10 @@ When running this program from the pre-built .exe, Windows SmartScreen Defender might warn you about an unknown publisher or untrusted certificate. This is expected, as the executable is signed with the author's personal self-signed certificate. Properly signing with a root certificate trusted by Windows and other operating systems is costly and requires funding that this project does not have. -You should still check the `timerecord.exe` and verify it's actually original. To this end, it has been signed with a certificate that is described in the next section. To ensure your `timerecord.exe` has not been tampered with, open its certificate by viewing its properties through the context menu. Navigate to Digital Signatures, then Details, select View Certificate, then again Details. +You should still check the `timerecord.exe` and verify it's actually original. To this end, it has been signed with a certificate that is described in the next section. To ensure your `timerecord.exe` has not been tampered with, open its certificate by viewing its properties through the context menu. Navigate to Digital Signatures, then Details, select View Certificate, then again Details (cf. screenshots in German Locale). + +> Note: The same warning might appear for the included .bat files. Although it is not possible to sign .bat files, you can right click on any in the installation folder and select Edit to see it contains only SQLite calls, i.e. interaction with the database. + ![certificate-dialog](certificate-dialog.png)