Updater always raises InvalidSignature

[zgid123]

Hi,

I follow the guide to setup updater for my app. I also create a server to handle the updater. I already respond the json data to the app, and then serve the update file for the download endpoint.

Whenever I build the app, I receive two files: *.app.tar.gz and *.app.tar.gz.sig. In the endpoint get latest-version, I get the content of *.sig file and respond to the FE. After the update done, the update.downloadAndInstall will raise InvalidSignature.

I don't know why. I tried to re-generate the secret and public key, and still face the same issue.

I am using TAURI_SIGNING_PRIVATE_KEY_PASSWORD=password TAURI_SIGNING_PRIVATE_KEY=content_from_secret_file pnpm tauri build --target aarch64-apple-darwin --debug. I am testing the local server, so I need the --debug

[FabianLars]

hmm, everything you described sounds correct. What about the pubkey in tauri.conf.json? Does that match the private key you used to generate the .sig files?

[zgid123]

I see. Lemme try to setup a minimum both server and tauri app for you. So you guys can have a look. Also, I just make the cargo install all the packages into vendor folder, I am trying to debug the things on my side. I will try my best to provide you a repo, so you can have a look

[zgid123]

https://github.com/zgid123/tauri-react-boilerplate

here the repo. I tried to make it like my current project. Hope it helps

[zgid123]

Hi there, sorry for bothering you, is there any news for this issue? I tried to clone the repo plugins-workspace and rust-minisign-verify to my local device, but still not find out the issue. I debug it two weeks ago, but forgot to ask for the advice. Can you enlighten me the idea of the updater? I will use that idea to debug.

Also, as I checked the code, it seems the TAURI_SIGNING_PRIVATE_KEY_PASSWORD is only for something like authenticate the TAURI_SIGNING_PRIVATE_KEY, it is not using to sign anything using rust-minisign-verify right?

[zgid123]

oh my god. I am so stupid. I think it is not problem of the package, but the code from my server. It responds empty instead of streaming data. I think I already fixed this one. Thanks for spending time to help me

[FabianLars]

Glad you figured it out and apologies for the long silence. i'm a bit overwhelmed by everything at the moment 😂