Updater always raises InvalidSignature

[zgid123]

Hi,

I follow the guide to setup updater for my app. I also create a server to handle the updater. I already respond the json data to the app, and then serve the update file for the download endpoint.

Whenever I build the app, I receive two files: *.app.tar.gz and *.app.tar.gz.sig. In the endpoint get latest-version, I get the content of *.sig file and respond to the FE. After the update done, the update.downloadAndInstall will raise InvalidSignature.

I don't know why. I tried to re-generate the secret and public key, and still face the same issue.

I am using TAURI_SIGNING_PRIVATE_KEY_PASSWORD=password TAURI_SIGNING_PRIVATE_KEY=content_from_secret_file pnpm tauri build --target aarch64-apple-darwin --debug. I am testing the local server, so I need the --debug

[FabianLars]

hmm, everything you described sounds correct. What about the pubkey in tauri.conf.json? Does that match the private key you used to generate the .sig files?

[FabianLars]

hmm that all looks good. Your app is not public, right?

i've never seen a false positive with that error i think so i must be missing something obvious here 🤔

[zgid123]

yup, my app is not public yet. If you need something to check this one, I can help

[FabianLars]

I can't think of anything here at the moment. As you can see here #4610 and here #10425 it seems to be almost random and often linked to the specific server. In contrast to that, iirc everyone who reported it on discord fixed it by double and triple checking the keys and signatures 🤷

Nobody was able to provide us a reliable reproduction for this yet though (for the server specific thing) so we couldn't investigate this ourselves yet.

[zgid123]

I see. Lemme try to setup a minimum both server and tauri app for you. So you guys can have a look. Also, I just make the cargo install all the packages into vendor folder, I am trying to debug the things on my side. I will try my best to provide you a repo, so you can have a look

[zgid123]

https://github.com/zgid123/tauri-react-boilerplate

here the repo. I tried to make it like my current project. Hope it helps