Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to to update with updater due to UnexpectedKeyId #950

Open
don41382 opened this issue Nov 7, 2024 · 5 comments
Open

Unable to to update with updater due to UnexpectedKeyId #950

don41382 opened this issue Nov 7, 2024 · 5 comments
Assignees
Labels
type: question Further information is requested

Comments

@don41382
Copy link

don41382 commented Nov 7, 2024

I spend a whole day, trying to figure out, what is going on. And finally - I hope - I found the issue.

I was trying to update my app on Mac, which always returned a "UnexpectedKeyId". This sounded for me like a wrong signature. I thought, I used the wrong TAURI_SIGNING_PRIVATE_KEY or TAURI_SIGNING_PRIVATE_KEY_PASSWORD. But everything seem to be correct. The tauri.conf.json is configured to my github project https://github.com/<user>/<app>/releases/latest/download/latest.json.

After checking my Windows updates, there seemed to be no issue at all. So it can't be the keys. I started my own local server, created a latest.json and used the my_app_universal.app.tar.gz.sig as my signature and it worked on mac too.

So it looks like the signature of the darwin-aarch64 inside of the latest.json is not matching with the my_app_universal.app.tar.gz.sig. They are different.

Am I configuring something wrong or is this a bug?

I am using

  • tauri-apps/tauri-action@v0
  • tauri-plugin-updater = "2.0.2"
  • tauri 2.0.6
@FabianLars
Copy link
Member

can you share your tauri-action config? And maybe also the list of uploaded assets 🤔

Were you able to find the matching .sig file (that was used in latest.json)?

@don41382
Copy link
Author

don41382 commented Nov 18, 2024

Hi Fabian, of course. Here it is:

      - uses: tauri-apps/tauri-action@v0
        env:
          GITHUB_TOKEN: ${{ secrets.MINUTE_MOTION_RELEASE_REPO_GITHUB_SECRET }}
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE_DEVELOPMENT }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: "Apple Development: XXXX"
          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
        with:
          tagName: app-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version.
          releaseName: "__VERSION__"
          releaseBody: "See the assets to download this version and install."
          releaseDraft: true
          prerelease: false
          updaterJsonKeepUniversal: true
          releaseCommitish: "main"
          owner: "user"
          repo: "repo-releases"
          args: ${{ matrix.args }} 

Were you able to find the matching .sig file (that was used in latest.json)?

Yes, I build my own backend, which delivers the latest.json and does the correct wiring for the signatures. In needed this anyway to be able to identify beta users.

@FabianLars
Copy link
Member

updaterJsonKeepUniversal is a bit suspicious here, if this is set then darwin-aarch64 and darwin-x86_64 will not be updated with the universal build anymore. If latest.json still contains those 2 fields they should be from a prior run when that config was not yet set.

@FabianLars FabianLars added the type: question Further information is requested label Nov 18, 2024
@FabianLars
Copy link
Member

okay no, something is broken. If i first run the ci without the config, then re-run it with the config (targeting the same release), something breaks. If i run it with the config without an existing release to overwrite the json is correct (though still writing all 3 fields, not sure if that's how i intended it back then)

@FabianLars FabianLars self-assigned this Nov 18, 2024
@don41382
Copy link
Author

Thanks Fabian for checking in!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants