diff --git a/.changes/cli-updater-errorr.md b/.changes/cli-updater-errorr.md new file mode 100644 index 000000000000..8a865ac290d5 --- /dev/null +++ b/.changes/cli-updater-errorr.md @@ -0,0 +1,7 @@ +--- +"tauri-cli": "patch:enhance" +"@tauri-apps/cli": "patch:enhance" +--- + +Add more context for errors when decoding secret and public keys for signing updater artifacts. + diff --git a/crates/tauri-cli/src/bundle.rs b/crates/tauri-cli/src/bundle.rs index 65084222424d..eded4aa2b477 100644 --- a/crates/tauri-cli/src/bundle.rs +++ b/crates/tauri-cli/src/bundle.rs @@ -9,7 +9,6 @@ use std::{ }; use anyhow::Context; -use base64::Engine; use clap::{builder::PossibleValue, ArgAction, Parser, ValueEnum}; use tauri_bundler::PackageType; use tauri_utils::platform::Target; @@ -257,15 +256,14 @@ fn sign_updaters( // check if private_key points to a file... let maybe_path = Path::new(&private_key); let private_key = if maybe_path.exists() { - std::fs::read_to_string(maybe_path)? + std::fs::read_to_string(maybe_path) + .with_context(|| format!("faild to read {}", maybe_path.display()))? } else { private_key }; - let secret_key = updater_signature::secret_key(private_key, password)?; - - let pubkey = base64::engine::general_purpose::STANDARD.decode(pubkey)?; - let pub_key_decoded = String::from_utf8_lossy(&pubkey); - let public_key = minisign::PublicKeyBox::from_string(&pub_key_decoded)?.into_public_key()?; + let secret_key = + updater_signature::secret_key(private_key, password).context("failed to decode secret key")?; + let public_key = updater_signature::pub_key(pubkey).context("failed to decode pubkey")?; let mut signed_paths = Vec::new(); for bundle in update_enabled_bundles { diff --git a/crates/tauri-cli/src/helpers/updater_signature.rs b/crates/tauri-cli/src/helpers/updater_signature.rs index 9af820fbc3fd..7c0299e08e2e 100644 --- a/crates/tauri-cli/src/helpers/updater_signature.rs +++ b/crates/tauri-cli/src/helpers/updater_signature.rs @@ -4,7 +4,9 @@ use anyhow::Context; use base64::Engine; -use minisign::{sign, KeyPair as KP, SecretKey, SecretKeyBox, SignatureBox}; +use minisign::{ + sign, KeyPair as KP, PublicKey, PublicKeyBox, SecretKey, SecretKeyBox, SignatureBox, +}; use std::{ fs::{self, File, OpenOptions}, io::{BufReader, BufWriter, Write}, @@ -132,15 +134,24 @@ pub fn secret_key>( private_key: S, password: Option, ) -> crate::Result { - let decoded_secret = decode_key(private_key)?; - let sk_box = SecretKeyBox::from_string(&decoded_secret) - .with_context(|| "failed to load updater private key")?; + let decoded_secret = decode_key(private_key).context("failed to decode base64 secret key")?; + let sk_box = + SecretKeyBox::from_string(&decoded_secret).context("failed to load updater private key")?; let sk = sk_box .into_secret_key(password) - .with_context(|| "incorrect updater private key password")?; + .context("incorrect updater private key password")?; Ok(sk) } +/// Gets the updater secret key from the given private key and password. +pub fn pub_key>(public_key: S) -> crate::Result { + let decoded_publick = decode_key(public_key).context("failed to decode base64 pubkey")?; + let pk_box = + PublicKeyBox::from_string(&decoded_publick).context("failed to load updater pubkey")?; + let pk = pk_box.into_public_key()?; + Ok(pk) +} + fn unix_timestamp() -> u64 { let start = SystemTime::now(); let since_the_epoch = start