Skip to content

[feat] File path in Tauri Updater Signature Format  #4467

New issue
New issue
Closed
Closed
[feat] File path in Tauri Updater Signature Format #4467
Labels
type: feature request
@LoonyRules

Description

@LoonyRules
LoonyRules
opened on Jun 25, 2022

Describe the problem

The Tauri Updater .msi.zip.sig file format contains the file path of the release build's .msi.zip on disk when being built.

untrusted comment: signature from tauri secret key
<some base64 that isn't easily decoded>
trusted comment: timestamp:1656152579	file:{{PATH_TO_PROJECT_AND_TARGET_RELEASE_BUNDLE_MSI_FILE}}_x64_en-US.msi.zip
+<another base64 that isn't easily decoded>

My question is: why? I do not want the path to my tauri project to be part of the signature at all, even if we did compile releases via CI/CD, of which is the ultimate goal.

Another question that is related to the format, why the untrusted comment: signature from tauri secret key?

Describe the solution you'd like

Remove the file path data if it's not directly required. If it is, figure out why and a replacement.

Alternatives considered

No response

Additional context

Initial conversation was made over on the Tauri Discord. This was then moved from Discord to GitHub to get more important from a Core Member.

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: feature request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions