fix(updater): revert signing pubkey to 1DEAA803 to repair auto-update#705
Merged
Conversation
Auto-update was broken on every platform: builds since aaf4ccc embed pubkey 6F4B5994, but shipped 1.3.8 stable users trust 1DEAA803 and CI now signs with 1DEAA803 again. A key the installed app doesn't trust => download succeeds, install() signature verification fails => "downloads but never updates". Revert the desktop updater pubkey to 1DEAA803 so it matches both the CI signing key and android/updater.rs (which already hardcodes 1DEAA803). This also repairs Android auto-update, which was signing-vs-verifying mismatched. One line, no logic change.
Contributor
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
8 tasks
appergb
added a commit
that referenced
this pull request
Jun 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Problem
Desktop and Android auto-update are broken on all platforms: "click update → download finishes → never installs."
The download is a plain HTTP GET (always succeeds). The signature is verified inside
install()against the app's embedded updater pubkey. Sinceaaf4cccthe embedded desktop pubkey is6F4B5994…, but:1DEAA803…;1DEAA803…-signed artifacts;android/updater.rsalready hardcodes1DEAA803….So any installed app verifying against
1DEAA803rejects a6F4B5994-signed package → install fails after a successful download. (Conversely, Android signs-with vs verifies-against were mismatched, so Android updates failed outright.)Fix
Revert the desktop updater
pubkeyintauri.conf.jsonto1DEAA803…, so desktop + Android + the CI signing secret all agree on one key. One line, no logic change.Verification
tauri.conf.jsonandandroid/updater.rsnow both =1DEAA803564C323F.1DEAA803564C323F(matches).6F4B5994references in the repo.Compatibility
1DEAA803) → can now verify & install the next release.6F4B5994-embedded build (recent betas) must reinstall once to re-align — unavoidable across any key change; Tauri trusts a single embedded key.Base:
beta.PR Type
Bug fix
Description
Revert updater pubkey to 1DEAA803
Fixes broken auto-update on desktop and Android
File Walkthrough
tauri.conf.json
Revert updater pubkeyopenless-all/app/src-tauri/tauri.conf.json
key and Android updater