Updater always raises InvalidSignature

[zgid123]

Hi,

I follow the guide to setup updater for my app. I also create a server to handle the updater. I already respond the json data to the app, and then serve the update file for the download endpoint.

Whenever I build the app, I receive two files: *.app.tar.gz and *.app.tar.gz.sig. In the endpoint get latest-version, I get the content of *.sig file and respond to the FE. After the update done, the update.downloadAndInstall will raise InvalidSignature.

I don't know why. I tried to re-generate the secret and public key, and still face the same issue.

I am using TAURI_SIGNING_PRIVATE_KEY_PASSWORD=password TAURI_SIGNING_PRIVATE_KEY=content_from_secret_file pnpm tauri build --target aarch64-apple-darwin --debug. I am testing the local server, so I need the --debug

[FabianLars]

hmm, everything you described sounds correct. What about the pubkey in tauri.conf.json? Does that match the private key you used to generate the .sig files?

[zgid123]

yes, when I run the cli to generate secret and pub key, I use the content of *.key.pub and set to the tauri.conf.json. I also try to set tauri_plugin_updater::Builder::new().pubkey("content from .pub file").build() (set both tauri.conf.json and lib.rs), but still not work. I will deploy the server to EC2 and try to serve using the real server to check if it can work or not