Merge remote-tracking branch 'origin/dev' into feat/cef

2026-04-03 10:11:15 +02:00 · 2026-01-13 12:24:51 +01:00
parent 9e04e45d85 84b04c4a8d
commit 29d3d196b2
6 changed files with 91 additions and 113 deletions
--- a/.changes/signing-env-vars.md
+++ b/.changes/signing-env-vars.md
@@ -0,0 +1,14 @@
+---
+"tauri-cli": patch:enhance
+"@tauri-apps/cli": patch:enhance
+---
+
+Added new environment variables for `tauri signer sign` command, to align with existing environment variables used in `tauri build`, `tauri bundle` and `tauri signer generate`
+- `TAURI_SIGNING_PRIVATE_KEY`
+- `TAURI_SIGNING_PRIVATE_KEY_PATH`
+- `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`
+
+The old environment variables are deprecated and will be removed in a future release.
+- `TAURI_PRIVATE_KEY`
+- `TAURI_PRIVATE_KEY_PATH`
+- `TAURI_PRIVATE_KEY_PASSWORD`
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -553,28 +553,6 @@ dependencies = [
 "arrayvec",
 ]

-[[package]]
-name = "aws-lc-rs"
-version = "1.15.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a88aab2464f1f25453baa7a07c84c5b7684e274054ba06817f382357f77a288"
-dependencies = [
- "aws-lc-sys",
- "zeroize",
-]
-
-[[package]]
-name = "aws-lc-sys"
-version = "0.35.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b45afffdee1e7c9126814751f88dddc747f41d91da16c9551a0f1e8a11e788a1"
-dependencies = [
- "cc",
- "cmake",
- "dunce",
- "fs_extra",
-]
-
 [[package]]
 name = "axum"
 version = "0.8.4"
@@ -2760,12 +2738,6 @@ dependencies = [
 "thiserror 1.0.69",
 ]

-[[package]]
-name = "fs_extra"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
-
 [[package]]
 name = "fsevent-sys"
 version = "4.1.0"
@@ -3023,10 +2995,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
 "cfg-if",
- "js-sys",
 "libc",
 "wasi 0.11.0+wasi-snapshot-preview1",
- "wasm-bindgen",
 ]

 [[package]]
@@ -6574,59 +6544,6 @@ dependencies = [
 "syn 1.0.109",
 ]

-[[package]]
-name = "quinn"
-version = "0.11.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef"
-dependencies = [
- "bytes",
- "pin-project-lite",
- "quinn-proto",
- "quinn-udp",
- "rustc-hash",
- "rustls 0.23.35",
- "socket2 0.5.8",
- "thiserror 2.0.12",
- "tokio",
- "tracing",
-]
-
-[[package]]
-name = "quinn-proto"
-version = "0.11.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d"
-dependencies = [
- "aws-lc-rs",
- "bytes",
- "getrandom 0.2.15",
- "rand 0.8.5",
- "ring",
- "rustc-hash",
- "rustls 0.23.35",
- "rustls-pki-types",
- "slab",
- "thiserror 2.0.12",
- "tinyvec",
- "tracing",
- "web-time",
-]
-
-[[package]]
-name = "quinn-udp"
-version = "0.5.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c40286217b4ba3a71d644d752e6a0b71f13f1b6a2c5311acfcbe0c2418ed904"
-dependencies = [
- "cfg_aliases",
- "libc",
- "once_cell",
- "socket2 0.5.8",
- "tracing",
- "windows-sys 0.59.0",
-]
-
 [[package]]
 name = "quote"
 version = "1.0.38"
@@ -7057,7 +6974,6 @@ dependencies = [
 "native-tls",
 "percent-encoding",
 "pin-project-lite",
- "quinn",
 "rustls 0.23.35",
 "rustls-pki-types",
 "rustls-platform-verifier",
@@ -7385,7 +7301,6 @@ version = "0.23.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "533f54bc6a7d4f647e46ad909549eda97bf5afc1585190ef692b4286b198bd8f"
 dependencies = [
- "aws-lc-rs",
 "log",
 "once_cell",
 "ring",
@@ -7456,7 +7371,6 @@ version = "1.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "21e6f2ab2928ca4291b86736a8bd920a277a399bba1589409d72154ff87c1282"
 dependencies = [
- "web-time",
 "zeroize",
 ]

@@ -7514,7 +7428,6 @@ version = "0.103.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2ffdfa2f5286e2247234e03f680868ac2815974dc39e00ea15adc445d0aafe52"
 dependencies = [
- "aws-lc-rs",
 "ring",
 "rustls-pki-types",
 "untrusted",
@@ -8801,6 +8714,7 @@ dependencies = [
 "quickcheck_macros",
 "raw-window-handle",
 "reqwest 0.13.1",
+ "rustls 0.23.35",
 "serde",
 "serde_json",
 "serde_repr",
--- a/crates/tauri-cli/src/signer/generate.rs
+++ b/crates/tauri-cli/src/signer/generate.rs
@@ -39,26 +39,29 @@ pub fn command(mut options: Options) -> Result<()> {
      save_keypair(options.force, output_path, &keypair.sk, &keypair.pk)
        .expect("Unable to write keypair");

-    println!(
-        "\nYour keypair was generated successfully\nPrivate: {} (Keep it secret!)\nPublic: {}\n---------------------------",
-        display_path(secret_path),
-        display_path(public_path)
-        )
+    println!();
+    println!("Your keypair was generated successfully:");
+    println!("Private: {} (Keep it secret!)", display_path(secret_path));
+    println!("Public: {}", display_path(public_path));
+    println!("---------------------------")
  } else {
-    println!(
-      "\nYour secret key was generated successfully - Keep it secret!\n{}\n\n",
-      keypair.sk
-    );
-    println!(
-          "Your public key was generated successfully:\n{}\n\nAdd the public key in your tauri.conf.json\n---------------------------\n",
-          keypair.pk
-        );
+    println!();
+    println!("Your keys were generated successfully!",);
+    println!();
+    println!("Private: (Keep it secret!)");
+    println!("{}", keypair.sk);
+    println!();
+    println!("Public:");
+    println!("{}", keypair.pk);
  }

-  println!("\nEnvironment variables used to sign:");
-  println!("`TAURI_SIGNING_PRIVATE_KEY`  Path or String of your private key");
-  println!("`TAURI_SIGNING_PRIVATE_KEY_PASSWORD`  Your private key password (optional)");
-  println!("\nATTENTION: If you lose your private key OR password, you'll not be able to sign your update package and updates will not work.\n---------------------------\n");
+  println!();
+  println!("Environment variables used to sign:");
+  println!("- `TAURI_SIGNING_PRIVATE_KEY`: String of your private key");
+  println!("- `TAURI_SIGNING_PRIVATE_KEY_PATH`: Path to your private key file");
+  println!("- `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`:  Your private key password (optional if key has no password)");
+  println!();
+  println!("ATTENTION: If you lose your private key OR password, you'll not be able to sign your update package and updates will not work");

  Ok(())
 }
--- a/crates/tauri-cli/src/signer/sign.rs
+++ b/crates/tauri-cli/src/signer/sign.rs
@@ -21,7 +21,7 @@ pub struct Options {
    short = 'k',
    long,
    conflicts_with("private_key_path"),
-    env = "TAURI_PRIVATE_KEY"
+    env = "TAURI_SIGNING_PRIVATE_KEY"
  )]
  private_key: Option<String>,
  /// Load the private key from a file
@@ -29,17 +29,50 @@ pub struct Options {
    short = 'f',
    long,
    conflicts_with("private_key"),
-    env = "TAURI_PRIVATE_KEY_PATH"
+    env = "TAURI_SIGNING_PRIVATE_KEY_PATH"
  )]
  private_key_path: Option<PathBuf>,
  /// Set private key password when signing
-  #[clap(short, long, env = "TAURI_PRIVATE_KEY_PASSWORD")]
+  #[clap(short, long, env = "TAURI_SIGNING_PRIVATE_KEY_PASSWORD")]
  password: Option<String>,
  /// Sign the specified file
  file: PathBuf,
 }

+// Backwards compatibility with old env vars
+// TODO: remove in v3.0
+fn backward_env_vars(mut options: Options) -> Options {
+  let get_env = |old, new| {
+    if let Ok(old_value) = std::env::var(old) {
+      println!(
+      "\x1b[33mWarning: The environment variable '{old}' is deprecated. Please use '{new}' instead.\x1b[0m",
+    );
+      Some(old_value)
+    } else {
+      None
+    }
+  };
+
+  options.private_key = options
+    .private_key
+    .or_else(|| get_env("TAURI_PRIVATE_KEY", "TAURI_SIGNING_PRIVATE_KEY"));
+
+  options.private_key_path = options.private_key_path.or_else(|| {
+    get_env("TAURI_PRIVATE_KEY_PATH", "TAURI_SIGNING_PRIVATE_KEY_PATH").map(PathBuf::from)
+  });
+
+  options.password = options.password.or_else(|| {
+    get_env(
+      "TAURI_PRIVATE_KEY_PASSWORD",
+      "TAURI_SIGNING_PRIVATE_KEY_PASSWORD",
+    )
+  });
+  options
+}
+
 pub fn command(mut options: Options) -> Result<()> {
+  options = backward_env_vars(options);
+
  options.private_key = if let Some(private_key) = options.private_key_path {
    Some(std::fs::read_to_string(Path::new(&private_key)).expect("Unable to extract private key"))
  } else {
--- a/crates/tauri/Cargo.toml
+++ b/crates/tauri/Cargo.toml
@@ -146,6 +146,17 @@ windows = { version = "0.61", features = [
  "Win32_UI_WindowsAndMessaging",
 ] }

+# mobile
+[target.'cfg(any(target_os = "android", all(target_vendor = "apple", not(target_os = "macos"))))'.dependencies]
+bytes = { version = "1", features = ["serde"] }
+reqwest = { version = "0.13", default-features = false, features = [
+  "json",
+  "stream",
+] }
+rustls = { version = "0.23", default-features = false, features = [
+  "ring",
+], optional = true }
+
 # android
 [target.'cfg(target_os = "android")'.dependencies]
 jni = "0.21"
@@ -198,10 +209,9 @@ linux-libxdo = ["tray-icon/libxdo", "muda/libxdo"]
 isolation = ["tauri-utils/isolation", "tauri-macros/isolation", "uuid"]
 custom-protocol = ["tauri-macros/custom-protocol"]
 # TODO: Remove these flags in v3 and/or enable them by default behind a mobile flag https://github.com/tauri-apps/tauri/issues/12384
-# For now those feature flags keep enabling reqwest features in case some users depend on that by accident.
 native-tls = ["reqwest/native-tls"]
 native-tls-vendored = ["reqwest/native-tls-vendored"]
-rustls-tls = ["reqwest/rustls"]
+rustls-tls = ["reqwest/rustls-no-provider", "dep:rustls"]
 devtools = [
  "tauri-runtime/devtools",
  "tauri-runtime-wry?/devtools",
--- a/crates/tauri/src/protocol/tauri.rs
+++ b/crates/tauri/src/protocol/tauri.rs
@@ -112,6 +112,11 @@ fn get_response<R: Runtime>(
      decoded_path.trim_start_matches('/')
    );

+    #[cfg(feature = "rustls-tls")]
+    if rustls::crypto::CryptoProvider::get_default().is_none() {
+      let _ = rustls::crypto::ring::default_provider().install_default();
+    }
+
    #[allow(unused_mut)]
    let mut client = reqwest::ClientBuilder::new();

@@ -125,10 +130,9 @@ fn get_response<R: Runtime>(
        ))]
        {
          log::info!("adding dev server root certificate");
-          client = client.add_root_certificate(
-            reqwest::Certificate::from_pem(cert_pem.as_bytes())
-              .expect("failed to parse TAURI_DEV_ROOT_CERTIFICATE"),
-          );
+          let certificate = reqwest::Certificate::from_pem(cert_pem.as_bytes())
+            .expect("failed to parse TAURI_DEV_ROOT_CERTIFICATE");
+          client = client.tls_certs_merge([certificate]);
        }

        #[cfg(not(any(