Skip to content

fix(windows): bundler should not sign non-binaries #13921

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 5, 2025
Merged

fix(windows): bundler should not sign non-binaries #13921

merged 2 commits into from
Aug 5, 2025

Conversation

@Legend-Master
Copy link
Contributor

@Legend-Master Legend-Master commented Jul 30, 2025
edited
Loading

The bundler will no longer try to sign non-binary and already signed binary files on Windows

Fix #13341

Note: didn't test yet

@Legend-Master Legend-Master requested a review from a team as a code owner July 30, 2025 08:04
@github-project-automation github-project-automation bot moved this to 📬Proposal in Roadmap Jul 30, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jul 30, 2025
edited
Loading

Package Changes Through 41980a9

There are 7 changes which include tauri-cli with minor, @tauri-apps/cli with minor, tauri-utils with minor, tauri-bundler with patch, tauri with minor, @tauri-apps/api with minor, tauri-plugin with minor

Planned Package Versions

The following package releases are the planned based on the context of changes in this pull request.

package current next
@tauri-apps/api 2.7.0 2.8.0
tauri-utils 2.6.0 2.7.0
tauri-bundler 2.5.2 2.5.3
tauri-runtime 2.7.1 2.7.2
tauri-runtime-wry 2.7.2 2.7.3
tauri-codegen 2.3.1 2.3.2
tauri-macros 2.3.2 2.3.3
tauri-plugin 2.3.1 2.4.0
tauri-build 2.3.1 2.3.2
tauri 2.7.0 2.8.0
@tauri-apps/cli 2.7.1 2.8.0
tauri-cli 2.7.1 2.8.0

Add another change file through the GitHub UI by following this link.

Read about change files or the docs at github.com/jbolda/covector

lucasfernog
lucasfernog reviewed Jul 31, 2025
View reviewed changes
crates/tauri-bundler/src/bundle/windows/sign.rs
}

/// If the file is signable (is a binary file) and not signed already
/// (will skip the verification if not on Windows since we can't verify it)
Copy link
Member

@lucasfernog lucasfernog Jul 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well on macOS we could use codesign --verify

Copy link
Member

@FabianLars FabianLars Jul 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

on macos we need to sign all files and iirc the signature has to be the same for all files, not sure rn

Copy link
Contributor Author

@Legend-Master Legend-Master Aug 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well on macOS we could use codesign --verify

Does it verify Windows binaries?

on macos we need to sign all files and iirc the signature has to be the same for all files, not sure rn

Hmm, does that apply to Windows installers? Or do you mean codesign --verify checks a directory instead of a file?

I'm not familiar about how signing works on macOS, how do they store the signing info? (docs says it's stored in _CodeSignature/CodeResources which seems to be an xml file)

@Legend-Master Legend-Master merged commit a8f1569 into tauri-apps:dev Aug 5, 2025
14 checks passed
@github-project-automation github-project-automation bot moved this from 📬Proposal to 🔎 In audit in Roadmap Aug 5, 2025
@Legend-Master Legend-Master deleted the dont-sign-non-binary-resources branch August 5, 2025 03:06
@github-actions github-actions bot mentioned this pull request Aug 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucasfernog lucasfernog lucasfernog left review comments

@FabianLars FabianLars FabianLars approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Roadmap
Status: 🔎 In audit

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug] SignTool Error: This file format cannot be signed because it is not recognized

3 participants

@Legend-Master @lucasfernog @FabianLars