feat(cli): generate signature for updater-enabled bundles (#9446)

rustfmt.toml

@@ -12,5 +12,4 @@ use_try_shorthand = false
 use_field_init_shorthand = false
 force_explicit_abi = true
 # normalize_comments = true
-normalize_doc_attributes = true
 # wrap_comments = true

tooling/cli/src/build.rs

@@ -22,7 +22,10 @@ use std::{
   str::FromStr,
   sync::OnceLock,
 };
-use tauri_bundler::bundle::{bundle_project, Bundle, PackageType};
+use tauri_bundler::{
+  bundle::{bundle_project, PackageType},
+  Bundle,
+};
 use tauri_utils::platform::Target;
 
 #[derive(Debug, Clone)]
@@ -249,23 +252,6 @@ fn bundle<A: AppSettings>(
     return Ok(());
   }
 
-  let updater_pub_key = config
-    .plugins
-    .0
-    .get("updater")
-    .and_then(|k| k.get("pubkey"))
-    .and_then(|v| v.as_str())
-    .map(|v| v.to_string());
-
-  if updater_pub_key
-    .as_ref()
-    .map(|v| !v.is_empty())
-    .unwrap_or(false)
-    && !package_types.contains(&PackageType::Updater)
-  {
-    log::warn!("`plugins > updater > pubkey` is set, but the bundle target list does not contain `updater`, so the updater artifacts won't be generated.");
-  }
-
   // if we have a package to bundle, let's run the `before_bundle_command`.
   if !package_types.is_empty() {
     if let Some(before_bundle) = config.build.before_bundle_command.clone() {
@@ -310,13 +296,26 @@ fn bundle<A: AppSettings>(
     .map_err(|e| anyhow::anyhow!("{:#}", e))
     .with_context(|| "failed to bundle project")?;
 
-  let updater_bundles: Vec<&Bundle> = bundles
+  let update_enabled_bundles: Vec<&Bundle> = bundles
     .iter()
-    .filter(|bundle| bundle.package_type == PackageType::Updater)
+    .filter(|bundle| {
+      matches!(
+        bundle.package_type,
+        PackageType::Updater | PackageType::Nsis | PackageType::WindowsMsi | PackageType::AppImage
+      )
+    })
     .collect();
 
-  // If updater is active and we bundled it
+  // Skip if no updater is active
-  if !updater_bundles.is_empty() {
+  if !update_enabled_bundles.is_empty() {
+    let updater_pub_key = config
+      .plugins
+      .0
+      .get("updater")
+      .and_then(|k| k.get("pubkey"))
+      .and_then(|v| v.as_str())
+      .map(|v| v.to_string());
+
     if let Some(pubkey) = updater_pub_key {
       // get the public key
       // check if pubkey points to a file...
@@ -357,16 +356,14 @@ fn bundle<A: AppSettings>(
 
       // make sure we have our package built
       let mut signed_paths = Vec::new();
-      for elem in updater_bundles {
+      for bundle in update_enabled_bundles {
         // we expect to have only one path in the vec but we iter if we add
         // another type of updater package who require multiple file signature
-        for path in elem.bundle_paths.iter() {
+        for path in bundle.bundle_paths.iter() {
           // sign our path from environment variables
           let (signature_path, signature) = sign_file(&secret_key, path)?;
           if signature.keynum() != public_key.keynum() {
-            log::warn!(
+            log::warn!("The updater secret key from `TAURI_PRIVATE_KEY` does not match the public key from `plugins > updater > pubkey`. If you are not rotating keys, this means your configuration is wrong and won't be accepted at runtime when performing update.");
-              "The updater secret key from `TAURI_PRIVATE_KEY` does not match the public key from `plugins > updater > pubkey`. If you are not rotating keys, this means your configuration is wrong and won't be accepted at runtime when performing update."
-            );
           }
           signed_paths.push(signature_path);
         }