From 052e8b4311d9f0f963a2866163be27bfd8f70c60 Mon Sep 17 00:00:00 2001
From: Fabian-Lars <fabianlars@fabianlars.de>
Date: Fri, 16 Feb 2024 12:24:00 +0100
Subject: [PATCH] fix(cli): Downgrade minisign to 0.7.3 once again (#8838)

* fix(cli): Downgrade minisign to 0.7.3 once again

* add tests

* add change file

---------

Co-authored-by: Lucas Nogueira <lucas@tauri.app>
---
 .changes/downgrade-minisign.md               |  6 ++++++
 tooling/cli/Cargo.lock                       |  4 ++--
 tooling/cli/Cargo.toml                       |  2 +-
 tooling/cli/src/helpers/updater_signature.rs | 16 ++++++++++++++++
 4 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 .changes/downgrade-minisign.md

diff --git a/.changes/downgrade-minisign.md b/.changes/downgrade-minisign.md
new file mode 100644
index 000000000..918440a6b
--- /dev/null
+++ b/.changes/downgrade-minisign.md
@@ -0,0 +1,6 @@
+---
+"tauri-cli": patch:bug
+"@tauri-apps/cli": patch:bug
+---
+
+Downgrade minisign dependency fixing updater signing key bug and prevent it from happening in the future.
diff --git a/tooling/cli/Cargo.lock b/tooling/cli/Cargo.lock
index 4c8f445ce..23a4c88cf 100644
--- a/tooling/cli/Cargo.lock
+++ b/tooling/cli/Cargo.lock
@@ -2618,9 +2618,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "minisign"
-version = "0.7.5"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2b6f58413c6cee060115673578e47271838f3c87cb9322c61a3bcd6d740b7d2"
+checksum = "b23ef13ff1d745b1e52397daaa247e333c607f3cff96d4df2b798dc252db974b"
 dependencies = [
  "getrandom 0.2.11",
  "rpassword",
diff --git a/tooling/cli/Cargo.toml b/tooling/cli/Cargo.toml
index 9cc8942c6..812c53de7 100644
--- a/tooling/cli/Cargo.toml
+++ b/tooling/cli/Cargo.toml
@@ -65,7 +65,7 @@ toml = "0.8"
 jsonschema = "0.17"
 handlebars = "5.0"
 include_dir = "0.7"
-minisign = "=0.7.5"
+minisign = "=0.7.3"
 base64 = "0.21.5"
 ureq = { version = "2.8", default-features = false, features = [ "gzip" ] }
 os_info = "3"
diff --git a/tooling/cli/src/helpers/updater_signature.rs b/tooling/cli/src/helpers/updater_signature.rs
index 812f98305..62c2fffc8 100644
--- a/tooling/cli/src/helpers/updater_signature.rs
+++ b/tooling/cli/src/helpers/updater_signature.rs
@@ -160,3 +160,19 @@ where
     .map_err(|e| minisign::PError::new(minisign::ErrorKind::Io, e))?;
   Ok(BufReader::new(file))
 }
+
+#[cfg(test)]
+mod tests {
+  const PRIVATE_KEY: &str = "dW50cnVzdGVkIGNvbW1lbnQ6IHJzaWduIGVuY3J5cHRlZCBzZWNyZXQga2V5ClJXUlRZMEl5dkpDN09RZm5GeVAzc2RuYlNzWVVJelJRQnNIV2JUcGVXZUplWXZXYXpqUUFBQkFBQUFBQUFBQUFBQUlBQUFBQTZrN2RnWGh5dURxSzZiL1ZQSDdNcktiaHRxczQwMXdQelRHbjRNcGVlY1BLMTBxR2dpa3I3dDE1UTVDRDE4MXR4WlQwa1BQaXdxKy9UU2J2QmVSNXhOQWFDeG1GSVllbUNpTGJQRkhhTnROR3I5RmdUZi90OGtvaGhJS1ZTcjdZU0NyYzhQWlQ5cGM9Cg==";
+
+  // we use minisign=0.7.3 to prevent a breaking change
+  #[test]
+  fn empty_password_is_valid() {
+    let path = std::env::temp_dir().join("minisign-password-text.txt");
+    std::fs::write(&path, b"TAURI").expect("failed to write test file");
+
+    let secret_key =
+      super::secret_key(PRIVATE_KEY, Some("".into())).expect("failed to resolve secret key");
+    super::sign_file(&secret_key, &path).expect("failed to sign file");
+  }
+}