search

tauri-apps / tauri

Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
https://tauri.app
Apache License 2.0
84.61k stars 2.54k forks source link

[bug] Updater fails for macOS-sandboxed apps #8258

Open gschier opened 11 months ago

gschier commented 11 months ago

Describe the bug

Sandboxed macOS apps do not have permissions to write to the installation folder, so updates fail. Sparkle gets around this by running the updater outside the app sandbox. https://sparkle-project.org/documentation/sandboxing/

Reproduction

Build a sandboxed app and try running the updater.

My entitlements file is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>

    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>

    <key>com.apple.security.network.client</key>
    <true/>
</dict>
</plist>

Expected behavior

There should be a way to auto-update with sandbox enabled.

Platform and versions

[✔] Environment
    - OS: Mac OS 14.1.0 X64
    ✔ Xcode Command Line Tools: installed
    ✔ rustc: 1.73.0 (cc66ad468 2023-10-03)
    ✔ cargo: 1.73.0 (9c4383fb5 2023-08-26)
    ✔ rustup: 1.26.0 (5af9b9484 2023-04-05)
    ✔ Rust toolchain: stable-aarch64-apple-darwin (default)
    - node: 20.6.1
    - pnpm: 8.6.3
    - yarn: 3.4.1
    - npm: 9.8.1
    - bun: 1.0.0

[-] Packages
    - tauri [RUST]: 1.5.2
    - tauri-build [RUST]: 1.5.0
    - wry [RUST]: 0.24.4
    - tao [RUST]: 0.16.5
    - @tauri-apps/api [NPM]: 1.5.1
    - @tauri-apps/cli [NPM]: 1.5.6

[-] App
    - build-type: bundle
    - CSP: unset
    - distDir: ../dist
    - devPath: http://localhost:1420/
    - framework: React
    - bundler: Vite

### Stack trace

```text
The following is the error event emitted by the updater:

Tauri API error: Operation not permitted (os error 1)


### Additional context

_No response_
gschier commented 11 months ago

Note: I was initially concerned that migrating app-data files to the sandbox container in the future would be a huge pain, but it looks like Apple has a way to define the relevant files to move via an entitlement, making the priority of this less urgent (though would still be great) https://developer.apple.com/documentation/security/app_sandbox/migrating_your_app_s_files_to_its_app_sandbox_container

repalash commented 3 months ago

Hi, I am facing this issue, is there a way to get autoupdate to work on sandboxed apps in tauri v2? Or maybe some workaround?

gschier commented 2 months ago

I never found a workaround, unfortunately.