Skip to content

Update Tauri CLI version to 1.5.11 in package.json and yarn.lock; add… #369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AlexMikhalev wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Tauri CLI version to 1.5.11 in package.json and yarn.lock; add… #369

AlexMikhalev wants to merge 1 commit into from
+95 −71

Conversation

@AlexMikhalev
Copy link
Contributor

@AlexMikhalev AlexMikhalev commented Dec 8, 2025

… RPM metadata in Cargo.toml for asset management.

@AlexMikhalev
Update Tauri CLI version to 1.5.11 in package.json and yarn.lock; add…
2ab715a 
… RPM metadata in Cargo.toml for asset management.
@claude
Copy link

claude bot commented Dec 8, 2025

Code Review - PR #369: Tauri CLI Downgrade & RPM Metadata

Summary

This PR downgrades the Tauri CLI from v2.9.4 to v1.5.11 to align with the Rust-side Tauri v1.x dependencies, and adds RPM packaging metadata. The changes resolve version mismatch issues preventing Linux builds from succeeding.

Positive Aspects

  1. Version Alignment: The downgrade from Tauri CLI 2.9.4 to 1.5.11 correctly aligns with the Rust crates which use tauri = "1.7.1" and tauri-build = "1.5.5" (desktop/src-tauri/Cargo.toml:24,45)

  2. RPM Metadata Addition: The [package.metadata.rpm] section mirrors the existing deb configuration, maintaining consistency across packaging formats

  3. Dependency Specification: RPM dependencies properly specify system requirements (webkit2gtk4.0, gtk3)

  4. Clean Asset Paths: RPM assets use absolute paths (/usr/bin/, /usr/share/) which is the correct convention for RPM packages

⚠️ Issues & Concerns

1. Version Pinning Without Migration Strategy (High Priority)

"@tauri-apps/cli": "~1.5.11",  // Allow patch updates until Tauri 2.x migration (PR #295)

2. RPM Dependency Specification (Medium Priority)

  • Issue: webkit2gtk4.0 package name may not be correct for all RPM-based distros
  • Details:
    • Fedora/RHEL: Package is webkit2gtk4.0 or webkit2gtk3
    • OpenSUSE: Package name differs
  • Recommendation: Use more generic dependency or test on multiple distros:
[package.metadata.rpm]
requires = "$auto, webkit2gtk3, gtk3"  # More widely compatible
# Or be distro-specific if needed

3. Binary Path Inconsistency (Low Priority)

  • Issue: Deb uses usr/bin/ (line 103) while RPM uses /usr/bin/ (line 111)
  • Impact: Both work, but inconsistency could cause confusion
  • Recommendation: Standardize on absolute paths for both:
[package.metadata.deb]
assets = [
    ["target/release/terraphim-ai-desktop", "/usr/bin/terraphim-ai-desktop", "755"],
    ...
]

4. Missing AppImage Tooling (Mentioned in memories.md)

  • Issue: Build failed due to missing appimagetool
  • Not in PR: But worth documenting or adding CI check
  • Recommendation: Add to CI setup or document in README

🔒 Security Considerations

  1. ✅ No security concerns with the version downgrade - Tauri 1.7.1 is a stable, well-tested version
  2. ⚠️ Consider: Document the version freeze and ensure security updates are monitored manually
  3. ✅ Binary permissions (755) are appropriate for executable

📊 Testing Recommendations

Based on CLAUDE.md testing guidelines:

# Test package building on Linux
cd desktop
yarn install
yarn tauri build --bundles deb rpm appimage --target x86_64-unknown-linux-gnu

# Verify installations
sudo dpkg -i src-tauri/target/release/bundle/deb/*.deb
sudo rpm -i src-tauri/target/release/bundle/rpm/*.rpm

# Test runtime
terraphim-ai-desktop --version

# Clean up
sudo dpkg -r terraphim-ai-desktop  # or rpm -e

📋 Checklist Before Merge

  • Add comment explaining temporary Tauri 1.x pinning
  • Verify RPM dependency names on target distros (Fedora, RHEL, OpenSUSE)
  • Consider standardizing deb/rpm asset paths
  • Test installation on at least one RPM-based distro
  • Update memories.md with final resolution
  • Ensure CI passes (if RPM builds are in CI)
  • Link to tracking issue for Tauri 2.x migration

💡 Additional Suggestions

  1. Documentation: Add a note to README about supported package formats
  2. CI Integration: Consider adding RPM build validation to CI pipeline
  3. Version Matrix: Document supported distro versions for RPM packages
  4. Follow-up: After merging, prioritize completing PR Complete Tauri 2.x Migration with Security Enhancements #295 (Tauri 2.x migration)

🎯 Recommendation

APPROVE with minor changes recommended - The core changes are sound and solve the immediate version mismatch issue. The suggestions above are improvements but not blockers.

Priority fixes before merge:

  1. Add comment explaining version pinning strategy
  2. Verify RPM dependency names
  3. Test on at least one RPM distro

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlexMikhalev