manawenuz/wz-phone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(desktop): tauri capability for android event listeners + persistent debug keystore
Some checks failed
Mirror to GitHub / mirror (push) Failing after 37s
Details
Build Release Binaries / build-amd64 (push) Failing after 3m45s
Details

Browse Source 
Two related Android-only papercuts found while testing build #4 on a Pixel 6:

1. Frontend was crashing in the WebView with:
       Tauri/Console: Uncaught (in promise) event.listen not allowed.
       Permissions associated with this command: core:event:allow-listen,
       core:event:default
   The desktop build worked fine because Tauri's default capability set
   covers the desktop side. On Android (and iOS) Tauri 2.x is much stricter
   about ACL — without an explicit capabilities/default.json that lists
   "android" in its platforms, the WebView gets zero permissions. Add a
   default capability granting core:default + the event listener perms
   across all five platforms (linux/macOS/windows/android/iOS).

2. Every fresh docker run produced a new ~/.android/debug.keystore, so
   `adb install -r` of a freshly built APK over an already-installed one
   failed with INSTALL_FAILED_UPDATE_INCOMPATIBLE. Mount a persistent host
   volume at /home/builder/.android in build-tauri-android.sh so the same
   debug keystore is reused across builds and `install -r` keeps working.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-04-09 12:02:01 +04:00
parent 7639aaf08d
commit 6b8107504e
2 changed files with 44 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
desktop/src-tauri/capabilities/default.json Normal file
View File

@@ -0,0 +1,26 @@
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "default",
"description": "Default capability — grants core APIs (events, path, window, app, clipboard) to the main window on every platform we ship to.",
"windows": ["main"],
"platforms": [
"linux",
"macOS",
"windows",
"android",
"iOS"
],
"permissions": [
"core:default",
"core:event:default",
"core:event:allow-listen",
"core:event:allow-unlisten",
"core:event:allow-emit",
"core:event:allow-emit-to",
"core:path:default",
"core:window:default",
"core:app:default",
"core:webview:default",
"shell:default"
]
}

20
scripts/build-tauri-android.sh
View File

@@ -109,7 +109,10 @@ if [ "$DO_PULL" = "1" ]; then
echo ">>> git fetch + reset $BRANCH" echo ">>> git fetch + reset $BRANCH"
cd "$BASE_DIR/data/source" cd "$BASE_DIR/data/source"
git reset --hard HEAD 2>/dev/null || true git reset --hard HEAD 2>/dev/null || true
git clean -fd 2>/dev/null || true # NOTE: deliberately do NOT run `git clean -fd` here. It would wipe the
# tauri-generated `desktop/src-tauri/gen/android/` scaffold (gradlew,
# settings.gradle, etc.) which is expensive to recreate and breaks
# subsequent builds with "gradlew not found".
git gc --prune=now 2>/dev/null || true git gc --prune=now 2>/dev/null || true
git fetch origin "$BRANCH" 2>&1 | tail -3 git fetch origin "$BRANCH" 2>&1 | tail -3
git checkout "$BRANCH" 2>/dev/null || git checkout -b "$BRANCH" "origin/$BRANCH" git checkout "$BRANCH" 2>/dev/null || git checkout -b "$BRANCH" "origin/$BRANCH"
@@ -139,6 +142,13 @@ fi
PROFILE_FLAG="--debug" PROFILE_FLAG="--debug"
[ "$BUILD_RELEASE" = "1" ] && PROFILE_FLAG="" [ "$BUILD_RELEASE" = "1" ] && PROFILE_FLAG=""
# Persist ~/.android (where the auto-generated debug.keystore lives) so every
# build is signed with the SAME key. Without this, every fresh container gets
# a new debug keystore and `adb install -r` fails with INSTALL_FAILED_UPDATE_
# INCOMPATIBLE because the signature changed.
mkdir -p "$BASE_DIR/data/cache/android-home"
chown 1000:1000 "$BASE_DIR/data/cache/android-home" 2>/dev/null || true
docker run --rm \ docker run --rm \
--user 1000:1000 \ --user 1000:1000 \
-e DO_INIT="$DO_INIT" \ -e DO_INIT="$DO_INIT" \
@@ -148,6 +158,7 @@ docker run --rm \
-v "$BASE_DIR/data/cache/cargo-git:/home/builder/.cargo/git" \ -v "$BASE_DIR/data/cache/cargo-git:/home/builder/.cargo/git" \
-v "$BASE_DIR/data/cache/target:/build/source/target" \ -v "$BASE_DIR/data/cache/target:/build/source/target" \
-v "$BASE_DIR/data/cache/gradle:/home/builder/.gradle" \ -v "$BASE_DIR/data/cache/gradle:/home/builder/.gradle" \
-v "$BASE_DIR/data/cache/android-home:/home/builder/.android" \
wzp-android-builder \ wzp-android-builder \
bash -c ' bash -c '
set -euo pipefail set -euo pipefail
@@ -158,7 +169,12 @@ npm install --silent 2>&1 | tail -5 || npm install 2>&1 | tail -20
cd src-tauri cd src-tauri
if [ "${DO_INIT}" = "1" ] || [ ! -d gen/android ]; then # Run init if forced, OR if the gradle wrapper is missing. Just checking
# for `gen/android` is not enough — Tauri creates a few subdirectories
# during build (app/, buildSrc/, .gradle/) that survive a partial wipe and
# would make a naive `[ ! -d gen/android ]` check return false even though
# the build wrapper itself is gone.
if [ "${DO_INIT}" = "1" ] || [ ! -x gen/android/gradlew ]; then
echo ">>> cargo tauri android init" echo ">>> cargo tauri android init"
cargo tauri android init 2>&1 | tail -20 cargo tauri android init 2>&1 | tail -20
fi fi