Tauri 2.0 发布候选版
我们非常自豪地最终宣布 Tauri 新主版本的第一个候选发布版。
🌐 We are very proud to finally announce the first release candidate for the new major version of Tauri.
在经历了超过半年的测试版,以及一年多的内测版之后,我们终于到了认为 Tauri 2 已经稳定的阶段,并且不再预期会有破坏性变化。
🌐 After over half a year of beta versions, following over a year of alpha versions we are finally at the point where we consider Tauri 2 stabilized and do no longer expect breaking changes.
我们希望使用一个相对较短的候选发布周期,以便专注于我们的文档和重要的错误修复,这些问题是由我们出色的社区和工作组成员报告的。
🌐 We want to use a comparably short release candidate time frame to focus on our documentation and important bug fixes, which have been reported by our awesome community and working group members.
本文末尾可以找到一个简化的 TL;DR。
🌐 A simplified TL;DR can be found at the end of this post.
🌐 The Road to Stable and Beyond
通过这个候选版本,我们希望传达我们对正式发布的期望和时间表。
🌐 With this release candidate we want to communicate our expectations and timeline for the stable release.
我们被无数次问到“Wen Tauri 2.0?”,并且总是给出宽泛的回答。尤其是在开源项目中,过度承诺可能会迅速让开发者和维护者感到精疲力尽,或者导致失望的用户发布愤怒的评论。
🌐 We have been asked countless times “Wen Tauri 2.0?” and always gave broad answers. Especially in open source projects overpromising can be a quick way to burn out developers and maintainers or lead to angry comments from disappointed adopters.
这是长时间处于 alpha 和 beta 阶段以及我们为何推迟发布候选版本的原因之一,因为我们致力于把事情做好并使其易于使用。
🌐 This is one of the reasons for the long alpha and beta stage and why we waited with the release candidate, as we strive to get things right and simple to use.
另一个原因是,我们在这个主要版本上犯了过度承诺的错误,声称将“_mobile 作为一等公民”,而在过去几个月中我们意识到,我们只能自己为移动端建立基础,并且需要与社区和采用者一起迭代,才能做到正确。
🌐 Another reason is that we made the mistake of overpromising this major version with “mobile as a first class citizen” and realized over the past months that we can only build the foundation for mobile on our own and need to iterate on this together with the community and our adopters to get it right.
这并不意味着移动端已损坏或不受支持。我们的官方插件库中有移动插件,并且我们也见过开发者在 Android 和 iOS 上使用 Tauri 构建了很酷的应用。
🌐 This doesn’t mean that mobile is broken and unsupported. We have mobile plugins in our official plugin repository and have seen developers who have built cool apps on Android and iOS with Tauri.
我们的合作伙伴 CrabNebula 还向我们提供了关于他们在为客户构建或支持移动应用时开发者体验有多简单(或复杂)的反馈。他们甚至在工作中贡献了多个移动插件(NFC、条码扫描器、生物识别、触觉反馈、地理定位)。
🌐 Our partner CrabNebula also provided us with feedback on how easy (or complicated) the developer experience was when they built or supported mobile applications for customers. They even contributed multiple mobile plugins (NFC, Barcode Scanner, Biometric, Haptics, Geolocation) as part of their work.
我们认为移动端的开发体验还有改进的空间,并且我们也承认,并非所有桌面端的功能和插件都已移植或在移动端可用。
🌐 We see improvements to be made in the development experience for mobile and we acknowledge that not all of our desktop features and plugins are ported or available on mobile yet.
这使我们不得不说,我们不想让大家对 Tauri 2.0 抱有“移动是一级公民”发布版本的期望,但我们想明确表示,你现在就可以使用 Tauri 开发可用于生产的移动应用。
🌐 This causes us to say that we don’t want to raise expectations that Tauri 2.0 will be the “mobile as a first class citizen” release but we want to make clear that you can develop production ready mobile applications with Tauri NOW.
在此发布候选版本之后,你可以期待稳定版有以下表现:
🌐 What you can expect from stable after this release candidate is:
- 更清晰且全面的文档
- 较少阻碍有效使用的关键错误
我们计划在八月底发布2.0的稳定版本。在撰写本文时,这将允许大约四周的候选版本周期。
🌐 We plan to release the stable version for 2.0 in the end of August. This will, at the time of writing, allow for a ~4 week release candidate cycle.
在稳定版本发布之后,我们的重点将转向尽可能提供功能上的一致性,并改善移动端的开发流程。这将在 Tauri 的小版本更新中实现。
🌐 After the stable release our focus will be shifting to providing feature parity wherever possible and to improve the development process for mobile. This will happen in minor releases of Tauri.
功能一致性和插件开发将与 Tauri 的主要版本保持一致,但在很大程度上将独立于 Tauri 核心功能,并在我们的 plugin-workspace 仓库中进行。
🌐 Feature parity and plugin development will be aligned with major versions of Tauri but will be mostly independent from Tauri core features and happen in our plugin-workspace repository.
开发者体验对我们来说是一个非常重要的话题。如果你有改进建议或想自己改进现状,请随时通过提交 PR、提出问题或在我们的 Discord 服务器上进行友好交流联系我们。
🌐 Developer experience is a very important topic for us. If you have improvement suggestions or want to improve the status quo on your own please do not hesitate to reach out with PRs, issues or friendly conversations on our discord server.
🌐 Breaking Changes
在我们进入之前讨论过的“不再有破坏性更改”预期阶段之前,我们从我们的角度出发,前一段时间讨论并计划了一些必要的破坏性更改。
🌐 Before we enter the “no more breaking changes” expectation phase we discussed and planned some from our perspective necessary breaking changes a while ago.
这些变化影响了很多开发者,所以我们希望将它们打包,并尽可能让从最新测试版升级到候选发布版或稳定版的过程变得无痛。
🌐 These changes affect a lot of developers, so we wanted to bundle them and make it as painless as possible to upgrade from the latest beta to release candidate or stable.
对于应用开发者,我们在权限中引用核心插件的方式有重大更改。
🌐 For app developers we have breaking changes in how core plugins are referenced in the permissions.
你应该能够自动从最新的测试版迁移到候选发布版。要成功进行此操作,你必须确保使用的是 Tauri CLI 的最新版本(RC 而不是测试版)。
🌐 You should be able to automatically migrate from the latest beta to release candidate. For this to succeed you must be sure to be on the latest (RC not beta) version of the Tauri CLI.
否则请阅读下面的详细部分 这里 说明更改内容以及如何手动迁移。
🌐 Otherwise please read the detailed section below explaining the changes and how to manually migrate.
对于将 Tauri 作为库的下游使用者或研究 Tauri 内部结构的应用开发者,我们有一个更大的重构你应该看看。
🌐 For downstream consumers of Tauri as a library or app developers fiddling with the internals of Tauri we have a bigger refactor you should check out.
🌐 Tauri Core Plugins
在 Tauri 2.0 中,我们将大部分 1.x 核心功能迁移到了独立的插件中,这使我们能够独立于 Tauri 核心对这些功能进行迭代,并降低了新贡献者在功能方面的门槛。
🌐 With Tauri 2.0 we migrated most of the 1.x core functionality into separate plugins, which allows us to iterate on these independently of Tauri’s core and lowers the barrier for first contributors on functionality.
此次迁移还包括将一些功能保留在 Tauri 内部,作为伪插件。完全合格的插件需要实现 Plugin Trait,并且需要是遵循 tauri-plugin-<plugin name> 命名规则的独立 crates。对于核心插件,第二个条件是不可能的,因为我们会在 Tauri 上产生循环依赖。因此我们创建了伪插件,这些插件总是由 Tauri 自己初始化,并且只实现插件 trait。例如有 window、path 或 webview。目前,这些插件可以在你的 Tauri 应用的 capabilities 中如下使用:
🌐 This migration also included keeping some functionality inside Tauri as pseudo plugins. Fully qualified plugins need to implement the Plugin Trait and need to be individual crates following the tauri-plugin-<plugin name> naming scheme. For core plugins, the second condition was not possible as we would have circular dependencies on Tauri. So we created pseudo plugins, which are always initialized by Tauri itself and only implement the plugin trait. These are for example window, path or webview. Right now these are allowed in the capabilities of your Tauri application in the following way:
..."permissions": [ "path:default", "event:default", "window:default", "app:default", "image:default", "resources:default", "menu:default", "tray:default"]...这有多个问题:
🌐 This has multiple problems:
- 任何名字冲突的插件包都会破坏我们的构建流程(例如
tauri-plugin-window包)以及我们用于添加插件的命令行工具(例如cargo tauri add window) - 我们不能使用任何已被现有插件使用的核心伪插件命名(例如,如果我们想创建
tauri-plugin-mobile-core,而它已经被使用,我们将遇到第一个问题) - 开发者在查看功能时不清楚什么是核心插件,什么是专用插件
我们的方法是为核心插件使用固定的命名空间,这一点由 Tauri 核心进行记录和强制执行。所有以 core: 开头的插件或插件名称为 core 的插件现在都被视为核心伪插件,只有当它们在 Tauri 代码库中时才会被初始化。
🌐 Our approach is to use a fixed namespace for core plugins, which is documented and enforced by the Tauri core. All plugins starting with core: or the plugin name core are now considered core pseudo plugins and will only be initialized if they are in the Tauri codebase.
这将对启用 Tauri 核心功能的所有能力造成重大更改。上述示例将更改为如下所示:
🌐 This will cause a breaking change to all capabilites enabling Tauri core features. The above example will be changed to look like this:
..."permissions": [ "core:path:default", "core:event:default", "core:window:default", "core:app:default", "core:image:default", "core:resources:default", "core:menu:default", "core:tray:default"]...我们还添加了一个新的特殊 core:default 权限集,其中将包含所有核心插件的所有默认权限,因此你可以简化功能配置中的权限样板代码。
🌐 We also added a new special core:default permission set which will contain all default permissions of all core plugins, so you can simplify the permissions boilerplate in your capabilities config.
..."permissions": [ "core:default"]...我们认为核心默认暴露是相对安全可靠的,可以默认启用,即使前端被攻破,其影响也有限。
🌐 We consider the core default exposure to be reasonably secure and safe to enable by default, with limited impact in case of a compromised frontend.
要从最新的测试版迁移,你需要在功能中的所有核心权限标识符前加上 core:,或切换到 core:default 权限并移除旧的核心插件标识符。
🌐 To migrate from the latest beta version you need to prepend all core permission identifiers in your capabilities with core: or switch to the core:default permission and remove old core plugin identifiers.
🌐 Development Server for Mobile
我们对内置开发服务器的网络暴露进行了更改 PR #10437 和 PR #10456。 在 Tauri CLI 2.0.0-rc.0 版本中发布的这些更改,使我们可以在面向 Android 和 iOS 时连接到运行在本地主机上的开发服务器(以前这仅在开发桌面应用时才可能)。
🌐 We introduced changes to the network exposure of the built-in development server PR #10437 and PR #10456. With the changes shipped in the 2.0.0-rc.0 release of the Tauri CLI, we can connect to your development server running on localhost when targetting Android and iOS (previously this was only possible when developing a desktop application).
这意味着你不再需要将你的开发服务器暴露在公共网络上。
🌐 This means you no longer need to expose your development server on the public network.
🌐 Rust API Surface Refactor
通过多个工作组成员的协调努力,我们部分更改了 Rust API 的暴露。这仅影响我们的 Rust API 的使用者,对 Tauri 应用开发者不应产生破坏性变化影响。
🌐 With a coordinated effort between multiple working group members we partially changed our Rust API exposure. This affects only consumers of our Rust API and should have no breaking change impact for Tauri application developers.
这是由最近的安全通告 CVE-2024-35222 促使的,因为修复需要在一个直接公开暴露的结构中引入额外字段,并导致一些项目和内部使用发生破坏性更改。
🌐 This was motivated by a recent security advisory CVE-2024-35222, as the fix needed to introduce additional fields to a structure that was directly publicly exposed and caused breaking changes to some projects and internal usage.
我们得出结论,这种过度曝光将来会阻碍我们,并且会导致不必要的重大更改,所以我们决定从 beta 版本到 RC 版本将是我们实现此功能的最后机会,直到我们开始 Tauri 3.0 的开发之旅。
🌐 We concluded that this overexposure will hinder us in the future and will cause unnecessary breaking changes, so we decided that going from beta to RC will be the last chance for us to implement this until we start down the road of Tauri 3.0.
我们减少了公开暴露的组件数量,这些组件原本是用于内部使用的。此外,我们将公开暴露的结构设置为非穷尽,或者将它们转换为暴露构建器模式或构造函数。在某些情况下,我们添加了一个新的 extend 字段,以便将来可以动态添加。最后,我们确保记录哪些 Tauri 模块被认为是不稳定的。
🌐 We reduced the amount of publicly exposed components, which are meant for internal use. Additionally, we made our publicly exposed structures either non-exhaustive or transformed them into exposing builder patterns or constructors. In some cases we added a new extend field to allow dynamic additions in the future. Finally, we made sure to document which modules of Tauri are considered unstable.
这将帮助我们在不破坏被视为稳定的接口的情况下提供(安全)修复或更改。
🌐 This will help us to provide (security) fixes or changes without breaking interfaces that are considered stable.
请仔细查看在 #10158 拉取请求中介绍和讨论的更改。
🌐 Please take a closer look at the introduced and discussed changes in the #10158 pull request.
🌐 External Security Audit
在这一方面我们已经有一段时间保持沉默,因为我们一直忙于修复和讨论在测试版中发现的问题。
🌐 We have been quiet on this front for some time as we have been busy fixing and discussing issues discovered during the beta versions.
我们从未将版本 2 测试版发布宣传为可在生产环境中使用,但意识到有一些应用已经部署到生产环境中。这导致我们为其中一项发现发布了安全补丁(CVE-2024-35222),该漏洞也被 Tauri 社区成员独立发现。
🌐 We never marketed version 2 beta releases as production ready but were aware of some apps deployed into production. This caused us to announce and distribute a security patch for one of the findings (CVE-2024-35222) which was also independently discovered by a Tauri community member.
所有其他发现已在多个测试版中修复,但我们没有为这些创建公告。我们认为完整的通知可以等到候选发布版本,因为这些发现主要影响开发阶段或没有严重性。
🌐 All other findings were fixed in multiple beta versions but we did not create advisories for these. We concluded a full heads up could wait until the release candidate, as the findings mainly affect the development phase or have no critical severity.
随着发布候选版本的推出,我们将把完整报告添加到我们的存储库中。请花时间阅读报告,了解 RadicallyOpenSecurity 的 @gronke 和 @pcwizz 的出色工作。
🌐 With the release candidate we will add the full report to our repository. Please take your time to read the report and learn more about the awesome work of @gronke and @pcwizz from RadicallyOpenSecurity.
整个审计由NLNet的很棒团队资助,我们非常感激能够处于有幸获得全额资助的外部安全审计的地位。
🌐 The whole audit was funded by the great folks at NLNet and we are super grateful to be in the privileged position to get fully funded external security audits.
🌐 Call to Action
以上所有主题都有一个共同的主题。如果没有社区、我们的工作小组以及其他致力于改善现状的运动的持续支持,这些都是不可能实现的。
🌐 All of the above topics share a common theme. These would not have been possible without the continuous support of the community, our working group and other movements working towards improving the status quo.
在我们准备发布 Tauri 2.0 之前,我们希望确保你的声音被听到,你的 PR 得到认可,并且文档对 你 是有帮助的,以便你能够构建下一代跨平台应用。
🌐 Before we are going to release Tauri 2.0 we want to make sure that your voices are heard, your PRs are acknowledged and the documentation is helpful for YOU so that you can build the next generation of cross platform apps.
目前,我们在 Github 上的工作组有 30 多人,但在我们的 Discord 上参与的人更多。这些很棒的人大多在业余时间参与 Tauri 的工作,极少数例外。我们目前看到一些问题、PR 和讨论的解决时间比我们希望的要长,仍然未解决并保持开放状态。
🌐 Currently we have over 30 people in our working group on Github but even more involved in our Discord. These awesome people are mostly working on Tauri in their free time with very few exceptions. We currently see a number of issues, PRs and discussions being unsolved and open for longer than we would like to.
为了改善这种情况,我们邀请你参与Tauri项目。我们有各种情况,甚至可以接受最微小的贡献。
🌐 To improve this situation we ask YOU to get involved into the Tauri project.We have all kinds of situations where we are able to accept event the tiniest contribution.
如果你熟悉 Tauri 并且在你的使用过程中已经使用过它,请花时间查看 Github 讨论、Github 问题 和我们的 Discord 支持。也许你已经解决了其他刚接触 Tauri 的新用户目前正在遇到的问题。
🌐 If you are familiar with Tauri and have used it already during your journey, please take your time to check out the Github Discussions, Github Issues and our Discord Support. Maybe you have already solved the issues your fellow newcomers to Tauri are experiencing right now.
如果你认为你看到的一些问题是通用的并且应该在某处记录,我们很可能在我们的官方文档中有一个完美的地方来做这件事。
🌐 If you think that some of these problems you have seen are generic and should be documented somewhere we probably have the perfect place for it in our official documentation.
如果想贡献改进或新增内容,我们欢迎在 tauri-docs 仓库提交 PR。不过请确保你已经阅读了 贡献指南。
🌐 To contribute improvements or additions we are open for PRs in the tauri-docs repository. Please make sure you’ve read the guidelines for contribution though.
如果你能够理解并将当前文档翻译成你的母语,我们非常感谢你对我们文档的内容翻译。
🌐 If you are in the position to understand and translate the current documentation into your native language we appreciate content translations to our documentation.
如果你已经关注我们的项目一段时间,但从未做出过贡献,我们很乐意了解是什么阻止了你这样做,以及我们如何可以改进。请通过我们的Discord或Github 讨论与我们联系。
🌐 If you have followed our project for a while but never made a contribution we would be happy to understand what has prevented you from doing so and how we could improve this. Please reach out to us in our Discord or in our Github Discussions.
🌐 Too Long Didn’t Read
- Tauri 2.0 发布候选版现已推出!
- 需要从 beta 进行一些迁移。查看
tauri migrate。 - 2.0 的外部安全审计可在 这里 获得
- 所有发现的问题都已修复,并且修复已被验证
- 在稳定版本发布之前,我们的重点是文档
- Tauri 正在寻找更多的贡献者和社区参与
Tauri 中文网 - 粤ICP备13048890号
Nodejs.cn 旗下网站