Self_update: In-place updates for rust executables


#1

Announcing:

self_update

What is it?

self_update provides functionality for embedding a means of updating into standalone executables. Only github releases are currently supported (to complement ci-builds generated via trust), but other backends could easily be added.


#2

Your repository doesn’t specify on which platforms this self-updating works. I am going to assume it is only for Unix, but mentioning the state of this thing for Windows and MacOS would be a good idea.

Another cool extension would be supporting Google’s Courgette for update diffs so the updates are small. Apparently, Google has also published the system on top of Courgette, Omaha. That looks overly complicated.

Anyway, glad to see this. Thanks.


#3

Sorry I missed your comment. CI builds are currently running on linux, mac, and windows, though I’ve only been able to personally test on linux and mac. Supporting update diffs would be interesting! Omaha does look pretty wild…


#4

Interesting work!

It sounds similar to what “Rust-TUF” (The Update Framework) is trying to do.

Are you doing any kind of signature validation?


#5

TUF looks interesting! I’m not doing any validation at the moment. I’m working on exposing the inner workings of self_update so users can easily slap together download/extract/move-replace functionality from a source of their choosing. Adding in validation would certainly be useful, but for now is in the hands of the user.


#6

Which means they’ll probably not do it. Developers, including myself, are incurably lazy…

Sadly, there’s been enough examples in the Android-App world where insecure updates were abused by attackers to peddle malware. Man-in-the-Middle or hijacked DNS is not so theoretical as we think. Of course, there’s also always good-ol’ social-engineering the developer, as happened this week to Chrome’s “web developer” extension this week.

Sorry for sounding so pessimistic, but Snowden had taught us that the pipes we always thought secure are just as hostile as back-alleys near the docks in the middle of the night. And the criminals are always setting up fake hotspots in café’s etc…
Oh, and NotPetya was of course also transported via an infected update server…

Really, if you’re writing an update framework, start with cryptographic signing and verification