5.8 KiB
5.8 KiB
UniGetUI Auto-Update Testing Guide (ProductInfo-only path)
This guide validates the ProductInfo-only auto-update flow that reads from productinfo.json.
UniGetUI no longer falls back to the legacy updater logic. If the ProductInfo lookup fails, the update check fails.
Files used
testing/productinfo.unigetui.test.json- Test artifacts expected by that file:
UniGetUI.Installer.x64.exeUniGetUI.Installer.arm64.exeUniGetUI.x64.zipUniGetUI.arm64.zip
What is being tested
- Default updater source is ProductInfo-based.
- Product key lookup for
Devolutions.UniGetUI. - Architecture-aware installer selection (
x64/arm64,exepreferred). - Hash validation (enabled by default).
- Debug-only override behavior via registry keys under
HKLM\Software\Devolutions\UniGetUI.
Release vs Debug behavior
- Release builds honor only
UpdaterProductInfoUrlfromHKLM\Software\Devolutions\UniGetUI. - Release builds ignore
UpdaterProductKeyand all validation-bypass flags. - Debug builds can read updater overrides from
HKLM\Software\Devolutions\UniGetUIfor local testing. - Dangerous validation bypasses are for Debug/dev testing only:
UpdaterAllowUnsafeUrlsUpdaterSkipHashValidationUpdaterSkipSignerThumbprintCheckUpdaterDisableTlsValidation
1) Host the test files locally
From repository root:
Push-Location testing
python -m http.server 8080
Pop-Location
Make sure these URLs are reachable:
http://127.0.0.1:8080/productinfo.unigetui.test.jsonhttp://127.0.0.1:8080/UniGetUI.Installer.x64.exehttp://127.0.0.1:8080/UniGetUI.Installer.arm64.exe
2) Configure updater overrides (test mode)
These steps apply to a Debug build only.
Run in PowerShell:
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
New-Item -Path $regPath -Force | Out-Null
# Point updater to local productinfo
Set-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/productinfo.unigetui.test.json'
# Product key inside productinfo JSON
Set-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -Value 'Devolutions.UniGetUI'
# Allow local http URL and local domain for package downloads
Set-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 1
# Keep hash validation enabled for normal test pass
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -Type DWord -Value 0
# Keep signer thumbprint validation enabled for normal test pass
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 0
# Optional only for HTTPS cert troubleshooting in test environments
Set-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -Type DWord -Value 0
3) Trigger update check in UniGetUI
- Launch UniGetUI.
- Go to Settings → General.
- Click Check for updates.
Expected result:
- Updater reads the local
productinfo.unigetui.test.json. - It picks the correct architecture
exeinstaller. - Download starts and hash is validated.
- Update banner/toast appears when update is ready.
4) Negative test: hash mismatch protection
Use one of these methods:
- Replace installer file content but keep original hash in JSON, or
- Edit hash in JSON to an incorrect value.
Expected result:
- Hash validation fails.
- Update is aborted with installer authenticity error.
5) Negative test: block unsafe URLs
Set:
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 0
Expected result with local http://127.0.0.1 URLs:
- Updater rejects source/download URL as unsafe.
- No installer launch.
6) Negative test: broken ProductInfo source
Use one of these methods:
- Point
UpdaterProductInfoUrlto a missing URL, or - Point
UpdaterProductInfoUrlto a malformed JSON file, or - In a Debug build only, point
UpdaterProductKeyto a non-existent product.
Example:
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/does-not-exist.json'
Expected result:
- Productinfo check fails.
- UniGetUI reports the update-check failure.
- No fallback source is used.
7) Optional: disable signer thumbprint check (test-only)
Use this only if your local installer is unsigned or signed with a non-Devolutions certificate.
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 1
8) Release-build hardening check
Run the same registry override setup against a Release build.
Expected result:
- Release build honors
UpdaterProductInfoUrlonly if it still passes normal source validation. - Release build ignores
UpdaterProductKey. - Release build ignores validation bypass flags.
- Updater uses the configured ProductInfo URL and the built-in
Devolutions.UniGetUIproduct key.
9) Cleanup after testing
Reset to default production behavior:
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -ErrorAction SilentlyContinue
With all override values removed, UniGetUI uses:
https://devolutions.net/productinfo.json- product key
Devolutions.UniGetUI - safety checks enabled
- hash validation enabled