177 lines
5.8 KiB
Markdown
177 lines
5.8 KiB
Markdown
# UniGetUI Auto-Update Testing Guide (ProductInfo-only path)
|
|
|
|
This guide validates the ProductInfo-only auto-update flow that reads from `productinfo.json`.
|
|
|
|
UniGetUI no longer falls back to the legacy updater logic. If the ProductInfo lookup fails, the update check fails.
|
|
|
|
## Files used
|
|
|
|
- `testing/productinfo.unigetui.test.json`
|
|
- Test artifacts expected by that file:
|
|
- `UniGetUI.Installer.x64.exe`
|
|
- `UniGetUI.Installer.arm64.exe`
|
|
- `UniGetUI.x64.zip`
|
|
- `UniGetUI.arm64.zip`
|
|
|
|
## What is being tested
|
|
|
|
- Default updater source is ProductInfo-based.
|
|
- Product key lookup for `Devolutions.UniGetUI`.
|
|
- Architecture-aware installer selection (`x64`/`arm64`, `exe` preferred).
|
|
- Hash validation (enabled by default).
|
|
- Debug-only override behavior via registry keys under `HKLM\Software\Devolutions\UniGetUI`.
|
|
|
|
## Release vs Debug behavior
|
|
|
|
- Release builds honor only `UpdaterProductInfoUrl` from `HKLM\Software\Devolutions\UniGetUI`.
|
|
- Release builds ignore `UpdaterProductKey` and all validation-bypass flags.
|
|
- Debug builds can read updater overrides from `HKLM\Software\Devolutions\UniGetUI` for local testing.
|
|
- Dangerous validation bypasses are for Debug/dev testing only:
|
|
- `UpdaterAllowUnsafeUrls`
|
|
- `UpdaterSkipHashValidation`
|
|
- `UpdaterSkipSignerThumbprintCheck`
|
|
- `UpdaterDisableTlsValidation`
|
|
|
|
## 1) Host the test files locally
|
|
|
|
From repository root:
|
|
|
|
```powershell
|
|
Push-Location testing
|
|
python -m http.server 8080
|
|
Pop-Location
|
|
```
|
|
|
|
Make sure these URLs are reachable:
|
|
|
|
- `http://127.0.0.1:8080/productinfo.unigetui.test.json`
|
|
- `http://127.0.0.1:8080/UniGetUI.Installer.x64.exe`
|
|
- `http://127.0.0.1:8080/UniGetUI.Installer.arm64.exe`
|
|
|
|
## 2) Configure updater overrides (test mode)
|
|
|
|
These steps apply to a Debug build only.
|
|
|
|
Run in PowerShell:
|
|
|
|
```powershell
|
|
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
|
|
New-Item -Path $regPath -Force | Out-Null
|
|
|
|
# Point updater to local productinfo
|
|
Set-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/productinfo.unigetui.test.json'
|
|
|
|
# Product key inside productinfo JSON
|
|
Set-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -Value 'Devolutions.UniGetUI'
|
|
|
|
# Allow local http URL and local domain for package downloads
|
|
Set-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 1
|
|
|
|
# Keep hash validation enabled for normal test pass
|
|
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -Type DWord -Value 0
|
|
|
|
# Keep signer thumbprint validation enabled for normal test pass
|
|
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 0
|
|
|
|
# Optional only for HTTPS cert troubleshooting in test environments
|
|
Set-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -Type DWord -Value 0
|
|
```
|
|
|
|
## 3) Trigger update check in UniGetUI
|
|
|
|
1. Launch UniGetUI.
|
|
2. Go to **Settings → General**.
|
|
3. Click **Check for updates**.
|
|
|
|
Expected result:
|
|
|
|
- Updater reads the local `productinfo.unigetui.test.json`.
|
|
- It picks the correct architecture `exe` installer.
|
|
- Download starts and hash is validated.
|
|
- Update banner/toast appears when update is ready.
|
|
|
|
## 4) Negative test: hash mismatch protection
|
|
|
|
Use one of these methods:
|
|
|
|
- Replace installer file content but keep original hash in JSON, or
|
|
- Edit hash in JSON to an incorrect value.
|
|
|
|
Expected result:
|
|
|
|
- Hash validation fails.
|
|
- Update is aborted with installer authenticity error.
|
|
|
|
## 5) Negative test: block unsafe URLs
|
|
|
|
Set:
|
|
|
|
```powershell
|
|
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 0
|
|
```
|
|
|
|
Expected result with local `http://127.0.0.1` URLs:
|
|
|
|
- Updater rejects source/download URL as unsafe.
|
|
- No installer launch.
|
|
|
|
## 6) Negative test: broken ProductInfo source
|
|
|
|
Use one of these methods:
|
|
|
|
- Point `UpdaterProductInfoUrl` to a missing URL, or
|
|
- Point `UpdaterProductInfoUrl` to a malformed JSON file, or
|
|
- In a Debug build only, point `UpdaterProductKey` to a non-existent product.
|
|
|
|
Example:
|
|
|
|
```powershell
|
|
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/does-not-exist.json'
|
|
```
|
|
|
|
Expected result:
|
|
|
|
- Productinfo check fails.
|
|
- UniGetUI reports the update-check failure.
|
|
- No fallback source is used.
|
|
|
|
## 7) Optional: disable signer thumbprint check (test-only)
|
|
|
|
Use this only if your local installer is unsigned or signed with a non-Devolutions certificate.
|
|
|
|
```powershell
|
|
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 1
|
|
```
|
|
|
|
## 8) Release-build hardening check
|
|
|
|
Run the same registry override setup against a Release build.
|
|
|
|
Expected result:
|
|
|
|
- Release build honors `UpdaterProductInfoUrl` only if it still passes normal source validation.
|
|
- Release build ignores `UpdaterProductKey`.
|
|
- Release build ignores validation bypass flags.
|
|
- Updater uses the configured ProductInfo URL and the built-in `Devolutions.UniGetUI` product key.
|
|
|
|
## 9) Cleanup after testing
|
|
|
|
Reset to default production behavior:
|
|
|
|
```powershell
|
|
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
|
|
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -ErrorAction SilentlyContinue
|
|
Remove-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -ErrorAction SilentlyContinue
|
|
```
|
|
|
|
With all override values removed, UniGetUI uses:
|
|
|
|
- `https://devolutions.net/productinfo.json`
|
|
- product key `Devolutions.UniGetUI`
|
|
- safety checks enabled
|
|
- hash validation enabled
|