Files
wehub-resource-sync 643e9f9fcb
.NET Tests / test-codebase (push) Waiting to run
Translation Validation / validate-translations (push) Waiting to run
chore: import upstream snapshot with attribution
2026-07-13 13:01:52 +08:00

177 lines
5.8 KiB
Markdown

# UniGetUI Auto-Update Testing Guide (ProductInfo-only path)
This guide validates the ProductInfo-only auto-update flow that reads from `productinfo.json`.
UniGetUI no longer falls back to the legacy updater logic. If the ProductInfo lookup fails, the update check fails.
## Files used
- `testing/productinfo.unigetui.test.json`
- Test artifacts expected by that file:
- `UniGetUI.Installer.x64.exe`
- `UniGetUI.Installer.arm64.exe`
- `UniGetUI.x64.zip`
- `UniGetUI.arm64.zip`
## What is being tested
- Default updater source is ProductInfo-based.
- Product key lookup for `Devolutions.UniGetUI`.
- Architecture-aware installer selection (`x64`/`arm64`, `exe` preferred).
- Hash validation (enabled by default).
- Debug-only override behavior via registry keys under `HKLM\Software\Devolutions\UniGetUI`.
## Release vs Debug behavior
- Release builds honor only `UpdaterProductInfoUrl` from `HKLM\Software\Devolutions\UniGetUI`.
- Release builds ignore `UpdaterProductKey` and all validation-bypass flags.
- Debug builds can read updater overrides from `HKLM\Software\Devolutions\UniGetUI` for local testing.
- Dangerous validation bypasses are for Debug/dev testing only:
- `UpdaterAllowUnsafeUrls`
- `UpdaterSkipHashValidation`
- `UpdaterSkipSignerThumbprintCheck`
- `UpdaterDisableTlsValidation`
## 1) Host the test files locally
From repository root:
```powershell
Push-Location testing
python -m http.server 8080
Pop-Location
```
Make sure these URLs are reachable:
- `http://127.0.0.1:8080/productinfo.unigetui.test.json`
- `http://127.0.0.1:8080/UniGetUI.Installer.x64.exe`
- `http://127.0.0.1:8080/UniGetUI.Installer.arm64.exe`
## 2) Configure updater overrides (test mode)
These steps apply to a Debug build only.
Run in PowerShell:
```powershell
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
New-Item -Path $regPath -Force | Out-Null
# Point updater to local productinfo
Set-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/productinfo.unigetui.test.json'
# Product key inside productinfo JSON
Set-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -Value 'Devolutions.UniGetUI'
# Allow local http URL and local domain for package downloads
Set-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 1
# Keep hash validation enabled for normal test pass
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -Type DWord -Value 0
# Keep signer thumbprint validation enabled for normal test pass
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 0
# Optional only for HTTPS cert troubleshooting in test environments
Set-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -Type DWord -Value 0
```
## 3) Trigger update check in UniGetUI
1. Launch UniGetUI.
2. Go to **Settings → General**.
3. Click **Check for updates**.
Expected result:
- Updater reads the local `productinfo.unigetui.test.json`.
- It picks the correct architecture `exe` installer.
- Download starts and hash is validated.
- Update banner/toast appears when update is ready.
## 4) Negative test: hash mismatch protection
Use one of these methods:
- Replace installer file content but keep original hash in JSON, or
- Edit hash in JSON to an incorrect value.
Expected result:
- Hash validation fails.
- Update is aborted with installer authenticity error.
## 5) Negative test: block unsafe URLs
Set:
```powershell
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 0
```
Expected result with local `http://127.0.0.1` URLs:
- Updater rejects source/download URL as unsafe.
- No installer launch.
## 6) Negative test: broken ProductInfo source
Use one of these methods:
- Point `UpdaterProductInfoUrl` to a missing URL, or
- Point `UpdaterProductInfoUrl` to a malformed JSON file, or
- In a Debug build only, point `UpdaterProductKey` to a non-existent product.
Example:
```powershell
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/does-not-exist.json'
```
Expected result:
- Productinfo check fails.
- UniGetUI reports the update-check failure.
- No fallback source is used.
## 7) Optional: disable signer thumbprint check (test-only)
Use this only if your local installer is unsigned or signed with a non-Devolutions certificate.
```powershell
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 1
```
## 8) Release-build hardening check
Run the same registry override setup against a Release build.
Expected result:
- Release build honors `UpdaterProductInfoUrl` only if it still passes normal source validation.
- Release build ignores `UpdaterProductKey`.
- Release build ignores validation bypass flags.
- Updater uses the configured ProductInfo URL and the built-in `Devolutions.UniGetUI` product key.
## 9) Cleanup after testing
Reset to default production behavior:
```powershell
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -ErrorAction SilentlyContinue
```
With all override values removed, UniGetUI uses:
- `https://devolutions.net/productinfo.json`
- product key `Devolutions.UniGetUI`
- safety checks enabled
- hash validation enabled