Update command #80

No checksum verification. The binary is downloaded over HTTPS and written directly to disk with no integrity check. If the release includes a checksums asset (common), you should verify the download against it

👍 1

crates/my_hypervisor-cli/src/commands/update.rs Outdated

					
				@ -0,0 +63,4 @@

				    let asset = find_binary_asset(&release.assets)?;

				    println!(

If you want we can add a progress indicator (suggestion)

rawan marked this conversation as resolved

crates/my_hypervisor-cli/src/commands/update.rs Outdated

					
				@ -0,0 +68,4 @@

				        asset.name

				    );

				    let bytes = client

consider a timeout here to not block forever

rawan marked this conversation as resolved

crates/my_hypervisor-cli/src/commands/update.rs Outdated

					
				@ -0,0 +79,4 @@

				        .await

				        .context("failed to read download body")?;

				    let current_exe = std::env::current_exe().context("failed to determine current binary path")?;

can be unreliable on some platforms (e.g., if the binary was invoked via a symlink). If this is always Linux, it's generally fine via /proc/self/exe, but we can add a comment

rawan marked this conversation as resolved

rawan added 1 commit

2026-04-07 08:54:40 +00:00

feat: checksum verification of binaries

Create Release / build (linux-amd64-musl, true, x86_64-unknown-linux-musl) (push) Successful in 1m31s

Details

Unit and Integration Test / test (push) Successful in 2m14s

Details

e494a3fd3c

rawan added 1 commit

2026-04-07 09:18:04 +00:00

feat: download progress

Unit and Integration Test / test (push) Successful in 3m9s

Details

6a74899696

rawan added 1 commit

2026-04-07 09:31:25 +00:00

refactor: execute

Unit and Integration Test / test (push) Successful in 3m34s

Details

1d3c76b794

rawan added 1 commit

2026-04-07 09:58:12 +00:00

feat: added download timeout, linux exe comment

Create Release / build (linux-amd64-musl, true, x86_64-unknown-linux-musl) (push) Successful in 55s

Details

Unit and Integration Test / test (push) Successful in 2m23s

Details

32bc195d2e

rawan commented

2026-04-07 10:00:46 +00:00

The update command now includes SHA256 checksum verification of downloaded binaries. The release workflow (.forgejo/workflows/release.yaml) has been updated to generate and upload a checksums.txt asset alongside the binaries.

Important: This branch must be merged before cutting the next release. Releases created from older workflow versions won't include checksums.txt, and the update command will print a warning and skip verification. The first release after this merge will be the first one with full integrity verification.

The update command now includes `SHA256` checksum verification of downloaded binaries. The release workflow `(.forgejo/workflows/release.yaml)` has been updated to generate and upload a `checksums.txt` asset alongside the binaries. **Important**: This branch must be merged before cutting the next release. Releases created from older workflow versions won't include checksums.txt, and the update command will print a warning and skip verification. The first release after this merge will be the first one with full integrity verification.

rawan requested review from rawdaGastan

2026-04-07 10:00:51 +00:00

rawdaGastan approved these changes

2026-04-07 12:21:00 +00:00

rawan merged commit 97cc1f814f into development

2026-04-07 13:38:17 +00:00

rawan deleted branch development_update

2026-04-07 13:38:17 +00:00

rawan referenced this pull request from a commit

2026-04-07 13:38:18 +00:00

Merge pull request 'Update command' (#80) from development_update into development

Sign in to join this conversation.