Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/inconshreveable/go-update

Package Overview
Dependencies
0
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
g

github.com/inconshreveable/go-update

v0.0.0-20160112193335-8152e7eb6ccf
Source
Go
96

Supply Chain Security

100

Vulnerability

100

Quality

100

Maintenance

100

License

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Version published
Created
Issues
25
Source

go-update: Build self-updating Go programs godoc reference

Package update provides functionality to implement secure, self-updating Go programs (or other single-file targets) A program can update itself by replacing its executable file with a new version.

It provides the flexibility to implement different updating user experiences like auto-updating, or manual user-initiated updates. It also boasts advanced features like binary patching and code signing verification.

Example of updating from a URL:

import (
    "fmt"
    "net/http"

    "github.com/inconshreveable/go-update"
)

func doUpdate(url string) error {
    resp, err := http.Get(url)
    if err != nil {
        return err
    }
    defer resp.Body.Close()
    err := update.Apply(resp.Body, update.Options{})
    if err != nil {
        // error handling
    }
    return err
}

Features

  • Cross platform support (Windows too!)
  • Binary patch application
  • Checksum verification
  • Code signing verification
  • Support for updating arbitrary files

equinox.io

equinox.io is a complete ready-to-go updating solution built on top of go-update that provides:

  • Hosted updates
  • Update channels (stable, beta, nightly, ...)
  • Dynamically computed binary diffs
  • Automatic key generation and code
  • Release tooling with proper code signing
  • Update/download metrics

API Compatibility Promises

The master branch of go-update is not guaranteed to have a stable API over time. For any production application, you should vendor your dependency on go-update with a tool like git submodules, gb or govendor.

The go-update package makes the following promises about API compatibility:

  • A list of all API-breaking changes will be documented in this README.
  • go-update will strive for as few API-breaking changes as possible.

API Breaking Changes

  • Sept 3, 2015: The Options struct passed to Apply was changed to be passed by value instead of passed by pointer. Old API at 28de026.
  • Aug 9, 2015: 2.0 API. Old API at 221d034 or gopkg.in/inconshreveable/go-update.v0.

License

Apache

FAQs

Package last updated on 12 Jan 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts