Improve auto-updater

[luclu]

Rationale

Currently we deployed a rather simple update-checker within Mist - it will query the github releases and show a popup window with a link to the github release page if a newer version corresponding to the version_tag of the release is found. This has the disadvantage of requiring the user to manually download and replace the app. An integrated (one-click) updater workflow is pursued.

Proposal

Using electron's built-in auto-updater this process can easily be automated.

Requirements

1. automatically and manually check for update
2. download and replace/install the new version
3. compatibility with swarm (with fallback webserver/github mode)

optional:

1. query and show release notes (ideally with MIME type content) (code-snippet)

Possible solutions

• dedicated server (for checking and/or update uploading)

  • https://github.com/GitbookIO/nuts
  • https://github.com/Aluxian/squirrel-updates-server
  • https://github.com/ArekSredzki/electron-release-server
  • https://github.com/Arcath/squirrel-release-server
  • similarities:
    • work with Github as content host
    • require specific format of release asset names
    • not easily swarm compatible

• node module only (no dedicated checking/update server)

  • a) https://github.com/megahertz/electron-simple-updater
    • macOS (Squirrel.Mac)
    • Windows (Squirrel.Windows)
    • Linux (for AppImage format)
  • b) https://www.npmjs.com/package/electron-updater
    • macOS (Squirrel.Mac)
    • Windows (NSIS)

Implementation

Using the node module only approach no dedicated release server is required. Instead a simple JSON file containing versions/OS/download-links will be hosted within the Github Mist Repo (queried from master branch). Furthermore this approach will allow for an easy integration of a fully swarm based updater backend.

In order to support Windows NSIS based updater as well as Linux AppImage both node-modules a) and b) have to be used for now.

Providing Linux builds in the AppImage format will allow us to escape the distributions own package managers, thus reducing the complexity of our build system and the workload of maintaining distribution specific package repositories while giving the user the option for auto-updates (Note: this breaks with traditional Linux conventions and resembles the macOS update model).

Security

• Squirrel updater will make use of the code-signing signature to verify integrity and authenticity
• [to check] does NSIS updater already support verification of code-signing signature as advertised?
• Linux AppImage will require traditional checksums

Swarm

Ideally the uploading of the binaries and the JSON config file will be done by Travis using an updated gulp task queue uploadBinaries. To preserve integrity a local swarm node should be used.

The update of the manifest hash should be done using a multisig process using dedicated accounts of the repo devs. This will eliminate a central point of failure while preserving the flexibility in an event of unforeseeable issues.

Dependendcies

• [electron-builder] add linux binary format "AppImage" to allow auto-updating
• [travis] update build config to leverage build stages (improve flexibility and manageability)

Tasks

• integrate auto-updater frontend using node-modules a) and b)
• integrate github backend
• integrate swarm backend
  • gulp based swarm uploader
  • deploy multisig manifest update infrastructure

[probonopd]

Hi, AppImage lead developer here. Let me know if I can help implementing your solution using AppImage.