pub fn apply_pending_upgrade() -> Result<Option<AppliedUpgrade>>Expand description
Bootstrap entry point: called once at the very top of main() BEFORE
the tokio runtime, TUI, or any heavy init. Three outcomes:
Ok(None)— no pending upgrade, continue normally.Ok(Some(AppliedUpgrade))— staged binary is now live; caller mustre_exec_selfto hand control over.Err(e)— apply failed; caller should log and continue with the OLD binary. We’ve already bumped the attempt counter (or discarded the stage past the cap).
SHA256 is re-verified here even though we verified at download time: a session-external process (backup tool, AV software, buggy sync) could have touched the file between sessions. Verification is cheap compared to installing a corrupted binary.