tauri-plugin-hdiff-update
Tauri v2 plugin for signed HDiffPatch differential installer updates.
Install
[]
= "0.1"
Register the plugin:
default
.plugin
Enable the production permission set:
"hdiff-update:default"
The default permission only exposes the production update path:
download_and_applydownload_and_installtry_install_with_cached_installer
The release-lab commands are intentionally excluded from the default permission set.
Smart Cached Installer Command
For production apps, prefer this flow:
@tauri-apps/plugin-updater check()
-> plugin:hdiff-update|try_install_with_cached_installer
-> if status === "fallback", call update.downloadAndInstall()
The smart command never downloads the full installer. It only uses a cached installer whose computed SHA-256 matches a signed manifest delta source.
import { Channel, invoke } from "@tauri-apps/api/core";
const onEvent = new Channel();
onEvent.onmessage = (event) => console.log(event);
const result = await invoke("plugin:hdiff-update|try_install_with_cached_installer", {
options: {
update: {
manifestUrl: "https://updates.example.com/latest.json",
expectedVersion: update.version,
currentVersion: "0.1.0",
hpatchzPath: "C:\\Program Files\\xCodex\\resources\\bin\\hpatchz.exe",
signaturePublicKey: "base64-ed25519-public-key",
requireSignature: true,
headers: [{ name: "Authorization", value: "Bearer short-lived-token" }],
},
installerArgs: [],
},
onEvent,
});
if (result.status === "fallback") {
await update.downloadAndInstall();
}
Seed the cache by copying the installer that installed the app into:
<app-data-dir>/hdiff-update/installers/artifacts/
Keep only the current installer's file in that directory. The plugin writes
reconstructed target installers to pending/; the installer promotes itself to
the durable cache only after installation succeeds.