tauri-plugin-hdiff-update
Tauri 2 plugin for signed and transactional installed-file updates.
The default permission exposes only:
prepare_file_updatelaunch_file_updateprepare_full_updatelaunch_full_update
Preparation verifies the installed source tree, downloads and verifies a directory patch, applies it to staging, and verifies every target file. Launch starts a non-elevated supervisor; after the application exits it invokes the same signed application binary as a constrained elevated worker. The worker commits managed paths with a journal and rollback backup.
Both directory patches and the official Tauri full installer are prepared in an application-owned disk cache. A verified prepared update is reused instead of downloaded again. When the application starts with a pending update, the bootstrap applies it before the normal UI starts. Full installers are resolved from the official Tauri update manifest and verified with the compiled Minisign public key before they become launchable.
Persistent full-installer updates are intentionally limited to per-machine Windows installations under Program Files. The UAC bootstrap runs from the installed, non-user-writable executable and stages the verified installer in a locked-down ProgramData transaction before launch.
The consuming application must call maybe_run_file_update_helper before Tauri
startup and pass the same compile-time configuration to init(config). Register
the single-instance plugin first. At the start of the primary application's
setup hook, call apply_prepared_update_on_startup; only after it returns false
may normal services and windows start. Call confirm_file_update_startup after
setup succeeds. The trusted public-key ring, application id, current version,
updater public key, main executable, managed paths, and bundled hpatchz path
never come from frontend arguments.
See the repository README and commercial directory update specification for the complete integration contract.