ContextQMD
Back to Unigetui

UniGetUI Auto-Update Testing Guide (ProductInfo-only path)

testing/UPDATE-TESTING.md

2026.1.85.7 KB
Original Source

UniGetUI Auto-Update Testing Guide (ProductInfo-only path)

This guide validates the ProductInfo-only auto-update flow that reads from productinfo.json.

UniGetUI no longer falls back to the legacy updater logic. If the ProductInfo lookup fails, the update check fails.

Files used

  • testing/productinfo.unigetui.test.json
  • Test artifacts expected by that file:
    • UniGetUI.Installer.x64.exe
    • UniGetUI.Installer.arm64.exe
    • UniGetUI.x64.zip
    • UniGetUI.arm64.zip

What is being tested

  • Default updater source is ProductInfo-based.
  • Product key lookup for Devolutions.UniGetUI.
  • Architecture-aware installer selection (x64/arm64, exe preferred).
  • Hash validation (enabled by default).
  • Debug-only override behavior via registry keys under HKLM\Software\Devolutions\UniGetUI.

Release vs Debug behavior

  • Release builds honor only UpdaterProductInfoUrl from HKLM\Software\Devolutions\UniGetUI.
  • Release builds ignore UpdaterProductKey and all validation-bypass flags.
  • Debug builds can read updater overrides from HKLM\Software\Devolutions\UniGetUI for local testing.
  • Dangerous validation bypasses are for Debug/dev testing only:
    • UpdaterAllowUnsafeUrls
    • UpdaterSkipHashValidation
    • UpdaterSkipSignerThumbprintCheck
    • UpdaterDisableTlsValidation

1) Host the test files locally

From repository root:

powershell
Push-Location testing
python -m http.server 8080
Pop-Location

Make sure these URLs are reachable:

  • http://127.0.0.1:8080/productinfo.unigetui.test.json
  • http://127.0.0.1:8080/UniGetUI.Installer.x64.exe
  • http://127.0.0.1:8080/UniGetUI.Installer.arm64.exe

2) Configure updater overrides (test mode)

These steps apply to a Debug build only.

Run in PowerShell:

powershell
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
New-Item -Path $regPath -Force | Out-Null

# Point updater to local productinfo
Set-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/productinfo.unigetui.test.json'

# Product key inside productinfo JSON
Set-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -Value 'Devolutions.UniGetUI'

# Allow local http URL and local domain for package downloads
Set-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 1

# Keep hash validation enabled for normal test pass
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -Type DWord -Value 0

# Keep signer thumbprint validation enabled for normal test pass
Set-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 0

# Optional only for HTTPS cert troubleshooting in test environments
Set-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -Type DWord -Value 0

3) Trigger update check in UniGetUI

  1. Launch UniGetUI.
  2. Go to Settings → General.
  3. Click Check for updates.

Expected result:

  • Updater reads the local productinfo.unigetui.test.json.
  • It picks the correct architecture exe installer.
  • Download starts and hash is validated.
  • Update banner/toast appears when update is ready.

4) Negative test: hash mismatch protection

Use one of these methods:

  • Replace installer file content but keep original hash in JSON, or
  • Edit hash in JSON to an incorrect value.

Expected result:

  • Hash validation fails.
  • Update is aborted with installer authenticity error.

5) Negative test: block unsafe URLs

Set:

powershell
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterAllowUnsafeUrls' -Type DWord -Value 0

Expected result with local http://127.0.0.1 URLs:

  • Updater rejects source/download URL as unsafe.
  • No installer launch.

6) Negative test: broken ProductInfo source

Use one of these methods:

  • Point UpdaterProductInfoUrl to a missing URL, or
  • Point UpdaterProductInfoUrl to a malformed JSON file, or
  • In a Debug build only, point UpdaterProductKey to a non-existent product.

Example:

powershell
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterProductInfoUrl' -Value 'http://127.0.0.1:8080/does-not-exist.json'

Expected result:

  • Productinfo check fails.
  • UniGetUI reports the update-check failure.
  • No fallback source is used.

7) Optional: disable signer thumbprint check (test-only)

Use this only if your local installer is unsigned or signed with a non-Devolutions certificate.

powershell
Set-ItemProperty -Path 'HKLM:\Software\Devolutions\UniGetUI' -Name 'UpdaterSkipSignerThumbprintCheck' -Type DWord -Value 1

8) Release-build hardening check

Run the same registry override setup against a Release build.

Expected result:

  • Release build honors UpdaterProductInfoUrl only if it still passes normal source validation.
  • Release build ignores UpdaterProductKey.
  • Release build ignores validation bypass flags.
  • Updater uses the configured ProductInfo URL and the built-in Devolutions.UniGetUI product key.

9) Cleanup after testing

Reset to default production behavior:

powershell
$regPath = 'HKLM:\Software\Devolutions\UniGetUI'
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductInfoUrl' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterProductKey' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterAllowUnsafeUrls' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipHashValidation' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterSkipSignerThumbprintCheck' -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $regPath -Name 'UpdaterDisableTlsValidation' -ErrorAction SilentlyContinue

With all override values removed, UniGetUI uses:

  • https://devolutions.net/productinfo.json
  • product key Devolutions.UniGetUI
  • safety checks enabled
  • hash validation enabled