[Feature request]: program update from within program itself

[shpati]

What do you need?

I would like the program to update itself when given the --update switch. I have set up a batch script (update.bat) that does this for me, but I think it should be a functionality within the program.

My batch script is given below. It downloads the latest release file from GitHub, compares to the existing file, and if the files differ it replaces the existing file with the downloaded one.

@echo off
setlocal EnableDelayedExpansion

:: Configuration
set URL=https://github.com/danielmiessler/fabric/releases/latest/download/fabric-windows-amd64.exe
set EXISTING_FILE=fabric.exe
set TEMP_FILE=fabric.temp
set WGET_PATH=busybox wget

:: Download the file using wget
%WGET_PATH% -q "%URL%" -O "%TEMP_FILE%"

:: Check if download was successful
if %ERRORLEVEL% NEQ 0 (
    echo Error downloading file
    del "%TEMP_FILE%" 2>nul
    exit /b 1
)

:: Compare files if existing file exists
if exist "%EXISTING_FILE%" (
    fc /b "%EXISTING_FILE%" "%TEMP_FILE%" > nul
    if !ERRORLEVEL! EQU 0 (
        echo Files are identical. No update needed.
        del "%TEMP_FILE%"
    ) else (
        echo Files are different. Updating...
        del "%EXISTING_FILE%"
        ren "%TEMP_FILE%" "%EXISTING_FILE%"
        echo Update complete.
    )
) else (
    echo Existing file not found. Creating new file...
    move "%TEMP_FILE%" "%EXISTING_FILE%"
    echo File created.
)

endlocal

[jaredmontoya]

Well actually, it's not a common thing for programs(especially cli ones) to self update, that's what package managers are meant for.

I guess you are using Windows, but even windows has chocolatey the package manager and fabric already has a setup_fabric.bat script that uses chocolatey to install the go language compiler that also happens to be a package manager itself and is able to download, compile and install fabric with go install github.com/danielmiessler/fabric@latest

That is not the same as downloading prebuilt fabric binaries but fabric is not a project that takes a lot of time to compile so it's not a big deal.

If you still want to download fabric binaries only I would suggest you to "install" your fabric-update.bat script as a program by adding it to your PATH and instead of hypothetical fabric --update you will execute fabric-update or fabric-update.bat if windows doesn't let you run scripts without a file extension.

If the --update flag is introduced it will be dead binary weight in case fabric is installed to a read-only location, and if the user does not have write permissions to the installation location the user will have to escalate priviliges(if he can) and trust that his fabric binary that he obtained somewhere is not a modified build that has malware in it that will do something else with those priviliges after the update is completed.
Also, as far as I remember windows doesn't let any program's executable be deleted or edited if it's running, how is fabric going to overwrite itself then?

[shpati]

yt-dlp is a popular cli program that runs on windows and can self update, which is a very useful feature. So it is fully possible to do.

Your concerns about read only locations and escalation of privileges are not difficult to address. If the update location is read-only the program can just say so and exit. If the original binary file comes from another source than this fabric github repository I think executing that file is just as risky, with or without the update option. A tampered file could ask for priviledge escalation also when the user uses an existing option like updating patterns. The obvious thing to do in this case is to make sure binaries are downloaded from their official sources.

Doing a quick search I found the cross platform code written in go. See here: https://github.com/minio/selfupdate