Skip to content

Instantly share code, notes, and snippets.

@Zapotek Zapotek/ Secret
Last active Dec 16, 2015

What would you like to do?
Working draft of Arachni's auto-update mechanism.

Working draft of Arachni's auto-update mechanism

Arachni needs an auto-update mechanism so that existing users won't have to keep downloading new packages and enable them to receive bugfixes and features as soon as they become available.

Basing this on Git makes a certain amount of sense as it can update even users who have skipped multiple releases/updates. For the DB side Rails migrations can do the same.

Also, Git hooks can provide some nice possibilities.


The server hosts the Git repositories which contain the updates.

For each supported platform:

mkdir -p <OS>/<arch>.git
cd <OS>/<arch>.git
git init --bare
git update-server-info

The updates should happen over HTTPS with a custom self-signed certificate to prevent MITM attacks.


Creates the self-contained environments for each supported platform, commits them in their relevant local repositories and pushes them to the server.

First of all:

  • Remove the rsync call from and save it as
  • Setup local clones of each server repo.
  • Pass the client-side SSL certs for the update server via .git/config -- enable verify peer for auth and all that.

To push updates/packages for new versions:

  • Of course, make sure the packages actually work with some manual testing.
  • For each package:
    • Extract.
    • rm -rf everything from its relevant repo -- ensures that removed system files will be removed from the repo as well.
    • Move the contents of the new package into its repo.
    • git add . -- Git will sort out the diffs/moves/deletes.
    • git commit -am 'Pushing update for v<version>'
    • git tag -a v<version> -m 'Version <version>'
    • Create super shallow clone of the local repo and package it.
      • git clone file:///path/<OS>/<arch>.git --depth=1 arachni-version-stuff-<OS>-<arch>
      • git log --format=%H v<version>^..v<version> > .git/info/grafts -- Set the graft to the latest tag/version.
      • git reflog expire --expire=now --all
      • git repack -ad # Remove dangling objects from packfiles
      • git prune # Remove dangling loose objects
      • Package arachni-version-stuff-<OS>-<arch> as a tarball.
    • git push --tags -- Push update to the server repo.
  • rsync packages to the server's download directory.


Should ping the update server periodically to see if the remote HEAD is different than the local one -- get remote HEAD with git ls-remote origin -h refs/heads/master.

If so:

git pull # Pull the update.

# Get rid of all revisions but HEAD to save space.
git log --format=%H HEAD^..HEAD > .git/info/grafts
git reflog expire --expire=now --all
git repack -ad  # Remove dangling objects from packfiles
git prune       # Remove dangling loose objects

Moving the previous HEAD to its own branch as a fallback in case the update fucks up would be a good idea.

After that it should:

  • Make a backup of the existing DB.
  • Run migrations to bring the DB up to date.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.