Updates & Channels

Hugin has a built-in updater that checks for new releases, downloads them, verifies the Ed25519 signature, and atomically swaps the binary in place.

🔗Update Channels

Two channels (configured via [update].channel in config.toml):

  • stable (default) — tagged public releases. None have shipped yet (see Changelog for current status); this becomes the recommended channel once releases begin.
  • beta — pre-release builds. Get new features earlier, with the risk of small regressions.

Switch channels by editing your config:

[update]
channel = "beta"
auto_check = true

🔗CLI

Two operations only:

hugin update           # check for and install the latest release on the current channel
hugin update --check   # only check; print whether an update is available, do not install

The --check exit code reflects status (use it in scripts to gate hugin update on availability).

🔗Auto-Check on Launch

When [update].auto_check = true (default), Hugin checks for updates at startup. If an update is available, the GUI shows a banner — the installation step is still manual via hugin update or the UI’s update button.

The last check time is recorded in [update].last_check to throttle the check frequency.

🔗Verification

Every update goes through:

  1. Resolve the latest version on the configured channel
  2. Download the platform-specific binary + .sig sidecar
  3. Verify Ed25519 signature against the embedded public key (not a fetched key — prevents downgrade attacks)
  4. Verify the new version is greater than current
  5. Atomic-swap the binary
  6. Restart

If signature verification fails, the update aborts and a warning is logged in Events. Your existing binary is untouched. See Release Signing for the full signature-verification protocol.

🔗Disabling Auto-Check

For air-gapped or controlled environments:

[update]
auto_check = false

With auto_check = false, Hugin makes no network call related to updates unless you explicitly run hugin update / hugin update --check.

🔗Manual Verification

If you don’t want to trust the auto-updater, download the new binary + .sig from https://github.com/HuginSecurity/Hugin/releases manually and verify with:

hugin verify hugin-darwin-aarch64.dmg

Replace your existing binary by hand after verification.

🔗Caveats

  • Hugin’s updater currently supports check + install on the configured channel. It does not support pinning a specific version, rolling back to a previous version, or running a non-interactive --yes install. To pin or roll back, manage the binary yourself (download a specific release from GitHub).
  • The updater only swaps the hugin binary itself. Dynamic plugins, Lua extensions, and Synaps modules are not auto-updated — manage those independently via hugin scanner update, hugin plugin install, etc.