Secure Discord updater that verifies transport/checksums and can hijack the desktop launcher.
Project description
discord-autoupdate-secure
discord-autoupdate-secure makes the Linux Discord client behave like a trusted, self-updating application: every launch verifies the transport, checksums the .deb, installs only if it matches Discord’s own digest, and then hands control back to the regular app. It also ships with a shortcut bootstrapper so the stock “Discord” icon routes through this hardened updater. Source is hosted on GitHub at https://github.com/curvedinf/discord-autoupdate-secure.
Quick start (recommended flow)
-
Install the CLI (isolated)
Use pipx (preferred):pipx install discord-autoupdate-secure
Or pip in user mode:
pip install --user discord-autoupdate-secure
Installing into system site-packages with
sudo pipis discouraged. -
Bootstrap the desktop shortcut (installs Discord if needed)
discord-autoupdate-secure --bootstrapThis installs Discord when missing and rewrites the launcher for the current user. Run once per user account; the pip install step does not touch desktop files.
-
Launch Discord normally
Use your desktop’s Discord shortcut as usual. It now runsdiscord-autoupdate-securefirst, which checks for updates, elevates when approved, installs if required, and finally launches Discord.
What the bootstrapper changes
Running --bootstrap drops a managed discord.desktop into ~/.local/share/applications:
- The tool clones the current Discord desktop entry when possible so icons, categories, translations, and Flatpak/Snap flags remain intact.
- Only the
Exec=line is rewritten to point atdiscord-autoupdate-secure; any original command-line options are preserved. - Existing user-level entries are backed up as
discord.desktop.bak,.bak1, etc. so you can revert if needed. - If Discord is not installed yet, the bootstrapper downloads and installs the latest
.debfirst so the icon and desktop metadata exist before rewriting the launcher. - Menus that honor the FreeDesktop spec (GNOME, Xfce/Xubuntu, KDE Plasma, Cinnamon, Budgie, etc.) automatically pick up the change. Reopen your menu or log out/in if you don’t see the new entry immediately.
- Re-run
discord-autoupdate-secure --bootstrapwhenever you want to refresh or repair the shortcut.
Everyday commands
| Command | Purpose |
|---|---|
discord-autoupdate-secure |
Check for updates, install if needed, then launch Discord. |
discord-autoupdate-secure --update |
Update Discord only; do not launch afterward. |
discord-autoupdate-secure --check |
Print installed vs. latest versions without installing. |
discord-autoupdate-secure --bootstrap |
(Re)install the managed desktop shortcut for the current user. |
During an update the tool uses Tk to confirm you actually want to elevate. Redirects that leave Discord-owned domains or downloads that fail the MD5 digest published by Discord are rejected with an explanation.
Troubleshooting
- “Could not find Discord executable.” The CLI expects
discord(orDiscord) in yourPATH. If you installed via Snap/Flatpak, ensure the binary is exposed or edit the desktop file to point to the wrapper you use. - “Refusing untrusted download host.” Captive portals and filtering proxies sometimes rewrite the download URL. Retry on a trusted connection and make sure
discord.comresolves correctly. - Checksum mismatch / dpkg failure. The
.debmay have changed mid-download or your package database is in a bad state. Rundiscord-autoupdate-secure --updatefrom a terminal to see full logs, then inspect/var/log/apt/term.log. - Desktop icon didn’t change. Run
discord-autoupdate-secure --bootstrapagain, then refresh your desktop database viaupdate-desktop-database ~/.local/share/applicationsor log out/in.
Publish to PyPI
This project uses the same lightweight workflow as ../wove.
- Create
~/.pypircwith your PyPI/TestPyPI API tokens. - Bump the version in
pyproject.tomland rebuild any artifacts if needed. - Run the helper script (it activates
.venv, installs the publish requirements, and mirrors the wove process):./publish.sh
The script wipesdist/, installsbuildandtwine, runspython -m build, and uploads everything indist/viatwine upload.
Contributing & support
Pull requests and issues are welcome on GitHub (https://github.com/curvedinf/discord-autoupdate-secure). Please include:
- Distribution and desktop environment.
- The exact command you ran plus the console output (scrub secrets).
- Whether the failure happened before or after privilege escalation.
Contributions that expand verification coverage or add reliable tests are especially valuable.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file discord_autoupdate_secure-1.4.1.tar.gz.
File metadata
- Download URL: discord_autoupdate_secure-1.4.1.tar.gz
- Upload date:
- Size: 9.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4a9ef9d34f07aad70057c6ffdead4b5ba860cb9984e96931ee21b4ece92addcf
|
|
| MD5 |
494cc1d12506e8646698e5db5e383e97
|
|
| BLAKE2b-256 |
a9e7ea24cef9053778fc06deaf08291f2dd93344f341f2c5b1ff89f7f7ea4f78
|
File details
Details for the file discord_autoupdate_secure-1.4.1-py3-none-any.whl.
File metadata
- Download URL: discord_autoupdate_secure-1.4.1-py3-none-any.whl
- Upload date:
- Size: 10.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d88b435894626628c1b1614d81e6078fc16a45829d18662e297a1d6836db9c30
|
|
| MD5 |
b718d452d5468fb60136e0185be86578
|
|
| BLAKE2b-256 |
751c44365ce8a4b94ad81c96222b353533ce36c086de80de9a2b7db6a1645027
|
