A shepherd for your Appimages.
0

Configure Feed

Select the types of activity you want to include in your feed.

update README.md

Aly Raffauf (Jun 18, 2026, 10:56 AM EDT) 088e1bda ee0ad24b

+18 -1
+18 -1
README.md
··· 13 13 - **Real apps, not loose files.** Installed AppImages show up in your application menu with their real name and icon. 14 14 - **Install from anywhere.** Point it at a local file or paste a download link. 15 15 - **Updates without the pile-up.** A newer version replaces the old one. 16 + - **Verified updates.** Pins the publisher's signing key on first install, then refuses tampered or re-keyed updates. 17 + - **One-command rollback.** A bad update? Put the old version back instantly. 16 18 - **Stays out of the way.** It only touches launchers it created. Your Flatpaks and hand-made shortcuts are safe. 17 19 18 20 ## Installation ··· 36 38 37 39 ### Build from source 38 40 39 - Requires Go 1.24+. 41 + Requires Go 1.25+. 40 42 41 43 ```bash 42 44 git clone https://github.com/alyraffauf/appherder.git ··· 82 84 appherder upgrade --check # just see what's out of date 83 85 ``` 84 86 87 + Undo a bad update: 88 + 89 + ```bash 90 + appherder rollback foo # restore the version the last update replaced 91 + appherder rollback foo 1.2.3 # or restore a specific saved version 92 + ``` 93 + 94 + appherder keeps the last few versions of each app and saves the current one whenever an install or upgrade replaces it. 95 + 85 96 Coming from another AppImage tool? `appherder migrate` adopts the ones in `~/AppImages` and clears out launchers whose AppImage is gone. 97 + 98 + ## Verified updates 99 + 100 + Some AppImages are signed by their publisher. The first time appherder installs a signed app, it pins that signing key. From then on, every update must be signed by the same key: an unsigned, tampered, or differently-signed build is refused instead of installed. Changing the trusted key is deliberate, so swapping publishers means uninstalling and reinstalling. Apps that aren't signed keep working as before; the pin only takes effect once a real signature has been seen. 101 + 102 + `appherder list` shows each app's status in the **SIGNATURE** column: `pinned` (key locked in), `signed` (carries a signature appherder hasn't pinned yet), or `none`. 86 103 87 104 ## Under the hood 88 105