···11[](https://github.com/alyraffauf/appherder/actions/workflows/ci.yml) [](http://www.gnu.org/licenses/gpl-3.0) [](https://ko-fi.com/alyraffauf)
2233<div align="center">
44- <h1>appherder</h1>
44+ <h1>AppHerder</h1>
55 <h3>A shepherd for your AppImages.</h3>
66</div>
7788-appherder automatically installs, removes, and upgrades your AppImages. Throw them in `~/AppImages` and appherder does the rest: apps appear in your menu, deleted ones disappear from it, and supported apps update in place.
88+AppHerder automatically installs, removes, and upgrades your AppImages. Throw them in `~/AppImages` and AppHerder does the rest: apps appear in your menu, deleted ones disappear from it, and supported apps update in place.
991010## Features
1111···8585appherder install https://example.com/Foo.AppImage
8686```
87878888-See what you have, remove what you don't:
8888+See what you have, remove what you don't want:
89899090```bash
9191appherder list
···121121appherder rollback foo 1.2.3 # or restore a specific saved version
122122```
123123124124-appherder keeps the last few versions of each app and saves the current one whenever an install or upgrade replaces it.
124124+AppHerder keeps the last few versions of each app and saves the current one whenever an install or upgrade replaces it.
125125126126Coming from another AppImage tool? `appherder migrate` adopts the ones in `~/AppImages` and clears out launchers whose AppImage is gone.
127127128128## Verified updates
129129130130-Some AppImages are signed by their publisher. The first time appherder installs a signed app, it pins that signing key. From then on, every update must be signed by the same key: an unsigned, tampered, or differently-signed build is refused instead of installed. Changing the trusted key is deliberate, so swapping publishers means uninstalling and reinstalling. Apps that aren't signed keep working as before; the pin only takes effect once a real signature has been seen.
130130+Some AppImages are signed by their publisher. The first time AppHerder installs a signed app, it pins that signing key. From then on, every update must be signed by the same key: an unsigned, tampered, or differently-signed build is refused instead of installed. Changing the trusted key is deliberate, so swapping publishers means uninstalling and reinstalling. Apps that aren't signed keep working as before; the pin only takes effect once a real signature has been seen.
131131132132`appherder list` shows each app's status in the **SIGNATURE** column: `pinned` (key locked in), `signed` (carries a signature appherder hasn't pinned yet), or `none`.
133133134134## Under the hood
135135136136-appherder reads the AppImage's squashfs filesystem directly to grab its icon and desktop entry, then writes a launcher pointing back at the file in `~/AppImages`. It does this without ever running the AppImage, unlike tools that launch it to unpack. Everything it writes is tagged, so uninstall and sync only touch its own files.
136136+AppHerder reads the AppImage's filesystem directly to grab its icon and desktop entry, then writes a launcher pointing back at the file in `~/AppImages`. It does this without ever running the AppImage, unlike tools that launch it to unpack. Everything it writes is tagged, so uninstall and sync only touch its own files.
137137138138## License
139139