A shepherd for your Appimages.
0

Configure Feed

Select the types of activity you want to include in your feed.

61 1 0

Clone this repository

https://tangled.org/aly.codes/appherder https://tangled.org/did:plc:dnzn6t3scwrj6k4zkff7am5b
git@tangled.org:aly.codes/appherder git@tangled.org:did:plc:dnzn6t3scwrj6k4zkff7am5b

For self-hosted knots, clone URLs may differ based on your setup.



README.md

CI License: GPL v3 Ko-fi

appherder

A shepherd for your AppImages.

appherder automatically installs, removes, and upgrades your AppImages. Throw them in ~/AppImages and appherder does the rest: apps appear in your menu, deleted ones disappear from it, and supported apps update in place.

Features#

  • Set it and forget it. Watches ~/AppImages and checks for updates in the background.
  • Real apps, not loose files. Installed AppImages show up natively in your application menu.
  • Install from anywhere. Point it at a local file or paste a download link.
  • Updates without the pile-up. A newer version replaces the old one.
  • Verified updates. Pins the publisher's signing key on first install, then refuses tampered updates.
  • One-command rollback. A bad update? Put the old version back instantly.
  • Stays out of the way. It only touches launchers it created. Your Flatpaks and hand-made shortcuts are safe.

Installation#

Quick install#

curl -sSL https://raw.githubusercontent.com/alyraffauf/appherder/main/scripts/install.sh | bash

This downloads the latest AppImage, installs it, and enables automatic sync and upgrades.

Download a binary#

Grab appherder-linux-amd64 from the latest release, then:

chmod +x appherder-linux-amd64
sudo mv appherder-linux-amd64 /usr/local/bin/appherder

AppImage#

Download the .AppImage from the latest release, then:

chmod +x appherder-*-x86_64.AppImage
./appherder-*-x86_64.AppImage install ./appherder-*-x86_64.AppImage
appherder autosync
appherder autoupgrade

The install step copies it into ~/AppImages and links it to ~/.local/bin/appherder automatically.

Nix flake#

nix run github:alyraffauf/appherder

Or nix profile install github:alyraffauf/appherder to keep it around.

Build from source#

Requires Go 1.25+.

git clone https://github.com/alyraffauf/appherder.git
cd appherder
go build ./cmd/appherder

Usage#

Enable automatic sync and upgrades:

appherder autosync             # sync whenever ~/AppImages changes
appherder autoupgrade          # check for updates once a day

Then use ~/AppImages like the place AppImages belong. Add a file and it gets a launcher. Remove a file and its launcher goes away. When an update is available, appherder installs it without leaving the old copy behind.

Install an app from a file or URL:

appherder install ~/Downloads/Foo-x86_64.AppImage
appherder install https://example.com/Foo.AppImage

See what you have, remove what you don't:

appherder list
appherder uninstall foo

Put an app on your PATH so you can launch it from a terminal:

appherder link foo              # creates ~/.local/bin/foo symlink
appherder unlink foo            # removes it

Uninstall cleans up the symlink automatically.

Installing copies the AppImage into ~/AppImages. That folder is the source of truth: add or remove files there and appherder sync matches your launchers to it.

appherder sync

Keep things up to date:

appherder upgrade              # download and install available updates
appherder upgrade --check      # just see what's out of date

Undo a bad update:

appherder rollback foo         # restore the version the last update replaced
appherder rollback foo 1.2.3   # or restore a specific saved version

appherder keeps the last few versions of each app and saves the current one whenever an install or upgrade replaces it.

Coming from another AppImage tool? appherder migrate adopts the ones in ~/AppImages and clears out launchers whose AppImage is gone.

Verified updates#

Some AppImages are signed by their publisher. The first time appherder installs a signed app, it pins that signing key. From then on, every update must be signed by the same key: an unsigned, tampered, or differently-signed build is refused instead of installed. Changing the trusted key is deliberate, so swapping publishers means uninstalling and reinstalling. Apps that aren't signed keep working as before; the pin only takes effect once a real signature has been seen.

appherder list shows each app's status in the SIGNATURE column: pinned (key locked in), signed (carries a signature appherder hasn't pinned yet), or none.

Under the hood#

appherder reads the AppImage's squashfs filesystem directly to grab its icon and desktop entry, then writes a launcher pointing back at the file in ~/AppImages. It does this without ever running the AppImage, unlike tools that launch it to unpack. Everything it writes is tagged, so uninstall and sync only touch its own files.

License#

GPLv3.