Skip to content


Updaters are the source where updates are retrieved from.


GitHub releases are a popular method to distribute a CLI. When a release is published on GitHub, usrbin can find it, verify the checksum, and perform in-place upgrades.


The release must be semver compliant and not marked as a "prerelease".

The repo must be public.

The release must have an asset that contiains the os and the architecture name. For example, there should be a filename that contains the term linux and amd64 when usrbin is executed on a linux 64 bit system. All supported GOOS and GOACH values will be parsed and used here. These are not case sensitive.

Your binary should be .tar.gz compressed or uncompressed. The usrbin SDK does not currently support other compression formats.

Your release should (highly recommended) contain one or more text files that have the published checksums of the binaries. The format of this filename is either *checksums*.txt, or *.sha256. The contents of the file should be <checksum> <filename>. There can be multiple checksum files in the release. In this case, the usrbin SDK will parse them all, looking for the checksum file contents that matches the asset name.


Using OCI registries for delivery is a flexible way to add additional security and security-related features to your updates (when compared with downloading a binary over https). This is because of the expanding ecosystem to include tightly coupled signing, SBOM delivery, and more from OCI registries.

If you are looking to get started with OCI registries for CLI distribution, consider using the ORAS CLI to push your release to a registry (GHCR, DockerHub, etc).


The release must be pushed to an OCI registry.

The release must be a plain (uncompressed) binary in the OCI registry.

The OCI tag must be semver compliant.

The OCI image must be publicly available (no authentication).