Provide API for downloading and installing a newer version

[tresf]

Today a customer asked if QZ Tray could be asked to install a newer version of QZ Tray. Although we don't offer automatic updates yet, this is a nice stop-gap for websites looking to ensure the latest version of QZ Tray is installed.

Workflow

1. QZ Branded:
   • Fetch QZ Tray from qz.io
2. Company Branded
   • Fetch QZ Tray from a 3rd-party URL

Namespace (suggestion):

/** QZ branded **/
// fetch and install latest version
qz.update();

// shorthand - fetch and install exact version v2.2.6
qz.update(2, 2, 6); 

// longhand - fetch and install exact version v2.2.6
qz.update({ version: [2, 2, 6] });

 // advanced - force another architecture (e.g. macOS on Rosetta 2, Windows ARM64 on Prism)
qz.update({ version: [2, 2, 6], arch: 'x86_64' }); 

 // advanced - suppress any UX indicators during download process
qz.update({ version: [2, 2, 6], silent: true }); 

/** Company Branded **/
qz.update({
   version: [2, 2, 6],
   url: 'https://example.com/files'  // ... will look for https://example.com/files/qz-tray-2.2.6-arm64.pkg
});
   

Security concerns:

• Should check to ensure the software was signed by a "trusted" identity, preferably the same identity that build the version currently running
  • Apple: Leverage CLI tools or Apple APIs for checking signing
  • Windows: Leverage jsign, CLI tools or Windows APIs for checking signing
  • Linux: Unknown (Linux installers are not yet digitally signed)

TODO:

• Abstract out the "elevation" portions of ShellUtilities.elevateCopy() to be reused
• Add Swing UX download indicator (can be suppressed using { silent: true })
• Implement installer logic
• Implement integrity/security checking
• Test common platforms
  • Linux ARM64
  • Windows ARM64
  • macOS ARM64
  • Linux x86_64
  • Windows x86_64
  • macOS x86_64
  • Windows Prism ({ arch: 'x86_64' } x86_64 running on ARM64)
  • macOS Rosetta 2 ({ arch: 'x86_64' } x86_64 running on ARM64)
• Exception handling / promise rejection