Portmaster features an automatic update system that keeps all components up to date and provides fresh hourly intelligence data for effective privacy protection. To secure this process, updates are signed and signatures are checked when downloading.
The Portmaster Core Service regularly checks for updates in the background by downloading small index files from the update server. It then checks if it has all the newest versions and downloads any updates files. Some updates are applied automatically in the background, for others you will be prompted to restart the Portmaster to apply them.
Currently, updates are checked shorty after starting and every hour after that. This tight update schedule is important both for supplying fixes and quickly providing crucial updates for intelligence data.
When designing this system, we took extra care to not only increase your personal security and privacy through fast updates, but also to protect your privacy from our systems during that process. We don’t want Portmaster users to be trackable by the update system. To ensure this, we have taken great care to quickly delete any logs and make sure that nothing else leaks in the process. Our privacy policy lays out the details.
The changelog shows the current versions and changes.
In order to test new features and triage problems with users, we have different Release Channel s, which you can configure in the settings:
Stable
The overwhelming majority of users will always be on the Stable release channel, as this will give them the best experience. Releases in this channel have been tested to prevent severe issues.
While the intelligence data has its own index file, it is part of the Stable channel. All other release channels also include the Stable channel as a fallback for not otherwise defined versions.
Beta
New features and complex bug fixes are first released to the Beta channel in order to test them on more devices. While this means that Beta versions may have bugs more often, they are also fixed a lot faster.
If anything disrupts your workflow, you can always switch back to Stable.
This channel includes the Stable channel.
Staging
The Staging release channel is used for smoke testing new releases or deploying internal development versions to many devices. Releases in this channel may not have a matching version tag and their source may not yet be published.
This channel includes both the Beta and Stable channels.
Only use temporarily and when instructed.
Support
When customers are facing issues, we sometimes push special versions to this channel to triage problems.
This channel includes the Stable channel.
Only use temporarily and when instructed.
All our updates are fully signed and protected. This fully secures the update system from being maliciously used to harm our users.
Updates are built and signed locally and then pushed to the update server. The update server itself does not have access to the signing keys.
If you wish to do so, you can disable Automatic Software Updates . We do not recommend doing this as this will cut you off from quickly getting security fixes and new intelligence data.
If automatic updates are disabled, you can still manually trigger downloading updates when you want to - and you should do so regularly.
stable.json - Defines versions for the Stable release channel.beta.json - Defines versions for the Beta release channel.staging.json - Defines versions for the Staging release channel.support.json - Defines versions for the Support release channel.all/intel/intel.json - Defines versions for intelligence data.Please note that during migration phases, indexes are available as .v2.json on the update server, but as still saved as .json files locally.
The update system uses a very simple structure to organize its files:
Here is excerpt of the main stable.json index file,
{
"Channel": "stable",
"Published": "2022-10-20T06:37:10Z",
"Releases": {
[...]
"all/ui/modules/portmaster.zip": "0.4.2",
"windows_amd64/core/portmaster-core.exe": "1.0.0",
"windows_amd64/kext/portmaster-kext.dll": "1.0.14",
"windows_amd64/kext/portmaster-kext.sys": "1.0.14",
"windows_amd64/notifier/portmaster-notifier.exe": "0.3.5",
[...]
}
}
which corresponds to this file structure in the updates directory:
all/ui/modules/portmaster_v0-4-2.zip
windows_amd64/core/portmaster-core_v1-0-0.exe
windows_amd64/kext/portmaster-kext_v1-0-14.dll
windows_amd64/kext/portmaster-kext_v1-0-14.sys
windows_amd64/notifier/portmaster-notifier_v0-3-5.exe
The version selection algorithm makes sure that in whatever state the Portmaster is started, it always find the best version available:
v0.0.0 if available and the Development Mode is enabled.This process is done by portmaster-start for selecting and starting an executable. The Portmaster Core Service then takes care of version selection of all internal resources.
In order to properly be able to take advantage of multiple available version, old version are not deleted immediately when a resource updated. Instead, the Portmaster keeps a couple previous versions in order to either fall back automatically or when instructed to by an updated index.
Some resources need to be built specifically for the different operating systems and architectures. Here, these resources use an OS_ARCH as a placeholder for these values. We have also omitted the .exe suffix for the Windows versions.
OS_ARCH/start/portmaster-start (10-15MB)OS_ARCH/core/portmaster-core (15-25MB)OS_ARCH/app/portmaster-app.zip (70-100MB, unpacks to 150-200MB)OS_ARCH/notifier/portmaster-notifier (5-15MB)windows_amd64/kext/portmaster-kext.sys (<1MB)windows_amd64/kext/portmaster-kext.dll (<1MB)windows_amd64/notifier/portmaster-wintoast.dll (<5MB)all/ui/modules/portmaster.zip (<5MB)all/ui/modules/assets.zip (<10MB)all/intel/lists/base.dsdl (<25M, high variation possible)all/intel/lists/intermediate.dsdl (<5MB, high variation)all/intel/lists/urgent.dsdl (<1MB, high variation)all/intel/geoip/geoipv4.mmdb.gz (20-40MB, unpacks to 60-90MB)all/intel/geoip/geoipv6.mmdb.gz (70-90MB, unpacks to 180-220MB)all/intel/portmaster/notifications.yaml (<1MB)OS_ARCH/hub/spn-hub (<25MB)all/intel/spn/main-intel.yaml (<1MB)windows_amd64/packages/portmaster-installer.exe
linux_amd64/packages/portmaster-installer.deb
linux_amd64/packages/portmaster-installer.rpm
linux_all/packages/install.sh
linux_all/packages/installer-assets.tar.gz
During the installation about 300MB are downloaded, which are then expanded to 500MB locally.
With all the other resources that are continually downloaded and processed, expect the installation to grow to 2-4GB.