File share app with end to end encryption for OSX/Windows/Linux

[amlwwalker]

Not an issue...

I've made and deployed an app for Windows and OSX (and soon Linux) that is for file sharing. Think WhatsApp but for end to end encrypted file sharing at www.getwingit.app and github.com/amlwwalker/wingit using therecipe/qt. App is open source so hopefully others can benefit from the codebase and maybe even improve it! (its in early stages but it works nicely)

I don't know if you have a list of apps using this framework somewhere, I saw the gallery, but was wondering if I could add this to that list if you have one!

Feel free to try it out, would love any feedback (and shameless sharing with others!). Really enjoy the build process using this framework. Thanks for all the work!

FYI I also edited your wiki on creating the app icon as there is now a go package for making the icon.syso files for windows from OSX easier

[therecipe]

Hey

Nice app! :) I will definitively check it out tomorrow and give you some feedback.

And about the list, there is one here. But I probably should create a second list with more active/finished projects such as yours, and/or clean this one up a bit if I find time. However, I added you repo to the demo/application list in the wiki now.

Feel free to hit me up if you need something, and btw there is now a new static linux docker image which produces more compact deployments. It's called linux_static and should work the same way as the linux image, but you might need to update qtdeploy first for it to work.

FYI I also edited your wiki on creating the app icon as there is now a go package for making the icon.syso files for windows from OSX easier

ah cool, didn't know there was something in pure go available, thanks

[therecipe]

Sorry it took a little longer, but I finally had some time to test your application.

I tested it on macOS and Linux (manjaro) and it worked great, systray, notifications and drag and drop and everything seemed to work as far a I can tell. And I was able to send some file from Linux to macOS while using the same account for both clients. Receiving the files on Linux didn't worked though, but I think you also wrote about this problem in the readme already. (one key for two devices)

I also tried to test it on Windows, but wasn't able to test it on the VM I did setup, probably because of the QML OpenGL VM issue we talked about some time ago https://github.com/therecipe/qt/issues/720#issuecomment-430249268 (but you should be able to work around this by using the official shared 5.12.1 >= Qt version, so it's no big issue)

Also some other thing, I would personally welcome is the possibility to only sign up with an email and password, but I can also understand that google/fb login is much more convenient for most people. But, it might be something to think about if you want to attract people which will glady sacrifice some convenience for a little bit more privacy.

Also since it's a PoC, I'm sure you already have thought about most of the basic improvments such as the possibility to delete files and some upload/download progressbars, the possibility to delete contacts, cancel uploads, etc ...

But some other things you might want to think about are, that the API keys are pretty short at the moment (can this cause problems in the future?). And you maybe need to rework the contact search function, because currently the full email addresses are exposed and one might be able collect them by bruteforcing.

Beside these minor issues, I really liked the look and feel. Also the concept is awesome. Everything that's missing now is just some minor detail here and there.

And btw, I read about the plans for the iOS/Android support, and it seems to somewhat work on iOS already after some minor fixes.

diff --git a/_guiinterface/businessInterface.go b/_guiinterface/businessInterface.go
index df2fd9e..ad440c9 100644
--- a/_guiinterface/businessInterface.go
+++ b/_guiinterface/businessInterface.go
@@ -9,7 +9,8 @@ import (
    cryptography "github.com/amlwwalker/wingit/packages/cryptography"
    srv "github.com/amlwwalker/wingit/packages/server"
    utils "github.com/amlwwalker/wingit/packages/utils"
-   "github.com/atrox/homedir"
+
+   "github.com/therecipe/qt/core"
 )

 //this handles interfacing with any business logic occuring elsewhere
@@ -49,12 +50,7 @@ func (b *BusinessInterface) configureInterface(signalLogin func(string, string),
    server.Port = config.Port
    server.Verbose = config.Verbose
    fmt.Printf("%+v\r\n", server)
-   PATH, err := homedir.Dir()
-   if err != nil {
-       fmt.Println("couldnt get home directory ", err)
-       panic(err)
-   }
-   PATH = PATH + "/.wingit/"
+   PATH := core.QDir_HomePath() + "/.wingit/"
    fmt.Println("path is: " + PATH)
    KEYFOLDER := PATH + ".keys/"
    DOWNLOADFOLDER := PATH + "downloads/" //no need to hide this
diff --git a/_guiinterface/notificationHandler.go b/_guiinterface/notificationHandler.go
index 5477d2e..6eb65db 100644
--- a/_guiinterface/notificationHandler.go
+++ b/_guiinterface/notificationHandler.go
@@ -42,8 +42,10 @@ func (n *NotificationHandler) Push(title, message string) {
        fmt.Println("setting android notification")
        n.AndroidNotifier.SetNotification(message)
        default:
-       //notifying on desktop
-       n.DesktopNotifier.Push(title, message, "", notificator.UR_CRITICAL)
+        if core.QSysInfo_ProductType() != "ios" { //runtime.GOOS is "darwin" for "iOS" as well, if iirc
+           //notifying on desktop
+           n.DesktopNotifier.Push(title, message, "", notificator.UR_CRITICAL)
+       }
    }
 }

And another thing, you can also use https://doc.qt.io/qt-5/qsystemtrayicon.html#showMessage to show messages on desktop and use https://doc.qt.io/qt-5/qfilesystemwatcher.html for file watching.

PS: I wish you all the best, fell free to hit me up if you need help with setting up CI/CD or something. I will also pin this issue for a month or so, to give it some extra exposure.

[amlwwalker]

Thank you so much for checking it out and pinning it!

Yes it would be amazing to add those features! I had the issue of working out (and controlling my desire to code...) what was the minimum I would need to find out if it was something people were interested in. As much as it was a great project to make, I could build and build and build out features and it sit dormant for life on my computer without anyone knowing about it. The multi-device-single-account issue is indeed known about, and I finally, begrudgingly, concluded that it wasn't necessary... however.....

What Im really trying to do is find out who it could be aimed at, and get it in front of those people. Marketing etc isn't my natural cup of tea but I am trying to discipline myself and get help where I can to do this.

I had thought that a use it might see more than expected is people sending themselves files - and in that case, the multi device thing is a must. I've also thought about an anonymous ephemeral api key to send/receive from devices you don't want to properly log in to. (temporary file sharing). But again, I want to know that this is worth building out at this stage, at least with some user evidence.

I guess you were just trying to test it, or were you seeing sending to yourself as a use case?

With regard to CI/CD yes this would be very cool, I've not done it, and don't know if you can do that with github can you? Cool about the static linux, did you compile yourself from linux or download the one from the site? I haven't tested the build on linux at all. Yes the VM windows thing is not great, I again had scoped most people wouldn't be in a VM.

The email protection thing has been driving me mad 😂 I was thinking about hiding everything after the @ symbol (but allowing you to search including after the @). Perhaps that's a good idea... My worry was you could have x@y.com and x@z.com and they would appear the same (unless I go the trello way and add your user number on the end but thats always a bit messy)

Very cool it compiled for Iphone! Thanks!! I hadn't put phones out yet, because the file browsers don't work on mobile, and I couldn't find an off the shelf qml one and again, didn't want to build something that wasn't going to be used....

Any help that you can offer, particularly at this point around getting people to use it and feedback would be amazing. I don't know whether to put it on reddit/hackernews/producthunt etc, I'm very new to that side of all this.

Thanks for those feature suggestions, they will go on my list :) Yes api key is a bit short isn't it.... 🤔 email/password is a good idea (re security people) - again, it is something I can add if people want it!

If it's of interest, I see many may corporate use cases (no more email attachments, company tracking of who is sending files out side of the organisation and blocking them, tracking of who has sent who what, version updates etc) all of which could be paid services. As it stands, i would like it to be free for consumers!

Obviously your email is now in my db. Would you prefer I communicate with you here, or are you ok with communicating by email?

Thanks!!

P.S I realise your comments are a valid example of a user "wanting" something. I want to see if there is a wider user base before big feature changes :)

P.p.s Can you see a scenario where a version of this would solve a problem for you, and if so could you describe it?

[therecipe]

No problem, glad I could help you out.

I guess you were just trying to test it, or were you seeing sending to yourself as a use case?

Mainly testing, but it would be nice if you could login from several devices with the same account.

With regard to CI/CD yes this would be very cool, I've not done it, and don't know if you can do that with github can you?

Yes, take a look here https://github.com/marketplace?category=continuous-integration Just try out Travis CI or something, it's probably the easiest way to get started. Also checkout the .travis.yml files in these examples here https://github.com/therecipe/examples/tree/master/deploy

Cool about the static linux, did you compile yourself from linux or download the one from the site?

I downloaded your Linux build and tested it on a Linux Manjaro VM.

Yes the VM windows thing is not great, I again had scoped most people wouldn't be in a VM.

Yeah, no problem that can be easily fixed.

The email protection thing has been driving me mad 😂 I was thinking about hiding everything after the @ symbol ...

Why not use usernames instead?

Very cool it compiled for Iphone! Thanks!! I hadn't put phones out yet, because the file browsers don't work on mobile, and I couldn't find an off the shelf qml one and again, didn't want to build something that wasn't going to be used....

Yeah, I think you will probably have to use some form of Intent on android like WhatsApp does it for example, not so sure about iOS though.

Any help that you can offer, particularly at this point around getting people to use it and feedback would be amazing. I don't know whether to put it on reddit/hackernews/producthunt etc, I'm very new to that side of all this.

Mh, I would say put it out there and see what people say. You already have an MVP and there is no easy way for this unfortunately. But I would fix the email leak issue first though. Also maybe add some kind of twist to it, beside the end to end encryption, to fill some niche issue and then expand from there into more general usage cases at some point later.

Obviously your email is now in my db. Would you prefer I communicate with you here, or are you ok with communicating by email?

Better DM me on slack, I used my spam email for the signup.

P.p.s Can you see a scenario where a version of this would solve a problem for you, and if so could you describe it?

I'm maybe not the typical user but beeing able to really really simply send someone who is not tech literate at all an end to end encrypted file straight to their phone/computer would be pretty nice. For example if the file can't be attached to an email or something. However, the most important thing for me would be that it has to be really easy to use.

[ladyisatis]

@amlwwalker I'm not sure if you'd like feedback/suggestions from someone else, but I have a few:

The app uses AES-CFB (which is a first I'm seeing - most use AES-CTR with an HMAC for streaming, or AES-GCM altogether, which does similar, for things not streaming - as CFB is slower), and 2048-bit RSA. Both might not be a problem now but may be in, say, 2030. You might actually get a performance benefit and increased security, especially on some mobile devices that might not have AESNI acceleration, using some of the cryptography packages used in NaCl/libsodium:

https://godoc.org/golang.org/x/crypto/argon2 (Password Hash / Key Derivation, so a user entering a password can derive an encryption key using a randomly-generated salt. See: https://github.com/P-H-C/phc-winner-argon2#argon2 ) https://godoc.org/golang.org/x/crypto/blake2b (Regular Hashing. See: https://blake2.net/ ) https://godoc.org/golang.org/x/crypto/chacha20poly1305#NewX (XChaCha20-Poly1305 for Symmetric Encryption) https://godoc.org/golang.org/x/crypto/ed25519 (Signatures) https://godoc.org/golang.org/x/crypto/nacl/box (Asymmetric Encryption - Seal/Open functions preferred)

Google created their own cryptography package because this topic is super tricky, and implements most, if not all, of the above: https://github.com/google/tink (though I'm not sure on the status of their Go packages so far)

Secondly, you might want to make sure you don't leave passwords/secret keys in memory, in cases where someone might be able to dump the memory and recover it in cleartext: https://godoc.org/github.com/awnumar/memguard

Thirdly, looks like for some files, it attempts to load the whole file into memory and then encrypt it, which might go out of memory for large files. I dunno if you wanted to stream the file via buffering and encrypt it in chunks, which might be a more optimal solution?

Overall, nice work! I attempted my hand at making a file sync software myself, though using Git as the mechanism haha. Mainly because the creative writing software that I was using would just lose files if I used Dropbox, Syncthing, etc. and it was mostly just XML files that were synchronizing... so it became annoying for me and someone I was co-writing with - and my co-writer was not necessarily tech savvy. :)

[amlwwalker]

Hi guys!

I have just updated the app to answer a couple of @therecipe comments. The latest release (1.0.1) offers a couple of new bits and bobs.

1. Anonymous users. This was a quick solution to sending files between devices. Anonymous users can't send files, but can receive them. I actually needed this to send a file to 5 laptops at once and it also is a quick fix to @therecipe trying to test it across two devices. The receive only feature was a result of me being a little worried about offering a totally anonymous E2E encrypted file sharing service....
2. Usernames. It no longer leaks the email address of users. You need to have set a username before you can use the app now (at time of registration). The UI of the website is a bit gritty now 😂 but it does work smoothly. Would love feedback on this.

General updates based on @therecipe

• Usernames
• Anonymous users
• Longer api keys
• Delete contacts
• Mark files as downloaded for a future of removing downloaded files from servers
• Endpoint ready to delete anonymous users after 1 hour (not yet activated)

@Reverite

Wow. Thank you so much. Yes Yes Yes. I am looking for all the feedback I can get. I'm hoping to build up a small user base of people such as yourself to help me work out what people may want/like and if there is a (non technical) user base for this. I am fully aware that although I have a pretty good understanding of file security/encryption, I am by no means an expert and am scared I could get flamed online for doing this incorrectly. One of the reasons I open sourced so that people could help here!

I will have a proper read of your suggestions and if you are interested or happy for me to contact you for advice that would be great. I am however aware that I could end up writing code forever and a day and not have anyone interested in using it! I'm very happy you two have given generally positive feedback on this so far however! Thank you! If you know anyone who could give suggestions, or a first small userbase that would be super cool too!

The app uses AES-CFB (which is a first I'm seeing

Interesting yes. Will look into this, however will look at the google tink and see if I can just replace with that. In the future (MVP at the moment!)

you might want to make sure you don't leave passwords/secret keys in memory

Excellent point. Thought about it, but haven't yet looked into implementation

it attempts to load the whole file into memory and then encrypt it, which might go out of memory for large files

Yes. Adding to the list!

@therecipe I attempted to compile for linux_static and I got the following

cd /media/sf_GOPATH0/src/github.com/amlwwalker/wingit/_guiinterface
TERM='dumb' g++ -I . -fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=$WORK/b001=/tmp/go-build -gno-record-gcc-switches -o $WORK/b001/_cgo_.o $WORK/b001/_cgo_main.o $WORK/b001/_x001.o $WORK/b001/_x002.o $WORK/b001/_x003.o $WORK/b001/_x004.o $WORK/b001/_x005.o $WORK/b001/_x006.o icon.syso -g -O2 -O1 -Wl,-rpath,/opt/Qt/5.12.0/gcc_64/lib -L/opt/Qt/5.12.0/gcc_64/lib -lQt5Designer -lQt5Widgets -lQt5Multimedia -lQt5Quick -lQt5Gui -lQt5Qml -lQt5Network -lQt5DBus -lQt5Xml -lQt5Core -lGL -lpthread -O1 -Wl,-rpath,/opt/Qt/5.12.0/gcc_64/lib -L/opt/Qt/5.12.0/gcc_64/lib -lQt5Gui -lQt5Core -lGL -lpthread
# github.com/amlwwalker/wingit/_guiinterface
/usr/bin/ld: /opt/Qt/5.12.0/gcc_64/lib/libQt5Core.a(qlibrary_unix.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5'
//lib/x86_64-linux-gnu/libdl.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status

I had run the following before hand

go get -u -v github.com/therecipe/qt/cmd/...
go get -u -v github.com/therecipe/qt
go env GOPATH)/bin/qtsetup
$(go env GOPATH)/bin/qtsetup

[ladyisatis]

@amlwwalker No problem! I have a catch-all email at thefox {.} dev, so feel free to email that for any follow-up advice on the subject.

Tink would definitely be your best bet - I would suggest libsodium, but most of its contents are already available as external packages maintained by cryptographers. If you decide to, I still recommend its XChaCha20-Poly1305 option, followed by AES-GCM anything.

[therecipe]

@amlwwalker Awesome! I will check it out tomorrow.

[amlwwalker]

Cool @therecipe - I just added your test account back to the database (I've left your API key the same so you should just be able to download the latest version and continue as before!) The virtual machine version hasn't been compiled yet (as my windows VM is borked) so I need to get a real windows machine to test that out. I have had a vague look at travis with github, however not sure how to build therecipe/qt for OSX as there isn't a docker image for that.

Next I want to see if I can get a few users and see what others think of it as well :)

@Reverite guessing the email is your username followed by that... I'll try it now!

A

[therecipe]

@amlwwalker I just tested it with anonymous accounts and it seems to work great so far! But I'm afraid I lost access to my real account, so I wasn't able to actually send anything yet. And the website is not showing me an api key, only the blank field. Can you reset the key or remove my account, so that I can register again?

I will test it again tomorrow, but everything seems to work great so far. And these 1 hour accounts are really a clever idea :) I like it.

[amlwwalker]

Hey @therecipe sorry been away for a week. I suspect I didn't port your account across correctly (db updates!)

I have purged your account entirely from the database (simpler). If you delete the entire ~/.wingit directory from your home and re-login, you should be good to go. It will ask you to set a username now!

Let me know if that works!

EDIT: Suggested trying to update but just purging everything is easier....

EDIT2: @therecipe I have updated the linux version to static (would you be able to try it, I don't have a linux VM), I've also updated the Windows version now to use the latest windows static image and I have pushed a virtual equivalent to the releases (link here) so if you have a Windows VM it should work there.

I haven't yet got a certificate for Windows yet sorted out so it still is untrusted which is annoying, but will get around to that, and I haven't looked into a Linux icon yet, so still blank on that front. Need to fix those things. Be interested if it works for you and I'll be getting someone to it on a Windows machine hopefully tomorrow for me

[therecipe]

No problem :) I will test the new version on win/mac and linux.

[amlwwalker]

Cool, I'm just upgrading the windows ones to installers now rather than just exe's, depending on when you re download :)

Just trying to see if Qt has a way to get it to pin automatically to the start bar on windows 🤔

EDIT (Windows installers now updated and link in previous comment to VM installer updated too)

EDIT2: You ever used something like this or know if Qt has something I can use for global hotkey/shortcut built in (so I can open the UI from anywhere with a shortcut?)

Also, I think I noticed you added docker for darwin, is this right? So that now CICD can be done for OSX? I am most interested so that I can build version numbers into the app so that when the app opens I can get it to check if there is a latest version (from github releases or somewhere?), do you know of a good flow for this?

[therecipe]

Okay, I tested it on macOS, Windows (virtual) and Linux (static) and everything seems to work :) I was able to send and download several files across these systems, and it worked great.

There are only 2 minor things I would change, the first one is to display the username instead of the name for anonymous users. (As I wasn't sure at first, if I had to search for "abc def" or "abcdef")

And the second one is to maybe change the popup in the bottom right corner to only show the "about" page as long as the user hasn't logged in. (I was curiouse and clicked around, and then wasn't able to get back to the main page. I finally resorted to clicking on the "logout" button which did the trick in the end :D)

Also it seems like the "auto sync" button seems to switch back to "off" if you leave the page, and I'm not sure if this worked properly at all, since I had to click on the "refresh" symbol to get the new file lists. (But the contact list did update itself automatically as far as I can tell)

Cool, I'm just upgrading the windows ones to installers now rather than just exe's, depending on when you re download :)

Yep I used the installer version, and it did work great!

EDIT2: You ever used something like this or know if Qt has something I can use for global hotkey/shortcut built in (so I can open the UI from anywhere with a shortcut?)

I'm not sure, but I think you usually can only receive hotkeys/shortcut events if the window has focus (i.e. is visible and the user expect it to responde to these events) But I will take a look and check if I can get this lib working easily, if you want.

However, I'm not sure if it's a good idea to intercept the keyboard (shortcuts) if you application isn't actually running in the foreground. It might be handy to have the application re-appear on a shortcut, but it would probably be a "controversial" feature.

Also, I think I noticed you added docker for darwin, is this right? So that now CICD can be done for OSX?

Yeah, but you will need to build it yourself, since I'm still not sure if I'm allowed to legally distribute the macOS SDKs. But you can find the files here https://github.com/therecipe/qt/tree/master/internal/docker/darwin and build the image yourself by using the build.sh (on macOS), after that you can use the save.sh and load.sh to save/load the image into/from an archive (on any other OS).

But if you use travis or any other CI which offers macOS builders, then you will only need to run

xcode-select --install; go get -u -v github.com/therecipe/qt/cmd/... && $(go env GOPATH)/bin/qtdeploy test desktop github.com/amlwwalker/wingit/_guiinterface

to download the repo and compile your application

[amlwwalker]

Thank you so much for your feedback. Yes I spotted that the auto sync on/off button was giving me superstitions aswell. I'll get this sorted. Name/Username - hmm hadn't spotted this. I'll check that and have a look. Need to do a tiny bit with anonymous users (I haven't got enough combinations to allow for them to last for more than an hour at the moment) Excellent re installer. Finally got around to using a proper installer (Inno Setup is free and really great if you haven't used it, you start with a wizard but then you can edit the config file directly). I think an installer on Windows is the way to go, and a DMG on mac (I still don't know if DMG is user friendly but I think its reasonable...). Linux I kind of am leaving for the time being as I hope user's are a bit more savvy there.

Interesting point about hijacking shortcuts. I got a friend to install it on his mac yesterday, and showed him it was i the systray/task bar at the top for easy access. His comment was "you want a shortcut for that". The slight annoyance is on Windows I can't force it to pin to the start bar, and in the systray its hidden in the menu and to open the systray menu of WingIt, you have to right click (unless you know if this is a Qt option?) whereas on mac its a left click.

Haha I did wonder "wow, Apple is being nice if you can wrap the SDK inside docker containers" - didn't seem very Apple, so I like your style! Although I didn't realise travis offered osx out of the box, I'll go with that if I can. Very cool. That will be on the list soon to sort as there really is nothing like well setup CI/CD 😄

Next I'm working on slickening up the website a bit (my CSS skills leave much to be desired), I have a couple of questions about accessing the webcam (like so) so that I can read QR codes and creating custom protocols (like mailto: etc) so links in emails can open the app etc, (like so) but perhaps thats better for a new issue as this is Qt stuff and therecipe/qt may already got this ported over (I just couldn't find it in any godocs anywhere (is there an official therecipe/qt doc link somewhere? I've been doing it all from examples so far)

Otherwise thanks alot, if you are interested in knowing when versions come out I can ping here, or in a version to come I plan to add a "There is a new version" feature, but not sure what the best approach to versioning and checking versions is at the moment. I thought perhaps travis could set an environment variable to a version from the release number that can be checked in app, but don't know if github api will allow for that or I would have to do manually at this stage. EDIT & FYI: Found this, gonna look into it

[therecipe]

No problem, you are welcome :)

I still don't know if DMG is user friendly

I think so, at least I prefer them over pkg installers

Linux I kind of am leaving for the time

Yeah, I think most people will be just happy with an tar.gz

Interesting point about hijacking shortcuts

Just my personal opinion though, I will look into the library you posted above and maybe can get some example working in the next few days

and in the systray its hidden in the menu and to open the systray menu of WingIt, you have to right click (unless you know if this is a Qt option?) whereas on mac its a left click.

You should be able to use the Actived event to detect left clicks on the systray icon like this:

sys := widgets.NewQSystemTrayIcon(nil)
sys.SetIcon(w.Style().StandardIcon(widgets.QStyle__SP_MessageBoxCritical, nil, nil))
sys.ConnectActivated(func(reason widgets.QSystemTrayIcon__ActivationReason) {
    if reason == widgets.QSystemTrayIcon__Trigger {
        window.Show()
    }
})

about accessing the webcam

Maybe take a look here, a few day ago I added some new example which does exactly that. You will just need to run the init.go file once (maybe update the paths inside before running it, and remove/replace some targets), and then build the demo/QZXingLive example with qtdeploy as usual.

custom protocols

You can probably use https://doc.qt.io/qt-5/qdesktopservices.html, but I haven't tested it myself.

I just couldn't find it in any godocs anywhere

Yeah, there are no go specific docs because everything is basically mapped one-to-one to the Qt c++ api. But you can use go doc to get some infos, like this for example:

go doc github.com/therecipe/qt/gui QDesktopServices

Otherwise thanks alot, if you are interested in knowing when versions come out I can ping here, or in a version to come I plan to add a "There is a new version" feature,

No problem, feel free to ping me and I will try to take a look once I find some time. Also I will keep this issue pinned for another week and then take take it down, but feel free to ping me anyway.

but not sure what the best approach to versioning and checking versions is at the moment.

Yeah, I am thinking about providing some way to easily add automatic updating to applications as well, but I haven't found something that works cross platform without to much hassle yet. There seems to be https://github.com/Skycoder42/QtAutoUpdater, but it requires you to use the Qt Installer Framework.