Sparkle

Force an update even when version isn't greater

Asked by bumper314

I recently broke all my products out of a single SVN repository into separate repositories with their own versions. This means, the SVN revision number that I was using for the CFBundle version is going to be less then the previous version. For example, my current version is 1.2 (CFBundleShortVersionString) 260 (CFBundleVersion), and my new version is 1.3 140.

Sparkle doesn't like the 140 since it's less then 260, even though the CFBundleShortVersionString is greater, so I need a way to force a Sparkle update to get customers on the new version scheme, but I can't find a way to do this.

I've tried dooping Sparkle by setting the sparkle:version="261" in the appcast, and Sparkle gladly shows the update, downloads the update, but gives this error after pressing "Install and relaunch":
Sparkle Error: An error occurred while installing the update. Please try again later.

Any thoughts?

Question information

Language:
English Edit question
Status:
Solved
For:
Sparkle Edit question
Assignee:
No assignee Edit question
Solved by:
bumper314
Solved:
Last query:
Last reply:
Revision history for this message
Andy Matuschak (andymatuschak) said : 		#1

Oh, jeez, that's a really terrible case. The regression protection is a matter of security: since the appcast itself isn't signed, an attacker could force an unwitting user to downgrade to an earlier version with a security hole he could then exploit. Signatures don't help there since you've already signed the earlier version.

If you've already released 1.2/260 in the wild, you can't modify Sparkle's behavior in that version, and it won't allow upgrades to anything less than 1.2/260. I'm sorry, but it looks like you're out of luck—at least for this version! For the next version, you can remove that check in Sparkle (at your own peril!) and let future updates work as you hoped.

Revision history for this message
bumper314 (bumper314) said : 		#2

Hey Andy, thank you for the response, I'm always impressed by your quick turn around of issues...

Alright, it sounds like I shot myself in the foot. I'll see what kind of work around I can come up with. I hate to make this as solved, as someone else might happen upon a similar problem, but for the time being I'm probably just going to add 300 to my new revision number as a cheap workaround until I find something better.