…npacks -[SUHost installationPath] can return different values before and after the installation is performed, because it may attempt to normalize the installation path--but only if the normalized version of the path isn't already present. Which it would be after the installation had completed. Now we only compute the installation path once for the whole installation process.
Thanks to Mattt Thompson (@mattt) for tag-team-ing this with me. With this change, if your app deploys only to 10.6+, then you can dispense altogether with the DSA signatures on future updates to your application: just make sure the "to" version satisfies the "from" version's Apple code signing requirements. Most of you are probably already doing that, and if you're not, you should be anyway. Specifically, Sparkle validates the designated requirement of the "from" version against the "to" version. By default, as of this writing, that means that the bundle identifiers must be the same, and that the leaf certificate of the signature is the same. So if you keep code signing your app with the same cert, Sparkle will Just Work without any additional DSA signature nonsense for you to deal with. Traditional Sparkle DSA signatures will still be honored. This support has only been extended to updates to the main app bundle. If you're updating some other bundle, you will have to use DSA signatures to secure your updates in the future. ***IMPORTANT: previously, Sparkle considered an update "safe" if both the appcast and update were distributed over https. That is nowhere near as strong a verification measure as code signing or the old-school DSA signatures, so with this change, support for unsigned, https-distributed updates has been removed. If you're targeting 10.6+, start code-signing your apps if you haven't already, and everything will be fine. If you're targeting earlier OS Xs, you'll need to start adding DSA signatures to your appcasts. When you link this changed version of Sparkle into your app, it will warn you on launch if you are not code signed and do not have a DSA public key specified in your Info.plist.
…oes not exist or is not executable
This patch prevents malicious downgrades, which are still possible with DSA validation: suppose there's some (signed) version with a security hole. A malicious attacker could serve an appcast with that version's URL and DSA signature, but a higher version number, forcing the user to "upgrade" to the version with the security hole. While I was at it, I fixed a bug that should have completely stopped .pkg installation from working since 1.5b1. Why didn't I hear anything about that? Does anyone actually use .pkgs? It still needs testing to be sure it works.
…Sparkle. More super-unstable refactorings to come...
…elaunch tool out of the host before installing the update; that way, we can use the old version's tool. This insures us against future changes in the relaunch method.