When using Ina to reconstruct a new file from an old file and a patch file, it is possible to select an old file other than the one corresponding to the patch, causing Ina to produce either a bogus error at runtime or a garbage new file.
We should optionally include a checksum of the old file in the patch file header so that the patcher can verify the checksum of the old file before attempting to patch. This checksum need not be cryptographic since it's simply intended as a method to prevent against accidental errors. My proposal is xxhash as it's much faster than crc32. However, the maintained Rust implementation has a questionable approach to verification of unsafe code, so we may want to consider either writing our own xxhash implementation (which I would really prefer not to do) or forking xxhash-rust if we choose xxhash for the checksum function.
It seems most appropriate to include and verify the checksum by default from the CLI but not from the library, as library consumers may verify the correct file is being patched at a higher level in the application. For prior work, see how zstd encodes and verified checksum information by default from the CLI, but doesn't from the library.
When using Ina to reconstruct a new file from an old file and a patch file, it is possible to select an old file other than the one corresponding to the patch, causing Ina to produce either a bogus error at runtime or a garbage new file.
We should optionally include a checksum of the old file in the patch file header so that the patcher can verify the checksum of the old file before attempting to patch. This checksum need not be cryptographic since it's simply intended as a method to prevent against accidental errors. My proposal is xxhash as it's much faster than crc32. However, the maintained Rust implementation has a questionable approach to verification of
unsafecode, so we may want to consider either writing our own xxhash implementation (which I would really prefer not to do) or forking xxhash-rust if we choose xxhash for the checksum function.It seems most appropriate to include and verify the checksum by default from the CLI but not from the library, as library consumers may verify the correct file is being patched at a higher level in the application. For prior work, see how zstd encodes and verified checksum information by default from the CLI, but doesn't from the library.