Struct HashVerifier 

pub struct HashVerifier { /* private fields */ }

Build up a set of (path, expected_hash) pairs, then Self::execute to hash the on-disk files and compare against the expected values.

The verifier never writes — it opens each registered file read-only, hashes it (whole-file or per-block), and produces a HashVerifyReport. Missing files and I/O errors during read are recorded as per-file outcomes rather than aborting the run — consumers want the full picture in a single pass.

Error semantics

execute returns Err only for programmer errors detected up front (e.g. a zero block_size, or a digest whose length does not match its declared algorithm). Filesystem errors against the registered paths are captured per-file in FileVerifyOutcome::IoError / FileVerifyOutcome::Missing.

Security

Files are opened via std::fs::File::open, which follows symbolic links on every platform zipatch-rs supports. The verifier itself never writes — the worst-case outcome of a hostile symlink pointed at a file outside the install root is an information-disclosure-via-hash: the target file’s SHA1 would appear in the report’s FileVerifyOutcome::WholeMismatch actual field.

If the caller derives registered paths from untrusted input (e.g. a patch-list response from a server that could be tampered with), it is the caller’s responsibility to canonicalize the install root and reject paths that escape it before passing them to Self::expect. zipatch-rs does not canonicalize or symlink-fence on the caller’s behalf, because the appropriate root depends on the consumer’s install layout.

Implementations

impl HashVerifier

pub fn new() -> Self

Construct an empty verifier.

pub fn expect(self, path: impl Into<PathBuf>, expected: ExpectedHash) -> Self

Register path with expected.

Registering the same path twice with identical ExpectedHash values is a no-op (the second registration is silently absorbed at Self::execute time). Registering the same path twice with different ExpectedHash values is a programmer error and causes Self::execute to return crate::ZiPatchError::InvalidField. The check fires at execute-time rather than here so the builder API stays infallible.

pub fn execute(self) -> Result<HashVerifyReport>

Hash each registered file and compare against its expected hash.

Returns a HashVerifyReport describing every file. The report is always populated for every registered task — is_clean() distinguishes a fully-passing run from a failing one. See the struct docs for the error policy.

Errors

Returns crate::ZiPatchError::InvalidField if any registered ExpectedHash is malformed (wrong digest length, zero block_size). Filesystem errors are not returned here — they appear as FileVerifyOutcome::IoError / FileVerifyOutcome::Missing entries in the report.

Trait Implementations

impl Debug for HashVerifier

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for HashVerifier

fn default() -> HashVerifier

Returns the “default value” for a type.