Why

We want to display the list of invalid or missing immutable files when the verify command of the client CLI is run.

What

Add a message explaining the range of immutable files which are verified by the command.
When the verification fails, an error message is displayed and explains which files are corrupted or missing.

How

• Add a --start, --end option to select a range to verify
• Add a message detailing the exact range of immutable files being verified
• For a given range:
  • Detect missing immutable files except if --allow-missing option is set (fail-fast)
  • If a valid Merkle proof can't be computed successfully:
    • Verify that the digest file is valid (verify that the Merkle tree is certified by Mithril)
    • Compute the list of computed digests that do not match the downloaded digests
• Update examples crates
• Update documentation

Algorithm

Step 1: verify the authenticity of the digest file (and return the Merkle tree + map of downloaded digests)

• Download digests file
• Compute Merkle tree
• Verify the Merkle root of the Merkle tree matches the certificate

Step 2: attempt compute valid Merkle proof or the list of tampered immutable files

• Compute local digests for the range (and list the missing files in the range)
• Compute valid Merkle proof with Merkle tree:
  • Compute Merkle proof
  • Verify Merkle proof is valid
• If impossible to create the Merkle proof:
  • Compute the difference between computed and downloaded digests (for the range)
• If missing files or tampered files, return error with these lists
  • in CLI standard outout and json output show count of missing and tampered files
  • write a json file with all missing/tampered immutables
• if more local immutable files than digests in downloaded json
  • return a list of "non verfied files"
  • in CLI standard and json output show count of non verified files
  • write a json of non verified files