Has xdelta (in ports under misc/xdelta) ever been considered as a means of delivering binary patches for security updates? It seems to be a pretty neat. -- Regards, Michael Nottebrock -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: signature Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030513/a10651f6/attachment.bin
At 01:04 13/05/2003 +0200, Michael Nottebrock wrote:>Has xdelta (in ports under misc/xdelta) ever been considered as a means of >delivering binary patches for security updates? > >It seems to be a pretty neat.Using some form of binary diffs is on my todo list for FreeBSD Update (security/freebsd-update), but it's not a matter of critical importance. Right now updating from 4.7-RELEASE to the latest binaries takes around 30 MB, depending upon which install set you chose (nocrypt, crypt, kerberos4, kerberos5); good binary diffs would probably reduce this to around 5 MB. That said, I'm not sure if I would choose xdelta. Colin Percival
On Tuesday 13 May 2003 01:35, Colin Percival wrote:> At 01:04 13/05/2003 +0200, Michael Nottebrock wrote: > >Has xdelta (in ports under misc/xdelta) ever been considered as a means of > >delivering binary patches for security updates? > > > >It seems to be a pretty neat. > > Using some form of binary diffs is on my todo list for FreeBSD Update > (security/freebsd-update)As an embarrassing matter of fact, I totally forgot about your work. Thanks for reminding me! -- Regards, Michael Nottebrock -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: signature Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030513/26b03dbb/attachment.bin
At 00:35 13/05/2003 +0100, I wrote:> Using some form of binary diffs is on my todo list for FreeBSD Update > (security/freebsd-update), but it's not a matter of critical > importance. Right now updating from 4.7-RELEASE to the latest binaries > takes around 30 MB, depending upon which install set you chose (nocrypt, > crypt, kerberos4, kerberos5); good binary diffs would probably reduce > this to around 5 MB. > That said, I'm not sure if I would choose xdelta.Of course, when I wrote this, I had no idea that I was about to write a binary diff/patch utility in 12 hours. In doing so, I've lost quite a bit of respect for xdelta; ok, my code is about five times slower and has a larger memory footprint, but it produces diffs 35% smaller and weighs in at a massive 281 lines (in contrast to the thousands of lines of code in xdelta). I'll be adding this into FreeBSD Update in the near future. If anyone wants the code for other purposes, feel free to contact me. Colin Percival
At 12:06 14/05/2003 +0300, Peter Pentchev wrote:>When I read this thread yesterday, I was going to suggest taking a look >at the rsync code. Still, it sounds like your code is much simpler than >the rsync algorithm described at http://rsync.samba.org/tech_report/. >This is probably a good thing :)Rsync solves a problem much harder than binary diffs -- rsync constructs half-blind binary diffs. The old and new files are on different machines, so rsync uses a clever statistical sampling trick to locate large common sections which the two files share. xdelta uses the same method, but when we have both files in the same place we can do much better by using a suffix sort. Colin Percival