Re: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
On Wed, Jul 29, 2015 at 12:21:54AM +0200, Antonio Diaz Diaz wrote:
> If there is just the excrement of a fly adhered to a corner of the
> envelope (a null byte appended to an otherwise intact file, for
> example), xz will report that the data is corrupt and will not
> deliver the message. This test is inescapable.
Decompress only the first .xz stream, and silently ignore pos‐
sible remaining input data following the stream.
> Just see the two attached files. 'good.xz' is created with the
> command 'xz -9 -Cnone'. The corrupt version 'bad.xz' is created by
> changing a couple bits in 'good.xz'.
> Xz is unable to detect the corruption in 'bad.xz'.
Only because your example uses "-Cnone" to disable integrity checking, which is
not the default, and which the documentation explicitly warns against unless a
tool other than xz is being used to provide such checks. (Obviously, this
option is not used by dpkg-deb.)