[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide

On Wed, Jul 29, 2015 at 12:21:54AM +0200, Antonio Diaz Diaz wrote:
> If there is just the excrement of a fly adhered to a corner of the
> envelope (a null byte appended to an otherwise intact file, for
> example), xz will report that the data is corrupt and will not
> deliver the message. This test is inescapable.

>From xz(1):
              Decompress only the first .xz stream, and silently ignore pos‐
              sible  remaining  input  data  following the stream.

> Just see the two attached files. 'good.xz' is created with the
> command 'xz -9 -Cnone'. The corrupt version 'bad.xz' is created by
> changing a couple bits in 'good.xz'.
> Xz is unable to detect the corruption in 'bad.xz'.

Only because your example uses "-Cnone" to disable integrity checking, which is
not the default, and which the documentation explicitly warns against unless a
tool other than xz is being used to provide such checks.  (Obviously, this
option is not used by dpkg-deb.)

Nicholas Breen

Reply to: