Efraim Flashner wrote:
This is to announce guix-1.5.0, a stable release.
Congratulations on the new release.
https://ftp.gnu.org/gnu/guix/guix-binary-1.5.0.x86_64-linux.tar.xz
Have you considered for the binary tarballs a compressed format that guarantees the integrity of the decompressed data? Not checking the integrity of a decompressed executable is more dangerous than not checking the integrity of a decompressed source file. Corruption in a source file will probably be noticed by the compiler, but corruption in an executable leads to undefined behavior (random data executed as code).
Note that a cryptographic signature of the compressed file does not protect against decompression errors caused by faulty RAM or decompressor bugs.
Gzip, bzip2, and lzip always check the integrity, and are therefore fine. Zstd may also be adequate because, even if its integrity checking is optional, I don't know of any zstd decompressor that does not implement it. OTOH, some xz decompressors can't check the integrity of the current binary tarballs. See, for example, http://www.nongnu.org/lzip/lzip_benchmark.html#busybox
I have sampled the tarball above at 1 MB intervals, and the unxz tool in busybox 1.33.0 does not detect corruption in a 3% of it.
Best regards, Antonio.
