このパッケージ (pdfc-gui) が Ubuntu 16.04 で CA 証明書を更新するのはなぜですか?

このパッケージ (pdfc-gui) が Ubuntu 16.04 で CA 証明書を更新するのはなぜですか?

次の出力に基づいて、インストールしたアプリケーションが信頼できるかどうかを判断しようとしています。このプラットフォームが、この問題に関するアドバイスを得るのに適切なプラットフォームであることを願っています。

このパッケージをインストールしました(pdfc-gui) からここと:

sudo dpkg -i pdfc-gui-21.4.225.deb

インストール時に、SSL 証明書が追加/更新されることがわかります (以下のインストール出力を参照)。
残念ながら、Linux を十分に理解していないため、これが心配すべきことかどうか確信が持てません。

誰かこの出力を説明してくれませんか?

パッケージを削除する必要がありますか? また、削除する場合、パッケージによって行われたすべての変更が確実に元に戻されることをどのように確認すればよいでしょうか?

sudo dpkg -i pdfc-gui-21.4.225.deb
Selecting previously unselected package pdfc-gui.
(Reading database ... 734495 files and directories currently installed.)
Preparing to unpack pdfc-gui-21.4.225.deb ...
Unpacking pdfc-gui (21.4.225) ...
Setting up pdfc-gui (21.4.225) ...
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
129 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Replacing debian:ACCVRAIZ1.pem
Replacing debian:Actalis_Authentication_Root_CA.pem
Replacing debian:AffirmTrust_Commercial.pem
Replacing debian:AffirmTrust_Networking.pem
Replacing debian:AffirmTrust_Premium.pem
Replacing debian:AffirmTrust_Premium_ECC.pem
Replacing debian:Atos_TrustedRoot_2011.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Replacing debian:Baltimore_CyberTrust_Root.pem
Replacing debian:Buypass_Class_2_Root_CA.pem
Replacing debian:Buypass_Class_3_Root_CA.pem
Replacing debian:CA_Disig_Root_R2.pem
Replacing debian:CFCA_EV_ROOT.pem
Replacing debian:COMODO_Certification_Authority.pem
Replacing debian:COMODO_ECC_Certification_Authority.pem
Replacing debian:COMODO_RSA_Certification_Authority.pem
Replacing debian:Certigna.pem
Replacing debian:Certum_Trusted_Network_CA.pem
Replacing debian:Chambers_of_Commerce_Root_-_2008.pem
Replacing debian:Comodo_AAA_Services_root.pem
Replacing debian:Cybertrust_Global_Root.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Replacing debian:DST_Root_CA_X3.pem
Replacing debian:DigiCert_Assured_ID_Root_CA.pem
Replacing debian:DigiCert_Assured_ID_Root_G2.pem
Replacing debian:DigiCert_Assured_ID_Root_G3.pem
Replacing debian:DigiCert_Global_Root_CA.pem
Replacing debian:DigiCert_Global_Root_G2.pem
Replacing debian:DigiCert_Global_Root_G3.pem
Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
Replacing debian:DigiCert_Trusted_Root_G4.pem
Replacing debian:E-Tugra_Certification_Authority.pem
Replacing debian:EC-ACC.pem
Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Replacing debian:Entrust_Root_Certification_Authority.pem
Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
Replacing debian:GlobalSign_Root_CA.pem
Replacing debian:GlobalSign_Root_CA_-_R2.pem
Replacing debian:GlobalSign_Root_CA_-_R3.pem
Replacing debian:Global_Chambersign_Root_-_2008.pem
Replacing debian:Go_Daddy_Class_2_CA.pem
Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Replacing debian:Hongkong_Post_Root_CA_1.pem
Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
Replacing debian:Izenpe.com.pem
Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Replacing debian:Network_Solutions_Certificate_Authority.pem
Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Replacing debian:QuoVadis_Root_CA.pem
Replacing debian:QuoVadis_Root_CA_1_G3.pem
Replacing debian:QuoVadis_Root_CA_2.pem
Replacing debian:QuoVadis_Root_CA_2_G3.pem
Replacing debian:QuoVadis_Root_CA_3.pem
Replacing debian:QuoVadis_Root_CA_3_G3.pem
Replacing debian:SecureSign_RootCA11.pem
Replacing debian:SecureTrust_CA.pem
Replacing debian:Secure_Global_CA.pem
Replacing debian:Security_Communication_RootCA2.pem
Replacing debian:Security_Communication_Root_CA.pem
Replacing debian:Sonera_Class_2_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
Replacing debian:Starfield_Class_2_CA.pem
Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Replacing debian:SwissSign_Gold_CA_-_G2.pem
Replacing debian:SwissSign_Silver_CA_-_G2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
Replacing debian:TWCA_Global_Root_CA.pem
Replacing debian:TWCA_Root_Certification_Authority.pem
Replacing debian:TeliaSonera_Root_CA_v1.pem
Replacing debian:Trustis_FPS_Root_CA.pem
Replacing debian:USERTrust_ECC_Certification_Authority.pem
Replacing debian:USERTrust_RSA_Certification_Authority.pem
Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem
Replacing debian:XRamp_Global_CA_Root.pem
Replacing debian:certSIGN_ROOT_CA.pem
Replacing debian:ePKI_Root_Certification_Authority.pem
Replacing debian:AC_RAIZ_FNMT-RCM.pem
Replacing debian:Amazon_Root_CA_1.pem
Replacing debian:Amazon_Root_CA_2.pem
Replacing debian:Amazon_Root_CA_3.pem
Replacing debian:Amazon_Root_CA_4.pem
Replacing debian:Certum_Trusted_Network_CA_2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Replacing debian:ISRG_Root_X1.pem
Replacing debian:SZAFIR_ROOT_CA2.pem
Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
Replacing debian:GlobalSign_Root_CA_-_R6.pem
Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
Replacing debian:TrustCor_ECA-1.pem
Replacing debian:TrustCor_RootCert_CA-1.pem
Replacing debian:TrustCor_RootCert_CA-2.pem
Replacing debian:Certigna_Root_CA.pem
Replacing debian:certSIGN_Root_CA_G2.pem
Replacing debian:emSign_ECC_Root_CA_-_C3.pem
Replacing debian:emSign_ECC_Root_CA_-_G3.pem
Replacing debian:emSign_Root_CA_-_C1.pem
Replacing debian:emSign_Root_CA_-_G1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G4.pem
Replacing debian:e-Szigno_Root_CA_2017.pem
Replacing debian:GTS_Root_R1.pem
Replacing debian:GTS_Root_R2.pem
Replacing debian:GTS_Root_R3.pem
Replacing debian:GTS_Root_R4.pem
Replacing debian:Hongkong_Post_Root_CA_3.pem
Replacing debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Replacing debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Replacing debian:Trustwave_Global_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Replacing debian:UCA_Extended_Validation_Root.pem
Replacing debian:UCA_Global_G2_Root.pem
Replacing debian:NAVER_Global_Root_Certification_Authority.pem
done.
done.
Processing triggers for desktop-file-utils (0.22-1ubuntu5.2) ...
Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20180209-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1.1) ...

答え1

プログラムはpostinstスクリプト内でこれを呼び出します:

update-ca-certificates -f 2>/dev/null

-f:

-f, --fresh 最新のアップデート。/etc/ssl/certs ディレクトリ内のシンボリックリンクを削除します。

したがって、出力は の呼び出しの出力と一致しますupdate-ca-certificates。他のトリガーがあったため、別の無関係なインストール/更新からの証明書の更新がそこで待機していた可能性があり、現在処理されていることに注意してください。

ファイルの内容を検査するにdebは、次のようにします。

ar -x packages.deb

インストール/アンインストール スクリプトは内部にありますcontrol.tar.xz(少なくとも Debian バイナリ パッケージ形式のバージョン 2.0 の場合)。

そうは言っても、クローズド ソース アプリケーションを信頼する方法はまったくありません。何か怪しいことをしていたとしても、おそらく出力には表示されないでしょう (CA 証明書の変更は間違いなく怪しいですが、そうではないようです)。

関連情報