Estou tentando descobrir se um aplicativo que instalei é confiável, com base na saída a seguir. Espero que esta seja a plataforma correta para obter alguns conselhos sobre o assunto!
Eu instalei este pacote (pdfc-gui) deaquicom:
sudo dpkg -i pdfc-gui-21.4.225.deb
e na instalação vejo que ele adiciona/atualiza certificados SSL (veja a saída da instalação abaixo).
Infelizmente, não entendo o Linux bem o suficiente para ter certeza se isso é algo com que devo me preocupar.
Alguém pode me explicar essa saída?
Devo remover o pacote e, em caso afirmativo, como ter certeza de que todas as alterações feitas serão realmente revertidas?
sudo dpkg -i pdfc-gui-21.4.225.deb
Selecting previously unselected package pdfc-gui.
(Reading database ... 734495 files and directories currently installed.)
Preparing to unpack pdfc-gui-21.4.225.deb ...
Unpacking pdfc-gui (21.4.225) ...
Setting up pdfc-gui (21.4.225) ...
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
129 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Replacing debian:ACCVRAIZ1.pem
Replacing debian:Actalis_Authentication_Root_CA.pem
Replacing debian:AffirmTrust_Commercial.pem
Replacing debian:AffirmTrust_Networking.pem
Replacing debian:AffirmTrust_Premium.pem
Replacing debian:AffirmTrust_Premium_ECC.pem
Replacing debian:Atos_TrustedRoot_2011.pem
Replacing debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Replacing debian:Baltimore_CyberTrust_Root.pem
Replacing debian:Buypass_Class_2_Root_CA.pem
Replacing debian:Buypass_Class_3_Root_CA.pem
Replacing debian:CA_Disig_Root_R2.pem
Replacing debian:CFCA_EV_ROOT.pem
Replacing debian:COMODO_Certification_Authority.pem
Replacing debian:COMODO_ECC_Certification_Authority.pem
Replacing debian:COMODO_RSA_Certification_Authority.pem
Replacing debian:Certigna.pem
Replacing debian:Certum_Trusted_Network_CA.pem
Replacing debian:Chambers_of_Commerce_Root_-_2008.pem
Replacing debian:Comodo_AAA_Services_root.pem
Replacing debian:Cybertrust_Global_Root.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Replacing debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Replacing debian:DST_Root_CA_X3.pem
Replacing debian:DigiCert_Assured_ID_Root_CA.pem
Replacing debian:DigiCert_Assured_ID_Root_G2.pem
Replacing debian:DigiCert_Assured_ID_Root_G3.pem
Replacing debian:DigiCert_Global_Root_CA.pem
Replacing debian:DigiCert_Global_Root_G2.pem
Replacing debian:DigiCert_Global_Root_G3.pem
Replacing debian:DigiCert_High_Assurance_EV_Root_CA.pem
Replacing debian:DigiCert_Trusted_Root_G4.pem
Replacing debian:E-Tugra_Certification_Authority.pem
Replacing debian:EC-ACC.pem
Replacing debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Replacing debian:Entrust_Root_Certification_Authority.pem
Replacing debian:Entrust_Root_Certification_Authority_-_EC1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G2.pem
Replacing debian:GeoTrust_Primary_Certification_Authority_-_G2.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R4.pem
Replacing debian:GlobalSign_ECC_Root_CA_-_R5.pem
Replacing debian:GlobalSign_Root_CA.pem
Replacing debian:GlobalSign_Root_CA_-_R2.pem
Replacing debian:GlobalSign_Root_CA_-_R3.pem
Replacing debian:Global_Chambersign_Root_-_2008.pem
Replacing debian:Go_Daddy_Class_2_CA.pem
Replacing debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Replacing debian:Hongkong_Post_Root_CA_1.pem
Replacing debian:IdenTrust_Commercial_Root_CA_1.pem
Replacing debian:IdenTrust_Public_Sector_Root_CA_1.pem
Replacing debian:Izenpe.com.pem
Replacing debian:Microsec_e-Szigno_Root_CA_2009.pem
Replacing debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Replacing debian:Network_Solutions_Certificate_Authority.pem
Replacing debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Replacing debian:QuoVadis_Root_CA.pem
Replacing debian:QuoVadis_Root_CA_1_G3.pem
Replacing debian:QuoVadis_Root_CA_2.pem
Replacing debian:QuoVadis_Root_CA_2_G3.pem
Replacing debian:QuoVadis_Root_CA_3.pem
Replacing debian:QuoVadis_Root_CA_3_G3.pem
Replacing debian:SecureSign_RootCA11.pem
Replacing debian:SecureTrust_CA.pem
Replacing debian:Secure_Global_CA.pem
Replacing debian:Security_Communication_RootCA2.pem
Replacing debian:Security_Communication_Root_CA.pem
Replacing debian:Sonera_Class_2_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_EV_Root_CA.pem
Replacing debian:Staat_der_Nederlanden_Root_CA_-_G3.pem
Replacing debian:Starfield_Class_2_CA.pem
Replacing debian:Starfield_Root_Certificate_Authority_-_G2.pem
Replacing debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Replacing debian:SwissSign_Gold_CA_-_G2.pem
Replacing debian:SwissSign_Silver_CA_-_G2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_2.pem
Replacing debian:T-TeleSec_GlobalRoot_Class_3.pem
Replacing debian:TWCA_Global_Root_CA.pem
Replacing debian:TWCA_Root_Certification_Authority.pem
Replacing debian:TeliaSonera_Root_CA_v1.pem
Replacing debian:Trustis_FPS_Root_CA.pem
Replacing debian:USERTrust_ECC_Certification_Authority.pem
Replacing debian:USERTrust_RSA_Certification_Authority.pem
Replacing debian:VeriSign_Universal_Root_Certification_Authority.pem
Replacing debian:XRamp_Global_CA_Root.pem
Replacing debian:certSIGN_ROOT_CA.pem
Replacing debian:ePKI_Root_Certification_Authority.pem
Replacing debian:AC_RAIZ_FNMT-RCM.pem
Replacing debian:Amazon_Root_CA_1.pem
Replacing debian:Amazon_Root_CA_2.pem
Replacing debian:Amazon_Root_CA_3.pem
Replacing debian:Amazon_Root_CA_4.pem
Replacing debian:Certum_Trusted_Network_CA_2.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Replacing debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Replacing debian:ISRG_Root_X1.pem
Replacing debian:SZAFIR_ROOT_CA2.pem
Replacing debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Replacing debian:GDCA_TrustAUTH_R5_ROOT.pem
Replacing debian:GlobalSign_Root_CA_-_R6.pem
Replacing debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Replacing debian:SSL.com_Root_Certification_Authority_ECC.pem
Replacing debian:SSL.com_Root_Certification_Authority_RSA.pem
Replacing debian:TrustCor_ECA-1.pem
Replacing debian:TrustCor_RootCert_CA-1.pem
Replacing debian:TrustCor_RootCert_CA-2.pem
Replacing debian:Certigna_Root_CA.pem
Replacing debian:certSIGN_Root_CA_G2.pem
Replacing debian:emSign_ECC_Root_CA_-_C3.pem
Replacing debian:emSign_ECC_Root_CA_-_G3.pem
Replacing debian:emSign_Root_CA_-_C1.pem
Replacing debian:emSign_Root_CA_-_G1.pem
Replacing debian:Entrust_Root_Certification_Authority_-_G4.pem
Replacing debian:e-Szigno_Root_CA_2017.pem
Replacing debian:GTS_Root_R1.pem
Replacing debian:GTS_Root_R2.pem
Replacing debian:GTS_Root_R3.pem
Replacing debian:GTS_Root_R4.pem
Replacing debian:Hongkong_Post_Root_CA_3.pem
Replacing debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Replacing debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Replacing debian:Trustwave_Global_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Replacing debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Replacing debian:UCA_Extended_Validation_Root.pem
Replacing debian:UCA_Global_G2_Root.pem
Replacing debian:NAVER_Global_Root_Certification_Authority.pem
done.
done.
Processing triggers for desktop-file-utils (0.22-1ubuntu5.2) ...
Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20180209-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1.1) ...
Responder1
O programa chama isso em seu postinst
script:
update-ca-certificates -f 2>/dev/null
A -f
bandeira:
-f, --fresh Novas atualizações. Remova os links simbólicos no diretório /etc/ssl/certs.
Portanto, a saída corresponde à de uma chamada para update-ca-certificates
. Observe que havia outros gatilhos, de modo que a atualização dos certificados poderia estar aguardando ali, de outra instalação/atualização não relacionada, e só agora foi processada.
Você pode inspecionar o conteúdo do deb
arquivo com:
ar -x packages.deb
Os scripts de (des)instalação estão então dentro control.tar.xz
(pelo menos para a versão 2.0 do formato de pacote binário Debian).
Dito isto, não há como confiar em um aplicativo de código fechado. Se estivesse fazendo algo duvidoso, você provavelmente não veria isso na saída (alterar certificados de CA seria definitivamente duvidoso, mas não parece ser o caso).