我是新的 ubuntu 用户。我使用 sudo-apt 安装了 pdftk-java,它更改了我的许多根证书颁发机构。这很糟糕吗?我不明白为什么 PDF 编辑软件/程序需要这个根证书颁发机构。我不确定我是否意外安装了恶意软件,以及如何摆脱它。
这是我的产品发布:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
sudo apt install pdftk-java
[sudo] password for [USERNAME]:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
ca-certificates-java default-jre-headless java-common libbcprov-java
libcommons-lang3-java openjdk-11-jre-headless
[...]
Adding debian:ANF_Secure_Server_Root_CA.pem
Adding debian:emSign_Root_CA_-_C1.pem
Adding debian:AffirmTrust_Networking.pem
Adding debian:IdenTrust_Public_Sector_Root_CA_1.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Adding debian:COMODO_ECC_Certification_Authority.pem
Adding debian:ssl-cert-snakeoil.pem
Adding debian:Staat_der_Nederlanden_EV_Root_CA.pem
Adding debian:DigiCert_High_Assurance_EV_Root_CA.pem
Adding debian:Network_Solutions_Certificate_Authority.pem
Adding debian:Buypass_Class_3_Root_CA.pem
Adding debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Adding debian:Buypass_Class_2_Root_CA.pem
Adding debian:Amazon_Root_CA_4.pem
Adding debian:DigiCert_Trusted_Root_G4.pem
Adding debian:CFCA_EV_ROOT.pem
Adding debian:GTS_Root_R4.pem
Adding debian:GlobalSign_Root_CA_-_R2.pem
Adding debian:Secure_Global_CA.pem
Adding debian:DigiCert_Global_Root_G3.pem
Adding debian:Security_Communication_RootCA2.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R5.pem
Adding debian:DigiCert_Assured_ID_Root_G3.pem
Adding debian:Microsec_e-Szigno_Root_CA_2009.pem
Adding debian:GlobalSign_Root_CA_-_R3.pem
Adding debian:Entrust_Root_Certification_Authority_-_G2.pem
Adding debian:QuoVadis_Root_CA_1_G3.pem
Adding debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Adding debian:XRamp_Global_CA_Root.pem
Adding debian:ACCVRAIZ1.pem
Adding debian:GLOBALTRUST_2020.pem
Adding debian:Starfield_Root_Certificate_Authority_-_G2.pem
Adding debian:GTS_Root_R3.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:Amazon_Root_CA_1.pem
Adding debian:SecureSign_RootCA11.pem
Adding debian:AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
Adding debian:Baltimore_CyberTrust_Root.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:Certum_Trusted_Root_CA.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Adding debian:NAVER_Global_Root_Certification_Authority.pem
Adding debian:AffirmTrust_Commercial.pem
Adding debian:SSL.com_Root_Certification_Authority_ECC.pem
Adding debian:Actalis_Authentication_Root_CA.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Adding debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Adding debian:Entrust_Root_Certification_Authority_-_EC1.pem
Adding debian:emSign_ECC_Root_CA_-_G3.pem
Adding debian:Izenpe.com.pem
Adding debian:Certum_Trusted_Network_CA.pem
Adding debian:AffirmTrust_Premium.pem
Adding debian:Certigna.pem
Adding debian:Certigna_Root_CA.pem
Adding debian:AC_RAIZ_FNMT-RCM.pem
Adding debian:Hongkong_Post_Root_CA_1.pem
Adding debian:QuoVadis_Root_CA_3_G3.pem
Adding debian:SwissSign_Silver_CA_-_G2.pem
Adding debian:Hongkong_Post_Root_CA_3.pem
Adding debian:Entrust_Root_Certification_Authority.pem
Adding debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Adding debian:Entrust_Root_Certification_Authority_-_G4.pem
Adding debian:SecureTrust_CA.pem
Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Adding debian:AffirmTrust_Premium_ECC.pem
Adding debian:emSign_ECC_Root_CA_-_C3.pem
Adding debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Adding debian:UCA_Extended_Validation_Root.pem
Adding debian:DigiCert_Assured_ID_Root_CA.pem
Adding debian:certSIGN_Root_CA_G2.pem
Adding debian:TWCA_Root_Certification_Authority.pem
Adding debian:DigiCert_Global_Root_CA.pem
Adding debian:Go_Daddy_Class_2_CA.pem
Adding debian:UCA_Global_G2_Root.pem
Adding debian:certSIGN_ROOT_CA.pem
Adding debian:EC-ACC.pem
Adding debian:TWCA_Global_Root_CA.pem
Adding debian:Starfield_Class_2_CA.pem
Adding debian:GlobalSign_Root_CA.pem
Adding debian:DigiCert_Global_Root_G2.pem
Adding debian:Security_Communication_Root_CA.pem
Adding debian:T-TeleSec_GlobalRoot_Class_2.pem
Adding debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Adding debian:QuoVadis_Root_CA_3.pem
Adding debian:COMODO_Certification_Authority.pem
Adding debian:Trustwave_Global_Certification_Authority.pem
Adding debian:Comodo_AAA_Services_root.pem
Adding debian:SSL.com_Root_Certification_Authority_RSA.pem
Adding debian:GTS_Root_R2.pem
Adding debian:Certum_EC-384_CA.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Adding debian:Atos_TrustedRoot_2011.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R4.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Adding debian:ISRG_Root_X1.pem
Adding debian:COMODO_RSA_Certification_Authority.pem
Adding debian:T-TeleSec_GlobalRoot_Class_3.pem
Adding debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Adding debian:TeliaSonera_Root_CA_v1.pem
Adding debian:USERTrust_ECC_Certification_Authority.pem
Adding debian:GTS_Root_R1.pem
Adding debian:SZAFIR_ROOT_CA2.pem
Adding debian:QuoVadis_Root_CA_2.pem
Adding debian:GlobalSign_Root_E46.pem
Adding debian:GlobalSign_Root_CA_-_R6.pem
Adding debian:USERTrust_RSA_Certification_Authority.pem
Adding debian:Cybertrust_Global_Root.pem
Adding debian:ePKI_Root_Certification_Authority.pem
Adding debian:QuoVadis_Root_CA_2_G3.pem
Adding debian:GlobalSign_Root_R46.pem
Adding debian:DigiCert_Assured_ID_Root_G2.pem
Adding debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Adding debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Adding debian:SwissSign_Gold_CA_-_G2.pem
Adding debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Adding debian:Certum_Trusted_Network_CA_2.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Adding debian:GDCA_TrustAUTH_R5_ROOT.pem
Adding debian:Amazon_Root_CA_3.pem
Adding debian:emSign_Root_CA_-_G1.pem
Adding debian:Amazon_Root_CA_2.pem
Adding debian:IdenTrust_Commercial_Root_CA_1.pem
Adding debian:E-Tugra_Certification_Authority.pem
Adding debian:e-Szigno_Root_CA_2017.pem
done.
Setting up default-jre-headless (2:1.11-72build2) ...
Setting up pdftk-java (3.2.2-1) ...
update-alternatives: using /usr/bin/pdftk.pdftk-java to provide /usr/bin/pdftk (
pdftk) in auto mode
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Updating Mono key store
Mono Certificate Store Sync - version 6.8.0.105
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD license
d.
Importing into legacy system store:
I already trust 124, your new list has 124
Import process completed.
Importing into BTLS system store:
I already trust 124, your new list has 124
Import process completed.
Done
答案1
您删掉了可以回答这个问题的一行。紧接着的Adding debian:ANF_Secure_Server_Root_CA.pem可能是这一行Setting up ca-certificates-java (20190909) ...。
这表明以下输出(所有“Adding debian:”)行来自对软件包的处理ca-certificates-java。在输出的更上方,您会注意到ca-certificates-java输出部分“将安装以下附加软件包”。
因此,具体来说,不是pdftk-java添加/替换/更新了证书文件,而是依赖它。作为pdftk-java一个 Java 应用程序,打包者确定在安装时,它应该推荐 Java 运行时,这随后要求 Java 密钥库中的 Java 运行时可以访问证书。
所以总而言之,安装pdftk-java然后拉入default-jre-headless哪个拉入ca-certificates-java哪个拉入ca-certificates(您已经拥有的)。
所以,不是恶意软件,没什么可担心的。一切都正常。