How to inspect 3rd Party .deb packages before installing

swarfendor437 · 30 September 2020 16:05

These should always be inspected before 'extracting' as whilst not a virus,
malicious code could be lurking there:

"I always open the debs and check for suspicious post-install scripts
This is how to do that. ...
Listing the files from a debian package using dpkg -c
dpkg is the package manager for debian. So using dpkg command you can list
and extract the packages, as shown below.
To view the content of *.deb file:

Code:
:
$ dpkg -c ovpc_1.06.94-3_i386.deb
dr-xr-xr-x root/root
0 2010-02-25 10:54 ./
dr-xr-xr-x root/root
0 2010-02-25 10:54 ./ovpc/
dr-xr-xr-x root/root
0 2010-02-25 10:54 ./ovpc/pkg/
dr-xr-xr-x root/root
0 2010-02-25 10:54 ./ovpc/pkg/lib/
dr-xr-xr-x root/root
0 2010-02-25 10:48 ./ovpc/pkg/lib/header/
-r-xr-xr-x root/root
130 2009-10-29 17:06 ./ovpc/pkg/lib/header/libov.so
.
.
.
-r-xr-xr-x root/root
131 2009-10-29 17:06 ./ovpc/pkg/etc/conf
dr-xr-xr-x root/root
0 2010-02-25 10:54 ./ovpc/pkg/etc/conf/log.conf

Extracting the files from a debian package using dpkg -x
Use dpkg -x to extract the files from a deb package as shown below.

Code:
:
$ dpkg -x ovpc_1.06.94-3_i386.deb /tmp/ov
$ ls /tmp/ov
ovpc

DEB files are ar archives, which always contains the three files — debian-binary,
control.tar.gz, and data.tar.gz. We can use ar command and tar command to
extract and view the files from the deb package, as shown below.
First, extract the content of *.deb archive file using ar command.

Code:
:
$ ar -vx ovpc_1.06.94-3_i386.deb
x - debian-binary
x - control.tar.gz
x - data.tar.gz
$

Next, extract the content of data.tar.gz file as shown below.

Code:
:
$ tar -xvzf data.tar.gz
./
./ovpc/
./ovpc/pkg/
./ovpc/pkg/lib/
./ovpc/pkg/lib/header/
./ovpc/pkg/lib/header/libov.so
.
.
./ovpc/pkg/etc/conf
./ovpc/pkg/etc/conf/log.con
"

[With acknowledgement to Blackwolf on ultimateeditionoz.com forum – sadly
the forum is no more].

There was an instance of a GNU/Linux theme uploaded to gnome-look.org
called Ubundows that had not been checked by Admin for that site; the file
once extracted executed 'Unix' commands to wipe the hard drive clean of all
content - YOU HAVE BEEN WARNED!