Documentation< Previous | Contents | Next >
6. Inspect 3rd Party .deb packages before installing:
These should always be inspected before 'extracting' as whilst not a virus, malicious code could be lurking there:
"I always open the debs and check for suspicious post-install scripts This is how to do that. ...
Listing the files from a debian package using dpkg -c
dpkg is the package manager for debian. So using dpkg command you can list and extract the packages, as shown below.
To view the content of *.deb file:
Code:
:
$ dpkg -c ovpc_1.06.94-3_i386.deb
dr-xr-xr-x root/root 0 2010-02-25 10:54 ./
dr-xr-xr-x root/root 0 2010-02-25 10:54 ./ovpc/
dr-xr-xr-x root/root 0 2010-02-25 10:54 ./ovpc/pkg/
dr-xr-xr-x root/root 0 2010-02-25 10:54 ./ovpc/pkg/lib/
dr-xr-xr-x root/root 0 2010-02-25 10:48 ./ovpc/pkg/lib/header/
-r-xr-xr-x root/root 130 2009-10-29 17:06 ./ovpc/pkg/lib/header/libov.so
.
.
.
-r-xr-xr-x root/root 131 2009-10-29 17:06 ./ovpc/pkg/etc/conf
dr-xr-xr-x root/root 0 2010-02-25 10:54 ./ovpc/pkg/etc/conf/log.conf Extracting the files from a debian package using dpkg -x
Use dpkg -x to extract the files from a deb package as shown below.
Code:
:
$ dpkg -x ovpc_1.06.94-3_i386.deb /tmp/ov
$ ls /tmp/ov ovpc
DEB files are ar archives, which always contains the three files — debian-binary, control.tar.gz, and data.tar.gz. We can use ar command and tar command to extract and view the files from the deb package, as shown below.
First, extract the content of *.deb archive file using ar command. Code:
:
$ ar -vx ovpc_1.06.94-3_i386.deb x - debian-binary
x - control.tar.gz x - data.tar.gz
$
Next, extract the content of data.tar.gz file as shown below. Code:
:
$ tar -xvzf data.tar.gz
./
./ovpc/
./ovpc/pkg/
./ovpc/pkg/lib/
./ovpc/pkg/lib/header/
./ovpc/pkg/lib/header/libov.so
.
.
./ovpc/pkg/etc/conf
./ovpc/pkg/etc/conf/log.con
"
[With acknowledgement to Blackwolf on ultimateeditionoz.com forum – sadly the forum is no more].
There was an instance of a GNU/Linux theme uploaded to gnome-look.org called Ubundows that had not been checked by Admin for that site; the file once extracted executed 'Unix' commands to wipe the hard drive clean of all content - YOU HAVE BEEN WARNED!