使用ArchLinux中的etckeeper更新时出现奇怪的证书

我刚刚更新了我的arch发行版并得到了这个：

create mode 120000 ca-certificates/extracted/cadir/02756ea4.0
create mode 120000 ca-certificates/extracted/cadir/2c11d503.0
create mode 120000 ca-certificates/extracted/cadir/32888f65.0
create mode 120000 ca-certificates/extracted/cadir/3929ec9f.0
create mode 120000 ca-certificates/extracted/cadir/451b5485.0
create mode 120000 ca-certificates/extracted/cadir/559f7c71.0
create mode 120000 ca-certificates/extracted/cadir/608a55ad.0
create mode 120000 ca-certificates/extracted/cadir/7719f463.0
create mode 120000 ca-certificates/extracted/cadir/87229d21.0
create mode 120000 ca-certificates/extracted/cadir/9168f543.0
create mode 120000 ca-certificates/extracted/cadir/9479c8c3.0
create mode 120000 ca-certificates/extracted/cadir/9c3323d4.0
create mode 100644 ca-certificates/extracted/cadir/Certplus_Root_CA_G1.pem
create mode 100644 ca-certificates/extracted/cadir/Certplus_Root_CA_G2.pem
create mode 100644 ca-certificates/extracted/cadir/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
create mode 100644 ca-certificates/extracted/cadir/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
create mode 100644 ca-certificates/extracted/cadir/OpenTrust_Root_CA_G1.pem
create mode 100644 ca-certificates/extracted/cadir/OpenTrust_Root_CA_G2.pem
create mode 100644 ca-certificates/extracted/cadir/OpenTrust_Root_CA_G3.pem
create mode 120000 ca-certificates/extracted/cadir/d8317ada.0
create mode 120000 ca-certificates/extracted/cadir/dc99f41e.0
create mode 120000 ssl/certs/02756ea4.0
create mode 120000 ssl/certs/2c11d503.0
create mode 120000 ssl/certs/32888f65.0
create mode 120000 ssl/certs/3929ec9f.0
create mode 120000 ssl/certs/451b5485.0
create mode 120000 ssl/certs/559f7c71.0
create mode 120000 ssl/certs/608a55ad.0
create mode 120000 ssl/certs/7719f463.0
create mode 120000 ssl/certs/87229d21.0
create mode 120000 ssl/certs/9168f543.0
create mode 120000 ssl/certs/9479c8c3.0
create mode 120000 ssl/certs/9c3323d4.0
create mode 120000 ssl/certs/Certplus_Root_CA_G1.pem
create mode 120000 ssl/certs/Certplus_Root_CA_G2.pem
create mode 120000 ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
create mode 120000 ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
create mode 120000 ssl/certs/OpenTrust_Root_CA_G1.pem
create mode 120000 ssl/certs/OpenTrust_Root_CA_G2.pem
create mode 120000 ssl/certs/OpenTrust_Root_CA_G3.pem
create mode 120000 ssl/certs/d8317ada.0
create mode 120000 ssl/certs/dc99f41e.0

但这很奇怪，因为这不是任何形式的网络服务器。我应该担心这里的任何恶意软件吗？

CA证书与作为Web服务器无关。特别是，它们主要由TLS 客户端提供，因为客户端关心验证服务器自己的证书。每个操作系统都附带这样的列表。

TLS存在许多非HTTP使用（例如电子邮件SMTP / IMAP流量），但许多非“Web”程序使用相同的HTTPS - 例如，许多pacman镜像使用https：//，因此它也需要CA证书收集。

在Arch Linux上，“可信证书颁发机构”的主要列表是ca-certificates-mozillaMozilla的nss软件包。换句话说，它与Mozilla在Firefox中的内容相同，因此您可以针对Bugzilla交叉检查所有新添加的证书，并经常针对Google的Chromium bug跟踪器（维护自己的列表）进行交叉检查。所述OpenTrust / Certplus证书似乎是仅续展（bugzilla的和铬），由于是HARICA一个（bugzilla的）。

请注意，可信CA的主副本安装到/usr/share/ca-certificates（不由etckeeper跟踪）。您所看到的/etc仅仅是自动转换为OpenSSL兼容格式的输出（????????.0符号链接是OpenSSL“哈希”名称）; 有关如何更新它的信息，请参阅update-ca-trust（8）手册页。