Suppose there exists a particular debian package in the Ubuntu repositories, which upon installation pulls the actual software from an external repository such as sourceforge. The software itself appears good, but I don't trust the original author, nor the fact that it uses an installation script that downloads from an odd repository.
What would be the procedure to install such software in an isolated environment ? Assume the software is command-line only jar
file.
You might want to take a look at Firejail: https://firejail.wordpress.com/
You can create sandbox environments with it. There are many preconfigured profiles for different applications, but in your case you probably will have to create a custom one or try to use the restricted default profile.