From patchwork Thu Jan 10 23:00:15 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stefan Schantl <stefan.schantl@ipfire.org>
X-Patchwork-Id: 2028
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256
	bits)) (Client CN "mail01.ipfire.org",
	Issuer "Let's Encrypt Authority X3" (verified OK))
	by web07.i.ipfire.org (Postfix) with ESMTPS id 4D28885D3E7
	for <patchwork@web07.i.ipfire.org>;
	Thu, 10 Jan 2019 12:00:45 +0000 (GMT)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id D8C522199080;
	Thu, 10 Jan 2019 12:00:44 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1547121645;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:mime-version:content-type:
	content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references:list-id:
	list-unsubscribe:list-subscribe:list-post;
	bh=giFGVkf9pakn5hHAhiix0sPLF6Y2qEyaO6yx3Di45Ss=;
	b=DyjncVjg2LfE3IoxThQiiganya4Iharmew7l1dbwZZNDg/UKYcVqb8ZQADnRt1W+ka9eqy
	/ZfIivlFlrbLbw3o3uNMDuui7rNYcsqfLQIdoGQmi8WQqgLeuIC/tquqwORQDmX5X+U+Ce
	iZkHey96HCG0ygF2lLjTY0tTow2MPbzLs4Zc+W7yrqemp4wT6vqc+xTTy6CqaeA0rXL1HX
	GTNEqyMxn6jyg6BdhLIVseCI2ms9Yk2EzElidgvEEd1oQwIfhijz00sIvvwBeCo0lNwAuS
	sE5A8N0vG1knsEprvylWd7efjy9ihu8AFD9afPtEneHxSIwnEDmiXTgncCTaJg==
Received: from tuxedo.stevee (unknown [46.125.249.115])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id AE4FB21A7C7E;
	Thu, 10 Jan 2019 12:00:35 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801;
	t=1547121635;
	h=from:from:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	content-type:content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references;
	bh=giFGVkf9pakn5hHAhiix0sPLF6Y2qEyaO6yx3Di45Ss=;
	b=X9fut7jMpDv53yMUl3nUIOSHj9768I+0DM8G7WN4OWQs/SMZU3qKcejEakEMZAvGDH4Bx7
	vgdwBJp3LKS8OVTrALQeYgKCfTOy3yRkipQHhQzXJEmEMt78jQKOu1q/TIGqE6epqEapUB
	nTkTD3FrORsfgOphuu4ap9nIyfshVcdjhALAOKlYAYfceSW/5K+3/YmV/8k9mZZzpebLrE
	nRTC7qlNwdd3+zPWTLyPdmkzH9bgujB2a6FE8OF9G/xXNiU2DX8uuFGBM0CWd6sANbGtFb
	y81uKTSnELGN6BZveNMVkRciC48H+ZKkJKfFz3bBzF8223h3IoIOx6xOPNfe/w==
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 4/6] xt_geoip_update: Adjust script to download and use the
	GeoLite2 database
Date: Thu, 10 Jan 2019 13:00:15 +0100
Message-Id: <20190110120017.6595-4-stefan.schantl@ipfire.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20190110120017.6595-1-stefan.schantl@ipfire.org>
References: <20190110120017.6595-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Authentication-Results: mail01.ipfire.org;
	auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org
X-Spamd-Result: default: False [-1.95 / 11.00]; ARC_NA(0.00)[];
	FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[]; R_MISSING_CHARSET(2.50)[];
	MIME_GOOD(-0.10)[text/plain]; REPLY(-4.00)[];
	BROKEN_CONTENT_TYPE(1.50)[]; DKIM_SIGNED(0.00)[];
	RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[];
	NEURAL_HAM(-2.85)[-0.950,0]; RCVD_COUNT_ZERO(0.00)[0];
	FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
	ASN(0.00)[asn:8412, ipnet:46.124.0.0/15, country:AT];
	RCVD_TLS_ALL(0.00)[]
X-Spam-Status: No, score=-1.95
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Fixes #11961.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 src/scripts/xt_geoip_update | 63 ++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 36 deletions(-)

diff --git a/src/scripts/xt_geoip_update b/src/scripts/xt_geoip_update
index 0aea4d03e..73484c7a0 100644
--- a/src/scripts/xt_geoip_update
+++ b/src/scripts/xt_geoip_update
@@ -24,13 +24,10 @@ TMP_FILE=$(mktemp -p $TMP_PATH)
 
 SCRIPT_PATH=/usr/local/bin
 DEST_PATH=/usr/share/xt_geoip
+DB_PATH=/var/lib/GeoIP
 
-DL_URL=https://geolite.maxmind.com/download/geoip/database
-DL_FILE=GeoIPCountryCSV.zip
-
-CSV_FILE=GeoIPCountryWhois.csv
-
-ARCH=LE
+DL_URL=http://geolite.maxmind.com/download/geoip/database/
+DL_FILE=GeoLite2-Country-CSV.zip
 
 eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
 
@@ -57,42 +54,41 @@ function download() {
 	# Get the latest GeoIP database from server.
 	wget $DL_URL/$DL_FILE $PROXYSETTINGS -O $TMP_FILE
 
-	# Extract files.
+	# Extract files to database path.
 	unzip $TMP_FILE -d $TMP_PATH
 
 	return 0
 }
 
-function build() {
-	echo "Convert database..."
+function install() {
+	echo "Install CSV database..."
 
-	# Check if the csv file exists.
-	if [ ! -e $TMP_PATH/$CSV_FILE ]; then
-		echo "$TMP_PATH/$CSV_FILE not found. Exiting."
-		return 1
+	# Check if the database dir exists.
+	if [ ! -e "$DB_PATH" ]; then
+		mkdir -p $DB_PATH &>/dev/null
 	fi
 
-	# Run script to convert the CSV file into several xtables
-	# compatible binary files.
-	if ! $SCRIPT_PATH/xt_geoip_build $TMP_PATH/$CSV_FILE -D $TMP_PATH; then
-		echo "Could not convert ruleset. Aborting." >&2
+	# Check if the directory for binary databases exists.
+        if [ ! -e "$DEST_PATH" ]; then
+                mkdir -p $DEST_PATH &>/dev/null
+        fi
+
+	# Install CSV databases.
+	if ! cp -af $TMP_PATH/*/* $DB_PATH &>/dev/null; then
+		echo "Could not copy files. Aborting." >&2
 		return 1
 	fi
 
 	return 0
 }
 
-function install() {
-	echo "Install databases..."
-
-	# Check if our destination exist.
-	if [ ! -e "$DEST_PATH" ]; then
-		mkdir -p $DEST_PATH &>/dev/null
-	fi
+function build() {
+	echo "Convert database..."
 
-	# Install databases.
-	if ! cp -af $TMP_PATH/$ARCH $DEST_PATH &>/dev/null; then
-		echo "Could not copy files. Aborting." >&2
+	# Run script to convert the CSV file into several xtables
+	# compatible binary files.
+	if ! $SCRIPT_PATH/xt_geoip_build -S $DB_PATH -D $DEST_PATH; then
+		echo "Could not convert ruleset. Aborting." >&2
 		return 1
 	fi
 
@@ -113,23 +109,18 @@ function main() {
 	# Download ruleset.
 	download || exit $?
 
-	# Convert the ruleset.
-	if ! build; then
-		# Do cleanup.
-		cleanup || exit $?
-		exit 1
-	fi
-
-	# Install the converted ruleset.
 	if ! install; then
 		# Do cleanup.
 		cleanup || exit $?
 		exit 1
 	fi
 
-	# Finaly remove temporary files.
+	# Remove temporary files.
 	cleanup || exit $?
 
+	# Convert the ruleset.
+	build || exit $?
+
 	return 0
 }