Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 583256

Summary: =dev-libs/geoip-1.6.9 installs script that fetches files without validation and writes them into /usr/
Product: Gentoo Linux Reporter: Sergey S. Starikoff <Ikonta>
Component: Current packagesAssignee: Gentoo Netmon project <netmon>
Status: UNCONFIRMED ---    
Severity: normal CC: alexander, arthur, jstein, pacho
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Sergey S. Starikoff 2016-05-17 07:29:07 UTC 
=dev-libs/geoip-1.6.9 package installs empty /usr/share/GeoIP/ directory and /usr/sbin/geoipupdate.sh script, which fills this directory with data or updates data files but NOT validates them (probably this mean we should ask upstream about at least validation tool, like it was done in sys-apps/smartmontools, see bug #575292 ; or, better, completely review distribution of updates).

AFAIR /usr/ subdirectories should not contain files, not registered in portage base.
So, this logic may be suitable for /var/… subtree, but not for /usr/…

P.S. I've seen comment https://bugs.gentoo.org/show_bug.cgi?id=547764#c3 but this bug is not exact duplicate for #547764
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2017-05-06 11:59:31 UTC 
I guess you were looking for net-misc/geoipupdate?
Comment 2 Sergey S. Starikoff 2017-05-17 13:31:58 UTC 
(In reply to Jeroen Roovers from comment #1)
> I guess you were looking for net-misc/geoipupdate?

No.

=dev-libs/geoip ebuild (both 1.6.9-r1 and 1.6.10 versions) not only installs /usr/sbin/geoipupdate.sh script for runtime update of live filesystem, but remind user to run it instead of proper dependency on net-misc/geoipupdate.