Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 583256 - =dev-libs/geoip-1.6.9 installs script that fetches files without validation and writes them into /usr/
Summary: =dev-libs/geoip-1.6.9 installs script that fetches files without validation a...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Netmon Herd
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-17 07:29 UTC by Sergey S. Starikoff
Modified: 2019-11-10 12:52 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey S. Starikoff 2016-05-17 07:29:07 UTC
=dev-libs/geoip-1.6.9 package installs empty /usr/share/GeoIP/ directory and /usr/sbin/geoipupdate.sh script, which fills this directory with data or updates data files but NOT validates them (probably this mean we should ask upstream about at least validation tool, like it was done in sys-apps/smartmontools, see bug #575292 ; or, better, completely review distribution of updates).

AFAIR /usr/ subdirectories should not contain files, not registered in portage base.
So, this logic may be suitable for /var/… subtree, but not for /usr/…

P.S. I've seen comment https://bugs.gentoo.org/show_bug.cgi?id=547764#c3 but this bug is not exact duplicate for #547764
Comment 1 Jeroen Roovers gentoo-dev 2017-05-06 11:59:31 UTC
I guess you were looking for net-misc/geoipupdate?
Comment 2 Sergey S. Starikoff 2017-05-17 13:31:58 UTC
(In reply to Jeroen Roovers from comment #1)
> I guess you were looking for net-misc/geoipupdate?

No.

=dev-libs/geoip ebuild (both 1.6.9-r1 and 1.6.10 versions) not only installs /usr/sbin/geoipupdate.sh script for runtime update of live filesystem, but remind user to run it instead of proper dependency on net-misc/geoipupdate.