mirror of https://github.com/interlegis/sapl.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73 lines
2.9 KiB
73 lines
2.9 KiB
#!/usr/bin/env bash
|
|
# update_geoip.sh — download / refresh GeoLite2-ASN.mmdb
|
|
#
|
|
# Run this script before building a new Docker image so the image bundles
|
|
# an up-to-date MaxMind ASN database. The .mmdb binary is git-ignored;
|
|
# only this script is tracked.
|
|
#
|
|
# Usage:
|
|
# # Option 1 — key in environment
|
|
# MAXMIND_LICENSE_KEY=your_key bash docker/geoip/update_geoip.sh
|
|
#
|
|
# # Option 2 — key in project .env file
|
|
# bash docker/geoip/update_geoip.sh
|
|
#
|
|
# The script writes GeoLite2-ASN.mmdb to the same directory as itself so
|
|
# the Dockerfile COPY step can find it at docker/geoip/GeoLite2-ASN.mmdb.
|
|
#
|
|
# Suggested automation: run via a host cron job or CI pipeline step
|
|
# before triggering a docker build, e.g.:
|
|
#
|
|
# # /etc/cron.weekly/update-sapl-geoip
|
|
# #!/bin/bash
|
|
# cd /path/to/sapl && bash docker/geoip/update_geoip.sh
|
|
|
|
set -Eeuo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
OUT_FILE="$SCRIPT_DIR/GeoLite2-ASN.mmdb"
|
|
|
|
# ── Resolve the license key ────────────────────────────────────────────────
|
|
if [[ -z "${MAXMIND_LICENSE_KEY:-}" ]]; then
|
|
# Try the project .env (two directories up from docker/geoip/)
|
|
ENV_FILE="$(dirname "$(dirname "$SCRIPT_DIR")")/.env"
|
|
if [[ -f "$ENV_FILE" ]]; then
|
|
MAXMIND_LICENSE_KEY="$(grep -E '^MAXMIND_LICENSE_KEY=' "$ENV_FILE" 2>/dev/null \
|
|
| cut -d= -f2- | tr -d '[:space:]' || true)"
|
|
fi
|
|
fi
|
|
|
|
if [[ -z "${MAXMIND_LICENSE_KEY:-}" ]]; then
|
|
echo "ERROR: MAXMIND_LICENSE_KEY is not set." >&2
|
|
echo " Set it in the environment or add MAXMIND_LICENSE_KEY=<key> to .env" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# ── Download ───────────────────────────────────────────────────────────────
|
|
URL="https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=${MAXMIND_LICENSE_KEY}&suffix=tar.gz"
|
|
|
|
echo "[geoip] Downloading GeoLite2-ASN from MaxMind..."
|
|
tmpdir="$(mktemp -d)"
|
|
trap 'rm -rf "$tmpdir"' EXIT
|
|
|
|
curl -fsSL --max-time 60 "$URL" | tar -xz --strip-components=1 -C "$tmpdir"
|
|
mv "$tmpdir"/GeoLite2-ASN.mmdb "$OUT_FILE"
|
|
|
|
echo "[geoip] Saved: $OUT_FILE"
|
|
echo "[geoip] Build date: $(python3 -c "
|
|
import struct, datetime, pathlib
|
|
data = pathlib.Path('$OUT_FILE').read_bytes()
|
|
# MaxMind DB build epoch is in the last 16 bytes of the metadata section
|
|
marker = b'\xab\xcd\xefMaxMind.com'
|
|
idx = data.rfind(marker)
|
|
if idx >= 0:
|
|
# search for 'build_epoch' key nearby
|
|
chunk = data[idx:idx+512]
|
|
pos = chunk.find(b'build_epoch')
|
|
if pos >= 0:
|
|
val_start = pos + len(b'build_epoch') + 1
|
|
epoch = struct.unpack('>Q', chunk[val_start+1:val_start+9])[0]
|
|
print(datetime.datetime.utcfromtimestamp(epoch).strftime('%Y-%m-%d'))
|
|
exit()
|
|
print('unknown')
|
|
" 2>/dev/null || echo "unknown")"
|
|
|