idaholab#565, allow specifying alternate download location for MaxMin…

…d GeoIP database files

.github/workflows/arkime-build-and-push-ghcr.yml

@@ -106,6 +106,7 @@ jobs:
             BUILD_DATE=${{ steps.generate_build_timestamp.outputs.btimestamp }}
             VCS_REVISION=${{ steps.extract_commit_sha.outputs.sha }}
             MAXMIND_GEOIP_DB_LICENSE_KEY=${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}
+            MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL=${{ secrets.MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL }}
           push: true
           provenance: false
           platforms: ${{ matrix.platform }}

.github/workflows/hedgehog-iso-build-docker-wrap-push-ghcr.yml

@@ -128,6 +128,7 @@ jobs:
           pushd ./hedgehog-iso
           echo "${{ steps.extract_malcolm_version.outputs.mversion }}" > ./shared/version.txt
           echo "${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}" > ./shared/maxmind_license.txt
+          echo "${{ secrets.MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL }}" > ./shared/maxmind_url.txt
           echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" > ./shared/environment.chroot
           echo "VCS_REVSION=${{ steps.extract_commit_sha.outputs.sha }}" > ./shared/environment.chroot
           echo "BUILD_JOBS=2" > ./shared/environment.chroot

.github/workflows/hedgehog-raspi-build-docker-wrap-push-ghcr.yml

@@ -85,6 +85,7 @@ jobs:
           mkdir -p ./shared
           echo "${{ steps.extract_malcolm_version.outputs.mversion }}" > ./shared/version.txt
           echo "${{ secrets.MAXMIND_GEOIP_DB_LICENSE_KEY }}" > ./shared/maxmind_license.txt
+          echo "${{ secrets.MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL }}" > ./shared/maxmind_url.txt
           echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" > ./shared/environment.chroot
           echo "VCS_REVSION=${{ steps.extract_commit_sha.outputs.sha }}" > ./shared/environment.chroot
           echo "BUILD_JOBS=2" > ./shared/environment.chroot

Dockerfiles/arkime.Dockerfile

@@ -64,6 +64,7 @@ ARG PCAP_PIPELINE_VERBOSITY=""
 ARG PCAP_MONITOR_HOST=pcap-monitor
 ARG PCAP_NODE_NAME=malcolm
 ARG MAXMIND_GEOIP_DB_LICENSE_KEY=""
+ARG MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL=""
 
 # Declare envs vars for each arg
 ENV MALCOLM_USERNAME $MALCOLM_USERNAME
@@ -161,6 +162,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \
 COPY --chmod=755 shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 COPY --chmod=755 shared/bin/service_check_passthrough.sh /usr/local/bin/
 COPY --chmod=755 shared/bin/self_signed_key_gen.sh /usr/local/bin/
+COPY --chmod=755 shared/bin/maxmind-mmdb-download.sh /usr/local/bin/
 COPY --chmod=755 shared/bin/nic-capture-setup.sh /usr/local/bin/
 COPY --chmod=755 shared/bin/opensearch_status.sh /opt
 COPY --chmod=755 shared/bin/pcap_processor.py /opt/
@@ -179,15 +181,9 @@ COPY --from=ghcr.io/mmguero-dev/gostatic --chmod=755 /goStatic /usr/bin/goStatic
 #   see https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads
 #   see https://github.com/arkime/arkime/issues/1350
 #   see https://github.com/arkime/arkime/issues/1352
-RUN [ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ] && for DB in ASN Country City; do \
-      cd /tmp && \
-      curl -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-$DB&license_key=$MAXMIND_GEOIP_DB_LICENSE_KEY&suffix=tar.gz" && \
-      tar xf "GeoLite2-$DB.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 && \
-      mv -v "GeoLite2-$DB.mmdb" $ARKIME_DIR/etc/; \
-      rm -f "GeoLite2-$DB*"; \
-    done; \
-  curl -s -S -L -o $ARKIME_DIR/etc/ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv" && \
-  curl -s -S -L -o $ARKIME_DIR/etc/oui.txt "https://www.wireshark.org/download/automated/data/manuf"
+RUN ( /usr/local/bin/maxmind-mmdb-download.sh -o $ARKIME_DIR/etc || true ) && \
+    curl -s -S -L -o $ARKIME_DIR/etc/ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv" && \
+    curl -s -S -L -o $ARKIME_DIR/etc/oui.txt "https://www.wireshark.org/download/automated/data/manuf"
 
 RUN groupadd --gid $DEFAULT_GID $PGROUP && \
     useradd -M --uid $DEFAULT_UID --gid $DEFAULT_GID --home $ARKIME_DIR $PUSER && \

arkime/scripts/arkime_update_geo.sh

@@ -12,16 +12,4 @@ wget -nv -O oui.txt_new https://www.wireshark.org/download/automated/data/manuf
   mv -f oui.txt_new oui.txt || \
   rm -f oui.txt_new
 
-# MaxMind now requires a (free) license key to download the free versions of
-# their GeoIP databases. This should be provided as an environment variable.
-#   see https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads
-#   see https://github.com/arkime/arkime/issues/1350
-#   see https://github.com/arkime/arkime/issues/1352
-if [ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ]; then
-  for DB in ASN Country City; do
-    curl -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-$DB&license_key=$MAXMIND_GEOIP_DB_LICENSE_KEY&suffix=tar.gz" && \
-      tar xf "GeoLite2-$DB.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 && \
-      chmod 644 "GeoLite2-$DB.mmdb" && \
-      rm -f "GeoLite2-$DB.mmdb.tar.gz"
-  done
-fi
+/usr/local/bin/maxmind-mmdb-download.sh -o "$(pwd)"

docs/contributing-github-runners.md

@@ -28,10 +28,25 @@ Expand **✴ Secrets and variables** in the left menu panel under **Security**,
 
 Malcolm uses MaxMind's free GeoLite2 databases for GeoIP lookups. As of December 30, 2019, these databases are [no longer available](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) for download via a public URL. Instead, they must be downloaded using a MaxMind license key (available without charge [from MaxMind](https://www.maxmind.com/en/geolite2/signup)). This license key should be specified here as a repository secret so that the workflows may download the GeoLite2 databases to embed into the container images that use them. Keep in mind that MaxMind has a daily rate for the number of downloads allowed per license key.
 
-Click **New repository secret** and create a secret with the name `MAXMIND_GEOIP_DB_LICENSE_KEY` and the **Secret** value containing the user's free license key obtained from MaxMind. Then click **Add secret**. Click **New repository secret** and create a secret with the name `MAXMIND_GEOIP_DB_LICENSE_KEY` and the **Secret** value containing the user's free license key obtained from MaxMind. Then click **Add secret**.
+Click **New repository secret** and create a secret with the name `MAXMIND_GEOIP_DB_LICENSE_KEY` and the **Secret** value containing the user's free license key obtained from MaxMind. Then click **Add secret**. Click **New repository secret** and create a secret with the name `MAXMIND_GEOIP_DB_LICENSE_KEY` and the **Secret** value containing the user's free license key obtained from MaxMind. Then click **Add secret**. 
 
 ![GitHub Actions secrets and variables](./images/screenshots/github-actions-secret.png)
 
+As an alternative to (or fallback for) `MAXMIND_GEOIP_DB_LICENSE_KEY`, a URL prefix may be specified in `MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL` (e.g., `https://example.org/foo/bar`) which will be used as a fallback. This URL should serve up `.tar.gz` files in the same format as those provided by the official source:
+
+```bash
+$ ls
+GeoLite2-ASN.mmdb.tar.gz  GeoLite2-City.mmdb.tar.gz  GeoLite2-Country.mmdb.tar.gz
+
+$ for FILE in *.tar.gz; do tar -tvf "$FILE"; done
+drwxr-xr-x user/user 0 2024-09-17 14:34 GeoLite2-ASN/
+-rw-r--r-- user/user 8655479 2024-09-17 13:48 GeoLite2-ASN/GeoLite2-ASN.mmdb
+drwxr-xr-x user/user 0 2024-09-17 14:34 GeoLite2-City/
+-rw-r--r-- user/user 61133703 2024-09-17 13:48 GeoLite2-City/GeoLite2-City.mmdb
+drwxr-xr-x user/user 0 2024-09-17 14:34 GeoLite2-Country/
+-rw-r--r-- user/user 7529760 2024-09-17 13:48 GeoLite2-Country/GeoLite2-Country.mmdb
+```
+
 ### Enabling workflows
 
 Click the **▶ Actions** tab along the top of the page. Users will be prompted with this message:

docs/malcolm-config.md

@@ -16,6 +16,7 @@ Although the configuration script automates many of the following configuration
     - `ARKIME_SPI_DATA_MAX_INDICES` - the maximum number of indices for querying SPI data, or set to `-1` to disable any max. The [Arkime documentation](https://arkime.com/settings#spiDataMaxIndices) warns "OpenSearch/Elasticsearch MAY blow up if we ... search too many indices." (default `7`)
     - `MANAGE_PCAP_FILES` and `ARKIME_FREESPACEG` - these variables deal with PCAP [deletion by Arkime](https://arkime.com/faq#pcap-deletion), see [**Managing disk usage**](#DiskUsage) below
     - `MAXMIND_GEOIP_DB_LICENSE_KEY` - Malcolm uses MaxMind's free GeoLite2 databases for GeoIP lookups. As of December 30, 2019, these databases are [no longer available](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/) for download via a public URL. Instead, they must be downloaded using a MaxMind license key (available without charge [from MaxMind](https://www.maxmind.com/en/geolite2/signup)). The license key can be specified here for GeoIP database downloads during build- and run-time.
+    - `MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL` - As an alternative to (or fallback for) `MAXMIND_GEOIP_DB_LICENSE_KEY`, a URL prefix may be specified in this variable (e.g., `https://example.org/foo/bar`) which will be used as a fallback. This URL should serve up `.tar.gz` files in the same format as those provided by the official source (see the example [here](contributing-github-runners.md#GitHubRunners)).
     - The following variables configure [Arkime's use](index-management.md#ArkimeIndexPolicies) of OpenSearch [Index State Management (ISM)](https://opensearch.org/docs/latest/im-plugin/ism/index/) or Elasticsearch [Index Lifecycle Management (ILM)](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html):
         + `INDEX_MANAGEMENT_ENABLED` - if set to `true`, Malcolm's instance of Arkime will [use these features](https://arkime.com/faq#ilm) when indexing data
         + `INDEX_MANAGEMENT_OPTIMIZATION_PERIOD` - the period in hours or days that Arkime will keep records in the **hot** state (default `30d`)

hedgehog-iso/build.sh

@@ -176,17 +176,10 @@ if [ -d "$WORKDIR" ]; then
   # grab maxmind geoip database files, iana ipv4 address ranges, wireshark oui lists, etc.
   mkdir -p ./config/includes.chroot/opt/arkime/etc/
   pushd ./config/includes.chroot/opt/arkime/etc/
-  MAXMIND_GEOIP_DB_LICENSE_KEY=""
-  if [[ -f "$SCRIPT_PATH/shared/maxmind_license.txt" ]]; then
-    MAXMIND_GEOIP_DB_LICENSE_KEY="$(cat "$SCRIPT_PATH/shared/maxmind_license.txt" | head -n 1)"
-    if [[ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ]]; then
-      for DB in ASN Country City; do
-        curl -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-$DB&license_key=$MAXMIND_GEOIP_DB_LICENSE_KEY&suffix=tar.gz"
-        tar xvf "GeoLite2-$DB.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 --no-same-owner
-        rm -f "GeoLite2-$DB.mmdb.tar.gz"
-      done
-    fi
-  fi
+  bash "$SCRIPT_PATH/shared/bin/maxmind-mmdb-download.sh" \
+    -f "$SCRIPT_PATH/shared/maxmind_license.txt" \
+    -r "$SCRIPT_PATH/shared/maxmind_url.txt" \
+    -o "$(pwd)"
   curl -s -S -L -o ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv"
   curl -s -S -L -o oui.txt "https://www.wireshark.org/download/automated/data/manuf"
   popd >/dev/null 2>&1

hedgehog-iso/build_via_vagrant.sh

@@ -99,6 +99,7 @@ cp -r "$SCRIPT_PATH"/../nginx/landingpage/js "$SCRIPT_PATH"/nginx/
 YML_IMAGE_VERSION="$(grep -P "^\s+image:.*/malcolm/" "$SCRIPT_PATH"/../docker-compose.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)"
 [[ -n $YML_IMAGE_VERSION ]] && echo "$YML_IMAGE_VERSION" > "$SCRIPT_PATH"/shared/version.txt
 [[ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ]] && echo "$MAXMIND_GEOIP_DB_LICENSE_KEY" > "$SCRIPT_PATH"/shared/maxmind_license.txt
+[[ ${#MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL} -gt 1 ]] && echo "$MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL" > "$SCRIPT_PATH"/shared/maxmind_url.txt
 [[ ${#GITHUB_TOKEN} -gt 1 ]] && echo "GITHUB_TOKEN=$GITHUB_TOKEN" >> "$SCRIPT_PATH"/shared/environment.chroot
 echo "VCS_REVSION=$( git rev-parse --short HEAD 2>/dev/null || echo main )" >> "$SCRIPT_PATH"/shared/environment.chroot
 trap cleanup_shared_and_docs EXIT

hedgehog-raspi/build_via_vagrant.sh

@@ -98,6 +98,7 @@ mkdir "$SCRIPT_PATH"/shared
 YML_IMAGE_VERSION="$(grep -P "^\s+image:.*/malcolm/" "$SCRIPT_PATH"/../docker-compose.yml | awk '{print $2}' | cut -d':' -f2 | uniq -c | sort -nr | awk '{print $2}' | head -n 1)"
 [[ -n $YML_IMAGE_VERSION ]] && echo "$YML_IMAGE_VERSION" > "$SCRIPT_PATH"/shared/version.txt
 [[ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ]] && echo "$MAXMIND_GEOIP_DB_LICENSE_KEY" > "$SCRIPT_PATH"/shared/maxmind_license.txt
+[[ ${#MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL} -gt 1 ]] && echo "$MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL" > "$SCRIPT_PATH"/shared/maxmind_url.txt
 [[ ${#GITHUB_TOKEN} -gt 1 ]] && echo "GITHUB_TOKEN=$GITHUB_TOKEN" >> "$SCRIPT_PATH"/shared/environment.chroot
 echo "VCS_REVSION=$( git rev-parse --short HEAD 2>/dev/null || echo main )" >> "$SCRIPT_PATH"/shared/environment.chroot
 trap cleanup_shared_and_docs EXIT

hedgehog-raspi/sensor_install.sh

@@ -377,23 +377,13 @@ install_files() {
     echo "SUPPORT_URL=\"https://github.com/${IMAGE_PUBLISHER}\"" >> "$sensor_ver_file"
     echo "BUG_REPORT_URL=\"https://github.com/${IMAGE_PUBLISHER}/malcolm/issues\"" >> "$sensor_ver_file"
 
-    # Setup MaxMind Geo IP info
+    # grab maxmind geoip database files, iana ipv4 address ranges, wireshark oui lists, etc.
     mkdir -p /opt/arkime/etc
     pushd /opt/arkime/etc >/dev/null 2>&1
-    MAXMIND_GEOIP_DB_LICENSE_KEY=""
-
-    if [[ -f "$SHARED_DIR/maxmind_license.txt" ]]; then
-    MAXMIND_GEOIP_DB_LICENSE_KEY="$(cat "$SHARED_DIR/maxmind_license.txt" | head -n 1)"
-        if [[ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ]]; then
-            for DB in ASN Country City; do
-                curl -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-$DB&license_key=$MAXMIND_GEOIP_DB_LICENSE_KEY&suffix=tar.gz"
-                if [[ -f "GeoLite2-$DB.mmdb.tar.gz" ]]; then
-                    tar xvf "GeoLite2-$DB.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 --no-same-owner
-                    rm -f "GeoLite2-$DB.mmdb.tar.gz"
-                fi
-            done
-        fi
-    fi
+    bash "/usr/local/bin/maxmind-mmdb-download.sh" \
+        -f "$SHARED_DIR/maxmind_license.txt" \
+        -r "$SHARED_DIR/maxmind_url.txt" \
+        -o "$(pwd)"
     curl -s -S -L -o ./ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv"
     curl -s -S -L -o ./oui.txt "https://www.wireshark.org/download/automated/data/manuf"
     popd >/dev/null 2>&1

shared/bin/maxmind-mmdb-download.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+# Download Maxmind Geo IP Lite mmdb files from the official source (using
+#   a free API license key) for from an alternative location specified.
+#   see https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads
+#   see https://github.com/arkime/arkime/issues/1350
+#   see https://github.com/arkime/arkime/issues/1352
+
+# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+
+unset VERBOSE
+MAXMIND_GEOIP_DB_LICENSE_KEY=${MAXMIND_GEOIP_DB_LICENSE_KEY:-}
+MAXMIND_GEOIP_DB_LICENSE_KEY_FILE=${MAXMIND_GEOIP_DB_LICENSE_KEY_FILE:-}
+MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL=${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL:-}
+MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL_FILE=${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL_FILE:-}
+OUTPUT_DIR=/tmp
+
+while getopts k:f:u:r:o:v opts; do
+   case ${opts} in
+      k) MAXMIND_GEOIP_DB_LICENSE_KEY=${OPTARG} ;;
+      f) MAXMIND_GEOIP_DB_LICENSE_KEY_FILE=${OPTARG} ;;
+      u) MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL=${OPTARG} ;;
+      r) MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL_FILE=${OPTARG} ;;
+      o) OUTPUT_DIR=${OPTARG} ;;
+      v) VERBOSE=1 ;;
+   esac
+done
+
+if [[ -n "${VERBOSE}" ]]; then
+  set -x
+fi
+
+if [[ -z "${MAXMIND_GEOIP_DB_LICENSE_KEY}" ]] && [[ -f "${MAXMIND_GEOIP_DB_LICENSE_KEY_FILE}" ]]; then
+  MAXMIND_GEOIP_DB_LICENSE_KEY="$(head -n 1 "${MAXMIND_GEOIP_DB_LICENSE_KEY_FILE}")"
+fi
+
+if [[ -z "${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL}" ]] && [[ -f "${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL_FILE}" ]]; then
+  MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL="$(head -n 1 "${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL_FILE}")"
+fi
+
+if [[ -z "${MAXMIND_GEOIP_DB_LICENSE_KEY}" ]] && [[ -z "${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL}" ]]; then
+  echo "No GeoIP DB license key or alternate download location specified" >&2
+  exit 1
+fi
+
+# create a temporary directory to store our results in
+WORKDIR="$(mktemp -d -t dlmmdb-XXXXXX)"
+
+# cleanup - on exit ensure the leftover files cleaned up
+function cleanup {
+  if ! rm -rf "${WORKDIR}"; then
+    echo "Failed to remove temporary directory \"${WORKDIR}\"" >&2
+    exit 1
+  fi
+}
+
+if [[ -d "${WORKDIR}" ]]; then
+  trap "cleanup" EXIT
+
+  if [[ -n "${MAXMIND_GEOIP_DB_LICENSE_KEY}" ]]; then
+    for DB in ASN Country City; do
+      curl -f -s -S -L -o "GeoLite2-${DB}.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-${DB}&license_key=${MAXMIND_GEOIP_DB_LICENSE_KEY}&suffix=tar.gz" 2>/dev/null && \
+        tar xf "GeoLite2-${DB}.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 2>/dev/null && \
+        chmod 644 "GeoLite2-${DB}.mmdb" && \
+        rm -f "GeoLite2-${DB}.mmdb.tar.gz"
+    done
+  fi
+
+  if [[ -n "${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL}" ]]; then
+    for DB in ASN Country City; do
+      if [[ ! -s "GeoLite2-${DB}.mmdb" ]]; then
+        curl -f -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "${MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL}/GeoLite2-${DB}.mmdb.tar.gz" 2>/dev/null && \
+          tar xf "GeoLite2-${DB}.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 2>/dev/null && \
+          chmod 644 "GeoLite2-${DB}.mmdb" && \
+          rm -f "GeoLite2-${DB}.mmdb.tar.gz"
+      fi
+    done
+  fi
+
+  if compgen -G "*.mmdb" >/dev/null 2>&1; then
+    mkdir -p "${OUTPUT_DIR}"
+    mv *.mmdb "${OUTPUT_DIR}"/ && ( find "${OUTPUT_DIR}" -type f | sort )
+  fi
+
+else
+  echo "Unable to create temporary directory \"$WORKDIR\"" 1>&2
+  exit 1
+fi