]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
cve-update-db-native: let the user to drive the update interval
authorMarta Rybczynska <rybczynska@gmail.com>
Mon, 2 May 2022 14:25:36 +0000 (16:25 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 3 May 2022 16:49:31 +0000 (17:49 +0100)
Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
 - a positive value sets an interval (in seconds)
 - a zero ("0") forces the database update

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/meta/cve-update-db-native.bb

index af39480ddaa3797eb791a9378ce569b68ad711d0..c8c1cbf115f3e5c7532ac3bd95b4196b627fbee3 100644 (file)
@@ -13,6 +13,9 @@ deltask do_install
 deltask do_populate_sysroot
 
 NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
 
 python () {
     if not bb.data.inherits_class("cve-check", d):
@@ -44,11 +47,16 @@ python do_fetch() {
             os.remove(db_file)
 
     # The NVD database changes once a day, so no need to update more frequently
+    # Allow the user to force-update
     try:
         import time
-        if time.time() - os.path.getmtime(db_file) < (24*60*60):
+        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+        if (update_interval < 0):
+            update_interval = 0
+        if time.time() - os.path.getmtime(db_file) < update_interval:
             bb.debug(2, "Recently updated, skipping")
             return
+
     except OSError:
         pass