From: Marta Rybczynska Date: Mon, 2 May 2022 14:25:36 +0000 (+0200) Subject: cve-update-db-native: let the user to drive the update interval X-Git-Tag: 2020-04.17~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce79a724dc0f9baac480cbadc05894ffcaf48eb7;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git cve-update-db-native: let the user to drive the update interval Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set the database update interval. - a positive value sets an interval (in seconds) - a zero ("0") forces the database update Signed-off-by: Marta Rybczynska Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie (cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c) Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index a6144979f00..594bf947c8d 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -12,6 +12,10 @@ deltask do_compile deltask do_install deltask do_populate_sysroot +# CVE database update interval, in seconds. By default: once a day (24*60*60). +# Use 0 to force the update +CVE_DB_UPDATE_INTERVAL ?= "86400" + python () { if not bb.data.inherits_class("cve-check", d): raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") @@ -43,10 +47,15 @@ python do_fetch() { os.remove(db_file) # The NVD database changes once a day, so no need to update more frequently + # Allow the user to force-update try: import time - if time.time() - os.path.getmtime(db_file) < (24*60*60): + update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) + if (update_interval < 0): + update_interval = 0 + if time.time() - os.path.getmtime(db_file) < update_interval: return + except OSError: pass