[OE-core] [PATCH 5/5] cve-update-db-native: don't refresh more than once an hour
akuster808
akuster808 at gmail.com
Mon Nov 11 22:19:48 UTC 2019
On 11/7/19 3:58 PM, Ross Burton wrote:
> We already fetch the yearly CVE metadata and check that for updates before
> downloading the full data, but we can speed up CVE checking further by only
> checking the CVE metadata once an hour.
>
> Signed-off-by: Ross Burton <ross.burton at intel.com>
> ---
> meta/recipes-core/meta/cve-update-db-native.bb | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
> index 2c427a5884f..19875a49b1c 100644
> --- a/meta/recipes-core/meta/cve-update-db-native.bb
> +++ b/meta/recipes-core/meta/cve-update-db-native.bb
> @@ -31,8 +31,16 @@ python do_populate_cve_db() {
> db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
> db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
> json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
> - proxy = d.getVar("https_proxy")
>
> + # Don't refresh the database more than once an hour
err, I thought the NVD db is only updated once every two hours. And why
is this not a variable so folks can tweak accordingly?
- armin
> + try:
> + import time
> + if time.time() - os.path.getmtime(db_file) < (60*60):
> + return
> + except OSError:
> + pass
> +
> + proxy = d.getVar("https_proxy")
> if proxy:
> # instantiate an opener but do not install it as the global
> # opener unless if we're really sure it's applicable for all
More information about the Openembedded-core
mailing list