All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 07/14] cve-update-db-native: let the user to drive the update interval
Date: Wed, 11 May 2022 08:19:26 -1000	[thread overview]
Message-ID: <ce79a724dc0f9baac480cbadc05894ffcaf48eb7.1652292852.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1652292852.git.steve@sakoman.com>

From: Marta Rybczynska <rybczynska@gmail.com>

Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
 - a positive value sets an interval (in seconds)
 - a zero ("0") forces the database update

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index a6144979f0..594bf947c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -12,6 +12,10 @@ deltask do_compile
 deltask do_install
 deltask do_populate_sysroot
 
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
+
 python () {
     if not bb.data.inherits_class("cve-check", d):
         raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -43,10 +47,15 @@ python do_fetch() {
             os.remove(db_file)
 
     # The NVD database changes once a day, so no need to update more frequently
+    # Allow the user to force-update
     try:
         import time
-        if time.time() - os.path.getmtime(db_file) < (24*60*60):
+        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+        if (update_interval < 0):
+            update_interval = 0
+        if time.time() - os.path.getmtime(db_file) < update_interval:
             return
+
     except OSError:
         pass
 
-- 
2.25.1



  parent reply	other threads:[~2022-05-11 18:20 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-11 18:19 [OE-core][dunfell 00/14] Patch review Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 02/14] libinput: Add fix for CVE-2022-1215 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 03/14] busybox: fix CVE-2022-28391 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 04/14] linux-yocto/5.4: update to v5.4.192 Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 05/14] cve-check: no need to depend on the fetch task Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 06/14] cve-update-db-native: update the CVE database once a day only Steve Sakoman
2022-05-11 18:19 ` Steve Sakoman [this message]
2022-05-11 18:19 ` [OE-core][dunfell 08/14] cve-check: add JSON format to summary output Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 09/14] cve-check: fix symlinks where link and output path are equal Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 10/14] volatile-binds: Change DefaultDependencies from false to no Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 11/14] rootfs-postcommands: fix symlinks where link and output path are equal Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 12/14] base: Avoid circular references to our own scripts Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 13/14] scripts: Make git intercept global Steve Sakoman
2022-05-11 18:19 ` [OE-core][dunfell 14/14] scripts/git: Ensure we don't have circular references Steve Sakoman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ce79a724dc0f9baac480cbadc05894ffcaf48eb7.1652292852.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.