cve-update-db-native: let the user to drive the update interval

Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set the database update interval. - a positive value sets an interval (in seconds) - a zero ("0") forces the database update (From OE-Core rev: 0007dd0edb39123201a46886a4e71d001c118ddf) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-02-05 08:18:43 +01:00 · 2022-05-02 16:25:36 +02:00
parent fc56536e8a
commit b7601c92ff
1 changed files with 9 additions and 1 deletions
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -13,6 +13,9 @@ deltask do_install
 deltask do_populate_sysroot

 NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"

 python () {
    if not bb.data.inherits_class("cve-check", d):
@@ -44,11 +47,16 @@ python do_fetch() {
            os.remove(db_file)

    # The NVD database changes once a day, so no need to update more frequently
+    # Allow the user to force-update
    try:
        import time
-        if time.time() - os.path.getmtime(db_file) < (24*60*60):
+        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+        if (update_interval < 0):
+            update_interval = 0
+        if time.time() - os.path.getmtime(db_file) < update_interval:
            bb.debug(2, "Recently updated, skipping")
            return
+
    except OSError:
        pass