cve-update-nvd2-native: make number of fetch attemtps configurable

Sometimes NVD servers are unstable and return too many errors. Last time we increased number of attempts from 3 to 5, but further increasing is not reasonable as in normal case too many retries is just abusive. Keep retries low as default and allow to increase as needed. (From OE-Core rev: 3573b0ab09359f7eca37fd86400dc3945f5fa7c1) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 6b6fd8043d83b99000054ab6ad2c745d07c6bcc1) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-01-29 21:08:42 +01:00 · 2023-11-27 20:55:36 +01:00
parent 29dd0df225
commit dc31801ddb
1 changed files with 7 additions and 3 deletions
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -26,6 +26,9 @@ NVDCVE_API_KEY ?= ""
 # Use a negative value to skip the update
 CVE_DB_UPDATE_INTERVAL ?= "86400"

+# Number of attmepts for each http query to nvd server before giving up
+CVE_DB_UPDATE_ATTEMPTS ?= "5"
+
 CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"

 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
@@ -111,7 +114,7 @@ def cleanup_db_download(db_file, db_tmp_file):
    if os.path.exists(db_tmp_file):
        os.remove(db_tmp_file)

-def nvd_request_next(url, api_key, args):
+def nvd_request_next(url, attempts, api_key, args):
    """
    Request next part of the NVD dabase
    """
@@ -127,7 +130,7 @@ def nvd_request_next(url, api_key, args):
        request.add_header("apiKey", api_key)
    bb.note("Requesting %s" % request.full_url)

-    for attempt in range(5):
+    for attempt in range(attempts):
        try:
            r = urllib.request.urlopen(request)

@@ -183,10 +186,11 @@ def update_db_file(db_tmp_file, d, database_time):
        index = 0
        url = d.getVar("NVDCVE_URL")
        api_key = d.getVar("NVDCVE_API_KEY") or None
+        attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS"))

        while True:
            req_args['startIndex'] = index
-            raw_data = nvd_request_next(url, api_key, req_args)
+            raw_data = nvd_request_next(url, attempts, api_key, req_args)
            if raw_data is None:
                # We haven't managed to download data
                return False