diff mbox series

[dunfell,07/14] cve-update-db-native: let the user to drive the update interval

Message ID ce79a724dc0f9baac480cbadc05894ffcaf48eb7.1652292852.git.steve@sakoman.com
State Accepted, archived
Commit ce79a724dc0f9baac480cbadc05894ffcaf48eb7
Headers show
Series [dunfell,01/14] fribidi: Add fix for CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 | expand

Commit Message

Steve Sakoman May 11, 2022, 6:19 p.m. UTC 
From: Marta Rybczynska <rybczynska@gmail.com>

Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
 - a positive value sets an interval (in seconds)
 - a zero ("0") forces the database update

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-db-native.bb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index a6144979f0..594bf947c8 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -12,6 +12,10 @@  deltask do_compile
 deltask do_install
 deltask do_populate_sysroot
 
+# CVE database update interval, in seconds. By default: once a day (24*60*60).
+# Use 0 to force the update
+CVE_DB_UPDATE_INTERVAL ?= "86400"
+
 python () {
     if not bb.data.inherits_class("cve-check", d):
         raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.")
@@ -43,10 +47,15 @@  python do_fetch() {
             os.remove(db_file)
 
     # The NVD database changes once a day, so no need to update more frequently
+    # Allow the user to force-update
     try:
         import time
-        if time.time() - os.path.getmtime(db_file) < (24*60*60):
+        update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
+        if (update_interval < 0):
+            update_interval = 0
+        if time.time() - os.path.getmtime(db_file) < update_interval:
             return
+
     except OSError:
         pass