@@ -15,6 +15,7 @@ deltask do_populate_sysroot
NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
# CVE database update interval, in seconds. By default: once a day (24*60*60).
# Use 0 to force the update
+# Use a negative value to skip the update
CVE_DB_UPDATE_INTERVAL ?= "86400"
python () {
@@ -51,8 +52,9 @@ python do_fetch() {
try:
import time
update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL"))
- if (update_interval < 0):
- update_interval = 0
+ if update_interval < 0:
+ bb.note("CVE database update skipped")
+ return
if time.time() - os.path.getmtime(db_file) < update_interval:
bb.debug(2, "Recently updated, skipping")
return
Make it possible to disable the database update completely by using a negative update interval CVE_DB_UPDATE_INTERVAL. Disabling the update is useful when running multiple parallel builds when we want to have a control on the database version. This allows coherent cve-check results without an database update for only some of the builds. Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> --- meta/recipes-core/meta/cve-update-db-native.bb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)