From patchwork Mon May 2 14:25:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marta Rybczynska X-Patchwork-Id: 7464 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBB98C433EF for ; Mon, 2 May 2022 14:25:59 +0000 (UTC) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by mx.groups.io with SMTP id smtpd.web12.11168.1651501549734226884 for ; Mon, 02 May 2022 07:25:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=bIaWfkXc; spf=pass (domain: gmail.com, ip: 209.85.218.52, mailfrom: rybczynska@gmail.com) Received: by mail-ej1-f52.google.com with SMTP id dk23so28088844ejb.8 for ; Mon, 02 May 2022 07:25:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mArkltS8sZlqOLw0py1XmOFAsqWGfUnrdIV/08z5b+k=; b=bIaWfkXcQzTfIDydTjXsxlFZI6FWAmIp9ikBBXwpwD8dgwecIikXBrRxlQl4h1kC1+ F/JMOInZFT3K5TgvecK49T1b5LNp4aBpwMFfIp118WxhMSpBDYBmkkZLuwrMS1K9ZnTu LkFfwhR1vqZrL4dCkm3CMD7y9S7JZqLPd7lV9PAXMEAtgFsReQCQ7aIWL61trI4SYt+i GqgN5uhvXRa4M7KkOUE7NB1IkTH8KJUcZuZFMBKbjew5dqi/uJDBOpx1al2f0acBGmMs TV9j+tY2kW+84cmp64PQmxWitDzmKPAvGBODZqQANd+Qlx+BzwIITdILlhmPjwRsrCh+ dnTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mArkltS8sZlqOLw0py1XmOFAsqWGfUnrdIV/08z5b+k=; b=0EtT60VvsTrLfNikjoTne7burwoxMu6yQMEEbtos1dPRaT9mqVt17ql/FdZT5xmZeJ m9ZnvBowFu+kv8pIHndVBqj9ZWZoQtAaUeDtT+cuBQ9BtLA4JNaYEYN61sdGHXpabqJc qGV5KajXdGxOE5u1Thng8Ox6ft/LUv4dURnYMqgrvXIpJ4iBNLewtNAsT7+4i6z1fMCo yN/kQD+GhIXqRwge8PGqdrmVoTdEZc1+SyShtSPcK6wV/jqeJkTPwino0B4B1ZSH9zdc 6T6pzku8GUsPiw6Ne9uLy3J4Csd7OP45mJmMaibN84mGIPz9wo9PnXN9QtuM+E0h5D6e jPXQ== X-Gm-Message-State: AOAM530vo/jZd0e3KhFa01I73sHFBDvST2V9XZdO92PM+Vt/ZPGW5u3T mxbA1pxjamB8It8UKh2CHN0oQLFZViw= X-Google-Smtp-Source: ABdhPJwIkidLNgLrOYgBLiPR26/m4niJ25tdcs7rKOc87mAQxOFgsnQ0JVVvMvJwYDuvVutCnPFQIg== X-Received: by 2002:a17:907:62aa:b0:6e0:f208:b869 with SMTP id nd42-20020a17090762aa00b006e0f208b869mr11510084ejc.270.1651501547814; Mon, 02 May 2022 07:25:47 -0700 (PDT) Received: from localhost.localdomain ([80.215.178.199]) by smtp.gmail.com with ESMTPSA id zp26-20020a17090684fa00b006f3ef214e62sm3634874ejb.200.2022.05.02.07.25.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 07:25:47 -0700 (PDT) From: Marta Rybczynska To: openembedded-core@lists.openembedded.org, ross.burton@arm.com Cc: Marta Rybczynska , Marta Rybczynska Subject: [OE-core][PATCH v2 1/2] cve-update-db-native: update the CVE database once a day only Date: Mon, 2 May 2022 16:25:35 +0200 Message-Id: <20220502142536.1654021-1-rybczynska@gmail.com> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 May 2022 14:25:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165169 The update of the NVD database was expected to happen once per hour. However, the database file date changes only if the content was actually updated. In practice, the check worked for the first hour after the new download. As the NVD database changes usually only once a day, we can just update it less frequently. Signed-off-by: Marta Rybczynska --- meta/recipes-core/meta/cve-update-db-native.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index e5822cee58..af39480dda 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -43,10 +43,10 @@ python do_fetch() { if os.path.exists(db_file): os.remove(db_file) - # Don't refresh the database more than once an hour + # The NVD database changes once a day, so no need to update more frequently try: import time - if time.time() - os.path.getmtime(db_file) < (60*60): + if time.time() - os.path.getmtime(db_file) < (24*60*60): bb.debug(2, "Recently updated, skipping") return except OSError: From patchwork Mon May 2 14:25:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marta Rybczynska X-Patchwork-Id: 7465 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF00CC433FE for ; Mon, 2 May 2022 14:25:59 +0000 (UTC) Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) by mx.groups.io with SMTP id smtpd.web11.11156.1651501558062035024 for ; Mon, 02 May 2022 07:25:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HmJg+L9M; spf=pass (domain: gmail.com, ip: 209.85.218.42, mailfrom: rybczynska@gmail.com) Received: by mail-ej1-f42.google.com with SMTP id k23so28117838ejd.3 for ; Mon, 02 May 2022 07:25:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PlTmZn7Up68vcim6fuJYPl82KYqU1FXHmgggcZZcmQY=; b=HmJg+L9MrG8DIGiO9ZVFWQoLuWfWcjLrSgu+k3ldnqx4ecT3gNR9EHj+UZnjg/B9z1 dComEe1nQprAPuepR1PGp+lp6z7Xrliu4JLgVSDb0UocTYwcEXgeU4nq7xweySJiagpv KLzFxfdyfGo+Vk7l5e2KaBwU57JEXHS5rfKkUDqEe1okXGi6JGePJYF2MxGPXTMCYl6c Z/As34oYwaa08QsYMbeJVksjIWuJDy66bk7LN1MnujqeSRxItzlbqyPHCSZ185a6NQJv DvHZMOGUgReux9jrtOmzf7Skcvmcb+gP2klu+nnWp+dArrRqv3Yi4u5oZjX5E5cXgFed JTeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PlTmZn7Up68vcim6fuJYPl82KYqU1FXHmgggcZZcmQY=; b=iNwqRBp0lnb4WWJrGp7ZOiCGycvAldOxpIFBoG/oHtEw4VaZjqzaSowlr/1DvVXE+x 2SI+LnCZ08g18dkxChfDBQ3eJ3EmIMg733EtsrINwQad+WYPaBOjLGMVxe6ssO6R7fla wCHvU2eWZBFvqYkw/8lVf8SwvVv9WxJ06FiomHvitBrUblQ45m1G0KdkItLOSyJklrhT tk/VK2csTcALagA27r+7E8tB+rRLBljbZNVV8OAUhncprJ5euYyv5htgi38ZfCzDZVdI m6+DgDX8OSJNex82e4hg1xYgRSo0avP9h1UaVqKyHd31JuRQiel9nxW/uITeMK+FGRAD Vfnw== X-Gm-Message-State: AOAM533L5PArKqbAb7xm4eChD3EgIZeZ6nI5pdn89Tc4+gS5kZ3GzrMj u7x/0zUPDCx5atJ33GB0cTcOz1b4ZgM= X-Google-Smtp-Source: ABdhPJzJefmFJNbUbImbjekpCKSGNiGZiXWziguuHl6jj4yq9klbErmWD2smZngF2S4K77eRTqMGPQ== X-Received: by 2002:a17:907:6d87:b0:6f3:d7cd:7df6 with SMTP id sb7-20020a1709076d8700b006f3d7cd7df6mr11130513ejc.248.1651501556005; Mon, 02 May 2022 07:25:56 -0700 (PDT) Received: from localhost.localdomain ([80.215.178.199]) by smtp.gmail.com with ESMTPSA id zp26-20020a17090684fa00b006f3ef214e62sm3634874ejb.200.2022.05.02.07.25.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 07:25:55 -0700 (PDT) From: Marta Rybczynska To: openembedded-core@lists.openembedded.org, ross.burton@arm.com Cc: Marta Rybczynska , Marta Rybczynska Subject: [OE-core][PATCH v2 2/2] cve-update-db-native: let the user to drive the update interval Date: Mon, 2 May 2022 16:25:36 +0200 Message-Id: <20220502142536.1654021-2-rybczynska@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20220502142536.1654021-1-rybczynska@gmail.com> References: <20220502142536.1654021-1-rybczynska@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 May 2022 14:25:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165170 Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set the database update interval. - a positive value sets an interval (in seconds) - a zero ("0") forces the database update Signed-off-by: Marta Rybczynska --- Changes from v1: - allow to set the interval, not only force the update --- meta/recipes-core/meta/cve-update-db-native.bb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index af39480dda..c8c1cbf115 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -13,6 +13,9 @@ deltask do_install deltask do_populate_sysroot NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" +# CVE database update interval, in seconds. By default: once a day (24*60*60). +# Use 0 to force the update +CVE_DB_UPDATE_INTERVAL ?= "86400" python () { if not bb.data.inherits_class("cve-check", d): @@ -44,11 +47,16 @@ python do_fetch() { os.remove(db_file) # The NVD database changes once a day, so no need to update more frequently + # Allow the user to force-update try: import time - if time.time() - os.path.getmtime(db_file) < (24*60*60): + update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) + if (update_interval < 0): + update_interval = 0 + if time.time() - os.path.getmtime(db_file) < update_interval: bb.debug(2, "Recently updated, skipping") return + except OSError: pass