diff options
| author | Dhairya Nagodra <dnagodra@cisco.com> | 2023-12-11 02:05:00 -0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-01-10 03:57:03 -1000 |
| commit | 60b073d8c3737c271330a02e38641cdae6740bfb (patch) | |
| tree | 412c0655f09b7e7f6fdad4414fecc5f940f4880a | |
| parent | 11a511fbc9ec16df176572907b91bb98f30ce8e9 (diff) | |
| download | poky-60b073d8c3737c271330a02e38641cdae6740bfb.tar.gz | |
cve-update-nvd2-native: increase the delay between subsequent request failures
Sometimes NVD servers are unstable and return too many errors.
There is an option to have higher fetch attempts to increase the chances
of successfully fetching the CVE data.
Additionally, it also makes sense to progressively increase the delay
after a failed request to an already unstable or busy server.
The increase in delay is reset after every successful request and
the maximum delay is limited to 30 seconds.
Also, the logs are improved to give more clarity.
(From OE-Core rev: 9e03b7a9879fd16e32f4eccb78b438f6fa9db74d)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7101d654635b707e56b0dbae8c2146b312d211ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 0a8b6a8a0a..69ba20a6cb 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -114,7 +114,10 @@ def cleanup_db_download(db_file, db_tmp_file): | |||
| 114 | if os.path.exists(db_tmp_file): | 114 | if os.path.exists(db_tmp_file): |
| 115 | os.remove(db_tmp_file) | 115 | os.remove(db_tmp_file) |
| 116 | 116 | ||
| 117 | def nvd_request_next(url, attempts, api_key, args): | 117 | def nvd_request_wait(attempt, min_wait): |
| 118 | return min ( ( (2 * attempt) + min_wait ) , 30) | ||
| 119 | |||
| 120 | def nvd_request_next(url, attempts, api_key, args, min_wait): | ||
| 118 | """ | 121 | """ |
| 119 | Request next part of the NVD dabase | 122 | Request next part of the NVD dabase |
| 120 | """ | 123 | """ |
| @@ -143,8 +146,10 @@ def nvd_request_next(url, attempts, api_key, args): | |||
| 143 | r.close() | 146 | r.close() |
| 144 | 147 | ||
| 145 | except Exception as e: | 148 | except Exception as e: |
| 146 | bb.note("CVE database: received error (%s), retrying" % (e)) | 149 | wait_time = nvd_request_wait(attempt, min_wait) |
| 147 | time.sleep(6) | 150 | bb.note("CVE database: received error (%s)" % (e)) |
| 151 | bb.note("CVE database: retrying download after %d seconds. attempted (%d/%d)" % (wait_time, attempt+1, attempts)) | ||
| 152 | time.sleep(wait_time) | ||
| 148 | pass | 153 | pass |
| 149 | else: | 154 | else: |
| 150 | return raw_data | 155 | return raw_data |
| @@ -195,7 +200,7 @@ def update_db_file(db_tmp_file, d, database_time): | |||
| 195 | 200 | ||
| 196 | while True: | 201 | while True: |
| 197 | req_args['startIndex'] = index | 202 | req_args['startIndex'] = index |
| 198 | raw_data = nvd_request_next(url, attempts, api_key, req_args) | 203 | raw_data = nvd_request_next(url, attempts, api_key, req_args, wait_time) |
| 199 | if raw_data is None: | 204 | if raw_data is None: |
| 200 | # We haven't managed to download data | 205 | # We haven't managed to download data |
| 201 | return False | 206 | return False |