cve-update-db-native: don't refresh more than once an hour

We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-11-07 23:58:30 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-11-14 13:20:59 +0000
commit: 96c15d3426c71cdd4ad6b99475611d2355471280 (patch)
tree: 5b0fbda05f13b00a6dad4c002b4f928b23043143
parent: dbc090ef68a211f6626885e8d793ef71d6f12011 (diff)
download: poky-96c15d3426c71cdd4ad6b99475611d2355471280.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 2c427a5884..19875a49b1 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -31,8 +31,16 @@ python do_populate_cve_db() {
    db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
    db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
    json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
-    proxy = d.getVar("https_proxy")
+    # Don't refresh the database more than once an hour
+    try:
+        import time
+        if time.time() - os.path.getmtime(db_file) < (60*60):
+            return
+    except OSError:
+        pass
+    proxy = d.getVar("https_proxy")
    if proxy:
        # instantiate an opener but do not install it as the global
        # opener unless if we're really sure it's applicable for all
author	Ross Burton <ross.burton@intel.com>	2019-11-07 23:58:30 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-14 13:20:59 +0000
commit	96c15d3426c71cdd4ad6b99475611d2355471280 (patch)
tree	5b0fbda05f13b00a6dad4c002b4f928b23043143
parent	dbc090ef68a211f6626885e8d793ef71d6f12011 (diff)
download	poky-96c15d3426c71cdd4ad6b99475611d2355471280.tar.gz

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 2c427a5884..19875a49b1 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -31,8 +31,16 @@ python do_populate_cve_db() {
31	db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')	31	db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
32	db_file = os.path.join(db_dir, 'nvdcve_1.0.db')	32	db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
33	json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')	33	json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
34	proxy = d.getVar("https_proxy")
35		34
		35	# Don't refresh the database more than once an hour
		36	try:
		37	import time
		38	if time.time() - os.path.getmtime(db_file) < (60*60):
		39	return
		40	except OSError:
		41	pass
		42
		43	proxy = d.getVar("https_proxy")
36	if proxy:	44	if proxy:
37	# instantiate an opener but do not install it as the global	45	# instantiate an opener but do not install it as the global
38	# opener unless if we're really sure it's applicable for all	46	# opener unless if we're really sure it's applicable for all