diff options
| author | Peter Marko <peter.marko@siemens.com> | 2023-11-27 20:55:36 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-12-02 17:18:57 +0000 |
| commit | 30e986ea3ffae306b08a61d15fd88b10bd45b785 (patch) | |
| tree | 582a117ed19a54e821ec5b8a375ae7f45d514859 | |
| parent | d6d94eed1e1dd25985656fbf80d86df7c4dcfbc6 (diff) | |
| download | poky-30e986ea3ffae306b08a61d15fd88b10bd45b785.tar.gz | |
cve-update-nvd2-native: make number of fetch attemtps configurable
Sometimes NVD servers are unstable and return too many errors.
Last time we increased number of attempts from 3 to 5, but
further increasing is not reasonable as in normal case
too many retries is just abusive.
Keep retries low as default and allow to increase as needed.
(From OE-Core rev: 6b6fd8043d83b99000054ab6ad2c745d07c6bcc1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 08895013cf..9ab8dc6050 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -26,6 +26,9 @@ NVDCVE_API_KEY ?= "" | |||
| 26 | # Use a negative value to skip the update | 26 | # Use a negative value to skip the update |
| 27 | CVE_DB_UPDATE_INTERVAL ?= "86400" | 27 | CVE_DB_UPDATE_INTERVAL ?= "86400" |
| 28 | 28 | ||
| 29 | # Number of attmepts for each http query to nvd server before giving up | ||
| 30 | CVE_DB_UPDATE_ATTEMPTS ?= "5" | ||
| 31 | |||
| 29 | CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" | 32 | CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db" |
| 30 | 33 | ||
| 31 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" | 34 | CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db" |
| @@ -111,7 +114,7 @@ def cleanup_db_download(db_file, db_tmp_file): | |||
| 111 | if os.path.exists(db_tmp_file): | 114 | if os.path.exists(db_tmp_file): |
| 112 | os.remove(db_tmp_file) | 115 | os.remove(db_tmp_file) |
| 113 | 116 | ||
| 114 | def nvd_request_next(url, api_key, args): | 117 | def nvd_request_next(url, attempts, api_key, args): |
| 115 | """ | 118 | """ |
| 116 | Request next part of the NVD dabase | 119 | Request next part of the NVD dabase |
| 117 | """ | 120 | """ |
| @@ -127,7 +130,7 @@ def nvd_request_next(url, api_key, args): | |||
| 127 | request.add_header("apiKey", api_key) | 130 | request.add_header("apiKey", api_key) |
| 128 | bb.note("Requesting %s" % request.full_url) | 131 | bb.note("Requesting %s" % request.full_url) |
| 129 | 132 | ||
| 130 | for attempt in range(5): | 133 | for attempt in range(attempts): |
| 131 | try: | 134 | try: |
| 132 | r = urllib.request.urlopen(request) | 135 | r = urllib.request.urlopen(request) |
| 133 | 136 | ||
| @@ -183,10 +186,11 @@ def update_db_file(db_tmp_file, d, database_time): | |||
| 183 | index = 0 | 186 | index = 0 |
| 184 | url = d.getVar("NVDCVE_URL") | 187 | url = d.getVar("NVDCVE_URL") |
| 185 | api_key = d.getVar("NVDCVE_API_KEY") or None | 188 | api_key = d.getVar("NVDCVE_API_KEY") or None |
| 189 | attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS")) | ||
| 186 | 190 | ||
| 187 | while True: | 191 | while True: |
| 188 | req_args['startIndex'] = index | 192 | req_args['startIndex'] = index |
| 189 | raw_data = nvd_request_next(url, api_key, req_args) | 193 | raw_data = nvd_request_next(url, attempts, api_key, req_args) |
| 190 | if raw_data is None: | 194 | if raw_data is None: |
| 191 | # We haven't managed to download data | 195 | # We haven't managed to download data |
| 192 | return False | 196 | return False |