cve-update-db-native: don't refresh more than once an hour

We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) (From OE-Core rev: 091a35cfbd2f3e82a7783ba9c8fd5586433ba59f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2019-12-08 20:35:51 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-16 23:11:10 +0000
commit: d5ef4072e83b2f7096acbc54048722a26c6c1de2 (patch)
tree: 42931afd3e7d8aa9f975328454b45aac67c57d26 /meta/recipes-core/meta/cve-update-db-native.bb
parent: e60099368b5698ea666a5f0de3fdbe35cbcdfeda (diff)
download: poky-d5ef4072e83b2f7096acbc54048722a26c6c1de2.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 2c427a5884..19875a49b1 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -31,8 +31,16 @@ python do_populate_cve_db() {
    db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
    db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
    json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
-    proxy = d.getVar("https_proxy")
+    # Don't refresh the database more than once an hour
+    try:
+        import time
+        if time.time() - os.path.getmtime(db_file) < (60*60):
+            return
+    except OSError:
+        pass
+    proxy = d.getVar("https_proxy")
    if proxy:
        # instantiate an opener but do not install it as the global
        # opener unless if we're really sure it's applicable for all
author	Ross Burton <ross.burton@intel.com>	2019-12-08 20:35:51 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-16 23:11:10 +0000
commit	d5ef4072e83b2f7096acbc54048722a26c6c1de2 (patch)
tree	42931afd3e7d8aa9f975328454b45aac67c57d26 /meta/recipes-core/meta/cve-update-db-native.bb
parent	e60099368b5698ea666a5f0de3fdbe35cbcdfeda (diff)
download	poky-d5ef4072e83b2f7096acbc54048722a26c6c1de2.tar.gz

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 2c427a5884..19875a49b1 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -31,8 +31,16 @@ python do_populate_cve_db() {
31	db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')	31	db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
32	db_file = os.path.join(db_dir, 'nvdcve_1.0.db')	32	db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
33	json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')	33	json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
34	proxy = d.getVar("https_proxy")
35		34
		35	# Don't refresh the database more than once an hour
		36	try:
		37	import time
		38	if time.time() - os.path.getmtime(db_file) < (60*60):
		39	return
		40	except OSError:
		41	pass
		42
		43	proxy = d.getVar("https_proxy")
36	if proxy:	44	if proxy:
37	# instantiate an opener but do not install it as the global	45	# instantiate an opener but do not install it as the global
38	# opener unless if we're really sure it's applicable for all	46	# opener unless if we're really sure it's applicable for all