diff options
| author | Dhairya Nagodra <dnagodra@cisco.com> | 2023-12-11 02:05:00 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-12-13 11:34:27 +0000 |
| commit | 0ce61d9b8b6d28082715405c5ffffc24f4065d11 (patch) | |
| tree | 5683518e573621cb45b34c05373af81e5a102c8f /meta/recipes-core | |
| parent | ef371d1cb3b777d64b73d819b745f8ae8814017c (diff) | |
| download | poky-0ce61d9b8b6d28082715405c5ffffc24f4065d11.tar.gz | |
cve-update-nvd2-native: increase the delay between subsequent request failures
Sometimes NVD servers are unstable and return too many errors.
There is an option to have higher fetch attempts to increase the chances
of successfully fetching the CVE data.
Additionally, it also makes sense to progressively increase the delay
after a failed request to an already unstable or busy server.
The increase in delay is reset after every successful request and
the maximum delay is limited to 30 seconds.
Also, the logs are improved to give more clarity.
(From OE-Core rev: 7101d654635b707e56b0dbae8c2146b312d211ea)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 941fca34c6..bfe48b27e7 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -114,7 +114,10 @@ def cleanup_db_download(db_file, db_tmp_file): | |||
| 114 | if os.path.exists(db_tmp_file): | 114 | if os.path.exists(db_tmp_file): |
| 115 | os.remove(db_tmp_file) | 115 | os.remove(db_tmp_file) |
| 116 | 116 | ||
| 117 | def nvd_request_next(url, attempts, api_key, args): | 117 | def nvd_request_wait(attempt, min_wait): |
| 118 | return min ( ( (2 * attempt) + min_wait ) , 30) | ||
| 119 | |||
| 120 | def nvd_request_next(url, attempts, api_key, args, min_wait): | ||
| 118 | """ | 121 | """ |
| 119 | Request next part of the NVD dabase | 122 | Request next part of the NVD dabase |
| 120 | """ | 123 | """ |
| @@ -143,8 +146,10 @@ def nvd_request_next(url, attempts, api_key, args): | |||
| 143 | r.close() | 146 | r.close() |
| 144 | 147 | ||
| 145 | except Exception as e: | 148 | except Exception as e: |
| 146 | bb.note("CVE database: received error (%s), retrying" % (e)) | 149 | wait_time = nvd_request_wait(attempt, min_wait) |
| 147 | time.sleep(6) | 150 | bb.note("CVE database: received error (%s)" % (e)) |
| 151 | bb.note("CVE database: retrying download after %d seconds. attempted (%d/%d)" % (wait_time, attempt+1, attempts)) | ||
| 152 | time.sleep(wait_time) | ||
| 148 | pass | 153 | pass |
| 149 | else: | 154 | else: |
| 150 | return raw_data | 155 | return raw_data |
| @@ -195,7 +200,7 @@ def update_db_file(db_tmp_file, d, database_time): | |||
| 195 | 200 | ||
| 196 | while True: | 201 | while True: |
| 197 | req_args['startIndex'] = index | 202 | req_args['startIndex'] = index |
| 198 | raw_data = nvd_request_next(url, attempts, api_key, req_args) | 203 | raw_data = nvd_request_next(url, attempts, api_key, req_args, wait_time) |
| 199 | if raw_data is None: | 204 | if raw_data is None: |
| 200 | # We haven't managed to download data | 205 | # We haven't managed to download data |
| 201 | return False | 206 | return False |