diff options
| -rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 85874ead01..59e7d7dc2c 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb | |||
| @@ -17,6 +17,9 @@ deltask do_populate_sysroot | |||
| 17 | # Use a negative value to skip the update | 17 | # Use a negative value to skip the update |
| 18 | CVE_DB_UPDATE_INTERVAL ?= "86400" | 18 | CVE_DB_UPDATE_INTERVAL ?= "86400" |
| 19 | 19 | ||
| 20 | # Timeout for blocking socket operations, such as the connection attempt. | ||
| 21 | CVE_SOCKET_TIMEOUT ?= "60" | ||
| 22 | |||
| 20 | python () { | 23 | python () { |
| 21 | if not bb.data.inherits_class("cve-check", d): | 24 | if not bb.data.inherits_class("cve-check", d): |
| 22 | raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") | 25 | raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") |
| @@ -39,6 +42,8 @@ python do_fetch() { | |||
| 39 | db_file = d.getVar("CVE_CHECK_DB_FILE") | 42 | db_file = d.getVar("CVE_CHECK_DB_FILE") |
| 40 | db_dir = os.path.dirname(db_file) | 43 | db_dir = os.path.dirname(db_file) |
| 41 | 44 | ||
| 45 | cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) | ||
| 46 | |||
| 42 | if os.path.exists("{0}-journal".format(db_file)): | 47 | if os.path.exists("{0}-journal".format(db_file)): |
| 43 | # If a journal is present the last update might have been interrupted. In that case, | 48 | # If a journal is present the last update might have been interrupted. In that case, |
| 44 | # just wipe any leftovers and force the DB to be recreated. | 49 | # just wipe any leftovers and force the DB to be recreated. |
| @@ -77,7 +82,7 @@ python do_fetch() { | |||
| 77 | 82 | ||
| 78 | # Retrieve meta last modified date | 83 | # Retrieve meta last modified date |
| 79 | try: | 84 | try: |
| 80 | response = urllib.request.urlopen(meta_url) | 85 | response = urllib.request.urlopen(meta_url, timeout=cve_socket_timeout) |
| 81 | except urllib.error.URLError as e: | 86 | except urllib.error.URLError as e: |
| 82 | cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') | 87 | cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') |
| 83 | bb.warn("Failed to fetch CVE data (%s)" % e.reason) | 88 | bb.warn("Failed to fetch CVE data (%s)" % e.reason) |
| @@ -104,7 +109,7 @@ python do_fetch() { | |||
| 104 | 109 | ||
| 105 | # Update db with current year json file | 110 | # Update db with current year json file |
| 106 | try: | 111 | try: |
| 107 | response = urllib.request.urlopen(json_url) | 112 | response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout) |
| 108 | if response: | 113 | if response: |
| 109 | update_db(conn, gzip.decompress(response.read()).decode('utf-8')) | 114 | update_db(conn, gzip.decompress(response.read()).decode('utf-8')) |
| 110 | conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() | 115 | conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() |