diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2022-06-03 11:09:56 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-06 13:35:29 +0100 |
commit | b5c2269240327c2a8f93b9e55354698f52c976f3 (patch) | |
tree | 10accb28011a8235a06e28b0030e4ce819521412 | |
parent | f86393c93dec47b24e837d0c4c5761a716ecdbb6 (diff) | |
download | openembedded-core-contrib-b5c2269240327c2a8f93b9e55354698f52c976f3.tar.gz |
cve-update-db-native: make it possible to disable database updates
Make it possible to disable the database update completely by using
a negative update interval CVE_DB_UPDATE_INTERVAL.
Disabling the update is useful when running multiple parallel builds
when we want to have a control on the database version. This allows
coherent cve-check results without an database update for only
some of the builds.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/meta/cve-update-db-native.bb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index c8c1cbf115..18af89b53e 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -15,6 +15,7 @@ deltask do_populate_sysroot NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" # CVE database update interval, in seconds. By default: once a day (24*60*60). # Use 0 to force the update +# Use a negative value to skip the update CVE_DB_UPDATE_INTERVAL ?= "86400" python () { @@ -51,8 +52,9 @@ python do_fetch() { try: import time update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) - if (update_interval < 0): - update_interval = 0 + if update_interval < 0: + bb.note("CVE database update skipped") + return if time.time() - os.path.getmtime(db_file) < update_interval: bb.debug(2, "Recently updated, skipping") return |