summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2019-12-08 20:35:51 +0200
committerArmin Kuster <akuster808@gmail.com>2019-12-10 07:37:28 -0800
commit091a35cfbd2f3e82a7783ba9c8fd5586433ba59f (patch)
treeeb438921273af7a84f02cd62a4bde00964f17d9d
parentcbb5d26d88465c95a4a879f8635253259e8df0f0 (diff)
downloadopenembedded-core-contrib-091a35cfbd2f3e82a7783ba9c8fd5586433ba59f.tar.gz
openembedded-core-contrib-091a35cfbd2f3e82a7783ba9c8fd5586433ba59f.tar.bz2
openembedded-core-contrib-091a35cfbd2f3e82a7783ba9c8fd5586433ba59f.zip
cve-update-db-native: don't refresh more than once an hour
We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb10
1 files changed, 9 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 2c427a5884..19875a49b1 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -31,8 +31,16 @@ python do_populate_cve_db() {
db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
- proxy = d.getVar("https_proxy")
+ # Don't refresh the database more than once an hour
+ try:
+ import time
+ if time.time() - os.path.getmtime(db_file) < (60*60):
+ return
+ except OSError:
+ pass
+
+ proxy = d.getVar("https_proxy")
if proxy:
# instantiate an opener but do not install it as the global
# opener unless if we're really sure it's applicable for all