* [PATCH 1/3] cve-update-db-native: use os.path.join instead of +
@ 2019-07-18 20:03 Ross Burton
2019-07-18 20:03 ` [PATCH 2/3] cve-update-db: actually inherit native Ross Burton
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Ross Burton @ 2019-07-18 20:03 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 3519beae5fb..9047513dbdf 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -29,11 +29,11 @@ python do_populate_cve_db() {
BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
YEAR_START = 2002
- db_dir = d.getVar("DL_DIR") + '/CVE_CHECK'
- db_file = db_dir + '/nvdcve_1.0.db'
- json_tmpfile = db_dir + '/nvd.json.gz'
+ db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
+ db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
+ json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
proxy = d.getVar("https_proxy")
- cve_f = open(d.getVar("TMPDIR") + '/cve_check', 'a')
+ cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
if not os.path.isdir(db_dir):
os.mkdir(db_dir)
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH 2/3] cve-update-db: actually inherit native
2019-07-18 20:03 [PATCH 1/3] cve-update-db-native: use os.path.join instead of + Ross Burton
@ 2019-07-18 20:03 ` Ross Burton
2019-07-18 20:04 ` [PATCH 3/3] cve-update-db: refresh once every 24 hours Ross Burton
2019-07-18 20:31 ` ✗ patchtest: failure for "cve-update-db-native: use os.p..." and 2 more Patchwork
2 siblings, 0 replies; 6+ messages in thread
From: Ross Burton @ 2019-07-18 20:03 UTC (permalink / raw)
To: openembedded-core
The recipe was called -native but didn't inherit native.
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 9047513dbdf..cabbde5066c 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -2,9 +2,8 @@ SUMMARY = "Updates the NVD CVE database"
LICENSE = "MIT"
INHIBIT_DEFAULT_DEPS = "1"
-PACKAGES = ""
-inherit nopackages
+inherit native
deltask do_unpack
deltask do_patch
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] cve-update-db: refresh once every 24 hours
2019-07-18 20:03 [PATCH 1/3] cve-update-db-native: use os.path.join instead of + Ross Burton
2019-07-18 20:03 ` [PATCH 2/3] cve-update-db: actually inherit native Ross Burton
@ 2019-07-18 20:04 ` Ross Burton
2019-07-18 22:31 ` akuster808
2019-07-18 20:31 ` ✗ patchtest: failure for "cve-update-db-native: use os.p..." and 2 more Patchwork
2 siblings, 1 reply; 6+ messages in thread
From: Ross Burton @ 2019-07-18 20:04 UTC (permalink / raw)
To: openembedded-core
Check the mtime of the database before updating, and if it's less than 24 hours
ago don't refresh. This saves the HTTP fetches to determine if the data has
been updated.
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
meta/recipes-core/meta/cve-update-db-native.bb | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index cabbde5066c..2afca94fc6b 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -22,7 +22,7 @@ python do_populate_cve_db() {
Update NVD database with json data feed
"""
- import sqlite3, urllib, shutil, gzip, re
+ import sqlite3, urllib, shutil, gzip, re, time
from datetime import date
BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
@@ -37,6 +37,11 @@ python do_populate_cve_db() {
if not os.path.isdir(db_dir):
os.mkdir(db_dir)
+ expiry = time.time() - (60*60*24) # This time yesterday
+ if os.path.exists(db_file) and expiry < os.path.getmtime(db_file):
+ bb.note("CVE data updated less than 24 hours ago, not refreshing. Delete %s to force update." % db_file)
+ return
+
# Connect to database
conn = sqlite3.connect(db_file)
c = conn.cursor()
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH 3/3] cve-update-db: refresh once every 24 hours
2019-07-18 20:04 ` [PATCH 3/3] cve-update-db: refresh once every 24 hours Ross Burton
@ 2019-07-18 22:31 ` akuster808
2019-07-18 22:37 ` Burton, Ross
0 siblings, 1 reply; 6+ messages in thread
From: akuster808 @ 2019-07-18 22:31 UTC (permalink / raw)
To: Ross Burton, openembedded-core
On 7/18/19 1:04 PM, Ross Burton wrote:
> Check the mtime of the database before updating, and if it's less than 24 hours
> ago don't refresh. This saves the HTTP fetches to determine if the data has
> been updated.
>
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
> meta/recipes-core/meta/cve-update-db-native.bb | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
> index cabbde5066c..2afca94fc6b 100644
> --- a/meta/recipes-core/meta/cve-update-db-native.bb
> +++ b/meta/recipes-core/meta/cve-update-db-native.bb
> @@ -22,7 +22,7 @@ python do_populate_cve_db() {
> Update NVD database with json data feed
> """
>
> - import sqlite3, urllib, shutil, gzip, re
> + import sqlite3, urllib, shutil, gzip, re, time
> from datetime import date
>
> BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
> @@ -37,6 +37,11 @@ python do_populate_cve_db() {
> if not os.path.isdir(db_dir):
> os.mkdir(db_dir)
>
> + expiry = time.time() - (60*60*24) # This time yesterday
> + if os.path.exists(db_file) and expiry < os.path.getmtime(db_file):
> + bb.note("CVE data updated less than 24 hours ago, not refreshing. Delete %s to force update." % db_file)
> + return
Any reason this can't be configurable?
- armin
> +
> # Connect to database
> conn = sqlite3.connect(db_file)
> c = conn.cursor()
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH 3/3] cve-update-db: refresh once every 24 hours
2019-07-18 22:31 ` akuster808
@ 2019-07-18 22:37 ` Burton, Ross
0 siblings, 0 replies; 6+ messages in thread
From: Burton, Ross @ 2019-07-18 22:37 UTC (permalink / raw)
To: akuster808; +Cc: OE-core
On Thu, 18 Jul 2019 at 23:31, akuster808 <akuster808@gmail.com> wrote:
> Any reason this can't be configurable?
The raw data isn't updated a lot more frequently than that as far as
I'm aware. Also I may retract this and replace it with simply using
DATE as the hash because otherwise the class causes constant rebuilds
of the world.
Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
* ✗ patchtest: failure for "cve-update-db-native: use os.p..." and 2 more
2019-07-18 20:03 [PATCH 1/3] cve-update-db-native: use os.path.join instead of + Ross Burton
2019-07-18 20:03 ` [PATCH 2/3] cve-update-db: actually inherit native Ross Burton
2019-07-18 20:04 ` [PATCH 3/3] cve-update-db: refresh once every 24 hours Ross Burton
@ 2019-07-18 20:31 ` Patchwork
2 siblings, 0 replies; 6+ messages in thread
From: Patchwork @ 2019-07-18 20:31 UTC (permalink / raw)
To: Ross Burton; +Cc: openembedded-core
== Series Details ==
Series: "cve-update-db-native: use os.p..." and 2 more
Revision: 1
URL : https://patchwork.openembedded.org/series/18753/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch master (currently at 4a69bf5ae3)
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-07-18 22:37 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-18 20:03 [PATCH 1/3] cve-update-db-native: use os.path.join instead of + Ross Burton
2019-07-18 20:03 ` [PATCH 2/3] cve-update-db: actually inherit native Ross Burton
2019-07-18 20:04 ` [PATCH 3/3] cve-update-db: refresh once every 24 hours Ross Burton
2019-07-18 22:31 ` akuster808
2019-07-18 22:37 ` Burton, Ross
2019-07-18 20:31 ` ✗ patchtest: failure for "cve-update-db-native: use os.p..." and 2 more Patchwork
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.