From: Awais B <awais.belal@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Awais B <awais.belal@gmail.com>
Subject: [scarthgap][PATCH v2] cve-update-nvd2-native: allow setting resultsPerPage
Date: Thu, 25 Jun 2026 18:25:34 +0500 [thread overview]
Message-ID: <20260625132534.3979958-1-awais.belal@gmail.com> (raw)
It is seen that during bulk updates on the NVD side the server
struggles to keep up with the default/max of 2000 entries per
page and we see a lot of incomplete read errors resulting in
proper db sync failures most of the times. Lowering the per
page value noticably increases the reliability of the process
and hence should ideally be configurable.
Signed-off-by: Awais B <awais.belal@gmail.com>
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 945bd1d927..731cbb5d88 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -34,6 +34,10 @@ CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000"
# Number of attempts for each http query to nvd server before giving up
CVE_DB_UPDATE_ATTEMPTS ?= "5"
+# Maximum number of CVE records per API response.
+# Lowering this value can help avoid incomplete read errors during bulk NVD updates.
+CVE_DB_RESULTS_PER_PAGE ?= ""
+
CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK/${CVE_CHECK_DB_FILENAME}"
CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock"
CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp"
@@ -217,6 +221,15 @@ def update_db_file(db_tmp_file, d, database_time):
api_key = d.getVar("NVDCVE_API_KEY") or None
attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS"))
+ results_per_page = d.getVar("CVE_DB_RESULTS_PER_PAGE")
+ RESULTS_PER_PAGE_MAX = 2000 # imposed by NVD
+ if results_per_page:
+ results_per_page = int(results_per_page)
+ if results_per_page > RESULTS_PER_PAGE_MAX:
+ bb.warn("CVE_DB_RESULTS_PER_PAGE exceeds maximum of %d, capping" % RESULTS_PER_PAGE_MAX)
+ results_per_page = RESULTS_PER_PAGE_MAX
+ req_args['resultsPerPage'] = results_per_page
+
# Recommended by NVD
wait_time = 6
if api_key:
--
2.34.1
next reply other threads:[~2026-06-25 13:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-25 13:25 Awais B [this message]
2026-06-29 19:09 ` [scarthgap][PATCH v2] cve-update-nvd2-native: allow setting resultsPerPage Paul Barker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260625132534.3979958-1-awais.belal@gmail.com \
--to=awais.belal@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox