From patchwork Mon Nov 3 14:31:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Niko Mauno X-Patchwork-Id: 73518 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 017B7CCFA05 for ; Mon, 3 Nov 2025 14:32:22 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.80]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.22256.1762180335060390657 for ; Mon, 03 Nov 2025 06:32:17 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com header.s=selector1 header.b=dr7bwecg; spf=permerror, err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded (domain: vaisala.com, ip: 52.101.70.80, mailfrom: niko.mauno@vaisala.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fyiq7Yd6/taUz7ZtJk82zNe2Hgjswme7Q0AnPA/58HCu517w+M50VEUV+i/0GpTP9cfnPo93kevc7mVej6Qu8g2SmZnGh0wfEu0H5VSoEyraG4qwFhjK2OMNcA5zzgTC8xnyZeJnvjnqgT2o26RLiSbnMeixtLaT3wXJuNm3+Y+IC74+nJouxbNhM9D2uvsSFCmFOEqulN5EmYcuo2XeBvkFi8KNHcpEDOV7IhCVFXRLHijGngLV0exobVL+03o2ZhuUdbK5pwtJkSe14UVcuUa2D3T6wjpWlZ0auLYmY4JqnJuUPOivHMfjkOm21hcXpOjmrylmLukqurUky7FHqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jaVj9rSEp9LUBXxicmf6Qfsc5xJt5BCOu4UpW2satOI=; b=uV0ycXX7iLxdDKQHG0twbG603io4pnwYP/kmVg+HD9zPdWUAszF3ub3liQTustbCxMyKcihSzBgaq0A4K+J5wXnYOVPsAFUwH1yufinhA2fMz2rA6p1ygS+ljAbX5G66xs/BJxYuO+g88h1GIcBiQWCv8GlfRpxrIM0URtFSrecTgRZOGYgUplfZdFCuTjwtxkFX6Qs4PxCfJCg+Scyx3LKRkXG2qAg1IO0BQ/wHF3kVTVpyWDWVHOw56pBhkXkqsTC6/BZSrUxPYKD9l/RQSejYpG+hZhut0qjH/AA0MzUMynXDjeUgeGfT4j69dZbaz0jAmuhj3osJjGMB/1Agzg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com; dkim=pass header.d=vaisala.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jaVj9rSEp9LUBXxicmf6Qfsc5xJt5BCOu4UpW2satOI=; b=dr7bwecgOnt1sbkget33l0y3SmiO4+M9EbErddG6SqwGsgmUbA6yTeq6AM12UG3lqnFWnNoH0ENNkS5XRZBZ5bzL/QNlIw2Zs43oTnokNd61C2/vgpSqIM5dDh99KY27Aub3a9QwVHg2zW/fOzYKAT+1eC9YlxoVEY6R8tQkVIy6Kx4XppSfUxdzet3RMMAIyeewQTy8IdIgL80/t5cgw54BoJd6Snd0ma3fkT8KUrT7PWmYr+6KoYLiY6hX0N3jOhRM3hBB8dWgMBsFCVBvvNQsxHHmZZzhcFyguqvZFE/WZIlRSwohXQEDffdxlqFxPPq7EEZYCp6jDQ16rPJcnA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vaisala.com; Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) by AS4PR06MB8517.eurprd06.prod.outlook.com (2603:10a6:20b:4e4::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Mon, 3 Nov 2025 14:32:10 +0000 Received: from AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc%5]) with mapi id 15.20.9275.015; Mon, 3 Nov 2025 14:32:10 +0000 From: Niko Mauno To: openembedded-core@lists.openembedded.org CC: ross.burton@arm.com, rybczynska@gmail.com, peter.marko@siemens.com, Niko Mauno Subject: [PATCH 1/5] cve-update-nvd2-native: pycodestyle fixes Date: Mon, 3 Nov 2025 14:31:53 +0000 Message-ID: <20251103143157.315178-1-niko.mauno@vaisala.com> X-Mailer: git-send-email 2.47.3 X-ClientProxiedBy: GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) To AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|AS4PR06MB8517:EE_ X-MS-Office365-Filtering-Correlation-Id: 26e4553f-caeb-4690-50a2-08de1ae5c54e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: JToEowYhQ4MCMTetKobfsvtK9LRmD8UgK8IIvKmYp4kwsOTWEcY79gTPnRytzBLDO49bvrnoPvcSikmQEC8ZpRifSvB9ojcnTAG7m3ni4h9FSygzs2+sagdQ/WTv6bWWu51vouS1cZtk+AsA3HBU7DojIRkkbWQGgQaee/s/B5cb8XQOrRrrqkDyjFMF337LnMyii9z+MSDVhTh4ruYELC+TpsfvT+27EoA2/+wOPEkgVY15jwzRHmWEJOLATpvWRQdk8Gx5wgn8P9iACvpRjojRu90wV0L+59l0DJlwxs6YPo3STHIK/Nk1gqlG0Un5vI5TG8VfX8e6Hx2f0FtD4jtetlqEgZqPU7mUYwWrgOMDt/rZYO/XsE/+D2VmoeigjP0qkd4oS8LVwX0w9ElRTc7K301GbRn+VFTsftox0l9NkKPB0Q85Rybs+9pWHSBaMl5o7H13zdBT0283fhBcTe+n5O8E0P+zgIAiEO95cDMq2sR+VFap2NtUg3wCRvxNhjeJPdmjIANk6uXV2F3jfhL8s87oCOnz9qTMRMkP7UPOyRf3kCoQrn1ZiQ6Lh4YSHgP6kNZJVHXVZUYsr/1HAhcclJK2aPVH8/qmRXrZIkRmld5qoGv+fHYirYV40WP4HSrwLbZA/Zg/sqojhBQ2xdwRz5CGd3jS63+zwaUh9U3ZJ+81iiViT3P9WJ0WQD0qAUtI5Rg6oWWSx4agHXL/Bm9Uh/SjI+8fIp5ohf9cL+L78V+fT4luNon+zO3QOdPdmnuBNoiP5uju2WIDhekF8it7sNY15o2DN625zEcQ07Si/BeP7EhzuxQLd4haxlPFgW2j2EV8M9nFKo04EIQbCSd+V0FxakbdkrquTadhiyUWsYJNpJ7+e4AVS2WdbVD5XGx23HXAVhew+EkLpofI8Mkpob6bb3fXpVWDCx8xdEyaNJ3O6Ji3lYWoRDkbSrHTZx3BGDrZFROy+zj5e9PWGQva4xRCyPMgJQBUUK7A4X/APk0e+e/IdRApoy02ZCsM8IB82Mhxg4ctZfMqVpzy0ggPX8nUWoTu9+XQMJduN0tQ+UvN7Xs/IGqYdDBujXhj8c44kR4ZcK1+Wv1c1EYE1DG141w8bfDlH0OylZSjLcnOFy3/rcObeGmUAOHQ15R/BDjpLQIo4PDp5IG3PWEeDJQG70JN0kF2GT8wJ/pwpTfJ1cKYxjsAbGtfThqFQP0OsMJ/c9Nze8ylmZpDxfA3KlJqjC/o+G8SyFbTbluw4OZQNnJ6oxKqUp/xWYv3YaBh7q5JB81ObQj18pGpqx+in+zDZAPf2XMkkPEH8ge8D3pxOVAnKBcpSrqVGJHhfC2Mmpqhd/8tQ80xJokyqXqFd5FCziExEdXSY40PEGEUHh6hacQJlhu6qS9eQTZf7fJTIY2xlq4DHWewk3S4L0YWo0hdJ5a1cI+qesWEVfgNG2E0J2IW598aca9ecCZeDp08341kfBpMp+nn+dTOI1zfL+tHg1aL+lOw7zL+rJYbSn3tJjtRfkEkJG5S8+YhQYjp X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(52116014)(1800799024)(38350700014);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: qu1fMbLzJvXwMLBIEk1yEzJw5k29lxYLDe0OnF/5LhEl1c9p646Hae4QlPjeNXLFQPRxh0Y0HYm9eLt3r4ugHPPOuY9w0+zYHPjN/5IA0/xfswYtg74vjndGorSNUpwBUZ5Y1gqwMBKkL1z0RYyRuqSEHmzya4Utz4MxFeFC3vpP0WWlKSXgPrNZCqQuqfC/rwPmQwSO8ET5ybHZbyfu38lmAjIW3o4OAgnCD4r7xuo2c4HIhnc1W1POO7tKATRkeMoU9371rlzGb4X3rX5pCmL1UggnIvEJ6QdGCAc2yKDXn3ayCR0TvHnwOP853BlEacKgEJ76oqSbLyfSgcLRG7nctlUGnlNpdLyl2RAIxtbzbU49017zy5xypvx7trEmMlPZ1rPm0pdswKHz7YqY0BmbhzXeBwiEY+V6CHbTgMCWYLddYYGFfjEzj3Llby5l3g5qacO+LWwU6+WHDyUSoGmgQJ30TVQEUtxm4E1LFxL9pBZPSeVZfFtuJTR7cT4cjZc+iIV16TjBSlhgVZLyPLKh4NJxRFVIqqcXOSrytJbf2Deb8XK3EjF1rm0k+skij2fnhmObdFcdr0YEyDbvpPHLptoqp+0uo08uyAnr9CvLcFN07r4PDGAJz56Re53uHWYvPD8/WWM01m6X4vi+x+zevJJ+x1RMiA0BQj2RD4KjxqBWROlxH8fueYsR1TjAhLVJRRTQYNn5ymWO/epzRUcKlyNo8O+vIiS6pJBmChraY4ga3m2e1goHI2dZ1cZFBdsErK9JGGLtaXHA3915sjTENteJ6SXVf90nRhKLXJR6zC8JN9z3ABhs2VyklIZ/s3pI9vk/9poTF7SgpDYfDoXCUkXSY4Dn6ZRfG3a4FZ4SSS8JtAf2dMG/9yh7aDYvm8kJ5/y5Afn5P47awIoGhv9XuBA65esRkw+gZjtCZs4jeaDPw3FSqLTAbHEeDLoSJJJepQUUaZVxYDrpcM9z/o1PafeWSvIpgKKIYBMKO20Thv+VPR7nHeGawiXt+1JY5tlCyTK9tRpAsQKaPzziUzqvNua3OaO3URwdBmObNm6XDrxnUj+qHRsGjvE+5VZ2iUhFFX/Butnm83MZSYOj36qdvhNb5lKbbZEszq+i0ZrCvgj9OfNfnDT+CKwCaJknTuY6bXZH5Po/4Vqx+Tb5icUQCJTNEvneKHPvIdP7RwvjD9/lRfqfCWKDjUONTMPZ8SAoeFP7DI01bEYXU8ZwhU6XohMzcNecUK/x846Ot6J1XMd7X2QaMG+8tVBjqSUgvSyBmwgQGGOlOmS3Ck6VNQ+zDemb4RjUHKkwOw6mmhzWdIyDbIzq+Lew9l+TtO5aho9E/DEurC93+cERqPDcQ0WOfnP1xRYhwOfYz5MSPwFCr+/cXnrrKRz/6RZoLAHEvcrF06U2Wxm7YL07w4M8RvUXkQSnwOITyw+g5DkXLmYWh6ssfbXlcdzBHG+euTSKcCIUuJYo+S6vVaExfGhuf1x0TsPThBiLuJf/MvRV3zoynHIZuWRMxnWHFc78P/bren7CM0amTsmvKUPDYRliiev1BX0C9RWcrJjbEKQi6UQBPDHwlEPMk3j7rkdTX6L9jky6jy3s9RouBxDCLDhjYw== X-OriginatorOrg: vaisala.com X-MS-Exchange-CrossTenant-Network-Message-Id: 26e4553f-caeb-4690-50a2-08de1ae5c54e X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Nov 2025 14:32:10.3203 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LCzreYocWx8EPsgHHEkrpHoLFVyhthFZs+//wS51CAmREHIlleYl/cZMV8P8Zh0yRDq3C1O+yz8X3XFMN4ayCw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR06MB8517 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Nov 2025 14:32:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225656 Fixes following pycodestyle complaints: cve-update-nvd2-native.bb:95:54: E712 comparison to True should be 'if cond is True:' or 'if cond:' cve-update-nvd2-native.bb:127:15: E211 whitespace before '(' cve-update-nvd2-native.bb:127:17: E201 whitespace after '(' cve-update-nvd2-native.bb:127:19: E201 whitespace after '(' cve-update-nvd2-native.bb:127:44: E202 whitespace before ')' cve-update-nvd2-native.bb:127:46: E203 whitespace before ',' cve-update-nvd2-native.bb:174:20: E401 multiple imports on one line cve-update-nvd2-native.bb:183:29: E203 whitespace before ':' cve-update-nvd2-native.bb:236:16: E111 indentation is not a multiple of 4 cve-update-nvd2-native.bb:241:16: E111 indentation is not a multiple of 4 cve-update-nvd2-native.bb:336:39: E222 multiple spaces after operator Signed-off-by: Niko Mauno --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 1411d16e20..abcbcffcc6 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -92,7 +92,7 @@ python do_fetch() { if os.path.exists(db_file): shutil.copy2(db_file, db_tmp_file) - if update_db_file(db_tmp_file, d, database_time) == True: + if update_db_file(db_tmp_file, d, database_time): # Update downloaded correctly, can swap files shutil.move(db_tmp_file, db_file) else: @@ -124,7 +124,7 @@ def cleanup_db_download(db_tmp_file): os.remove(db_tmp_file) def nvd_request_wait(attempt, min_wait): - return min ( ( (2 * attempt) + min_wait ) , 30) + return min(((2 * attempt) + min_wait), 30) def nvd_request_next(url, attempts, api_key, args, min_wait): """ @@ -171,7 +171,8 @@ def update_db_file(db_tmp_file, d, database_time): """ Update the given database file """ - import bb.utils, bb.progress + import bb.progress + import bb.utils import datetime import sqlite3 import json @@ -180,7 +181,7 @@ def update_db_file(db_tmp_file, d, database_time): conn = sqlite3.connect(db_tmp_file) initialize_db(conn) - req_args = {'startIndex' : 0} + req_args = {'startIndex': 0} incr_update_threshold = int(d.getVar("CVE_DB_INCR_UPDATE_AGE_THRES")) if database_time != 0: @@ -233,12 +234,12 @@ def update_db_file(db_tmp_file, d, database_time): per_page = data["resultsPerPage"] bb.note("Got %d entries" % per_page) for cve in data["vulnerabilities"]: - update_db(conn, cve) + update_db(conn, cve) index += per_page ph.update((float(index) / (total+1)) * 100) if index >= total: - break + break # Recommended by NVD time.sleep(wait_time) @@ -333,7 +334,7 @@ def update_db(conn, elt): accessVector = None vectorString = None cveId = elt['cve']['id'] - if elt['cve'].get('vulnStatus') == "Rejected": + if elt['cve'].get('vulnStatus') == "Rejected": c = conn.cursor() c.execute("delete from PRODUCTS where ID = ?;", [cveId]) c.execute("delete from NVD where ID = ?;", [cveId]) From patchwork Mon Nov 3 14:31:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Niko Mauno X-Patchwork-Id: 73520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10158CCF9FE for ; Mon, 3 Nov 2025 14:32:22 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.80]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.22256.1762180335060390657 for ; Mon, 03 Nov 2025 06:32:18 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com header.s=selector1 header.b=JMkHmyXK; spf=permerror, err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded (domain: vaisala.com, ip: 52.101.70.80, mailfrom: niko.mauno@vaisala.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ESGwwEMtjsSsUQsGYTMHn7w67lpUgn5ap0xdI1pfYUSoN16bM3kUvGM4JvETX325JbMY7TTXkUCX0cM8nxRlw9kyZ2IXlRSNk8h3RF9ntSWkoSK2ob1U8sTWEa/nFc3u0FhlMqeaVeln5/cKH+ZEOOgYiIbhR/oEBDUTVF9DDF0zgNeDhTp1wL1LFLvGrslv9UHn1QA89/r3XlDSpJBP9Jkd5eIxRmkrbPwoLXzH6pAxNqldV08QPYRIdLaz0c9YQpEAWJyVTRJ+vQz5CwAaqcB0lu+64PwpaiFyNBmZUe8Fd6vQobsbiCBkCo0CJ2kBl82XXNJUlNUhqQ15t0sd7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0YvBv20ZeHs5+m5oaxJYZuiXU3tkg8OKp7HTswJdha0=; b=dNGOX+j5yJZa7W+6T61rzaw8kNjj0qGLvUexvovD5mwA30rBzZYwPmz9otX7mMdJqjC6wsYQqjOF35cOZbSvvok6k/BjqXlw9hCeTDF9/B7w1eOrGkkyTbpiA5YAHbmx1H7fcNrT5d/qjwwKWhkflwe5qZDoABwitumNp4NLgiTW1IZ/1TOyoZ4SOMOhbneYko32+Cect3NkvyK5SSD2znxPdALhkF/2nxkBH3uqD9r83CclCpOscsvmWTqdNrxH3KhFtCOXCVNFdQLtUJHSitTxFX13Ek4lUpGm83d/ammQpGOyrfNgUjVYwipCFvqF/oHfe9vIQEsjCxZ1GCSQIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com; dkim=pass header.d=vaisala.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0YvBv20ZeHs5+m5oaxJYZuiXU3tkg8OKp7HTswJdha0=; b=JMkHmyXKioSZXRseLL5XcYqCj4Y7IpDUz6/mN7BFB1MPDzzujt8JNmk7JBktLpSx+AjyuBvBOYWwb9XtaXuNNQtLNnRnoJml58Sz7SBE2UVRKkX6LEDTxLKc2rceYLwRFbbnze+0z/5WohiIkCvmXCraenCSpUOfmImv7Em31qXv0d/AehKClAw4ObKWbpHmSzyPlOF+tYuBfzzJalr0a9quGQL+EWfL+crUTksSkL/qvq+kZJpZd1fXl1d54DCcN/5R54dJwIrz4jq+R2ebixu8uwY53oF+JSv10bnXjB+FwdFeLDKN5cjZjnQikvlzjkzfFQtnJILox2PuaMW2Aw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vaisala.com; Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) by AS4PR06MB8517.eurprd06.prod.outlook.com (2603:10a6:20b:4e4::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Mon, 3 Nov 2025 14:32:12 +0000 Received: from AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc%5]) with mapi id 15.20.9275.015; Mon, 3 Nov 2025 14:32:12 +0000 From: Niko Mauno To: openembedded-core@lists.openembedded.org CC: ross.burton@arm.com, rybczynska@gmail.com, peter.marko@siemens.com, Niko Mauno Subject: [PATCH 2/5] cve-update-db-native: pycodestyle fixes Date: Mon, 3 Nov 2025 14:31:54 +0000 Message-ID: <20251103143157.315178-2-niko.mauno@vaisala.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251103143157.315178-1-niko.mauno@vaisala.com> References: <20251103143157.315178-1-niko.mauno@vaisala.com> X-ClientProxiedBy: GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) To AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|AS4PR06MB8517:EE_ X-MS-Office365-Filtering-Correlation-Id: 2e9b7458-61e7-488f-0646-08de1ae5c695 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: acGEmn/aDTRUi2AXcnbMY6nGjuRB6mgOKQFeBnnvTNGqyDjO8wvIhQWf2lkGANHkeG4aDsf5oR1qPRYJ5FUAG4fRd+uHp9k0sbXhpK9MmjSExvsKE4cMAq78qJ3HqwKpJEEOWb9FIlRrcDdQgA6lv7EMLjL5c2XjbdH6Kk7LI44fYnS2TGLeOyN7OglmTIsuEQWGBuybsLqIDk5w8sbmnn5ID6rOHaVWjSFgz6DVPk7X3rLKj21cYdVtuNHumf9ZoT4LHkhK3ISRJdRnMlrgfjGl0auWBjpr87stIxuyY0r1lTxeqQfZnFVHtHCRDcmkl+kgQWdVybom28iSpvD69H0C/lheyUM2MPtVn41PUY8uoO7LcJpWUdmmX5d0j+uTZf8v02wt9/MuCQk9T6h2NiOUgHu0llaweTEL6oEMhuXm+wPZD2yTvSBx2WZWHvQTLsEWhdcdcR1Yp9ekD7hIwz6Xz8RjK+qmfe0tv8/WQVvAta4n+j8JGBKMYaIy+WCYLQaZXG/jBm3TZL5KQJ4bQhX0j6543A9/wqtZHaVsvLaJtL9vZ09GEyNbA7kt4uAOu+kLj46SLQnUr4wtDBiuW3Nu3GlGits/QcAWKyrPFIshhNOdrePJEnAxCelZvyWPx3zsjlE77KtU4lD6lrUMH6qB/2W5FmIW7ManSQyC7obdAdTv62BX1HYV1alrHXKM/wQm57Ye/oyTH9rLI/zVXjhPzjAd8sWHhG9zZnIHdFMvALw8PxtG+nI7O7OM0BkmB2OPJbU4RqZ+rjIlG6r1BZMfRHJ7HrcFtylQiLtantVwoVAuADNZ9AlfXHaRO8udSeuyoDu3wULW8BYq76cmLgNY+HCuWLwCoj6iPAw8vU7jHtvSfPBLtKsFYf4y1g25kb+o/qjhrbgKbrk64gL+ObeyIOOjZ4yf5h1rPMwIYTT9gmTIWqHlLUumBbSB2SxpMHO8fwFcV2DEHbS4mUPYQ2/mrU9lfAD/xiAGqV2RrCDe1FAw+aqh7kfIK8rO2zhjtMz0s6fwl8ClkzhGxZMGpFtxDAvI7q1sxoau0eK7fKEVO1pDLAWqHmZTMhZ8SgH9yBSFG/UY9T5zH/ABEQJXouA/NHW6wOpdDfvtyw/aDmmES03BRyl3KNSfrWSOHMsKELpZzsAaDSWO16MjiYvw9VyLxszhvxay3VBk5WTLWpePyAZxu1teyEl5CFGzh+lhGtgxWabP6ZuG/qFUCPmu6PovhdHQ3IqZpo4sAs+Y7+CGVNSM1M6J09kxxEAF2KrH0KPFyikH8G53W6Qg3dUx5UTt5tKKue/73/tZ1400QFWw5dxX0x20qPmqL6AzOTurJ1UAYnPxw45v1TCQ9pKfbw2m0QILChm6u0zkSKW0XfGMUCQpOQ00SP9FiGvhmTP7cJrvR1KEV81RsB0X9wwQRjlmfk3xpVO02ATYH+1APPwmWNaOQvaEOJHWX0sdDmNsWBKTsVVwVNdxKKPblHS4/wX8K3f5dsF5RFQBUNDNk71aHP6kv1Au9GPeEE/Hzzia X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(52116014)(1800799024)(38350700014);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: GY+zb9CEMY3G/dGc5jvbfMo+FCx28L2UaQOyrCgFFaFKyp2qi9m9mLUA0JA+ZUQwbNxWnZNEQ2QugRJYUvoCcYy4yss/PLTlN0XvcnCt5jcIqWwBWkayMs197bzOmkh1Y6hjmatTP+fpuJ2QEVCM2gnVehZS7klHaLxjckJJ132DcR4p/ZVTdczrQ943xyeqCxvmuFG2oZvk8zsKJvtuy8Rj0n4Ikmy0xS5AvsWzcrkUB4RpTCzg7MqmHH/ppE/otAoYTt3RIq/IOS+Ic8PM6Al5xPSXWkhTUgKRhSfDuVA0+4BN7n8KZ8NRyMBjnTjm4QntBFaotCYVdlafnQrCn3++fwHF7+CAS3JOokUCa0/cpKl03nAvViDkiEMN3jvcHprufm2ER7g29HpFTwDKJJxdda2/2fcl8mS2LVHaIwtEUC0ieMObONq9CnUX3lLAIAwGt53KCwe2DLC8Z+QKvij4VeB58iWen/t67NaeaEO+Il9c0C4W0yH5IlXMwFsdnW2Gddo50KnHcuvmoc4Xd9eKSejdPrT2GZZV8r+9VYA9IMK4GUE3GsdbUdhem/KZdhWA3Qhi2x0Q7Nlu9HQZfGbfIZ52vEhTMAZaen0GzKb8xeAq7y9cEMzYNgp5G0km8SNqFyNLhxqO+dHwyhN8JtO3aflqFBE3yo8QTECSu4ECGujpjY2wCr5/hsfOIGdVYPfgBTRS0zXcQv43LaCOwaAU6uhh1ORD03tWE3JC0xu+41kA3HDm+OiWeFnnH03tTWCuAvDKM6JjHNqCnMAZmZhFnYx/8s00MVngLIYCUc2+K93iBVn7Nz0B7g7Ty+3uuwgVDmii3XCyVwTf8fd21UfI1scTUPvtrNgKGStOn7xscP1EiPSo1sxrNfKFjZ7vsMx1mk7863rnib/lwvwhugc+hViVPRh4bmhvuInKkXVcPHnVkJuIFK7tOEeNJc+KXkUucBH5H0XNzUQR3pqrGmTYCVd5ASNjP+iRPKJJWU73WpUhIlV/1VDEOFnsdK7YtpJDeDtej7/c3tVh+Hr27PXsWjRVQeJ9yduyZVJnOCKjmP5zPBRV9JKIEpi96ZidjN+AJOGMOIEOroB49JVL3tcjZs0FggA2Om3lRxQYUiOdmCyjbm7o121dfZuKcdkZTw23xNPKo4i1wb/BKzIlRMjRlWFI22VnG+2KtAIx1wisAKg2YnwzSGUt9/vta/Jm4T2IDsuHtJpXwTLZDUjO/a0UAZL3xGRuMDoPFDzjK9rlX4IjVCRQkCIof/8+S6O9ZdNW4UjnMCbI9mUvVceInXJCI/WR/HaDe0gN6+h74cMqXoSCDyY7N7LfzCfBEK7DwDXV1cpx7/AvSDWTrhYbJqyEbD7FE1VMaNrbGh00q8rzNvVmEom5kuXfkjm0beEbWyhkxO0TlbscwZFWXySUME+TgR/LOHRWC3wMylPpZf04MNtWE3swkWeqiGSI7/eP2Zkxq5Ba79Psmqu8XTiUQwIUsCkYFldO/63JoJjh4hIefRIQmHpe3nAvllfOisN104v2OLZW3h2sukL7H7UGKtLcPIFvEuvnZfJBDdd3IpaYVWWcN6QAzvrAYx3Qb1+IEdhI27o6/ssfT8Y+iCOXdw== X-OriginatorOrg: vaisala.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2e9b7458-61e7-488f-0646-08de1ae5c695 X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Nov 2025 14:32:12.1538 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: l6Tr47hBbUwTOzMeAM08qzCitJJwtTXYUVM/f/8B0bMh2HVC7XQWPPPJsF/cVj2ZQ6hYL1BRkrITJCjcloHahw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR06MB8517 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Nov 2025 14:32:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225657 Fixes following pycodestyle complaints: cve-update-db-native.bb:80:39: E712 comparison to True should be 'if cond is True:' or 'if cond:' cve-update-db-native.bb:128:20: E401 multiple imports on one line cve-update-db-native.bb:130:18: E401 multiple imports on one line cve-update-db-native.bb:171:21: E741 ambiguous variable name 'l' cve-update-db-native.bb:335:26: E225 missing whitespace around operator cve-update-db-native.bb:344:12: E713 test for membership should be 'not in' cve-update-db-native.bb:347:12: E713 test for membership should be 'not in' Also leaves out a redundant 'gzip' import in update_db_file(). Signed-off-by: Niko Mauno --- meta/recipes-core/meta/cve-update-db-native.bb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 713c73e574..3a6dc95580 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -77,7 +77,7 @@ python do_fetch() { if os.path.exists(db_file): shutil.copy2(db_file, db_tmp_file) - if update_db_file(db_tmp_file, d) == True: + if update_db_file(db_tmp_file, d): # Update downloaded correctly, can swap files shutil.move(db_tmp_file, db_file) else: @@ -136,9 +136,11 @@ def update_db_file(db_tmp_file, d): """ Update the given database file """ - import bb.utils, bb.progress + import bb.progress + import bb.utils from datetime import date - import urllib, gzip, sqlite3 + import sqlite3 + import urllib YEAR_START = 2002 cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) @@ -167,8 +169,8 @@ def update_db_file(db_tmp_file, d): return False if response: - for l in response.read().decode("utf-8").splitlines(): - key, value = l.split(":", 1) + for line in response.read().decode("utf-8").splitlines(): + key, value = line.split(":", 1) if key == "lastModifiedDate": last_modified = value break @@ -332,7 +334,7 @@ def get_metric_entry(metric): secondaries = [c for c in metric if c['type'] == "Secondary"] if len(primaries) > 0: return primaries[0] - elif len(secondaries)>0: + elif len(secondaries) > 0: return secondaries[0] return None @@ -341,10 +343,10 @@ def update_db_fkie(conn, jsondata): root = json.loads(jsondata) for elt in root['cve_items']: - if not 'vulnStatus' in elt or elt['vulnStatus'] == 'Rejected': + if 'vulnStatus' not in elt or elt['vulnStatus'] == 'Rejected': continue - if not 'configurations' in elt: + if 'configurations' not in elt: continue accessVector = None From patchwork Mon Nov 3 14:31:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Niko Mauno X-Patchwork-Id: 73519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F130FCCF9F8 for ; Mon, 3 Nov 2025 14:32:21 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.80]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.22256.1762180335060390657 for ; Mon, 03 Nov 2025 06:32:21 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com header.s=selector1 header.b=AbWYwzst; spf=permerror, err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded (domain: vaisala.com, ip: 52.101.70.80, mailfrom: niko.mauno@vaisala.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FK7Xf3+AOlpRJJ6GZuOeoZbMABfRQMTEKBBHtU2GZElgOFp/vUXMXdqSZcaG87Iu1MTuJ1/YfYX2EnH6dJSdGYGRCvOn2XSQOC13USCbBST1JftRvE1C8ip3GVFa36b0A3fGJDuZF3H0bIbliFhiAHU8OhXcn0e0j7z86SFtGlsfpxngQfBL0gv9Mqw+nAxT/9qO4GS460GOClqSs0B6arzE2XMTKlqkBhq4mFb16fbBB93desaGAPwrohRvVC8idceXchNSEAHSNAmM/jo07Dr8Z6I4GqVlNy4wvsMHx3uwRx/B+EflT5ulJYSlyI2fQZ49dxy9KEmmwbLEiwdOXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DRI0XxFeGw1lpJuVFmWffzfkts/c7kF854+sNyM0P1c=; b=AScUUQAxU9HiLO+QTjYiYb+G1KFMwWXFXNejT2vgktMGUtD7OW5hdQLyAUtIEH7AnN/ors5gJ+OSBtyca27hfPZRrE5JlcOcM6yF8k+41JhhekcdVhKaSYCCu8EEr5XMkYbWoVcq3FvKDnF3KQ8N/INY8HBH6DUpzN9Lfy0uXBsVlT/3hpJacwKnJnKzUyWsTqB51x2V+aOON3k6+OtPxuYkuf1vnM/Wajl+hrrfQehEqieNutI2apQUQderH0cz4yrAD+Ob07mb/oz2hW9FKBqbYK6i5eKmKcIeGogOt+Qgk4bFGSlQy0WrXU+oo+fM7OnaQgSUC/LAVq6slxWWYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com; dkim=pass header.d=vaisala.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DRI0XxFeGw1lpJuVFmWffzfkts/c7kF854+sNyM0P1c=; b=AbWYwzstxeH/I7WPy612YMIvKZOVi2qyo3AOWar5IxXAhJcZdG6Bttg+yuZE3EmGgRSS4jxMsLuPDlZESZkZ9gKpMIwbEQnd+YnPkuyIJf3U7QLod3bwnkMtO5ZmbbBC6feKl21TgjzEcrvpjZolRJiUHQBmCvRRgnzepq6DdOeC406pqba9dWi05mxnD51gJL0tlR6HfxBqbC3Nys4kw2ITtrOEME7RRYjWnKs3WGaLiiTIbRYaOl7oVLfefajWK728qJ5mIgtYu/B8DlcZek64oh+dGjSQvhsPQY0lUmASuMwGRuFm2GR03u//tf49UzXIXUVb2NQIgl5yJ501wA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vaisala.com; Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) by AS4PR06MB8517.eurprd06.prod.outlook.com (2603:10a6:20b:4e4::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Mon, 3 Nov 2025 14:32:13 +0000 Received: from AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc%5]) with mapi id 15.20.9275.015; Mon, 3 Nov 2025 14:32:13 +0000 From: Niko Mauno To: openembedded-core@lists.openembedded.org CC: ross.burton@arm.com, rybczynska@gmail.com, peter.marko@siemens.com, Niko Mauno Subject: [PATCH 3/5] cve-update: Drop obsolete NVD1 support Date: Mon, 3 Nov 2025 14:31:55 +0000 Message-ID: <20251103143157.315178-3-niko.mauno@vaisala.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251103143157.315178-1-niko.mauno@vaisala.com> References: <20251103143157.315178-1-niko.mauno@vaisala.com> X-ClientProxiedBy: GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) To AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|AS4PR06MB8517:EE_ X-MS-Office365-Filtering-Correlation-Id: cdeba838-706a-4ea3-07e2-08de1ae5c755 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: Ytai2fd0PK4VKKrk55ibmbinv4ULhJuZGgSGY9HEX3rjLV+KhfzEzjZM+85nMpAEPysyyb7g2ouQrpIgnUf5cHgsChqmTHN2sxOh4WK8PesJrL/zR/Cu4n6cv9mKTdKif1wKbFHg5B5L0snxYy2tppfw4sMN1OTafXu8bLnML67Uzwaj3VWmX7oYnQIwqpE5JndjVsnBuOe0h+rX3YVMTgBCAxS08uCKX/F2VP5Oxs3sMniL5h2DBCD4E8w/X5j9Z50tHdZ11Fmgpr88CsoEBH+AycL1v5T+DUEJx7a5SQB7XAQ178F5mpnHv+5Vv+3/DU424wydbhiKq65kXUr9Q7O4BmMVbHowFW3Iuqf/LyJjZjsDMLcKJq5pDReuvha+WXdRLCNw7nO1CU6kZzDg6PCns9UJLh6lYreUWwuId5DPy4vkmqQWGDcWlAmr145sIgkDRoU7n2CzmY8IcuDUQiwNPYrz6GQs58fCL6wjZflAouwEJcSuYKQm/hnlDQgz2Eh86TTmoODUO2ahI9yQHdxqtRcHLmVxSlZFlyuqd++H/VpU1nRkxTI6wTHQ5ZgjwQBpn1lpD39yI5RRHxxlIv7NpjfeQKujjEdAWdqUgG/OWUG099MIf0jpwVgD4dFH5jTBP8Bb8cJcCqnn6WMACvwI1QTOkIXzPUu+NgMvPV8ZcZox4ocxTLBlyIWhjjIbKFChzfloKqT+3BKbFqndiotO75Rrbn7Zmh/bWYqM4uC4luZ0XagCjSAfP+JQDF9lnXGv9zGvl5ekD9p7xcNqC2ewTyOaLr1p/mmrER8mncnb3jjUchyWXnru2kSaHRIJLvJy131fWCWPYb7NQmXaF+miVjm+exhegdgesM68ZsJ0f1MIOfRryWiRT2ubYF+QjcajEi830gER7H/X8XsHD5cHzrKYCjKeJ/Rqdy25mJEf+5pi4UbeuFCh/de8LPfkQnMT0C+U6Cb1izknkbi3V6Zqvf6MMEKNLzfp9LcdZJFr8lP3XZF6uU9g0cMdeNI5X60slKdqmnFbjqxMflWo3N0NDxLH/F4QhPJTpcf2XdYSZDsKbZ57y0Fi9y+/5nZw69ZKKCnQMAetFVmEospksp6N8gHLN9nYpHCtmyj3cabcbpm8XL0ndwZDJjvSqLPW9qiD9EUaLGAMoQ4Cw6Pl04pqtErplA0AeWqt7OhKwij6DgtX+/5orBPlzUArVrR+LNUYh3bG4qH0UKxn0hOozveJg+EIevngviIHII1qE+X2n6xS7VpQJp90PS7hTvghOsuXX66IeysHqQD1kpbh25x3Q6b1P0c/C9iMZkN2AudR9STGtS0CgsMbRmJOCltiJOHBw26vYhpxkTwdtnVO8xWsyfBuxoWZ0CALUW96wykilTCPnVwLVNoLCXnkA9C6y+T7GJVGMCXvTP6Dc3hvK5NACNG4XdYdz8WWbgC9kyTaYhq0BESHssPyIBx4HQhUfmk8nSwNHGspjrz7id3NdZp7K0Dj2A2yj120i1FMnJ8KXaC/LkfYUNnE/BoAap2G X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(52116014)(1800799024)(38350700014);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6R2dbJljDEyF5+6JfWKJnmPpE/ikM+0VWd/g4kckl6JQr1025WMZ39YFkElLmph2oDQ+2ccT+S0QqwKOFgWvePY383Ly8pWLBH0mAhUgXXvC2XA05QhYcW3SgaZzoBYW3B1UdKItwrr82rhugcXcS6uODtJyBjRpHiNg8hXCjzDPSmBU28U+rfOBgRlyAHAab6mUbosXA7XE3K/PaxC7JSV67ad/cOPV7sMqgjgOyCgQYLb0X293UJnUwmeRr5OhRYgvEX3djz8fv/kvBdfOpZlFY4tl7O6U1deOpjh4qZcal1HUWRsOd1WrspjxsEUz8rnoi2HSCZlxJ37M97hXPFv0f1DEvveS+x0l/BlA07SlVjbl0M3I4+gwTwiPPcm1Pho3IBnitIfRj3edJOzXl5FkOKLT+rN6qT8NHYC+Eap98PJw7xsVoy7tKXqZQ9RbyXnWJ0SzdNHaZUT/7lCn5uq5uYHavrVFXMYzi2vRLUtDwUFSYi5O9GtdJkA7l26UhGcpiKeEOd9MHVkuhkLzW9CGGnmAR8d8S8X2jz+nkkXUe3LcmbqV9ohwIzmjpuw/HXZdCXiDThvPd/ILaSndwr22shv+Y70PYtv7ZGuxFEFB/hPZsXLmsUi0P+o4sDhisr3L8+jMdnKnXIBBMB2QIYFILmQQ5rcWFqyhItIqANROkRhgHH/t47iURmTZKp6l7ZxFsSJYHigDu3BRE8ZqG7GABcz3ivuBwR/HFPfhph/sFbWe/xicV7Zj74pWvnl0ca4G06Ch01Z77ESxO7sl0Ib+ErRWiOiqcoZp2modyO7xs6vAzEb1h881V3xZq5RKjts94qSqrYnWf6ENyKO6hkzzk/3Lty+6gSdRiOtyjVCcrmJSoszTqqmD4E2/j1Wz1xqPV5C4v6zpbg3UG0VSwtZKEMgqODjuznYRLEv7hMxk85JxoyDMH7K9yO3GuPCRC5o0bPxlznWikA8hZnd6n5GfHxDQmrJttRv8ozcq6IRO/C9F+2gDJwqpvk8oxFOkynhsfCoXtu6tL5hrOniqajcXZgONzqegVDNFTvV1kPY5pNbFAJ0v35uC6Pcp3c3z1fUvHhntvicMyC2/MZYuq989IksKQKUYAo6oXFKcg4ye9BQeMCqzCD2sdJhJJSp5mLJakgnnN36CW/XtrldlX4+U3/CoiEuLea8lSsIF9/yrSU6Kt/3788ysBQRaxHjuQP1tkyDTjREUKJ2W6xtmztNmwYwIwfZhT8Cg9l3/N+SwxArn9U2CQnacDLf1ayaKybfz0qbMLky15LOrejmJvK/syYQn6vckdn5/c/MD8vs3QtoZB7rH4RjeDeZiiENRiuKYE2k25tNUz0nFRon+w4b1s8nY44rG+sXqQH/q7MyITvRTNilBPZlG8lW2E5C4wlVidCBXiYptvOH/zNyoB2IASjMSvlhwt2Su1CMOkG/PWTfijSzVrlviGn94gJaoXSnluzyvGrvJilbBuEhSDhCkN9DvjvCP/XOumctkwJOh74TptXAV2dE/59X72xZX2Wuc1MXuCD+AzyaxOLEIUirFtQ4j5/ifbo72oLu0f2JH/8wCzsJrAu9EuTz/bBJE90pb5dSZbAX3z2w+3RGPvQ== X-OriginatorOrg: vaisala.com X-MS-Exchange-CrossTenant-Network-Message-Id: cdeba838-706a-4ea3-07e2-08de1ae5c755 X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Nov 2025 14:32:13.1860 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ajvhN4afcg6GkbvPSU4A5SvF4/LGw+YvOCuskAVsrANDyUAC94cuoskFEeTKdl5TNpZAaSrYWuPBCZllWhT1GA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR06MB8517 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Nov 2025 14:32:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225660 Since enabling NVD1 as NVD_DB_VERSION nowadays leads to BitBake failure WARNING: cve-update-db-native-1.0-r0 do_fetch: Failed to fetch CVE data (HTTP Error 403: Forbidden) WARNING: cve-update-db-native-1.0-r0 do_fetch: Host IPs are 172.65.90.26, 172.65.90.25, 172.65.90.24, 172.65.90.27, 2606:4700:78::90:0:180, 2606:4700:78::90:0:183, 2606:4700:78::90:0:181, 2606:4700:78::90:0:182 WARNING: cve-update-db-native-1.0-r0 do_fetch: CVE database update failed ERROR: cve-update-db-native-1.0-r0 do_unpack: Error executing a python function in exec_func_python() autogenerated: Remove the support for obsolete NVD1. Signed-off-by: Niko Mauno --- meta/classes/cve-check.bbclass | 8 +- .../recipes-core/meta/cve-update-db-native.bb | 87 +++---------------- 2 files changed, 15 insertions(+), 80 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index c63ebd56e1..259c699af2 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -31,11 +31,11 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" -# Possible database sources: NVD1, NVD2, FKIE +# Possible database sources: NVD2, FKIE NVD_DB_VERSION ?= "FKIE" # Use different file names for each database source, as they synchronize at different moments, so may be slightly different -CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdcve_1-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD1' else 'nvdfkie_1-1.db'}" +CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-1.db'}" CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}" CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}" @@ -108,8 +108,8 @@ python () { extend_cve_status(d) nvd_database_type = d.getVar("NVD_DB_VERSION") - if nvd_database_type not in ("NVD1", "NVD2", "FKIE"): - bb.erroronce("Malformed NVD_DB_VERSION, must be one of: NVD1, NVD2, FKIE. Defaulting to NVD2") + if nvd_database_type not in ("NVD2", "FKIE"): + bb.erroronce("Malformed NVD_DB_VERSION, must be one of: NVD2, FKIE. Defaulting to NVD2") d.setVar("NVD_DB_VERSION", "NVD2") } diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 3a6dc95580..4423216be5 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -11,7 +11,6 @@ deltask do_compile deltask do_install deltask do_populate_sysroot -NVDCVE_URL ?= "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" FKIE_URL ?= "https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest/download/CVE-" # CVE database update interval, in seconds. By default: once a day (23*60*60). @@ -108,30 +107,12 @@ def cleanup_db_download(db_tmp_file): if os.path.exists(db_tmp_file): os.remove(db_tmp_file) -def db_file_names(d, year, is_nvd): - if is_nvd: - year_url = d.getVar('NVDCVE_URL') + str(year) - meta_url = year_url + ".meta" - json_url = year_url + ".json.gz" - return json_url, meta_url +def db_file_names(d, year): year_url = d.getVar('FKIE_URL') + str(year) meta_url = year_url + ".meta" json_url = year_url + ".json.xz" return json_url, meta_url -def host_db_name(d, is_nvd): - if is_nvd: - return "nvd.nist.gov" - return "github.com" - -def db_decompress(d, data, is_nvd): - import gzip, lzma - - if is_nvd: - return gzip.decompress(data).decode('utf-8') - # otherwise - return lzma.decompress(data) - def update_db_file(db_tmp_file, d): """ Update the given database file @@ -139,12 +120,12 @@ def update_db_file(db_tmp_file, d): import bb.progress import bb.utils from datetime import date + import lzma import sqlite3 import urllib YEAR_START = 2002 cve_socket_timeout = int(d.getVar("CVE_SOCKET_TIMEOUT")) - is_nvd = d.getVar("NVD_DB_VERSION") == "NVD1" # Connect to database conn = sqlite3.connect(db_tmp_file) @@ -155,7 +136,7 @@ def update_db_file(db_tmp_file, d): for i, year in enumerate(range(YEAR_START, date.today().year + 1)): bb.note("Updating %d" % year) ph.update((float(i + 1) / total_years) * 100) - json_url, meta_url = db_file_names(d, year, is_nvd) + json_url, meta_url = db_file_names(d, year) # Retrieve meta last modified date try: @@ -164,7 +145,7 @@ def update_db_file(db_tmp_file, d): cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n') bb.warn("Failed to fetch CVE data (%s)" % e) import socket - result = socket.getaddrinfo(host_db_name(d, is_nvd), 443, proto=socket.IPPROTO_TCP) + result = socket.getaddrinfo("github.com", 443, proto=socket.IPPROTO_TCP) bb.warn("Host IPs are %s" % (", ".join(t[4][0] for t in result))) return False @@ -192,7 +173,7 @@ def update_db_file(db_tmp_file, d): try: response = urllib.request.urlopen(json_url, timeout=cve_socket_timeout) if response: - update_db(d, conn, db_decompress(d, response.read(), is_nvd)) + update_db(conn, lzma.decompress(response.read())) conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close() except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') @@ -224,17 +205,14 @@ def initialize_db(conn): c.close() -def parse_node_and_insert(conn, node, cveId, is_nvd): +def parse_node_and_insert(conn, node, cveId): # Parse children node if needed for child in node.get('children', ()): - parse_node_and_insert(conn, child, cveId, is_nvd) + parse_node_and_insert(conn, child, cveId) - def cpe_generator(is_nvd): + def cpe_generator(): match_string = "cpeMatch" cpe_string = 'criteria' - if is_nvd: - match_string = "cpe_match" - cpe_string = 'cpe23Uri' for cpe in node.get(match_string, ()): if not cpe['vulnerable']: @@ -290,44 +268,7 @@ def parse_node_and_insert(conn, node, cveId, is_nvd): # Save processing by representing as -. yield [cveId, vendor, product, '-', '', '', ''] - conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator(is_nvd)).close() - -def update_db_nvdjson(conn, jsondata): - import json - root = json.loads(jsondata) - - for elt in root['CVE_Items']: - if not elt['impact']: - continue - - accessVector = None - vectorString = None - cvssv2 = 0.0 - cvssv3 = 0.0 - cvssv4 = 0.0 - cveId = elt['cve']['CVE_data_meta']['ID'] - cveDesc = elt['cve']['description']['description_data'][0]['value'] - date = elt['lastModifiedDate'] - try: - accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector'] - vectorString = elt['impact']['baseMetricV2']['cvssV2']['vectorString'] - cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore'] - except KeyError: - cvssv2 = 0.0 - try: - accessVector = accessVector or elt['impact']['baseMetricV3']['cvssV3']['attackVector'] - vectorString = vectorString or elt['impact']['baseMetricV3']['cvssV3']['vectorString'] - cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore'] - except KeyError: - accessVector = accessVector or "UNKNOWN" - cvssv3 = 0.0 - - conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?, ?, ?)", - [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close() - - configurations = elt['configurations']['nodes'] - for config in configurations: - parse_node_and_insert(conn, config, cveId, True) + conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close() def get_metric_entry(metric): primaries = [c for c in metric if c['type'] == "Primary"] @@ -338,7 +279,7 @@ def get_metric_entry(metric): return secondaries[0] return None -def update_db_fkie(conn, jsondata): +def update_db(conn, jsondata): import json root = json.loads(jsondata) @@ -403,13 +344,7 @@ def update_db_fkie(conn, jsondata): for config in elt['configurations']: # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing for node in config.get("nodes") or []: - parse_node_and_insert(conn, node, cveId, False) - -def update_db(d, conn, jsondata): - if (d.getVar("NVD_DB_VERSION") == "FKIE"): - return update_db_fkie(conn, jsondata) - else: - return update_db_nvdjson(conn, jsondata) + parse_node_and_insert(conn, node, cveId) do_fetch[nostamp] = "1" From patchwork Mon Nov 3 14:31:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Niko Mauno X-Patchwork-Id: 73522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21A12CCFA07 for ; Mon, 3 Nov 2025 14:32:22 +0000 (UTC) Received: from PA4PR04CU001.outbound.protection.outlook.com (PA4PR04CU001.outbound.protection.outlook.com [40.107.162.97]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.22259.1762180339875654168 for ; Mon, 03 Nov 2025 06:32:21 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com header.s=selector1 header.b=RBGGHElW; spf=permerror, err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded (domain: vaisala.com, ip: 40.107.162.97, mailfrom: niko.mauno@vaisala.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=J7TVeJmwubUJM1bGRs/spnq2FoxrW5hvDfBiyZT51bBsbISRQZJW97k2EO9SVRqznYIWsilAuMoB4c4fPlpazDlZNgmVorhMrRoyMzAJUOI4fil0qMZ3szffNBZzstrsXV5gKQKm4bJHDH5Bt0UCNJqbwPjNx1BDqoz/phdDbZmEaZw2llx5CSC7DjgiQNPvvL+7xbb7RV3Fj3nWLszkTb2PNQfev95bTh4D+Gmb6q3bE1YAHfs9lrUPmF36Wq2hIs1De8f6fAiwKLRTxZiDpYkyQo0rNJu9FCHJaox5OL8IuH5T2YhJXzya+AAzLmOyMEVI4++r19MD2w0jC+CMQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AYI+zkiow1utrRD6Ru4WH9LD8DZ/k1CaaJeDxpOMCuY=; b=RxWSjzVDopQiIY3CIQWKzACEP+hAOnz54trr9mdrTWDOmtwdU3m1bJ2XKYor3gG3uETeDLs0RQaVt4ZnDoD88tawY3Vyov5Pf1++MUGxX3UJG+69QdpTneRIIVsbT11BPKSxGUzDzHdNtU4x+zhTT7hNI39fKbRrwOaQs2LkgtBrcoqb/7pdCqXTj9WC8Zz2lGs21G3ROCJErLWd8UnxF3+K3yUb0vXXpXboYa7zaMUdU87vlgjiwUpaWF5faBxp8l3gNVV8kQIQQutq66kYQFLCUOFtDoFNiX33p9uoABzfj7EaJw7VsLH8MxdKgfVpuNBz2/uiz02o26pUP7JUXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com; dkim=pass header.d=vaisala.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AYI+zkiow1utrRD6Ru4WH9LD8DZ/k1CaaJeDxpOMCuY=; b=RBGGHElWcEX/u5FvBSpN1gibH9w4hstl0YVRxHBtaH47Xn/GZFFSdHhfR6oUSkKf++mcYlhs3ewhQqTD2BsZxpC2TH2hKsQVZk/hjk/lIVL8+vy3wnxkshSKLG2W4N+NVaJKhco50gs5ggrK7QdH5JdnjpKV2uZqsTwRBjFQc05cKmobOdlKuI1u1zirZocYUp/yWJWMfFTP68ztdQY5+2EDHxmPc7G8mFNAoB8d8nAE5k+kE8J+/YaaU4D8H+9EQawC5BSrvSrVJrCxG9fNZTqVlc9QtiEc5WcbbO4HmWIf7cnzOYW7CkApGjidf3vTC84pKYrT2E6BK2K4BAdnGg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vaisala.com; Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) by PAXPR06MB8407.eurprd06.prod.outlook.com (2603:10a6:102:22b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Mon, 3 Nov 2025 14:32:14 +0000 Received: from AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc%5]) with mapi id 15.20.9275.015; Mon, 3 Nov 2025 14:32:14 +0000 From: Niko Mauno To: openembedded-core@lists.openembedded.org CC: ross.burton@arm.com, rybczynska@gmail.com, peter.marko@siemens.com, Niko Mauno Subject: [PATCH 4/5] cve-update: Take shared .inc file into use Date: Mon, 3 Nov 2025 14:31:56 +0000 Message-ID: <20251103143157.315178-4-niko.mauno@vaisala.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251103143157.315178-1-niko.mauno@vaisala.com> References: <20251103143157.315178-1-niko.mauno@vaisala.com> X-ClientProxiedBy: GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) To AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|PAXPR06MB8407:EE_ X-MS-Office365-Filtering-Correlation-Id: 8feb87b0-232a-4fe7-a2c0-08de1ae5c7e3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|376014|1800799024|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: pYR0WIne5/7eCONsPB4fODgpswyMxF+TZOURfS8uWsVCgT/0RHyk8X77jsYa/j7vKFzcxpPQUCUaXGum7CsC7UHNja8CG8KO3jxGp7pjfMcEAEkLP9WJj97FdmgBPvqw4zHOUui0lEQSAhBfY8fh2U85TbcL1AmA7ZNE7zo/i/OUGEnkh/y0W1kAbZ/BYsAVPKoMDGx/BPtU8GvtupB+qJlVE5cSTHZ+i/Az4psFLP7kLjO3QAETfjrFbLUOxF1Ds2667IDQLBF8LNFP6sAclChH6Hh0SOrwHauRzRkfN6wf2tYc93fLlpBJ83bJLQnS7tXPgSKvYg+YPF6yGcGrVCjsJNgBmWlvSUfRGQqtKHOgazKTUASJ2X34Lf7XZyNwkQNZSHOU6vumJAJfxqdhbu6aTDk1QAfDBe0I2M54ddEiGo9AYowOHwfBU/+r73hv3t6PebCFcRrG1L32PefOewfi+OozFc5VM9LCUbSgklI7AJ6MDviPuQJ0WOukimvDFCujrKlzLFg7x773Lyn65u+9cdzWOQm9CfSvBFiyiNOOaja6r1Pc8e0rQ6ann2WTcGZT6LbqoMnhGeknQLblVZS/HYc2kq2RBcYTNqN9BihowzdegR/guNuTGdqc9g8KTWdHaXcToHkptrGOhzPZS89a6A3pGIuFoHjgqlUuR5MKbkkPGSGRNNyc1mfAficCkzVB7dTx/BxDWydfKCOGyRrDqLjMRQKMMCvwEuHxAA/0jr1KP1eTHhJHbi5go94XEGQXPvaR7zmTdVl54zh/pGRH1dKtA/MLzaUW3nYzI2yUw/RvmNlffAooq/B8OAEApV/6Pkl9XDk2fq9C1OcXCbxIEM7H/hjFgTpPL5QHQpRFDSLamCx9NcGeMATtZL9zcyyP8D+uhYM2Yf1pEgLhobzxNt8JMX/8buslSyBtS3OiXHS1rTCHESs+dRcp14OI9kbplVz1wrMddcT2MTaRwKw/lvSU/1V6UkjEvuzdYeZNGVOw4xiGa+L18Z7ux20ZZRIA8QHAbozhwv4b70Z99xUEIDvqELSvkkLBOI84StM8hXmDqFlKnVv2yLXZ9TcipyFxT2bsFX1WrLgb01t6AfKvJep3EvHE4gxoHV/Iu2Z/YQUY+bS8WfTNcre0ZEYd0yc+m868yym3iAgC4DNmrtaMmyz/eEmtHPsNjESsbUybqnawNW9Xv5sLKXg96cwacwqpJT62WdosIk+uSuV4Se4OHI0xtY/KFLu9qqeaCcl3eDAUiA+z9XN6o8aaUEPSsazZU9Gq5UBE17bhJ7FLawZBzcUfHxhdrYPO5rqKvf1+P02idmxY7gCTylGsFh5XkrOhBEftv7JI/mOummq2FoTvZD9RqcxNN1nXfHIFrqzO9MxJNXcVX65yerlGtWzke0HWHntAxBy37gCDNARfb9rGFB5rsr/EHUWbMnjajn0IMVL8+lrqCEYSjQstHM/QMwR87x0CY1uaAwGx6K85uNAF3XDsbkrea/b7mBwZF/aSSDEQMgVBCVi1nPjpPuXO X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(13003099007)(38350700014);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: gQeuuc5hRF1E1A88QzKwWqTeljjLD+Js+sjrhlMbd79c52kLQuHYbqPAaRRsInkNwm5UmsyWf+aFZV7LmZTya31DNbkiYsLucC2mLJfrX93c+s4o5IGXKHXh3KiRQyOcuRsHahYsn/d81VCVI1ExElOA0t0q9t1z6HzFls6K8mg7MZ0LMIITAN5R8vrUgjlT16FqguNnrvYUjPcyehru6cSFa8WihFrCLpHXRzcsFt4/d09Pmn+uIPa68abTq5ebN48QsMaycbOVNOH3x4AEE8GSH6JdfgeoD4amqNakoEucXts4oLgX1WRwaNxMdtHcPsXDQbdJolCylxl64Nl37saj0atSXKYHXxFX+s7BsAGcjF2SVBwx1rXGsuKF1avjW+tQGNS5ygPsLPAdXLHLfVu//sy+2JbVB+bKjJ6ijtAX6NFAKSd7N8Z6hTbnQzxzOoyEcbUXqFSh/y5wx4YuHXwef+ENvDu97kxHKPgO9v5YPr8pJtvBWzOs6PHMqV7YXyQpJXhk+lbiFBjCynmoRFxmA+5p55lv7AseTMe2xkrwrIhjDOvAVBggAJlmnHzwiek16Gh9NUBcZBEH1eJmA9xOK/BiYBilDKckBUatmTrDN7L4BfCMduHB2r71Rrx/KEjVkw0N3mfwKAyDUiKcgoQGwhMf/vbErRpZhkpppamCBdXIWCCLNJFLGs3d7nYe9E/Yoi8ZdRVX5myYj/45f61zth5CdHnGdKCycIZUVEqUmfZpR1JsxjDto9TurIGsl9t7walgjQsHGlrCsp++LoAZj8hgG1/FqOhlYCZX6YXpLE3QpR1xYyPL+dbFfg4cwNarJ1EhQ/ycqtjtx5+mxnaQjc72pO8tpF3eebZbgCSI98hcDECgDWGsd87+nhOGtXioxOSdXTPr9j5/2/ok9aurhzoN62/KbSC+OfjvbwCkw7jVrJp1qXKAGh+xN327PWAYNY+7ExazHAXk5DW4d6n1wMjhLOP15xqWcW7wzLWwopJn2EvtMJIHqlAo0mP2h+H9Ph+xfvF3ft0aaXCSvHNoYwuZ1DoCzYX9BhSE0z3A5MLU51Fz4tkZYyaDNR55MBfSOg/4z1S9ceJviGt5EvPm21RxzPd4NfuuQbVhDBmUhPiy46qJs0xBga/MrUmq5u4cTuzDEGRbXuXkwYcmc6wnHjC0rnosPLpJ4LnT/chb+Nk9eL2mMzu78jXDWdk1gQ+sFwlLu/ZpvRR9OtqyKZi+389uy1zgtMcHL535DoRu7EbxZgWBa6rxpY7U0Hvh5vagLgdxOYulCcjgaV5BC+blAdGysriCkoGLi3pM9L5SeOVmXZIAvC442x3rmnwb4EpACMbLEVcMT2nBwc7/cxubZ8oUjbOLwdAZ/3+lChiIgE7DvSzZtk7uAz2x+qiaH9I6KgevNpq2T65EJoijoJkkKsj0KFykrXBEeN2nvK4Z/ngVuXalGKA/7AvKzmsqZGX0DCTp2OemqGGfrl5FqTdiU5SY/Tc72lEb9aL3D6iGJCymGwJd4FJhV3cXTmB1tuVSRvbiEsyIqUTHJwNdVdkMzrzNUhtyQjwahOvpak7wDqMT4reW7H22693CzNfYzoBq2kZzPDh/zHPfn7qHvA== X-OriginatorOrg: vaisala.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8feb87b0-232a-4fe7-a2c0-08de1ae5c7e3 X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Nov 2025 14:32:14.0156 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZCDo7zHzF3rWiHkZTaDeNdFQ9OHoJ4JcKjTeM6xMAlOXdeIY5IeHKRuFjPR1CbFkl4CDvBvxQLWogA6nIw1Ksw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR06MB8407 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Nov 2025 14:32:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225659 Since there are two recipes for the similar purpose with some considerable differences but also some identical definitions, take a shared inc file into use by relocating common code lines there. Signed-off-by: Niko Mauno --- .../recipes-core/meta/cve-update-db-native.bb | 124 +---------------- meta/recipes-core/meta/cve-update-native.inc | 127 ++++++++++++++++++ .../meta/cve-update-nvd2-native.bb | 126 +---------------- 3 files changed, 130 insertions(+), 247 deletions(-) create mode 100644 meta/recipes-core/meta/cve-update-native.inc diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index 4423216be5..ca83c80958 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -1,111 +1,10 @@ -SUMMARY = "Updates the NVD CVE database" -LICENSE = "MIT" - -INHIBIT_DEFAULT_DEPS = "1" - -inherit native - -deltask do_patch -deltask do_configure -deltask do_compile -deltask do_install -deltask do_populate_sysroot +require cve-update-native.inc FKIE_URL ?= "https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest/download/CVE-" -# CVE database update interval, in seconds. By default: once a day (23*60*60). -# Use 0 to force the update -# Use a negative value to skip the update -CVE_DB_UPDATE_INTERVAL ?= "82800" - # Timeout for blocking socket operations, such as the connection attempt. CVE_SOCKET_TIMEOUT ?= "60" -CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK2/${CVE_CHECK_DB_FILENAME}" -CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock" -CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp" - -python () { - if not bb.data.inherits_class("cve-check", d): - raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") -} - -python do_fetch() { - """ - Update NVD database with json data feed - """ - import bb.utils - import bb.progress - import shutil - - bb.utils.export_proxies(d) - - db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE") - db_dir = os.path.dirname(db_file) - db_tmp_file = d.getVar("CVE_CHECK_DB_TEMP_FILE") - - cleanup_db_download(db_tmp_file) - - # The NVD database changes once a day, so no need to update more frequently - # Allow the user to force-update - try: - import time - update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) - if update_interval < 0: - bb.note("CVE database update skipped") - if not os.path.exists(db_file): - bb.error("CVE database %s not present, database fetch/update skipped" % db_file) - return - curr_time = time.time() - database_time = os.path.getmtime(db_file) - bb.note("Current time: %s; DB time: %s" % (time.ctime(curr_time), time.ctime(database_time))) - if curr_time < database_time: - bb.warn("Database time is in the future, force DB update") - elif curr_time - database_time < update_interval: - bb.note("CVE database recently updated, skipping") - return - - except OSError: - pass - - if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")): - bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or update") - - bb.utils.mkdirhier(db_dir) - bb.utils.mkdirhier(os.path.dirname(db_tmp_file)) - if os.path.exists(db_file): - shutil.copy2(db_file, db_tmp_file) - - if update_db_file(db_tmp_file, d): - # Update downloaded correctly, can swap files - shutil.move(db_tmp_file, db_file) - else: - # Update failed, do not modify the database - bb.warn("CVE database update failed") - os.remove(db_tmp_file) -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" - -python do_unpack() { - import shutil - shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE")) -} -do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}" - -def cleanup_db_download(db_tmp_file): - """ - Cleanup the download space from possible failed downloads - """ - - # Clean-up the temporary file downloads, we can remove both journal - # and the temporary database - if os.path.exists("{0}-journal".format(db_tmp_file)): - os.remove("{0}-journal".format(db_tmp_file)) - if os.path.exists(db_tmp_file): - os.remove(db_tmp_file) def db_file_names(d, year): year_url = d.getVar('FKIE_URL') + str(year) @@ -113,7 +12,7 @@ def db_file_names(d, year): json_url = year_url + ".json.xz" return json_url, meta_url -def update_db_file(db_tmp_file, d): +def update_db_file(db_tmp_file, d, *_): """ Update the given database file """ @@ -189,21 +88,6 @@ def update_db_file(db_tmp_file, d): conn.close() return True -def initialize_db(conn): - with conn: - c = conn.cursor() - - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ - VERSION_END TEXT, OPERATOR_END TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") - - c.close() def parse_node_and_insert(conn, node, cveId): # Parse children node if needed @@ -345,7 +229,3 @@ def update_db(conn, jsondata): # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing for node in config.get("nodes") or []: parse_node_and_insert(conn, node, cveId) - -do_fetch[nostamp] = "1" - -EXCLUDE_FROM_WORLD = "1" diff --git a/meta/recipes-core/meta/cve-update-native.inc b/meta/recipes-core/meta/cve-update-native.inc new file mode 100644 index 0000000000..298c89b498 --- /dev/null +++ b/meta/recipes-core/meta/cve-update-native.inc @@ -0,0 +1,127 @@ +# Common definitions for CVE database fetching native recipes +SUMMARY = "Updates the NVD CVE database" +LICENSE = "MIT" + +INHIBIT_DEFAULT_DEPS = "1" + +inherit native + +deltask do_patch +deltask do_configure +deltask do_compile +deltask do_install +deltask do_populate_sysroot + +# CVE database update interval, in seconds. By default: once a day (23*60*60). +# Use 0 to force the update +# Use a negative value to skip the update +CVE_DB_UPDATE_INTERVAL ?= "82800" + +CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK2/${CVE_CHECK_DB_FILENAME}" +CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock" +CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp" + +python() { + if not bb.data.inherits_class("cve-check", d): + raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") +} + +python do_fetch() { + """ + Update NVD database + """ + import bb.utils + import bb.progress + import shutil + + bb.utils.export_proxies(d) + + db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE") + db_dir = os.path.dirname(db_file) + db_tmp_file = d.getVar("CVE_CHECK_DB_TEMP_FILE") + + cleanup_db_download(db_tmp_file) + # By default let's update the whole database (since time 0) + database_time = 0 + + # The NVD database changes once a day, so no need to update more frequently + # Allow the user to force-update + try: + import time + update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) + if update_interval < 0: + bb.note("CVE database update skipped") + if not os.path.exists(db_file): + bb.error("CVE database %s not present, database fetch/update skipped" % db_file) + return + curr_time = time.time() + database_time = os.path.getmtime(db_file) + bb.note("Current time: %s; DB time: %s" % (time.ctime(curr_time), time.ctime(database_time))) + if curr_time < database_time: + bb.warn("Database time is in the future, force DB update") + database_time = 0 + elif curr_time - database_time < update_interval: + bb.note("CVE database recently updated, skipping") + return + + except OSError: + pass + + if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")): + bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or update") + + bb.utils.mkdirhier(db_dir) + bb.utils.mkdirhier(os.path.dirname(db_tmp_file)) + if os.path.exists(db_file): + shutil.copy2(db_file, db_tmp_file) + + if update_db_file(db_tmp_file, d, database_time): + # Update downloaded correctly, can swap files + shutil.move(db_tmp_file, db_file) + else: + # Update failed, do not modify the database + bb.warn("CVE database update failed") + os.remove(db_tmp_file) +} +do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}" +do_fetch[file-checksums] = "" +do_fetch[vardeps] = "" +do_fetch[nostamp] = "1" + +python do_unpack() { + import shutil + shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE")) +} +do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}" + +def cleanup_db_download(db_tmp_file): + """ + Cleanup the download space from possible failed downloads + """ + + # Clean-up the temporary file downloads, we can remove both journal + # and the temporary database + if os.path.exists("{0}-journal".format(db_tmp_file)): + os.remove("{0}-journal".format(db_tmp_file)) + if os.path.exists(db_tmp_file): + os.remove(db_tmp_file) + + +def initialize_db(conn): + with conn: + c = conn.cursor() + + c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") + + c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ + SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") + + c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ + VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ + VERSION_END TEXT, OPERATOR_END TEXT)") + c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") + + c.close() + + +EXCLUDE_FROM_WORLD = "1" diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index abcbcffcc6..01d3e8e754 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -1,18 +1,7 @@ -SUMMARY = "Updates the NVD CVE database" -LICENSE = "MIT" - # Important note: # This product uses the NVD API but is not endorsed or certified by the NVD. -INHIBIT_DEFAULT_DEPS = "1" - -inherit native - -deltask do_patch -deltask do_configure -deltask do_compile -deltask do_install -deltask do_populate_sysroot +require cve-update-native.inc NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" @@ -20,11 +9,6 @@ NVDCVE_URL ?= "https://services.nvd.nist.gov/rest/json/cves/2.0" # then setting this to get higher rate limits. NVDCVE_API_KEY ?= "" -# CVE database update interval, in seconds. By default: once a day (23*60*60). -# Use 0 to force the update -# Use a negative value to skip the update -CVE_DB_UPDATE_INTERVAL ?= "82800" - # CVE database incremental update age threshold, in seconds. If the database is # older than this threshold, do a full re-download, else, do an incremental # update. By default: the maximum allowed value from NVD: 120 days (120*24*60*60) @@ -34,95 +18,6 @@ CVE_DB_INCR_UPDATE_AGE_THRES ?= "10368000" # Number of attempts for each http query to nvd server before giving up CVE_DB_UPDATE_ATTEMPTS ?= "5" -CVE_CHECK_DB_DLDIR_FILE ?= "${DL_DIR}/CVE_CHECK2/${CVE_CHECK_DB_FILENAME}" -CVE_CHECK_DB_DLDIR_LOCK ?= "${CVE_CHECK_DB_DLDIR_FILE}.lock" -CVE_CHECK_DB_TEMP_FILE ?= "${CVE_CHECK_DB_FILE}.tmp" - -python () { - if not bb.data.inherits_class("cve-check", d): - raise bb.parse.SkipRecipe("Skip recipe when cve-check class is not loaded.") -} - -python do_fetch() { - """ - Update NVD database with API 2.0 - """ - import bb.utils - import bb.progress - import shutil - - bb.utils.export_proxies(d) - - db_file = d.getVar("CVE_CHECK_DB_DLDIR_FILE") - db_dir = os.path.dirname(db_file) - db_tmp_file = d.getVar("CVE_CHECK_DB_TEMP_FILE") - - cleanup_db_download(db_tmp_file) - # By default let's update the whole database (since time 0) - database_time = 0 - - # The NVD database changes once a day, so no need to update more frequently - # Allow the user to force-update - try: - import time - update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) - if update_interval < 0: - bb.note("CVE database update skipped") - if not os.path.exists(db_file): - bb.error("CVE database %s not present, database fetch/update skipped" % db_file) - return - curr_time = time.time() - database_time = os.path.getmtime(db_file) - bb.note("Current time: %s; DB time: %s" % (time.ctime(curr_time), time.ctime(database_time))) - if curr_time < database_time: - bb.warn("Database time is in the future, force DB update") - database_time = 0 - elif curr_time - database_time < update_interval: - bb.note("CVE database recently updated, skipping") - return - - except OSError: - pass - - if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")): - bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or update") - - bb.utils.mkdirhier(db_dir) - bb.utils.mkdirhier(os.path.dirname(db_tmp_file)) - if os.path.exists(db_file): - shutil.copy2(db_file, db_tmp_file) - - if update_db_file(db_tmp_file, d, database_time): - # Update downloaded correctly, can swap files - shutil.move(db_tmp_file, db_file) - else: - # Update failed, do not modify the database - bb.warn("CVE database update failed") - os.remove(db_tmp_file) -} - -do_fetch[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK}" -do_fetch[file-checksums] = "" -do_fetch[vardeps] = "" - -python do_unpack() { - import shutil - shutil.copyfile(d.getVar("CVE_CHECK_DB_DLDIR_FILE"), d.getVar("CVE_CHECK_DB_FILE")) -} -do_unpack[lockfiles] += "${CVE_CHECK_DB_DLDIR_LOCK} ${CVE_CHECK_DB_FILE_LOCK}" - -def cleanup_db_download(db_tmp_file): - """ - Cleanup the download space from possible failed downloads - """ - - # Clean-up the temporary file downloads, we can remove both journal - # and the temporary database - if os.path.exists("{0}-journal".format(db_tmp_file)): - os.remove("{0}-journal".format(db_tmp_file)) - if os.path.exists(db_tmp_file): - os.remove(db_tmp_file) - def nvd_request_wait(attempt, min_wait): return min(((2 * attempt) + min_wait), 30) @@ -251,21 +146,6 @@ def update_db_file(db_tmp_file, d, database_time): conn.close() return True -def initialize_db(conn): - with conn: - c = conn.cursor() - - c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ - SCOREV2 TEXT, SCOREV3 TEXT, SCOREV4 TEXT, MODIFIED INTEGER, VECTOR TEXT, VECTORSTRING TEXT)") - - c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \ - VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \ - VERSION_END TEXT, OPERATOR_END TEXT)") - c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);") - - c.close() def parse_node_and_insert(conn, node, cveId): @@ -388,7 +268,3 @@ def update_db(conn, elt): parse_node_and_insert(conn, node, cveId) except KeyError: bb.note("CVE %s has no configurations" % cveId) - -do_fetch[nostamp] = "1" - -EXCLUDE_FROM_WORLD = "1" From patchwork Mon Nov 3 14:31:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Niko Mauno X-Patchwork-Id: 73521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16445CCFA06 for ; Mon, 3 Nov 2025 14:32:22 +0000 (UTC) Received: from PA4PR04CU001.outbound.protection.outlook.com (PA4PR04CU001.outbound.protection.outlook.com [40.107.162.97]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.22259.1762180339875654168 for ; Mon, 03 Nov 2025 06:32:20 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com header.s=selector1 header.b=BVxpSNS8; spf=permerror, err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded (domain: vaisala.com, ip: 40.107.162.97, mailfrom: niko.mauno@vaisala.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lluG+ZiWFHioJWLtNynui13WitaTKN6c64wLYZstL/TZjUfZNbi/pJNku1N0wB39LEbLwFDmW8w7HtEyJnDGMY7JwybCnehTKxxfj6dhjrpqliBPvNlFtB011Snkzv3mhpEwChJOe1n3u0dJwUmlBVlGoP4MP3YCX07MkJzpSsO9+u1FF9xsnqWkucvPWubWJNC7kLqletQAE58xw2hIyB+qpbaE8F/hv8Q2B/jtbersqRbtals0S2X5ByhjlYkBlKUW0dknQzA0lLO/LHMjUBrzJ5injbm29ODN47EnOvrJUtwvs+uyyxp8EZ1YWwMQV2T73coQ2o4aULuqKgufNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7M0nXrtmMKZZ18RNZBIajlvwXXjRjOOR9qdlqhHyNo0=; b=ZA9c+R2X8/ATFRbHH/VXqmIEerzAagpulCHrkSbCJfcJxFURuKYoMHj2wD6e50FEOvjyoGNdXW/tuCrK35TWZgAcERAUQ+ulH2mvNss8QddV50c6/RuWvUvZRql12p0dJ40B1qW56fRWWjb7C0E9BjRrT0sVu8RHQ43ixJNhTpppX8/q3d7E2ZEVtYxKN4sMpzgShdcOB/D09E5gaByfh/U8+yBfLGJuC/Ej9EzF2Nk8ghVfSt5go4QOIv/Vcnbkb0YJT8u2BBob08L1bFbINtARMHmF5L4KqYpLyGWNehYD4tqE5+gD804xQbjd/9TyaWXqV30i+gncyj1+MgvLQw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com; dkim=pass header.d=vaisala.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7M0nXrtmMKZZ18RNZBIajlvwXXjRjOOR9qdlqhHyNo0=; b=BVxpSNS8zjnKNEK9UydpIENvyc/w5s5V89yIJFMdg74dGsOd8bv3F2S/V9BNQvo3kX1VJuLHMcaoaQxfVBaMYNeHTTPTHI9v/EW9SFtg36IKy1/t+NkLaqa2vl8g70jWw/0SjhrQqJ5qfehd1zsAHtuz5Xafzea5R+22osk94+ZG1nH9eIOJC9BcyegFfLUgoexA5zotpbTp2Lg0jgB8v59oxl/Ntdfp90GMYPyP0g4oXGE2rYZwnKyGDdDa2hwAy6LxjJiPWQw21QNzyDZLsZNlc9s2x0axG4yVz/QWTuqKATeWRX79AGhBpkX5NKyLRSjhIZCeUmXDedOIxX1xLw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vaisala.com; Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) by PAXPR06MB8407.eurprd06.prod.outlook.com (2603:10a6:102:22b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Mon, 3 Nov 2025 14:32:15 +0000 Received: from AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com ([fe80::af93:b150:b886:b2bc%5]) with mapi id 15.20.9275.015; Mon, 3 Nov 2025 14:32:15 +0000 From: Niko Mauno To: openembedded-core@lists.openembedded.org CC: ross.burton@arm.com, rybczynska@gmail.com, peter.marko@siemens.com, Niko Mauno Subject: [PATCH 5/5] cve-update: Keep mtime stamp in the database itself Date: Mon, 3 Nov 2025 14:31:57 +0000 Message-ID: <20251103143157.315178-5-niko.mauno@vaisala.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251103143157.315178-1-niko.mauno@vaisala.com> References: <20251103143157.315178-1-niko.mauno@vaisala.com> X-ClientProxiedBy: GV3P280CA0085.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::8) To AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|PAXPR06MB8407:EE_ X-MS-Office365-Filtering-Correlation-Id: 56083833-d437-4815-4784-08de1ae5c882 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: lnBoZKkfBv/V83NAQKWonIVyGIdnrumcsk79n6ZAkzDOIpJEsqmwNvDm2651bz8LPWGA+pahdBm6KHPA4YdIY6KmbApH6LXcTzcL5e66wSbpBx0WU+E4K4TZqrErvrPXzZrfmtVHSfZYzuSghWZvnYdnx0eoU4vjiVIbjvAsw7UV5tyiND3bRW9SCAhpADEcDdWx8Gg1eJEY9zJrWR3f40in5NPzHW80uKh333BV0LYjOPZI3d+3Vrl2RtXd6Bq8ohNzZq2r/1XpKB1KCP5Xanon/toZnrfiqHmSVpYL03BvfOWrGY6vPGC7Vmr8c31zCpOWDRF/bxSLpMcHLeprcJLpDPhCNoMmqp5tHr4RKqbfY3q/O9Hs2oChgoQwDWnVt4CtnYXEqnEvvn+qAnCZIAy9RYp1wDbijO5DzvizIh6dOJnVyFJFKyDydUT3DSP1prpKPKrMrhBZtjWqUn17wfq9zV2gi4w5esYzAiQ2pY8HeK/JSxtwJjH56qLhwathkNt0hSLb+WZFZhkNg2A/ZPu+t65G1VQdORx1SodxqVGD5wTc+/qyD6GtJaY3OHUd1TGUcNgoKEe/L7Fw5K45yjN0TFFR9PFdF9RFPj5f897VvsPNeu7qoJvm3kY2gn2vHkF9GHJzIOizfJCyoshDfkau6Vtru8SIyO0dE2t1CkTC6TroVy1nqyU7CGt5HQ28S3aMOrqFmsiL+odaGp+0XK61Rez/UBhNm3Oz8fgz8fpZ9ptm06rfI3sX0ikqKlM3XlZN+dO3JpC03B+zi03Tlbt5zwx8EvBH0/A4e8AKXlrKjhmJF5LWJY3E15TEgqt/zzQfGuBaK2DeMbzC1zo7OVEYqpaFGsviPpRNuzxEHc6jt1ksw6MQ0rdWUkhotps7RI7wAJMe8TZbWpFIKuDQOL+2zi3qFMCTi4ggU7bH4XdLSa+XXo/+/FiVmBG7DgZ+Jri+s+cMbIAckAdInMA0TcH56tHExaaUl2yXz/sKDkzRIL7JqhfMbGwyKtmhw0aiBUll0hB6AQStj9XuYMYDbgQsAHHhNsiYWcaYGHADIhPo7bn5AM9SNXG8bKxteVOJpQxjMphXZD7WVIp23WDAIKk2XR+5/UowvHkoTCjnZnB9yk+qk+6vrh/Oge2X3lbKdTtwcZlnycJJ+Qqnkz5npDChgjCrdiIgmoVdQC5gCVstW5RxhRJJGLwQBXFL7Fs9P/4UNhx++Tc/I3iRx9G30fBjYQUQo4TvIcQMYb2kZv8Rg+8F7t5HWd6DrhkjD6bA3Q9OoGL0+qhwwzgYCF39zJeuCcXyQHIh05YOE3/W67LoD/NGdNFmmv2IwTwxhCZelHOvvwWO5bBSC7JQki1VJuaKDBhqn2g+rtasaq8FanZuWwHAQosgYR/zZMU7BLErCZvLsgWe8Z4Skj3RETRAaEeN9gIVfAjuDtcX0WvbLGhOBlUBfkcrHwyzBjJ/7KivWgjE0F+CcjABmWs9XaldEH8HoRs9nYZ0TUvo2Y3T6k0i1I+QQWFvfe3L9LvkTvac X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: NHzfGd85eIOc3nw1k3UyuLOqkFTTb863a0G8DrcF7m78pmLj6OsXLdrr+QnrptBg1OQ3fZmQLO2Oq/pe6NxYhJBCFm1wV0JzopdcUPRFJ8NFkJ5HcIsQiiGbu/MlQLauDJtF+41ID7Otkg8VgYcFbiadjAd6qVpNewdeuClM+NUidZGhTQx69herqFoYhpj+8NAc+9JAj4olIvqn8FrzhulGnEsyt3lgtKHWTZpfBOXbrOl5Aov996Mk7V2IBtlNIwmwewJgoE21kO2/PE/37FwivTPXvK4HKWuiQd8HZurtOfv30E8B+hyUVXGRxfI/w4H7xEOQ7i9cbgdz9crWDXQIJwXnq0j7ZFrB6au92RM52xJxrM9Ne1WBPLAslNPCb26zJm9NyPBb/iqIYvNbuieLdJgh+8SPj4Ku+tGPKtMoQ+A8ovlQ1VQf5qeFccNWXWZWm2Oo2skocdV2hFqbw4BPQFS/S1M/mZH54VQOzOuRKLobJxGvwjhrsqL8q4UqfiADfsLd//WCTcif7+e4bY7oz+2xiLGFziD3j6MmWR6FtVQUqc49qmqrecGyWksd53WyhSrG5dV4EOrgtKMENvmNchnyEXwnjPr0jRjrAb30sl9bnfk/TZxapk5Siy209fq4q/cjrDaWKli7l7dT6bfwSi1CyCCIp1xpf1b3aTay+3j7/CpOBpDgTb7BFLUJKjwKrwWmlYbgULGKxCXZCfHIr2SpH4Gg/tGU7FRcy+C8dqK/KRb9rmYh/GorzSzmJ/Ryv22Igxm1bnfZu47wcQI/PKTjhkwprMS3To7cTggqtyMCkfJhrDWTsCIgvyxJjaNfQ01kJdtW8LXFA7phlcRh+/JC/KgDkVhorEANSAiUAIfbUyywWyE7VDyBXml4Wef5acrjA44DFRB/cbooC921AANRE9fKEbXjbseRRhc5P6jXCVVxpofCC2sjw+K92Uw2NJhezPjl+Hg0kxY6JaMV9KXwzduQVESzonCRiyj5WsEgNhxDQU9ODtcS1OGUf3MYB8zvtryGeyH0rH/V4g+YS8Sy/MK4YyzXLutHKghwab7PxPYIDKdGrMVbrRGaJg1dTT7fRyBtmZby1prAfRYAKnQFbaGutL3mWRPAkei/SiknXZOzPh8SWhIvDwI0i8L+xU6fmS7p1KhbYgJxbykrdq5wOOtVZOx7qhQYYHpQu3zDqk2VGANrXjp2GnxoV6/WMeaIYLCb4sUnpDIPBcIPtAPPFQnNYQ4Y0dkYAroSUQ8H4ZxLDJBAy65n0H+XEgdx/6r7cNQdWXmUq6csbMplOGydw9aReUJcFt4n/ZpiK2onjcDhnMJQgvpIeLmDpjgbASno2QsAqjUde5qN7iqWstwgdluJvENqB+rgPU4JXiC4C9gcSRhwouT6O2t2TrnVhI0OUZsQfkeRTo+UfjxXbyaI/MY85ue6TCtrJBQWzuXBQjHlLTd2Vx84hJ33TI6gMLLEyK2XqNxxe6zVeyQVRHB+eVQpovWZucLyTIXjIQVNaLAl4SYVyFc+9jhGVGVpbVEe4nepkNCc/Ex/a5dutBiJcAfaVcyxwUeeQW7ciIteM88dUoz2xknK0na/kXc5/wcEh65w94+eq+fkgQ== X-OriginatorOrg: vaisala.com X-MS-Exchange-CrossTenant-Network-Message-Id: 56083833-d437-4815-4784-08de1ae5c882 X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Nov 2025 14:32:15.3522 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 29jbAwFxl3CxCrlHG2gZRAomPNvW0MRx/dARL9AdDq02YXgkRu68pU4sOJH9Jb/KtXHSc7khRuWH1fyYFTirHw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR06MB8407 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Nov 2025 14:32:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225658 This should help to avoid problems that will occur if the modification time of database file itself is altered e.g. by unassociated process(es) on the file system which hosts the database file. Since this change updates the database structure by adding a new table, bump the 'minor' version number in database file names to enforce full database fetch. This should also iron out e.g. situation where the database might have inconspicuously omitted entries due to way in which the mtime of database file itself was relied upon. Signed-off-by: Niko Mauno --- meta/classes/cve-check.bbclass | 2 +- .../recipes-core/meta/cve-update-db-native.bb | 3 + meta/recipes-core/meta/cve-update-native.inc | 59 ++++++++++++------- .../meta/cve-update-nvd2-native.bb | 3 + 4 files changed, 46 insertions(+), 21 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 259c699af2..7252c4ecdc 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -35,7 +35,7 @@ CVE_VERSION ??= "${PV}" NVD_DB_VERSION ?= "FKIE" # Use different file names for each database source, as they synchronize at different moments, so may be slightly different -CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-2.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-1.db'}" +CVE_CHECK_DB_FILENAME ?= "${@'nvdcve_2-3.db' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'nvdfkie_1-2.db'}" CVE_CHECK_DB_FETCHER ?= "${@'cve-update-nvd2-native' if d.getVar('NVD_DB_VERSION') == 'NVD2' else 'cve-update-db-native'}" CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}" diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index ca83c80958..c1db67ce55 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb @@ -18,6 +18,7 @@ def update_db_file(db_tmp_file, d, *_): """ import bb.progress import bb.utils + import datetime from datetime import date import lzma import sqlite3 @@ -31,6 +32,7 @@ def update_db_file(db_tmp_file, d, *_): initialize_db(conn) with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f: + pre_update_utc_timestamp = datetime.datetime.now().astimezone(tz=datetime.timezone.utc) total_years = date.today().year + 1 - YEAR_START for i, year in enumerate(range(YEAR_START, date.today().year + 1)): bb.note("Updating %d" % year) @@ -82,6 +84,7 @@ def update_db_file(db_tmp_file, d, *_): bb.debug(2, "Already up to date (last modified %s)" % last_modified) # Update success, set the date to cve_check file. if year == date.today().year: + conn.execute("insert into MTIME values (?)", [pre_update_utc_timestamp.isoformat()]).close() cve_f.write('CVE database update : %s\n\n' % date.today()) conn.commit() diff --git a/meta/recipes-core/meta/cve-update-native.inc b/meta/recipes-core/meta/cve-update-native.inc index 298c89b498..2934f7ad07 100644 --- a/meta/recipes-core/meta/cve-update-native.inc +++ b/meta/recipes-core/meta/cve-update-native.inc @@ -33,6 +33,7 @@ python do_fetch() { import bb.utils import bb.progress import shutil + import time bb.utils.export_proxies(d) @@ -46,26 +47,24 @@ python do_fetch() { # The NVD database changes once a day, so no need to update more frequently # Allow the user to force-update - try: - import time - update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) - if update_interval < 0: - bb.note("CVE database update skipped") - if not os.path.exists(db_file): - bb.error("CVE database %s not present, database fetch/update skipped" % db_file) - return - curr_time = time.time() - database_time = os.path.getmtime(db_file) - bb.note("Current time: %s; DB time: %s" % (time.ctime(curr_time), time.ctime(database_time))) - if curr_time < database_time: - bb.warn("Database time is in the future, force DB update") - database_time = 0 - elif curr_time - database_time < update_interval: - bb.note("CVE database recently updated, skipping") - return - - except OSError: - pass + update_interval = int(d.getVar("CVE_DB_UPDATE_INTERVAL")) + if update_interval < 0: + bb.note("CVE database update skipped") + if not os.path.exists(db_file): + bb.error("CVE database %s not present, database fetch/update skipped" % db_file) + return + + if os.path.exists(db_file): + database_time = get_mtime_timestamp_from(db_file) + if database_time > 0: + curr_time = time.time() + bb.note("Current time: %s; DB time: %s" % (time.ctime(curr_time), time.ctime(database_time))) + if curr_time < database_time: + bb.warn("Database time is in the future, force DB update") + database_time = 0 + elif curr_time - database_time < update_interval: + bb.note("CVE database recently updated, skipping") + return if bb.utils.to_boolean(d.getVar("BB_NO_NETWORK")): bb.error("BB_NO_NETWORK attempted to disable fetch, this recipe uses CVE_DB_UPDATE_INTERVAL to control download, set to '-1' to disable fetch or update") @@ -107,10 +106,30 @@ def cleanup_db_download(db_tmp_file): os.remove(db_tmp_file) +def get_mtime_timestamp_from(db_file): + """ + Resolve the time when the CVE database was previously updated + """ + import datetime + import sqlite3 + + conn = sqlite3.connect(db_file) + curs = conn.cursor() + res = curs.execute("select TIMESTAMP from MTIME order by TIMESTAMP desc limit 1;") + latest = res.fetchone()[0] + latest = datetime.datetime.strptime(latest, '%Y-%m-%dT%H:%M:%S.%f+00:00') + latest = latest.astimezone(tz=datetime.timezone.utc) + curs.close() + conn.close() + return latest.timestamp() + + def initialize_db(conn): with conn: c = conn.cursor() + c.execute("CREATE TABLE IF NOT EXISTS MTIME (TIMESTAMP INT)") + c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)") c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \ diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 01d3e8e754..77d7408b16 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -72,6 +72,8 @@ def update_db_file(db_tmp_file, d, database_time): import sqlite3 import json + pre_update_utc_timestamp = datetime.datetime.now().astimezone(tz=datetime.timezone.utc) + # Connect to database conn = sqlite3.connect(db_tmp_file) initialize_db(conn) @@ -141,6 +143,7 @@ def update_db_file(db_tmp_file, d, database_time): # Update success, set the date to cve_check file. cve_f.write('CVE database update : %s\n\n' % datetime.date.today()) + conn.execute("insert into MTIME values (?)", [pre_update_utc_timestamp.isoformat()]).close() conn.commit() conn.close()