Skip to content

v1.5.0 and v1.5.1 "ruby" platform gem packages vendor an unexpected version of sqlite #351

@flavorjones

Description

@flavorjones

the problem

Versions 1.5.0 and 1.5.1 of the vanilla "ruby" platform package contain ports/archives/sqlite-autoconf-3380500.tar.gz instead of ports/archives/sqlite-autoconf-3390300.tar.gz and ports/archives/sqlite-autoconf-3390400.tar.gz, respectively.

The impact of this is that extconf.rb, when run at installation time, will download the correct tarball from sqlite.org rather than use the (incorrect) tarball that is vendored in the gem package. For most users this is probably fine, but if networking is flaky or unavailable on the target system, this will cause the gem to fail to install

the diagnosis

This is happening because the rake tasks that package the gem use an imprecise glob pattern to grab the tarball from ports/archives:

https://github.com/sparklemotion/sqlite3-ruby/blob/master/rakelib/native.rake#L43-L49

I happen have tarballs for the last few versions of sqlite on my development system where I package the gem, and the wrong file has been picked for these two versions.

I didn't catch this because the script bin/test-gem-file-contents currently only asserts on the existence of a sqlite tarball, and not on the precise file name (which includes the version string).

actions

  • This rake task should always use the same version that extconf.rb uses to build the precompiled native gem. Likely we should extract the mini_portile recipe info into an external config file that can be used by both extconf.rb and native.rake.
  • The script bin/test-gem-file-contents should be updated to verify that the expected tarball is present.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions