chore: upgrade bundled SQLCipher and restore source-build fallback

- update the vendored SQLCipher amalgamation to 4.14.0 / SQLite 3.51.3
- add required SQLCipher init/shutdown build defines
- switch macOS builds from vendored OpenSSL to CommonCrypto
- restore runtime fallback from prebuilt binaries to local source builds
- publish the native sources needed for downstream rebuilds
- reduce published binaries to N-API 6 and trim legacy CI/docs

Author: wessels2

.circleci/config.yml

@@ -113,7 +113,7 @@ aliases:
       - checkout
       - run: |
           export HOMEBREW_NO_AUTO_UPDATE=1
-          brew install git-lfs openssl@1.1 || true
+          brew install git-lfs || true
       - run: git lfs install
       - run: git lfs pull
       - run:
@@ -151,7 +151,7 @@ aliases:
       - checkout
       - run: |
           export HOMEBREW_NO_AUTO_UPDATE=1
-          brew install git-lfs openssl@1.1 || true
+          brew install git-lfs || true
       - run: git lfs install
       - run: git lfs pull
       - run:
@@ -233,21 +233,6 @@ jobs:
     docker:
       - image: circleci/node:16.9.1-stretch
 
-  build-14:
-    <<: *common-build
-    docker:
-      - image: circleci/node:14.11.0-stretch
-
-  build-12:
-    <<: *common-build
-    docker:
-      - image: circleci/node:12.6.0-stretch
-
-  build-10:
-    <<: *common-build
-    docker:
-      - image: circleci/node:10.16.0-stretch
-
   # Node version should match electron's node version.
   # See https://github.com/mapbox/node-sqlite3/pull/1367
   build-electron-16:
@@ -257,48 +242,6 @@ jobs:
     environment:
       ELECTRON_VERSION: "16.0.2"
 
-  build-electron-11:
-    <<: *common-electron-linux
-    docker:
-      - image: circleci/node:12.18.3-stretch
-    environment:
-      ELECTRON_VERSION: "11.2.3"
-
-  build-electron-10:
-    <<: *common-electron-linux
-    docker:
-      - image: circleci/node:12.16.3-stretch
-    environment:
-      ELECTRON_VERSION: "10.3.2"
-
-  build-electron-9:
-    <<: *common-electron-linux
-    docker:
-      - image: circleci/node:12.14.1-stretch
-    environment:
-      ELECTRON_VERSION: "9.3.1"
-
-  build-electron-8:
-    <<: *common-electron-linux
-    docker:
-      - image: circleci/node:12.13.0-stretch
-    environment:
-      ELECTRON_VERSION: "8.5.2"
-
-  build-electron-7:
-    <<: *common-electron-linux
-    docker:
-      - image: circleci/node:12.8.1-stretch
-    environment:
-      ELECTRON_VERSION: "7.1.14"
-
-  build-electron-6:
-    <<: *common-electron-linux
-    docker:
-      - image: circleci/node:12.6.0-stretch # Issues with 12.4.0
-    environment:
-      ELECTRON_VERSION: "6.1.9"
-
 
   build-macos-16:
     <<: *common-macos
@@ -316,63 +259,10 @@ jobs:
       BUILD_ARM64: true
       SKIP_TEST: true
 
-  build-macos-14:
-    <<: *common-macos
-    environment:
-      NODE_VERSION: "14.11.0"
-      ELECTRON_VERSION: "11.2.3"
-
-  build-macos-12:
-    <<: *common-macos
-    environment:
-      NODE_VERSION: "12.6.0"
-
-  build-macos-10:
-    <<: *common-macos
-    environment:
-      NODE_VERSION: "10.16.0"
-
   # NODE_VERSION should match electron's node version.
   # See https://github.com/mapbox/node-sqlite3/pull/1367
 
-  build-macos-electron-11:
-    <<: *common-electron-macos
-    environment:
-      ELECTRON_VERSION: "11.2.3"
-      NODE_VERSION: "12.18.3"
-
-  build-macos-electron-10:
-    <<: *common-electron-macos
-    environment:
-      ELECTRON_VERSION: "10.3.2"
-      NODE_VERSION: "12.16.3"
-
-  build-macos-electron-9:
-    <<: *common-electron-macos
-    environment:
-      ELECTRON_VERSION: "9.3.1"
-      NODE_VERSION: "12.14.1"
-
-  build-macos-electron-8:
-    <<: *common-electron-macos
-    environment:
-      ELECTRON_VERSION: "8.5.2"
-      NODE_VERSION: "12.13.0"
-
-  build-macos-electron-7:
-    <<: *common-electron-macos
-    environment:
-      ELECTRON_VERSION: "7.1.14"
-      NODE_VERSION: "12.8.1"
-
-  build-macos-electron-6:
-    <<: *common-electron-macos
-    environment:
-      ELECTRON_VERSION: "6.1.9"
-      # Issues with 12.4.0
-      NODE_VERSION: "12.6.0"
-
-  # Node 14 - build NAPI 3 and 6
+  # Build the published N-API 6 binaries
   windows-16_x86:
     <<: *common-windows
     environment:
@@ -406,27 +296,9 @@ workflows:
   build_all:
     jobs:
       - build-16
-      - build-14
-      - build-12
-      - build-10
       - build-electron-16
-      - build-electron-11
-      # - build-electron-10 # Segfaults on electron-mocha
-      - build-electron-9
-      - build-electron-8
-      - build-electron-7
-      - build-electron-6
       - build-macos-16-arm64
       - build-macos-16
-      - build-macos-14
-      - build-macos-12
-      - build-macos-10
-      - build-macos-electron-11
-      # - build-macos-electron-10 # Segfaults on electron-mocha
-      - build-macos-electron-9
-      - build-macos-electron-8
-      - build-macos-electron-7
-      - build-macos-electron-6
       - windows-16_x86
       - windows-16_x64
       - windows-16_arm64

README.md

@@ -1,14 +1,14 @@
 Fork of [node-sqlite3](https://github.com/mapbox/node-sqlite3), modified to use [SQLCipher](https://www.zetetic.net/sqlcipher/).
 
-While the `node-sqlite3` project does include support for compiling against sqlcipher, it requires manual work, and does not work out-of-the-box on Electron on Windows. This fork changes the default configuration to bundle SQLCipher directly, as well as OpenSSL where required.
+This fork bundles SQLCipher directly and now supports rebuilding from source again when no matching prebuilt binary is available.
 
 ## Supported platforms
 
-Binaries are built against N-API 3 and 6, on MacOS, Windows (ia32 and x64) and Linux (x64).
+Published binaries are built against N-API 6.
 
-Node 10+ and Electron 6+ is supported.
+Older N-API 3 binaries are no longer published.
 
-Other platforms/architectures may work by building from source - see the section below.
+If no matching binary is available for your platform or runtime, the published package includes the native sources needed to rebuild from source.
 
 # Installation
 
@@ -49,25 +49,27 @@ db.close();
 
 # SQLCipher
 
-A copy of the source for SQLCipher 4.4.2 is bundled, which is based on SQLite 3.33.0.
+A copy of the source for SQLCipher 4.14.0 is bundled, which is based on SQLite 3.51.3.
 
 ## Building from source.
 
-Building from source when installing the package is only supported up to version 5.2.0.
+Building from source when installing the package is supported again.
 
-The two pre-built versions (N-API 3 and N-API 6) cover all electron and node versions, so building from source should
-not be required.
+The published tarball includes `binding.gyp`, `deps/`, and `src/` so that `npm install --build-from-source`, `node-gyp rebuild`, and rebuild tools such as `electron-rebuild` can compile the addon when needed.
+
+Platform notes:
+
+1. macOS uses SQLCipher's CommonCrypto provider via `Security.framework` and does not require Homebrew `openssl@1.1`.
+2. Linux links against the system `libcrypto`.
+3. Windows release binaries continue to use vendored static OpenSSL artifacts from `deps/`.
 
 ## Usage with electron-forge / electron-rebuild
 
-[electron-forge](https://www.electronforge.io/) uses [electron-rebuild](https://github.com/electron/electron-rebuild) and attempts to rebuild this library from source by default, in a way
-that is _not_ compatible with the way `node-pre-gyp` is used here.
+[electron-forge](https://www.electronforge.io/) uses [electron-rebuild](https://github.com/electron/electron-rebuild) and will rebuild native modules from source by default.
+
+That rebuild path is now supported by the published package. If a matching prebuilt binary exists you can still skip rebuilding this module to speed up install times, but it is no longer required as a workaround.
 
-The workaround is to disable the rebuilding:
-1. If using Electron 11+, use a node version that supports N-API 6+ (v10.20.0+ / v12.17.0+ / v14.0.0).
-2. After `npm install` / `yarn install`, make sure that the folder `node_modules/@journeyapps/sqlcipher/lib/binding/napi-v6-linux-x64` exists.
-   If not, check the previous step again, remove the `node_modules` folder, and try again.
-3. Disable rebuilding of this library using the `onlyModules` option of `electron-rebuild` in your `package.json`:
+To skip rebuilding when a matching prebuilt binary is already present, disable rebuilding of this library using the `onlyModules` option of `electron-rebuild` in your `package.json`:
 
         "config": {
             "forge": {
@@ -77,18 +79,17 @@ The workaround is to disable the rebuilding:
             }
         }
 
-Note: [electron-builder](https://www.electron.build/) does not appear to have this issue, and should work directly.
-Similarly, using electron directly should just work, but do check that a compatible node version is used (see above). 
+Note: [electron-builder](https://www.electron.build/) should continue to work directly.
 
 ## OpenSSL
 
 SQLCipher depends on OpenSSL.
 
-For Windows, we bundle OpenSSL 1.1.1i. Binaries are generated using [vckpg](https://github.com/microsoft/vcpkg) (e.g., `.\vcpkg\vcpkg install openssl:x64-windows-static`).
+On macOS we use CommonCrypto instead of a vendored OpenSSL build.
 
-On Mac we bundle OpenSSL 1.1.1l.
+On Linux we dynamically link against the system OpenSSL / `libcrypto`.
 
-On Linux we dynamically link against the system OpenSSL.
+For Windows release binaries we keep static OpenSSL artifacts in `deps/`. These can be refreshed with [vcpkg](https://github.com/microsoft/vcpkg) via `deps/openssl-windows.bat`.
 
 # API
 

SQLCipher.md

@@ -4,20 +4,17 @@
 
 ## Step 1: Get the SQLCipher source
 
-Clone the sqlcipher repo, and build the amalgamation source.
+Start from an official SQLCipher release tarball or a release tag, then build the amalgamation source.
 
 ```
-git clone git@github.com:sqlcipher/sqlcipher.git
-cd sqlcipher
-./configure
+curl -L https://github.com/sqlcipher/sqlcipher/archive/refs/tags/v4.14.0.tar.gz -o sqlcipher.tar.gz
+tar xf sqlcipher.tar.gz
+cd sqlcipher-4.14.0
+./configure --enable-all --disable-tcl
 make sqlite3.c
-
-VERSION=3031000
-mkdir sqlcipher-amalgamation-$VERSION
-cp sqlite3.c sqlite3.h shell.c sqlite3ext.h VERSION sqlcipher-amalgamation-$VERSION/
 ```
 
-The above produces 4 files of interest:
+The build produces the files we vendor in `deps/sqlcipher-amalgamation`:
 
 ```
 sqlite3.c
@@ -27,33 +24,31 @@ sqlite3ext.h
 VERSION # rename to VERSION.txt
 ```
 
-Copy these files to: `deps/sqlcipher-amalgamation`.
+Copy these files into `deps/sqlcipher-amalgamation`, renaming `VERSION` to `VERSION.txt`.
 
 ## Step 2: Get OpenSSL libraries
 
-NodeJS typically includes OpenSSL. However, to support Electron, we statically link against libcrypto from OpenSSL.
+macOS no longer vendors OpenSSL in this repository. It uses SQLCipher's CommonCrypto provider through `Security.framework`.
+
+Linux links against the system `libcrypto`.
+
+Windows release binaries still vendor static OpenSSL artifacts because they are needed at compile time for rebuilds and published prebuilds.
 
-Run the following commands to generate the latest OpenSSL libs for Windows:
+Run the following command on Windows to regenerate the vendored headers and static libraries:
 
 ```
 cd deps
 .\openssl-windows.bat
 ```
 
-... this will output the libs in `deps/` (OpenSSL-WinXX), including the header files in `deps/openssl-include`. Every arch-specific folder includes these binaries:
-
-```
-libcrypto.lib
-libssl.lib
-ossl_static.pdb
-```
+This will refresh the files in `deps/OpenSSL-Win32`, `deps/OpenSSL-Win64`, `deps/OpenSSL-Win64-ARM`, and `deps/openssl-include`.
 
 ## Step 3: Test the build
 
 Run:
 
 ```sh
-./node_modules/.bin/node-pre-gyp install --build-from-source
+./node_modules/.bin/node-gyp rebuild
 ```
 
 Then run the tests:
@@ -62,13 +57,20 @@ Then run the tests:
 npm run test
 ```
 
+If you want to verify the source-build fallback path specifically, temporarily move the matching prebuilt binary out of `lib/binding/` and rerun the tests.
+
 
 # Notes
 
-The OpenSSL files are specifically required for Electron, which doesn't bundle OpenSSL like NodeJS does. The header and .lib files are required at compile-time. We bundle a statically-linked version of OpenSSL with the library, so the user does not need to manually install OpenSSL.
+This repository now builds SQLCipher with:
+
+* `SQLITE_HAS_CODEC`
+* `SQLITE_EXTRA_INIT=sqlcipher_extra_init`
+* `SQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown`
+* `SQLITE_TEMP_STORE=2`
 
 `deps/sqlite3.gyp` has been modified from the original node-sqlite3 one to:
- * Use the bundled OpenSSL on Windows and MacOS.
+ * Use CommonCrypto on macOS.
+ * Use the vendored Windows OpenSSL headers and static libraries for Windows release binaries.
  * Add additional define statements required by SQLCipher.
 
-

binding.gyp

@@ -2,7 +2,8 @@
   "includes": [ "deps/common-sqlite.gypi" ],
   "variables": {
       "sqlite%":"internal",
-      "sqlite_libname%":"sqlite3"
+      "sqlite_libname%":"sqlite3",
+      "module_name%":"node_sqlite3"
   },
   "targets": [
     {
@@ -50,17 +51,6 @@
         "src/statement.cc"
       ],
       "defines": [ "NAPI_VERSION=<(napi_build_version)", "NAPI_DISABLE_CPP_EXCEPTIONS=1" ]
-    },
-    {
-      "target_name": "action_after_build",
-      "type": "none",
-      "dependencies": [ "<(module_name)" ],
-      "copies": [
-          {
-            "files": [ "<(PRODUCT_DIR)/<(module_name).node" ],
-            "destination": "<(module_path)"
-          }
-      ]
     }
   ]
 }

deps/sqlcipher-amalgamation/VERSION.txt

@@ -1 +1 @@
-3.33.0
+3.51.3