Inconsistent database versions returned when using Microsoft.EntityFrameworkCore.Sqlite.Core(5.0.0) and Microsoft.Data.Sqlite(5.0.0)

dotnet / efcore

EF Core is a modern object-database mapper for .NET. It supports LINQ queries, change tracking, updates, and schema migrations.

https://docs.microsoft.com/ef/

MIT License

13.79k stars 3.19k forks source link

Inconsistent database versions returned when using Microsoft.EntityFrameworkCore.Sqlite.Core(5.0.0) and Microsoft.Data.Sqlite(5.0.0) #23552

Closed jacobkochekkan closed 2 years ago

jacobkochekkan commented 3 years ago

I create a project that has nuget package : Microsoft.EntityFrameworkCore.Sqlite.Core(5.0.0), I then run the code snippet to get the database version 3.28.0.

SqliteConnection connection = new SqliteConnection(this.connectionString); string stm = "SELECT SQLITE_VERSION()"; connection.Open(); using var cmd = new SqliteCommand(stm, connection); string version = cmd.ExecuteScalar().ToString();

I create another project and this time uses nuget package Microsoft.Data.Sqlite(5.0.0) and run the above code snippet. I get the database version as 3.33.

Question 1: I thought that internally Microsoft.EntityFrameworkCore.Sqlite.Core used Microsoft.Data.Sqlite. Is my assumption correct? If yes, then why are they resulting in creating databases with different versions?

Question 2 : Sqlite version 3.3 has this vulnerability that has been fixed in Sqlite version 3.34. When can we expect that to be packaged in Microsoft.EntityFrameworkCore.Sqlite.Core?

Question 3: Can we expect update to nuget package Microsoft.EntityFrameworkCore.Sqlite.Core(3.1.*) that would create a Sqlite database of version 3.34?

ajcvickers commented 3 years ago

@jacobkochekkan I am not able to reproduce this. I get 3.33 regardless of which package I reference. My code and project are below. Could you post the csproj file where you are seeing the 3.28 version?

With regard to updating, we generally update once @ericsink releases a new https://github.com/ericsink/SQLitePCL.raw. /cc @bricelam

public class Program
{
    public static void Main()
    {
        SqliteConnection connection = new SqliteConnection("Data Source = test.db");
        string stm = "SELECT SQLITE_VERSION()";
        connection.Open();
        using var cmd = new SqliteCommand(stm, connection);
        Console.WriteLine(cmd.ExecuteScalar().ToString());
    }
}

And my project is this:

<Project Sdk="Microsoft.NET.Sdk">

    <PropertyGroup>
        <OutputType>Exe</OutputType>
        <TargetFramework>netcoreapp3.1</TargetFramework>
        <RootNamespace />
    </PropertyGroup>
        <ItemGroup>
            <PackageReference Include="Microsoft.Data.Sqlite" Version="5.0.0" />
<!--            <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="5.0.0" />-->
        </ItemGroup>

</Project>

jacobkochekkan commented 3 years ago

A small correction from my end.. I am uusing "Microsoft.EntityFrameworkCore.Sqlite.Core(5.0.0).The below is my project file. @ajcvickers : Could you try with the same:

<Project Sdk="Microsoft.NET.Sdk"> <PropertyGroup> <TargetFramework>netstandard2.1</TargetFramework> </PropertyGroup> <ItemGroup> <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="5.0.0"> <PrivateAssets>all</PrivateAssets> <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> </PackageReference> <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite.Core" Version="5.0.0" /> <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="5.0.0"> <PrivateAssets>all</PrivateAssets> <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> </PackageReference> <PackageReference Include="SQLitePCLRaw.bundle_e_sqlcipher" Version="2.0.4" /> </ItemGroup> </Project>

FYI : I am encrypting my database string as well.

ajcvickers commented 3 years ago

@ericsink @bricelam SQLitePCLRaw.bundle_e_sqlcipher is reporting SQLite version 3.28.0. Is this expected?

ericsink commented 3 years ago

"SQLitePCLRaw.bundle_e_sqlcipher is reporting SQLite version 3.28.0. Is this expected?"

Yes. Not ideal, but expected.

jacobkochekkan commented 3 years ago

@ericsink : Just wanted to understand why this is expected . Could you further explain?

ericsink commented 3 years ago

I just meant that the current e_sqlcipher builds are in fact based on SQLite 3.28.0.

ajcvickers commented 3 years ago

Thanks @ericsink.

@jacobkochekkan we will update Microsoft.Data.Sqlite to use the latest packages when they are published. The infrastructure in SQLitePCLRaw allows you to supply your own native SQLite library, or use one installed on your OS. Consider using one of these options if you need a newer version than the bundled one.

bricelam commented 3 years ago

See Custom SQLite versions in the Microsoft.Data.Sqlite docs for some more details.

sjlombardo commented 3 years ago

@jacobkochekkan as an alternative, you can get the latest version of SQLCipher 4.4.2 based on SQLite 3.33 directly from Zetetic via Commercial Edition Licensing. It is always kept up to date with the latest SQLCipher releases. It's easily usable with Microsoft.EntityFrameworkCore.Sqlite.Core and Microsoft.Data.Sqlite.Core via SQLitePCLRaw.bundle_zetetic.