Skip to content

Conversation

gpshead
Copy link
Member

@gpshead gpshead commented Jul 27, 2025


Draft mode as this PR is probably only a start at the moment. I expect I've missed some bits and I think we need the macOS, Windows, and Android release builders to weigh in and confirm stuff works.

Two separate news entries per platform is odd, Android didn't get a news mention - we might want to rethink our categories for this kind of update? I was mirroring what I saw done for the 3.49.1 update.

@gpshead
Copy link
Member Author

gpshead commented Jul 27, 2025

I believe I pushed the SQLite 3.50.3 sources to https://github.com/python/cpython-source-deps/releases/tag/sqlite-3.50.3.0 properly.

@mhsmith
Copy link
Member

mhsmith commented Jul 28, 2025

I've added builds of this version to https://github.com/beeware/cpython-android-source-deps.

@mhsmith
Copy link
Member

mhsmith commented Jul 28, 2025

!buildbot android

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @mhsmith for commit c69125d 🤖

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F137135%2Fmerge

The command will test the builders whose names match following regular expression: android

The builders matched are:

  • aarch64 Android PR
  • AMD64 Android PR

@zware
Copy link
Member

zware commented Jul 28, 2025

I believe I pushed the SQLite 3.50.3 sources to https://github.com/python/cpython-source-deps/releases/tag/sqlite-3.50.3.0 properly.

Somehow the sqlite branch head and the sqlite-3.50.3.0 tag refer to different commits that differ only in CommitDate. Other than that, either commit does the update correctly.

Oh, except that both branch from the sqlite-3.45.3.0 tag, not from sqlite-3.49.1.0 :(

@gpshead
Copy link
Member Author

gpshead commented Jul 29, 2025

except that both branch from the sqlite-3.45.3.0 tag, not from sqlite-3.49.1.0 :(

I don't think this matters? at least not any more so than it not mattering the past few updates? All the sqlite- tags since that 3.45.3.0 one are in a similar state. I think this is due to people using a fork to push to initially? the commits "don't appear in this repository" which I think is GH for they're identified as being in a fork's repo? (GH repos are a unified hash namespace across all forks) A little confusing to me how github manages such a weird state of a tag in a repo who's commit claims not to be.

in my own fork i probably re-pushed my branch after fixing the commit signing after getting that setup in order to follow the instructions that wanted a signed tag. (my tag was signed regardless)

@zware
Copy link
Member

zware commented Jul 29, 2025

Right, the tag is an accurate representation of sqlite 3.50.3.0, the history is just messier than ideal (and I'm not sure when it started to go awry, or how). It's probably not worth trying to fix, but ideally we should try to straighten it out for the future next time around, or figure out some light automation.

The GitHub "commit doesn't exist" message seems to be just that the commit is not in the history of any named branch in the repository; see for example https://github.com/python/cpython/tree/2.7 where the 2.7 tag replaced the 2.7 branch.

Copy link
Member

@zware zware left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the trailing newline issue on Misc/externals.spdx.json that CI is complaining about (fixed by make regen-sbom), LGTM.

@gpshead gpshead marked this pull request as ready for review August 1, 2025 18:09
gpshead and others added 2 commits August 1, 2025 18:12
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
@gpshead gpshead added the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label Aug 1, 2025
@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @gpshead for commit 6232726 🤖

Results will be shown at:

https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F137135%2Fmerge

If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again.

@bedevere-bot bedevere-bot removed the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label Aug 1, 2025
@ned-deily
Copy link
Member

Note, SQLite 3.50.4 is now current.

Also, thanks, @gpshead, for the code to handle more hash types in the macOS installer build. But I would prefer to separate that out as a separate PR not related to SQLite. I'll do that shortly and update this PR.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@gpshead gpshead changed the title gh-137134: Update SQLite to 3.50.3 for binary releases gh-137134: Update SQLite to 3.50.4 for binary releases Aug 1, 2025
@miss-islington-app
Copy link

Thanks @gpshead for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Thanks @gpshead for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

@miss-islington-app
Copy link

Thanks @gpshead for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Sorry, @gpshead, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 532c37695d03f84fc6d12f891d26b901ef402ac4 3.11

@miss-islington-app
Copy link

Sorry, @gpshead, I could not cleanly backport this to 3.9 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 532c37695d03f84fc6d12f891d26b901ef402ac4 3.9

@miss-islington-app
Copy link

Sorry, @gpshead, I could not cleanly backport this to 3.12 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 532c37695d03f84fc6d12f891d26b901ef402ac4 3.12

@miss-islington-app
Copy link

Sorry, @gpshead, I could not cleanly backport this to 3.10 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 532c37695d03f84fc6d12f891d26b901ef402ac4 3.10

@miss-islington-app
Copy link

Sorry, @gpshead, I could not cleanly backport this to 3.13 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 532c37695d03f84fc6d12f891d26b901ef402ac4 3.13

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Aug 5, 2025
…H-137135)

* Update SQLite to 3.50.3 for binary releases.
* macOS and Windows news entries. what about Android?
* update sbom hash
* newline fix via regen-sbom
* news wording
* Update SQLite to 3.50.4 for binary releases.
* update 3.50.4.0.tar.gz hash in sbom & regen-sbom to fix whitespace
* Postpone to a separate PR the build-installer changes to support additional hash types
(cherry picked from commit 532c376)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ned Deily <nad@python.org>
@gpshead
Copy link
Member Author

gpshead commented Aug 5, 2025

(actually unsure if any backport will automatically succeed given the sbom?)

@bedevere-app
Copy link

bedevere-app bot commented Aug 5, 2025

GH-137436 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Aug 5, 2025
@gpshead gpshead added the type-security A security issue label Aug 5, 2025
hugovk pushed a commit to hugovk/cpython that referenced this pull request Aug 6, 2025
…H-137135)

* Update SQLite to 3.50.3 for binary releases.
* macOS and Windows news entries. what about Android?
* update sbom hash
* newline fix via regen-sbom
* news wording
* Update SQLite to 3.50.4 for binary releases.
* update 3.50.4.0.tar.gz hash in sbom & regen-sbom to fix whitespace
* Postpone to a separate PR the build-installer changes to support additional hash types

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ned Deily <nad@python.org>
(cherry picked from commit 532c376)
@bedevere-app
Copy link

bedevere-app bot commented Aug 6, 2025

GH-137455 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Aug 6, 2025
@bedevere-app
Copy link

bedevere-app bot commented Aug 6, 2025

GH-137457 is a backport of this pull request to the 3.11 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.11 only security fixes label Aug 6, 2025
hugovk pushed a commit to hugovk/cpython that referenced this pull request Aug 6, 2025
…ythonGH-137135)

* Update SQLite to 3.50.3 for binary releases.
* macOS and Windows news entries. what about Android?
* update sbom hash
* newline fix via regen-sbom
* news wording
* Update SQLite to 3.50.4 for binary releases.
* update 3.50.4.0.tar.gz hash in sbom & regen-sbom to fix whitespace
* Postpone to a separate PR the build-installer changes to support additional hash types
(cherry picked from commit 532c376)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ned Deily <nad@python.org>
@bedevere-app
Copy link

bedevere-app bot commented Aug 6, 2025

GH-137458 is a backport of this pull request to the 3.12 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.12 only security fixes label Aug 6, 2025
@bedevere-app
Copy link

bedevere-app bot commented Aug 6, 2025

GH-137459 is a backport of this pull request to the 3.10 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.10 only security fixes label Aug 6, 2025
@bedevere-app
Copy link

bedevere-app bot commented Aug 6, 2025

GH-137462 is a backport of this pull request to the 3.9 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.9 only security fixes label Aug 6, 2025
@hugovk
Copy link
Member

hugovk commented Aug 6, 2025

(actually unsure if any backport will automatically succeed given the sbom?)

Yeah, that and android.py, and also some of the older branches having 3.37 or 3.40 or 3.45, and this PR trying to change 3.49 to 3.50.

hugovk pushed a commit that referenced this pull request Aug 6, 2025
) (#137436)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ned Deily <nad@python.org>
Yhg1s pushed a commit that referenced this pull request Aug 6, 2025
) (#137455)

gh-137134: Update SQLite to 3.50.4 for binary releases (GH-137135)

* Update SQLite to 3.50.3 for binary releases.
* macOS and Windows news entries. what about Android?
* update sbom hash
* newline fix via regen-sbom
* news wording
* Update SQLite to 3.50.4 for binary releases.
* update 3.50.4.0.tar.gz hash in sbom & regen-sbom to fix whitespace
* Postpone to a separate PR the build-installer changes to support additional hash types




(cherry picked from commit 532c376)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ned Deily <nad@python.org>
Agent-Hellboy pushed a commit to Agent-Hellboy/cpython that referenced this pull request Aug 19, 2025
…H-137135)

* Update SQLite to 3.50.3 for binary releases.
* macOS and Windows news entries. what about Android?
* update sbom hash
* newline fix via regen-sbom
* news wording
* Update SQLite to 3.50.4 for binary releases.
* update 3.50.4.0.tar.gz hash in sbom & regen-sbom to fix whitespace
* Postpone to a separate PR the build-installer changes to support additional hash types

Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ned Deily <nad@python.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type-security A security issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants