sarman/tftsr-devops_investigation
1
0
Fork 0
Code Issues 1 Pull Requests Actions 34 Packages Projects 3 Releases 9 Wiki Activity
1e5284d4e0
tftsr-devops_investigation/src-tauri/src/db/connection.rs
Shaun Arman 1e5284d4e0
Some checks failed
Test / rust-fmt-check (push) Successful in 1m6s
Details
Test / rust-clippy (push) Successful in 7m13s
Details
Test / rust-tests (push) Successful in 9m3s
Details
Test / frontend-typecheck (push) Successful in 3m29s
Details
Test / frontend-tests (push) Successful in 1m27s
Details
Release / build-windows-amd64 (push) Has been cancelled
Details
Release / build-linux-amd64 (push) Has been cancelled
Details
Release / build-linux-arm64 (push) Has been cancelled
Details
fix: remove unused tauri-plugin-updater + SQLCipher 16KB page size 
Two startup crashes on first-party Tauri plugin init:
- tauri-plugin-updater registered with no plugins.updater config → removed
- tauri-plugin-cli was already removed in a prior commit

SQLCipher page size fix:
- cipher_page_size 4096 → 16384
- 4KB SQLCipher pages cause malloc() failures on Linux kernels with
  16KB page size (Asahi Linux aarch64+16k, Apple Silicon)
- 16384 is a valid page size that works on both 4KB and 16KB page kernels
- New installs get a 16KB-page database; existing 4KB-page DBs must
  be deleted for the new page size to take effect

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 20:12:15 -05:00

42 lines
1.3 KiB
Rust
Raw Blame History

use rusqlite::Connection;
use std::path::Path;
pub fn open_encrypted_db(path: &Path, key: &str) -> anyhow::Result<Connection> {
let conn = Connection::open(path)?;
// Set SQLCipher encryption key
conn.execute_batch(&format!("PRAGMA key = '{}';", key.replace('\'', "''")))?;
// Verify the key works by running a simple query
conn.execute_batch("SELECT count(*) FROM sqlite_master;")?;
// Set SQLCipher settings for AES-256
conn.execute_batch(
"PRAGMA cipher_page_size = 16384; \
PRAGMA kdf_iter = 256000; \
PRAGMA cipher_hmac_algorithm = HMAC_SHA512; \
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;",
)?;
Ok(conn)
}
pub fn open_dev_db(path: &Path) -> anyhow::Result<Connection> {
let conn = Connection::open(path)?;
Ok(conn)
}
pub fn init_db(data_dir: &Path) -> anyhow::Result<Connection> {
std::fs::create_dir_all(data_dir)?;
let db_path = data_dir.join("tftsr.db");
// In dev/test mode use unencrypted DB; in production use encryption
let key =
std::env::var("TFTSR_DB_KEY").unwrap_or_else(|_| "dev-key-change-in-prod".to_string());
let conn = if cfg!(debug_assertions) {
open_dev_db(&db_path)?
} else {
open_encrypted_db(&db_path, &key)?
};
crate::db::migrations::run_migrations(&conn)?;
Ok(conn)
}
Reference in New Issue View Git Blame Copy Permalink