Sqlite 4.5.2 checksum mismatch

Did the 4.5.2 tarball get re-uploaded/changed recently? My project has CI that downloads the .tar.gz file and verifies the sha256 checksum. It was expecting 6925f012deb5582e39761a7d4816883cc15b41851a8e70b447c223b8ef406e2a, but the checksum of the current file is ac477df20dddc957da78fc7065c83f0d75f8b7e4472ad0721ea9318ec8126086

The CI passed around 12pm ET, and failed with the checksum error around 1pm ET.

Release v4.5.2 · sqlcipher/sqlcipher · GitHub lists the file as being uploaded on 8/3/2022

Any ideas on what’s going on?

Hello @BenDK - we do not maintain or upload those zip/tar.gz files, they are created automatically by github. That said, we haven’t made any changes to the 4.5.2 tag which they should be based on.

Since we can’t say how they are generated, it’s difficult to say what might have changed. Do you have a copy of the original file for comparison?

For reference, if you are looking for a specific snapshot of the release source code, there is a download available on the website here:

SQLCipher Package Verification - Zetetic

The file is statically generated, uploaded once at the time of release, and signed with GPG. It might be a good alternative to the files on GitHub.

Interesting. diff -dur doesn’t report any differences, not sure what happened on github. But I think I’ll switch our CI to using your packages instead.