freebsd
pkg uses sqlite3 in an unsafe mode
At the top of pkgdb_begin_solver():
const char solver_sql[] = ""
"PRAGMA synchronous = OFF;"
"PRAGMA journal_mode = MEMORY;"
"BEGIN TRANSACTION;";
and pkgdb_end_solver() restores the SQLite3 defaults.
This tells SQLite3 to not fsync(), and not to maintain any transaction log or any other recovery mechanism-- so if the system crashes, the database may be corrupted, inconsistent, and unrecoverable.
I'd like to suggest that this isn't good, and we should do something that at least gets us a consistent database after a crash.
Maybe we should use journal_mode=WAL and synchronous=NORMAL; that seems a better match to what pkg needs (the database is consistent but not durable). WAL mode is also supposedly faster and does much less fsync(). I haven't used SQLite in situations where that might show, and it doesn't show any difference with pkg on my typical developer desktop FreeBSD system. WAL is persistent, we can set it once when we create the database.
Downsides: WAL creates/opens 1 or 2 extra files (log file and SHM file), which might conflict with sandboxing, and WAL doesn't work with remote filesystems because it uses SHM (I've seen mention that pkg can do remote DB accesses but I don't know how that works).
