In hindsight, the "post_tx" step in the upgrade process introduced in e7f5733 doesn't make sense. If the procedure fails at this stage, nothing says it still needs to be completed. If the sample file dirs have to be updated after the database, then there should be another database version to mark that it's fully completed, and indeed that's the purpose version 3 serves. So get rid of the Upgrader trait and just go back to a simple run function per version. In the case of the sample file dir metadata, it actually can happen before the database transaction; the stuff written to the database later just needs to be consistent with what it finds if there's an existing metadata file from a half-completed update. For safety, ensure there are no unexpected directory contents before upgrading 1->2, and ensure the metadata matches before upgrading 2->3.
/// Upgrades the database schema.
/// See `guide/schema.md` for more information.
use db;
use failure::Error;
use rusqlite;
mod v0_to_v1;
mod v1_to_v2;
mod v2_to_v3;
const UPGRADE_NOTES: &'static str =
concat!("upgraded using moonfire-db ", env!("CARGO_PKG_VERSION"));
pub struct Args<'a> {
pub flag_sample_file_dir: Option<&'a str>,
pub flag_preset_journal: &'a str,
pub flag_no_vacuum: bool,
fn set_journal_mode(conn: &rusqlite::Connection, requested: &str) -> Result<(), Error> {
assert!(!requested.contains(';')); // quick check for accidental sql injection.
let actual = conn.query_row(&format!("pragma journal_mode = {}", requested), &[],
|row| row.get_checked::<_, String>(0))??;
info!("...database now in journal_mode {} (requested {}).", actual, requested);
pub fn run(args: &Args, conn: &mut rusqlite::Connection) -> Result<(), Error> {
let upgraders = [
assert_eq!(upgraders.len(), db::EXPECTED_VERSION as usize);
let old_ver =
conn.query_row("select max(id) from version", &[], |row| row.get_checked(0))??;
if old_ver > db::EXPECTED_VERSION {
bail!("Database is at version {}, later than expected {}",
old_ver, db::EXPECTED_VERSION);
} else if old_ver < 0 {
bail!("Database is at negative version {}!", old_ver);
info!("Upgrading database from version {} to version {}...", old_ver, db::EXPECTED_VERSION);
set_journal_mode(&conn, args.flag_preset_journal).unwrap();
for ver in old_ver .. db::EXPECTED_VERSION {
info!("...from version {} to version {}", ver, ver + 1);
let tx = conn.transaction()?;
upgraders[ver as usize](&args, &tx)?;
insert into version (id, unix_time, notes)
values (?, cast(strftime('%s', 'now') as int32), ?)
"#, &[&(ver + 1), &UPGRADE_NOTES])?;
// WAL is the preferred journal mode for normal operation; it reduces the number of syncs
// without compromising safety.
set_journal_mode(&conn, "wal").unwrap();
if !args.flag_no_vacuum {
info!("...vacuuming database after upgrade.");
pragma page_size = 16384;