APSW is available at PyPI.

$ python3 -m pip install apsw

It includes binary downloads for popular platforms, and source for all others. SQLite is compiled into the extension, and is not exposed outside of it. All extensions are enabled.

If a binary is not available for your platform, then pip/Python will require a C compiler to produce one.

The PyPi release is made using this github workflow.


You can get the source from PyPI which is preconfigured to fetch the corresponding SQLite version, and enables all extensions. Delete the included setup.cfg to remove that.

Use the source form if:

  • You want to control which version of SQLite is used

  • You want to control how SQLite is found, for example if it is provided on your platform

  • You want to choose which or if any extensions are enabled

  • You want to control compilation configuration

See the recommended way to build or all the options available.

Linux/BSD provided package

Some Linux & BSD distributions also have packages which may trail the SQLite and APSW releases by a year, or more. It is also possible to build RPMs and DEB packages from the source, although this involves setting up package management tools and various dependencies on your build machine.


Install python3-apsw


Install python3-apsw


Install python3-apsw


Install dev-python/apsw

Arch Linux

Install python-apsw

There is a full list (150+) of distributions, the package name for APSW, and what APSW version they are currently on.

Verifying your download

Downloads are digitally signed so you can verify they have not been tampered with. Download and extract the zip file of signatures listed above. These instructions are for GNU Privacy Guard. (GPG is installed as standard on most Unix/Linux platforms and can be downloaded for Windows.)


To verify a file just use –verify specifying the corresponding .asc filename. This example verifies the source:

$ gpg --verify
gpg: Signature made ... date ... using DSA key ID 0DFBD904
gpg: Good signature from "Roger Binns <>"

If you get a “good signature” then the file has not been tampered with and you are good to go.

Getting the signing key

You may not have the signing key available in which case the last line will be something like this:

gpg: Can't check signature: public key not found

You can get a copy of the key using this command:

$ gpg --keyserver hkp:// --recv-keys 0DFBD904
gpg: requesting key 0DFBD904 from hkp server
gpg: /home/username/.gnupg/trustdb.gpg: trustdb created
gpg: key 0DFBD904: public key "Roger Binns <>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Repeat the verify step.

Source code control

The source is controlled by Git - start at