[Rd] R check false positive - multiple versions of a dependency

Dénes Tóth toth@dene@ @end|ng |rom kogentum@hu
Sun Apr 25 01:08:18 CEST 2021




On 4/24/21 5:52 PM, Duncan Murdoch wrote:
> I'd say a NOTE is appropriate even if upper and lower limits are 
> allowed, but the wording of the current note should be changed, e.g. 
> your example should say
> 
> "Package listed more than once in Depends, Imports, Suggests, Enhances:
>       ‘stats’"
> 
> If you really meant to do this, you can ignore the note, but I'd suspect 
> multiple listings are more often an error than intentional, and that's 
> what NOTEs are for.

I would say if a package is listed multiple times, but with different 
*explicit* version requirements and under the same heading (one and only 
one of Depends, Imports, Suggests, Enhances), it is valid and almost 
surely intentional. Currently the code which performs the check (and 
that I linked to) is not smart enough to distinguish between this 
particular use case and simple multiple listings of the same package 
dependency (which I agree can be assumed to be an error and not 
intentional).

> 
> There may still be a more serious bug here if one of the limits is 
> ignored; I haven't checked that.

I checked it, and can confirm that *both* limits are considered. This 
supports my argument that this is a valid use case, and the NOTE could 
be avoided by a smarter check in the relevant part of 
.check_package_description2. I also understand this is a low-priority 
issue, so I do not expect someone from R-Core wants to spend time on 
fixing it. This is why I suggested I could give it a try to do it on my 
own if there is any chance that my patch will be accepted.

Regards,
Denes

> 
> Duncan Murdoch
> 
> On 21/04/2021 6:57 a.m., Dénes Tóth wrote:
>>
>> ----
>> Disclaimer: I sent this report first to r-package-devel using r-project.org
>> but it seems it has not been delivered to the list - re-trying to r-devel
>> ----
>>
>> Dear R maintainers,
>>
>> Use case:
>> Restrict the acceptable versions of an imported package (e.g., 'pkg') to
>> a closed interval. That is, provide *both* pkg (>= min.version.nr), pkg
>> (<= max.version.nr) under Imports.
>>
>> Problem:
>> Even though the package is an internal package, I want to have clean R
>> CMD check results for QC reasons, and this seems impossible due to a bug
>> in tools/R/QC.R/.check_package_description2.
>>
>> Details:
>> This is a quote from Writing R Extensions, 1.1.3 Package Dependencies:
>>
>> "A package or ‘R’ can appear more than once in the ‘Depends’ field, for
>> example to give upper and lower bounds on acceptable versions."
>>
>> In reality, this statement seems untrue: 1) only R can appear more than
>> once (even base packages like 'stats' trigger a NOTE in R CMD check); 2)
>> Not only 'Depends', but other fields (Imports, Suggests, Enhances) can
>> contain duplicated entries in the sense that the entries are processed
>> as expected, but the check gives a NOTE.
>>
>> Minimal reproducible example:
>> In a (Linux) terminal, issue the following commands (note the Depends 
>> row):
>>
>> #####
>> mkdir -p pkgname
>> echo "
>> Depends: R (>= 3.1.0), R (<= 4.1.0)
>> Package: pkgname
>> Version: 0.5-1
>> Date: 2021-04-15
>> Title: My First Collection of Functions
>> Author: Joe Developer [aut, cre],
>>     Pat Developer [aut],
>>     A. User [ctb]
>> Maintainer: Joe Developer <Joe.Developer using some.domain.net>
>> Description: A (one paragraph) description of what
>>     the package does and why it may be useful.
>> License: GPL (>= 2)
>> " > pkgname/DESCRIPTION
>>
>> R CMD build pkgname
>> _R_CHECK_CRAN_INCOMING_REMOTE_=FALSE R CMD check pkgname_0.5-1.tar.gz
>> --as-cran --no-manual
>> #####
>>
>> The commands above return with "Status: OK" - so far so good.
>>
>> Now instead of restricting the R version, let us restrict the version of
>> 'stats'. (This is the only change, see Depends.)
>>
>> #####
>> echo "
>> Depends: stats (>= 0.0.0), stats (<= 10.0.0)
>> Package: pkgname
>> Version: 0.5-1
>> Date: 2021-04-15
>> Title: My First Collection of Functions
>> Author: Joe Developer [aut, cre],
>>     Pat Developer [aut],
>>     A. User [ctb]
>> Maintainer: Joe Developer <Joe.Developer using some.domain.net>
>> Suggests: MASS
>> Description: A (one paragraph) description of what
>>     the package does and why it may be useful.
>> License: GPL (>= 2)
>> " > pkgname/DESCRIPTION
>> R CMD build pkgname
>> _R_CHECK_CRAN_INCOMING_REMOTE_=FALSE R CMD check pkgname_0.5-1.tar.gz
>> --as-cran --no-manual
>> #####
>>
>> Now the status is "Status: 1 NOTE", and the note is:
>> "Package listed in more than one of Depends, Imports, Suggests, Enhances:
>>     ‘stats’
>> A package should be listed in only one of these fields."
>>
>> Possible fix:
>> 1) I think the highlighted sentence in Writing R Extensions should 
>> read as:
>> "A package or ‘R’ can appear more than once in the ‘Depends’ field, for
>> example to give upper and lower bounds on acceptable versions. For
>> packages, the same rule applies for ‘Imports’ and ‘Suggests’ fields (see
>> later)."
>>
>> 2) In .check_package_description2(),
>> 'unique(allpkgs[duplicated(allpkgs)])' shall be replaced with a more
>> elaborated check. BTW, that check appears twice in the function, where
>> the first result is assigned to 'out' and is never used until 'out' gets
>> re-assigned. See
>> https://github.com/r-devel/r-svn/blob/0d65935f30dcaccfeee1dd61991bf4b1444873bc/src/library/tools/R/QC.R#L3553 
>>
>>
>> If you agree this is a bug, I can create a formal bug report and
>> probably create a patch, too.
>>
>> Regards,
>> Denes
>>
>> ______________________________________________
>> R-devel using r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>
> 
>



More information about the R-devel mailing list