[R-pkg-devel] Submission to CRAN when package needs personal data (API key)

Duncan Murdoch murdoch@dunc@n @ending from gm@il@com
Wed Sep 5 22:03:46 CEST 2018


On 05/09/2018 2:20 PM, Henrik Bengtsson wrote:
> I take a complementary approach; I condition on, my home-made,
> R_TEST_ALL variable.  Effectively, I do:
> 
> if (as.logical(Sys.getenv("R_TEST_ALL", "FALSE"))) {
>     ...
> }
> 
> and set R_TEST_ALL=TRUE when I want to run that part of the test.  You
> can also imagine refined versions of this, e.g. R_TEST_SETS=foo,bar
> and test scripts with:
> 
> if ("foo" %in% strsplit(Sys.getenv("R_TEST_SETS"), split="[, ]+")[[1]]) {
>     ...makes no assumption
> }
> 
> That avoids making assumptions on where the tests are submitted/run,
> may it be CRAN, Bioconductor, Travis CI, ...

This is the right way to do it.

This discussion has come up before.  If you want to submit to CRAN, you 
should include tests that satisfy their requests.  If you want even more 
tests, there are several ways to add them in addition to the CRAN tests. 
  Henrik's is one, "R CMD check --test-dir=myCustomTests" is another.

Rainer's package is unusual, in that from his description it can't 
really work unless the user obtains an API key.  There are other 
packages like that, and those cases need manual handling by CRAN:  they 
don't really run full tests by default.  But the vast majority of 
packages should be able to live within the CRAN guidelines.

Duncan Murdoch

> /Henrik
> 
> On Wed, Sep 5, 2018 at 11:08 AM Spencer Graves
> <spencer.graves using effectivedefense.org> wrote:
>>
>>
>>
>> On 2018-09-05 12:52, Gábor Csárdi wrote:
>>> On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
>>> <spencer.graves using effectivedefense.org> wrote:
>>>> The fda package disables some tests on CRAN using:
>>>>
>>>>
>>>> if(!fda::CRAN()){
>>>>        test you don't want run on CRAN
>>>> }
>>> Seemingly this just checks for a couple of (5 by default) environment
>>> variables that match "^_R_":
>>> https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14
>>>
>>> I am not sure if this is a good indication of the machine being a CRAN
>>> machine, I do set  some of these
>>> occasionally on my machine.  It would be great if CRAN machines could
>>> set a specific environment
>>> variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
>>> these tests and examples
>>> easily.
>>
>>
>> Agreed.  Before I wrote that function, I asked this list for
>> suggestions.  The suggestion I got was, "Don't do it."  I felt that was
>> not acceptable so wrote what I did.  I think we need a better solution.
>> Spencer
>>>
>>> Gabor
>>>
>>>>
>>>>          I've used this in other contexts with tests that are too long to
>>>> run on CRAN but that I want to run otherwise during "R CMD check".
>>>>
>>>>
>>>>          Spencer Graves
>>>>
>>>>
>>>> On 2018-09-05 12:13, Peter Meissner wrote:
>>>>> Hey,
>>>>>
>>>>> Maybe webmockr (or something alike) can help:
>>>>> https://cran.r-project.org/web/packages/webmockr/index.html
>>>>>
>>>>> Best, Peter
>>>>>
>>>>> Rainer M Krug <Rainer using krugs.de> schrieb am Mi., 5. Sep. 2018, 15:38:
>>>>>
>>>>>> OK - thanks. I will than disable the checks for CRAN.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Rainer
>>>>>>
>>>>>>
>>>>>>> On 5 Sep 2018, at 15:37, Uwe Ligges <ligges using statistik.tu-dortmund.de>
>>>>>> wrote:
>>>>>>> You should not run on CRAN. Note that the checks are done almost daily
>>>>>> oin several platforms, hence the API key is used for about 10 check runs a
>>>>>> day.
>>>>>>> Best,
>>>>>>> Uwe Ligges
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 05.09.2018 09:28, Rainer Krug wrote:
>>>>>>>> Hi
>>>>>>>> I have a package at GitHub (https://github.com/rkrug/ROriginStamp)
>>>>>> which I am pre[paring for CRAN.
>>>>>>>> It creates a trusted timestamp using the API fro OriginStamp (
>>>>>> https://originstamp.org/home) which requires an API key. Now this API
>>>>>> should not be made public, as to much traffic through one API key will lead
>>>>>> to it’s blocking.
>>>>>>>> I have stored the key encrypted in the travis.yml, and the package
>>>>>> passes all tests.
>>>>>>>> But if I send it to CRAN, it would fail the tests, as the api key is
>>>>>> not in the package itself.
>>>>>>>> I could disable all tests for CRAN which need the API key, but I think
>>>>>> it would be better tu run the tests there as well (as an additional check
>>>>>> to travis).
>>>>>>>> My question:
>>>>>>>> Is there a way of storing the API key encrypted, so that only the CRAN
>>>>>> test servers can decrypt it, or is there another way can steal with this?
>>>>>>>> Thanks,
>>>>>>>> Rainer
>>>>>>>> --
>>>>>>>> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>>>>>> Biology, UCT), Dipl. Phys. (Germany)
>>>>>>>> University of Zürich
>>>>>>>> Cell:       +41 (0)78 630 66 57
>>>>>>>> email:      Rainer using krugs.de
>>>>>>>> Skype:      RMkrug
>>>>>>>> PGP: 0x0F52F982
>>>>>>>> ______________________________________________
>>>>>>>> R-package-devel using r-project.org mailing list
>>>>>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>>>>> --
>>>>>> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>>>>>> Biology, UCT), Dipl. Phys. (Germany)
>>>>>>
>>>>>> University of Zürich
>>>>>>
>>>>>> Cell:       +41 (0)78 630 66 57
>>>>>> email:      Rainer using krugs.de
>>>>>> Skype:      RMkrug
>>>>>>
>>>>>> PGP: 0x0F52F982
>>>>>>
>>>>>>
>>>>>>
>>>>>> ______________________________________________
>>>>>> R-package-devel using r-project.org mailing list
>>>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>>>>>
>>>>>         [[alternative HTML version deleted]]
>>>>>
>>>>> ______________________________________________
>>>>> R-package-devel using r-project.org mailing list
>>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>>> ______________________________________________
>>>> R-package-devel using r-project.org mailing list
>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>
>> ______________________________________________
>> R-package-devel using r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
> 
> ______________________________________________
> R-package-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>



More information about the R-package-devel mailing list