[R-pkg-devel] Submission to CRAN when package needs personal data (API key)

Rainer M Krug R@iner @ending from krug@@de
Thu Sep 6 08:30:41 CEST 2018 


> On 5 Sep 2018, at 20:20, Henrik Bengtsson <henrik.bengtsson using gmail.com <mailto:henrik.bengtsson using gmail.com>> wrote:
> 
> I take a complementary approach; I condition on, my home-made,
> R_TEST_ALL variable.  Effectively, I do:
> 
> if (as.logical(Sys.getenv("R_TEST_ALL", "FALSE"))) {
>   ...
> }
> 
> and set R_TEST_ALL=TRUE when I want to run that part of the test.  You
> can also imagine refined versions of this, e.g. R_TEST_SETS=foo,bar
> and test scripts with:
> 
> if ("foo" %in% strsplit(Sys.getenv("R_TEST_SETS"), split="[, ]+")[[1]]) {
>   ...makes no assumption
> }
> 
> That avoids making assumptions on where the tests are submitted/run,
> may it be CRAN, Bioconductor, Travis CI, …

Thanks Henrik - that sounds like a good idea. At the moment, I am checking for the name of my machine, which is obviously not to robust.

I will implement this before submission to CRAN.

Thanks,

Rainer

> 
> /Henrik
> 
> On Wed, Sep 5, 2018 at 11:08 AM Spencer Graves
> <spencer.graves using effectivedefense.org <mailto:spencer.graves using effectivedefense.org>> wrote:
>> 
>> 
>> 
>> On 2018-09-05 12:52, Gábor Csárdi wrote:
>>> On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
>>> <spencer.graves using effectivedefense.org <mailto:spencer.graves using effectivedefense.org>> wrote:
>>>> The fda package disables some tests on CRAN using:
>>>> 
>>>> 
>>>> if(!fda::CRAN()){
>>>>      test you don't want run on CRAN
>>>> }
>>> Seemingly this just checks for a couple of (5 by default) environment
>>> variables that match "^_R_":
>>> https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14 <https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14>
>>> 
>>> I am not sure if this is a good indication of the machine being a CRAN
>>> machine, I do set  some of these
>>> occasionally on my machine.  It would be great if CRAN machines could
>>> set a specific environment
>>> variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
>>> these tests and examples
>>> easily.
>> 
>> 
>> Agreed.  Before I wrote that function, I asked this list for
>> suggestions.  The suggestion I got was, "Don't do it."  I felt that was
>> not acceptable so wrote what I did.  I think we need a better solution.
>> Spencer
>>> 
>>> Gabor
>>> 
>>>> 
>>>>        I've used this in other contexts with tests that are too long to
>>>> run on CRAN but that I want to run otherwise during "R CMD check".
>>>> 
>>>> 
>>>>        Spencer Graves
>>>> 
>>>> 
>>>> On 2018-09-05 12:13, Peter Meissner wrote:
>>>>> Hey,
>>>>> 
>>>>> Maybe webmockr (or something alike) can help:
>>>>> https://cran.r-project.org/web/packages/webmockr/index.html <https://cran.r-project.org/web/packages/webmockr/index.html>
>>>>> 
>>>>> Best, Peter
>>>>> 
>>>>> Rainer M Krug <Rainer using krugs.de> schrieb am Mi., 5. Sep. 2018, 15:38:
>>>>> 
>>>>>> OK - thanks. I will than disable the checks for CRAN.
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> Rainer
>>>>>> 
>>>>>> 
>>>>>>> On 5 Sep 2018, at 15:37, Uwe Ligges <ligges using statistik.tu-dortmund.de>
>>>>>> wrote:
>>>>>>> You should not run on CRAN. Note that the checks are done almost daily
>>>>>> oin several platforms, hence the API key is used for about 10 check runs a
>>>>>> day.
>>>>>>> Best,
>>>>>>> Uwe Ligges
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> On 05.09.2018 09:28, Rainer Krug wrote:
>>>>>>>> Hi
>>>>>>>> I have a package at GitHub (https://github.com/rkrug/ROriginStamp)
>>>>>> which I am pre[paring for CRAN.
>>>>>>>> It creates a trusted timestamp using the API fro OriginStamp (
>>>>>> https://originstamp.org/home) which requires an API key. Now this API
>>>>>> should not be made public, as to much traffic through one API key will lead
>>>>>> to it’s blocking.
>>>>>>>> I have stored the key encrypted in the travis.yml, and the package
>>>>>> passes all tests.
>>>>>>>> But if I send it to CRAN, it would fail the tests, as the api key is
>>>>>> not in the package itself.
>>>>>>>> I could disable all tests for CRAN which need the API key, but I think
>>>>>> it would be better tu run the tests there as well (as an additional check
>>>>>> to travis).
>>>>>>>> My question:
>>>>>>>> Is there a way of storing the API key encrypted, so that only the CRAN
>>>>>> test servers can decrypt it, or is there another way can steal with this?
>>>>>>>> Thanks,
>>>>>>>> Rainer
>>>>>>>> --
>>>>>>>> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>>>>>> Biology, UCT), Dipl. Phys. (Germany)
>>>>>>>> University of Zürich
>>>>>>>> Cell:       +41 (0)78 630 66 57
>>>>>>>> email:      Rainer using krugs.de
>>>>>>>> Skype:      RMkrug
>>>>>>>> PGP: 0x0F52F982
>>>>>>>> ______________________________________________
>>>>>>>> R-package-devel using r-project.org mailing list
>>>>>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>>>>> --
>>>>>> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>>>>>> Biology, UCT), Dipl. Phys. (Germany)
>>>>>> 
>>>>>> University of Zürich
>>>>>> 
>>>>>> Cell:       +41 (0)78 630 66 57
>>>>>> email:      Rainer using krugs.de
>>>>>> Skype:      RMkrug
>>>>>> 
>>>>>> PGP: 0x0F52F982
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ______________________________________________
>>>>>> R-package-devel using r-project.org mailing list
>>>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>>>>> 
>>>>>       [[alternative HTML version deleted]]
>>>>> 
>>>>> ______________________________________________
>>>>> R-package-devel using r-project.org mailing list
>>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>>> ______________________________________________
>>>> R-package-devel using r-project.org <mailto:R-package-devel using r-project.org> mailing list
>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel <https://stat.ethz.ch/mailman/listinfo/r-package-devel>
>> 
>> ______________________________________________
>> R-package-devel using r-project.org <mailto:R-package-devel using r-project.org> mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-package-devel <https://stat.ethz.ch/mailman/listinfo/r-package-devel>
> 
> ______________________________________________
> R-package-devel using r-project.org <mailto:R-package-devel using r-project.org> mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel <https://stat.ethz.ch/mailman/listinfo/r-package-devel>

--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:       +41 (0)78 630 66 57
email:      Rainer using krugs.de <mailto:Rainer using krugs.de>
Skype:      RMkrug

PGP: 0x0F52F982





--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:       +41 (0)78 630 66 57
email:      Rainer using krugs.de
Skype:      RMkrug

PGP: 0x0F52F982




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://stat.ethz.ch/pipermail/r-package-devel/attachments/20180906/67a737a4/attachment.sig>

More information about the R-package-devel mailing list