[R-pkg-devel] using devtools::install_github() when curl is a dependency

Blätte, Andreas @ndre@@@b|@ette @end|ng |rom un|-due@de
Sat Jun 6 22:23:48 CEST 2020

Dear colleagues,

using devtools::install_github() is suggested frequently to install the development version of a package from GitHub.

But there is a nasty scenario on Windows when the package to be installed from GitHub has curl as a dependency and if a new version of curl or backports is available. The user will be prompted whether the outdated packages shall be updated. Users will usually confirm to update all CRAN packages. But after downloading the binaries, the installation will fail with a message that curl cannot be removed.

My understanding of the issue is as follows: devtools has curl as a dependency. When calling devtools::install_github() or remotes::install_github(), the curl package is attached. This implies loading the curl DLL. The dll file is then non-writable, if my analysis is correct. If (a) the package to be installed from GitHub has curl as a dependency and if (b) the curl version present on the users’ system needs to be updated and if (c) the user agrees to perform the update, the binary is downloaded successfully, but installing the newer version of curl will fail, because loading the curl DLL has been triggered when attaching devtools and the DLL file is write-protected.

This is the line that has caused my headaches:
devtools::install_github(“PolMine/cwbtools”, ref = “dev”)
The cwbtools package has curl as a dependency, and it was curl v4.2 that was installed, the newest version is v4.3.

First, I am interested whether you think my analysis is correct. Second, I would appreciate your advice on good practice to deal with this scenario!

My idea so far is to amend the README file, telling users (a) to reject updating dependencies if  curl is to be updated or alternatively (b) to recommend the snippet ` devtools::install_github(“PolMine/cwbtools”, ref = “dev”, upgrade = “never”)` for GithHub-installations and a manual update of dependencies.

I tend to think this is not an uncommon issue for Windows users. Something like this may occur whenever a package is to be installed from GitHub that has common dependency with devtools that needs to be updated. The error message is very hard to understand for “human” users and it is hard to find the solution for “human” users. Recommendations welcome!

Kind regards

Prof. Dr. Andreas Blätte
Professor of Public Policy and Regional Politics
University of Duisburg-Essen

	[[alternative HTML version deleted]]

More information about the R-package-devel mailing list