search

eddelbuettel / r2u

CRAN as Ubuntu Binaries
https://eddelbuettel.github.io/r2u
238 stars 16 forks source link

Install instructions employ deprecated methods #72

Open mike-lawrence opened 5 hours ago

mike-lawrence commented 5 hours ago

Use of apt-key is deprecated, and storing keys in /etc/apt/trusted.gpg.d/ is less secure. Here's what I understand would be a more modern approach:

# Update and install prerequisites
sudo apt update -qq && sudo apt install --yes --no-install-recommends wget ca-certificates gnupg

# Add the first GPG key and repository for r2u
wget -q -O- https://eddelbuettel.github.io/r2u/assets/dirk_eddelbuettel_key.asc | sudo gpg --dearmor -o /usr/share/keyrings/r2u-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/r2u-keyring.gpg] https://r2u.stat.illinois.edu/ubuntu noble main" | sudo tee /etc/apt/sources.list.d/cranapt.list

# Add the CRAN GPG key and repository
wget -q -O- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/cran-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cran-keyring.gpg] https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/" | sudo tee /etc/apt/sources.list.d/cran_r.list

# Fetch additional keys with gpg (for apt-key adv keys previously)
gpg --keyserver keyserver.ubuntu.com --recv-keys 67C2D66C4B1D4339
gpg --export --armor 67C2D66C4B1D4339 | sudo tee /usr/share/keyrings/cranapt-keyring.gpg > /dev/null
gpg --keyserver keyserver.ubuntu.com --recv-keys 51716619E084DAB9
gpg --export --armor 51716619E084DAB9 | sudo tee -a /usr/share/keyrings/cranapt-keyring.gpg > /dev/null

# Update package lists and install R
sudo apt update -qq
DEBIAN_FRONTEND=noninteractive sudo apt install --yes --no-install-recommends r-base-core

# Add pinning for CRAN-Apt
echo "Package: *" | sudo tee /etc/apt/preferences.d/99cranapt
echo "Pin: release o=CRAN-Apt Project" | sudo tee -a /etc/apt/preferences.d/99cranapt
echo "Pin: release l=CRAN-Apt Packages" | sudo tee -a /etc/apt/preferences.d/99cranapt
echo "Pin-Priority: 700" | sudo tee -a /etc/apt/preferences.d/99cranapt

# Install bspm and related tools, enable it in R
sudo apt install --yes --no-install-recommends python3-dbus python3-gi python3-apt make
# sudo Rscript -e 'install.packages("bspm", repos="https://cran.r-project.org")' # original instructions, but encountered dbus issues with it
wget https://cloud.r-project.org/src/contrib/bspm_latest.tar.gz
sudo R CMD INSTALL bspm_0.5.7.tar.gz
rm bspm_0.5.7.tar.gz

RHOME=$(R RHOME)
echo "suppressMessages(bspm::enable())" | sudo tee -a ${RHOME}/etc/Rprofile.site
echo "options(bspm.version.check=FALSE)" | sudo tee -a ${RHOME}/etc/Rprofile.site
eddelbuettel commented 4 hours ago

Did you copy this from the README.md? It says that it applies to jammy aka 22.04 where this is/was current. I think the script for noble aka 24.04 uses the correct method, see https://github.com/eddelbuettel/r2u/blob/master/inst/scripts/add_cranapt_noble.sh

You did not state which release you are using. Which is it? I have tested the three scripts below inst/scripts/ on the relevant container versions -- but it is of course possible that I overlooked something.

eddelbuettel commented 4 hours ago

But I see where you are coming from. Small possible improvements are to fetch and export both keys at once:

gpg --keyserver keyserver.ubuntu.com --recv-keys 67C2D66C4B1D4339 51716619E084DAB9
gpg --export --armor 67C2D66C4B1D4339 51716619E084DAB9 | tee /usr/share/keyrings/cranapt-keyring.gpg

~and I presume we want to refer to that keyring file in the apt entries:~ Nope.

eddelbuettel commented 4 hours ago

The following seems to work as a candidate to replace / alter the existing script for noble:

#!/bin/bash

## See the README.md of 'r2u' for details on these steps
##
## This script has been tested on a plain and minimal ubuntu:24.04
##
## On a well-connected machine this script should take well under one minute
##
## Note that you need to run this as root

## First: update apt and get keys
apt update -qq && apt install --yes --no-install-recommends wget ca-certificates gnupg
wget -q -O- https://eddelbuettel.github.io/r2u/assets/dirk_eddelbuettel_key.asc \
    | tee -a /etc/apt/trusted.gpg.d/cranapt_key.asc
wget -q -O- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc \
    | tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
gpg --keyserver keyserver.ubuntu.com --recv-keys 67C2D66C4B1D4339 51716619E084DAB9
gpg --export --armor 67C2D66C4B1D4339 51716619E084DAB9 | tee /usr/share/keyrings/r2u.gpg

## Second: add the repo -- here we use the well-connected mirror
echo "deb [arch=amd64] https://r2u.stat.illinois.edu/ubuntu noble main" > /etc/apt/sources.list.d/cranapt.list

## Third: ensure current R is used
echo "deb [arch=amd64] https://cloud.r-project.org/bin/linux/ubuntu noble-cran40/" > /etc/apt/sources.list.d/cran_r.list
apt update -qq
DEBIAN_FRONTEND=noninteractive apt install --yes --no-install-recommends r-base-core

## Fourth: add pinning to ensure package sorting
echo "Package: *" > /etc/apt/preferences.d/99cranapt
echo "Pin: release o=CRAN-Apt Project" >> /etc/apt/preferences.d/99cranapt
echo "Pin: release l=CRAN-Apt Packages" >> /etc/apt/preferences.d/99cranapt
echo "Pin-Priority: 700"  >> /etc/apt/preferences.d/99cranapt

## Fifth: install bspm (and its Python requirements) and enable it
## If needed (in bare container, say) install python tools for bspm and R itself
apt install --yes --no-install-recommends python3-{dbus,gi,apt} make
## Then install bspm (as root) and enable it, and enable a speed optimization
Rscript -e 'install.packages("bspm")'
RHOME=$(R RHOME)
echo "suppressMessages(bspm::enable())" >> ${RHOME}/etc/Rprofile.site
echo "options(bspm.version.check=FALSE)" >> ${RHOME}/etc/Rprofile.site

Can you give it a whirl at your end too?