gaborcsardi
commented
2 months ago What is getOption("repos")?
Open renozao opened 2 months ago
gaborcsardi
commented
2 months ago What is getOption("repos")?
renozao
commented
2 months ago I am checking this indeed.
The repos points a private URL behind authentication. We have a special site setup that configures download.file() to use curl and with the necessary authorization bearer token in the header, only for urls within our domain.
In brief this calls download.file() after doing this:
withr::local_options(list(
download.file.extra='-H "Authorization: Bearer <TOKEN>"',
download.file.method='curl')
)Looking at how pkgcache downloads file to see if we can configure this to also work with pak.
But maybe there is a built-in way to configure private CRAN-like repositories and behind authentication?
gaborcsardi
commented
2 months ago But maybe there is a built-in way to configure private CRAN-like repositories and behind authentication?
No, there isn't currently. But we can add that, no problem. You essentially need to send an extra header?
renozao
commented
2 months ago Technically I need to send the authentication headers yes, but this would need to be a repo-specific setting.
The metadata database was correctly updated once I passed the Authentication header within pkgcache:::http_get().
What might be tricky is that I believe the token expires and then needs to be update by querying the authentication service. For this, one would probably need to enable specifying a repo-specific setup function that prepares the handle/headers.
gaborcsardi
commented
2 months ago Is this a protocol with a public spec, e.g. OAuth 2.0, or something in house?
renozao
commented
2 months ago I believe it is standard OAuth 2.0 (provided by google). Note that passed the authentication, there still seems to be an issue with the fact that the dependency version requirement does not get resolved: when calling
pak::pkg_install('org/packageA@abcd123')I get an error about not being able to find the right version for dependency packageB, despite the fact that commit org/repo@abcd123 contains a reference to org/packageB@<sha_with_required_version> in Remotes.
gaborcsardi
commented
2 months ago I get an error about not being able to find the right version for dependency packageB, despite the fact that commit org/repo@abcd123 contains a reference to org/packageB@
in Remotes.
Can you try to create a reproducible example for this?
@gaborcsardi Following my issue posted on
remotes: https://github.com/r-lib/remotes/issues/793Recap: I tried it now on my private package and got an error like this (installed pak from the binary built from Github):
There is no such issue when using remotes (except for the problem of the dependency upgrade of course).
pakfrom both the CRAN version and the binary version installed with the command from https://github.com/r-lib/pak?tab=readme-ov-file#pre-built-binariesPACKAGESfile this is referring to. I assume it refers to CRAN-like repo index files. I am suspecting that somehow those files are not downloaded properly, which may be linked to particularities of my setup.pkg_install()is fetching the index files, but following up the call chain is a bit hard: looks likepakis using packages installed in its own installation directory. :sweat_smile: Isn't it using plain olddownload.file()?