search

r-lib / remotes

Install R packages from GitHub, GitLab, Bitbucket, git, svn repositories, URLs
https://remotes.r-lib.org/
Other
331 stars 152 forks source link

dependencies = "soft" is intended to be a synonym for TRUE, but crashes for CRAN and behaves unexpectedly for github etc. #809

Open dvg-p4 opened 2 weeks ago

dvg-p4 commented 2 weeks ago

install_cran(dependencies = "soft") (or "hard") throws an error where dependencies = TRUE (or NA) succeeds:

> remotes::install_cran('ggplot2', dependencies = "soft", force = T)
Installing 1 packages: ggplot2
Installing package into ‘/home/dgealow/R/x86_64-pc-linux-gnu-library/4.4’
(as ‘lib’ is unspecified)
Error: Failed to install 'ggplot2' from CRAN:
  subscript out of bounds

> remotes::install_cran('ggplot2', dependencies = TRUE, force = T)                                                                                                                                                     
Installing 1 packages: ggplot2                                                                                                                                                                                         
Installing package into ‘/home/dgealow/R/x86_64-pc-linux-gnu-library/4.4’                                                                                                                                              
(as ‘lib’ is unspecified)                                                                                                                                                                                              
also installing the dependencies ‘checkmate’, ‘e1071’, ‘rex’, ‘htmlTable’, ‘viridis’, ‘survival’, ‘TH.data’, ‘SparseM’, ‘MatrixModels’, ‘classInt’, ‘DBI’, ‘s2’, ‘units’, ‘covr’, ‘Hmisc’, ‘mapproj’, ‘maps’, ‘multcomp
’, ‘quantreg’, ‘sf’, ‘svglite’, ‘vdiffr’                                                                                                                                                                               

trying URL 'https://cloud.r-project.org/src/contrib/checkmate_2.3.2.tar.gz'
[...]

Digging into the code, this seems to be a consequence of passing dependencies through to install.packages() unaltered, while base R's install.packages() does not recognize the synonym.

Relatedly, install_X(dependencies = "soft"), for sources other than CRAN, attempts to install all recursive soft dependencies, often hundreds of packages. dependencies = TRUE has the intended behavior of installing all hard and soft dependencies of the directly requested package(s), but only the hard dependencies of those packages in turn.

> remotes::install_github('tidyverse/ggplot2@*release', dependencies = TRUE, force = T)                                                                                                                                
Using github PAT from envvar GITHUB_TOKEN. Use `gitcreds::gitcreds_set()` and unset GITHUB_TOKEN in .Renviron (or elsewhere) if you want to use the more secure git credential store instead.                          
Downloading GitHub repo tidyverse/ggplot2@v3.5.1                                                                                                                                                                       
These packages have more recent versions available.                                                                                                                                                                    
It is recommended to update all of them.                                                                                                                                                                               
Which would you like to update?                                                                                                                                                                                                                                                                                                                                                                                                             
 1: All                                                                                                                                                                                                                
[...]                                                                                                                                                                          
Installing 32 packages: waldo, pkgload, e1071, xfun, yaml, highr, tinytex, bslib, rmarkdown, knitr, survival, checkmate, units, s2, DBI, classInt, textshaping, MatrixModels, SparseM, TH.data, maps, viridis, htmlTabl
e, rex, vdiffr, svglite, sf, quantreg, multcomp, mapproj, Hmisc, covr
Installing packages into ‘/home/dgealow/R/x86_64-pc-linux-gnu-library/4.4’
(as ‘lib’ is unspecified)
trying URL 'https://cloud.r-project.org/src/contrib/waldo_0.5.3.tar.gz'
[...]

> remotes::install_github('tidyverse/ggplot2@*release', dependencies = "soft", force = T)                                                                                                                              
Using github PAT from envvar GITHUB_TOKEN. Use `gitcreds::gitcreds_set()` and unset GITHUB_TOKEN in .Renviron (or elsewhere) if you want to use the more secure git credential store instead.                          
Downloading GitHub repo tidyverse/ggplot2@v3.5.1                                                                                                                                                                       
These packages have more recent versions available.                                                                                                                                                                    
It is recommended to update all of them.                                                                                                                                                                               
Which would you like to update?                                                                                                                                                                                                                                                                                                                                                                                                              
1: All                                                                                                                                                                                                                 
[...]                                                                                                                                                                            
Installing 27 packages: xfun, yaml, highr, tinytex, bslib, survival, checkmate, units, s2, DBI, classInt, textshaping, MatrixModels, SparseM, TH.data, maps, viridis, htmlTable, rex, vdiffr, svglite, sf, quantreg, mu
ltcomp, mapproj, Hmisc, covr                                                                                                                                                                                           
Installing packages into ‘/home/dgealow/R/x86_64-pc-linux-gnu-library/4.4’                                                                                                                                             
(as ‘lib’ is unspecified)                                                                                                                                                                                              
Warning: dependencies ‘spDataLarge’, [...], ‘snpStats’ are not available                                                                                                                                 
also installing the dependencies ‘readbitmap’, ‘attempt’, ‘attachment’, ‘dockerfiler’, ‘ff’, ‘imager’, ‘protolite’, ‘golem’, ‘rmio’, ‘bigreadr’, ‘memuse’, ‘mixsqp’, ‘redland’, ‘jsonld’, ‘thor’,
 ‘contentid’, ‘doSNOW’, ‘Rwave’, ‘gsignal’, ‘perryExamples’, ‘geojson’, [hundreds of others]

The cause of this seems to be that there's a special-case check for TRUE to harden to NA for subdependencies, before the special meaning of "soft" is interpreted:

https://github.com/r-lib/remotes/blob/5b7eb08f70ecc4f885f2c75330ce77f87e7dd14e/R/install.R#L198

dvg-p4 commented 2 weeks ago

Workaround A: Use TRUE / NA instead of "soft" / "hard"

Workaround B: Use pak instead of remotes

infotroph commented 1 week ago

I'm seeing the same issue with a character vector of dependency types, even though the other options are documented as shorthands for that: remotes::install_github("tidyverse/ggplot2@*release", dependencies = c("Depends", "Imports", "LinkingTo", "Suggests"), force = T) behaves the same as @dvg-p4's last example above.