Ability to install without sodium

[brianrepko]

We planned to use cyphr wrappers for openssl since we do not have sodium installed and can't since libsodium is not installed on the machine in question. One should be able to install cyphr without having sodium installed. And probably visa versa (cyphr without openssl).

I believe, this means moving them to Suggests: and implementing if (require(sodium)) logic into the code.

[richfitz]

Hmm - libsodium/sodium should be really straightforward to install now. Are you sure you can't do that?

I'm reasonably open to doing this sort of thing, except that it complicates installation and usage if packages that provide core functionality aren't there (it's nice when install.packages(...) drags in all required packages by default - and I'm going to try and get this package on cran in the next couple of weeks)

Would you mind expanding a little on why libsodium can't be installed? If it's a setup that seems common I can think about how to add it to the package while keeping the ordinary use straightforward.

[brianrepko]

Hi Rich - this is a corporate environment that is also shared (RStudio Server) so yes, I could go make the request to add libsodium to the base install of that machine and there may be some push back, but then I'm sure I will find other machines that people have that won't have libsodium on it and they won't have sudo rights.

[richfitz]

Thanks for the quick update! I've thought about this further and I would really like to keep the sodium requirement in for the CRAN release because I don't expect many people to have it.

But, on the other hand I can see your issue where you don't want to use sodium but want to work in the shared environment where every extra system package is an annoyance to get installed.

How does this sound as a compromise: I can maintain a long lived branch here that can be installed via remotes/devtools et al as something like install_github("ropensci/cyphr@no-sodium). The patch looks like it's only 3 lines long or so and will be easy to keep up to date with master - I can just keep merging master into it.

[brianrepko]

That would help me in getting this to install and then I can test it out.

That isn't a long term fix however so if you do that - great - but I would not mark this issue as closed until someone can install.packages without libsodium installed to make use of the openssl wrappers.

This is a very common paradigm for wrapper packages that support different underlying technologies. If your package is designed to work with X OR Y and not necessarily X AND Y, then package X and Y are Suggests and you assert them available as needed.

Or I'll give you the patch someday - I'm just swamped at the moment.