Sorry, it was a mistake. CC the list. 于 2019年7月2日 GMT-07:00 上午12:17:01, Jeff Newmiller <jdnew...@dcn.davis.ca.us> 写到: >I recommend that you "reply-all" to keep the mailing list included. > > >On July 1, 2019 11:30:23 PM PDT, Jialin Ma <marl...@gmx.cn> wrote: >>Hi Jeff, >> >>Thanks for your reply. I would like to clarify a little bit: >> >>> A) You cannot assume the package code will have write access to the >>library >>> directories. The user/admin who installs the package may never load >>the >>> package. >> >>I am downloading the necessary binary dependencies at *compile time*, >>i.e. the >>script is being called inside "Makevars.win". I suppose the script >>should have >>write access to the current directory, i.e. "inst" directory, at this >>stage? >>But I am not sure about it. >> >>I am aware many packages will download static libraries on windows at >>this >>stage. For example the Cairo package (see >>https://github.com/cran/Cairo/blob/ >>master/configure.win ) mentioned in Writing R Extensions will download >>binary >>to the source directory and link against them. >>My question is about whether it is an accepted practice to put DLL >file >>in >>"inst/libs". >> >>> B) Downloading binary files for execution without the direct >>involvement of >>> the user/admin is a security risk. >>> >>> C) Open-source package license means the source code is part of the >>package. >>> Downloading binaries later fails this requirement. >> >>This however is a workaround for the windows platform due to the >>difficulties >>compiling the external libraries. The toolchains needed (specifically, >>cmake) >>was missing in Rtools and there are several dependencies. I believe >>there >>should be some accepted practice for the license issue, however I am >>not sure. >> >>Best regards, >>Jialin >> >> >>On Monday, July 1, 2019 10:49:43 PM PDT you wrote: >>> A) You cannot assume the package code will have write access to the >>library >>> directories. The user/admin who installs the package may never load >>the >>> package. >>> >>> B) Downloading binary files for execution without the direct >>involvement of >>> the user/admin is a security risk. >>> >>> C) Open-source package license means the source code is part of the >>package. >>> Downloading binaries later fails this requirement. >>> On July 1, 2019 10:03:07 PM PDT, Jialin Ma <marl...@gmx.cn> wrote: >>> >Hi everyone, >>> > >>> >Currently my package has a script downloading additional DLLs >>> >into "inst/libs" and being called in "Makevars.win". In this way >>these >>> >DLLs get copied to libs when installing the package and I am able >to >>> >load them with "library.dynam". >>> > >>> >However R CMD check gives the following warning. >>> > >>> > * checking package subdirectories ... WARNING >>> > >>> > Found the following non-empty subdirectories of 'inst' also used >by >>R: >>> > inst/libs >>> > >>> > It is recommended not to interfere with package subdirectories >used >>by >>> > >>> > R. >>> > >>> >I was wondering what would be the best practice for my case, or I >am >>> >safe >>> >to ignore this warning (suppose I am planing for a CRAN >submission). >>> > >>> >I know many packages will download static library and link them at >>> >compile >>> >time. But I haven't see any example with additional DLL files. >>> > >>> >Thanks. >>> >Jialin Ma >>> > >>> >______________________________________________ >>> >R-package-devel@r-project.org mailing list >>> >https://stat.ethz.ch/mailman/listinfo/r-package-devel > >-- >Sent from my phone. Please excuse my brevity.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. [[alternative HTML version deleted]] ______________________________________________ R-package-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel