[R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Rainer Krug 
Hi

I have a package at GitHub (https://github.com/rkrug/ROriginStamp) which I am 
pre[paring for CRAN.

It creates a trusted timestamp using the API fro OriginStamp 
(https://originstamp.org/home) which requires an API key. Now this API should 
not be made public, as to much traffic through one API key will lead to it’s 
blocking.

I have stored the key encrypted in the travis.yml, and the package passes all 
tests.

But if I send it to CRAN, it would fail the tests, as the api key is not in the 
package itself.

I could disable all tests for CRAN which need the API key, but I think it would 
be better tu run the tests there as well (as an additional check to travis).

My question:

Is there a way of storing the API key encrypted, so that only the CRAN test 
servers can decrypt it, or is there another way can steal with this?

Thanks,

Rainer



--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, 
UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug

PGP: 0x0F52F982





signature.asc
Description: Message signed with OpenPGP
__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Uwe Ligges 
You should not run on CRAN. Note that the checks are done almost daily 
oin several platforms, hence the API key is used for about 10 check runs 
a day.


Best,
Uwe Ligges



On 05.09.2018 09:28, Rainer Krug wrote:

Hi

I have a package at GitHub (https://github.com/rkrug/ROriginStamp) which I am 
pre[paring for CRAN.

It creates a trusted timestamp using the API fro OriginStamp 
(https://originstamp.org/home) which requires an API key. Now this API should 
not be made public, as to much traffic through one API key will lead to it’s 
blocking.

I have stored the key encrypted in the travis.yml, and the package passes all 
tests.

But if I send it to CRAN, it would fail the tests, as the api key is not in the 
package itself.

I could disable all tests for CRAN which need the API key, but I think it would 
be better tu run the tests there as well (as an additional check to travis).

My question:

Is there a way of storing the API key encrypted, so that only the CRAN test 
servers can decrypt it, or is there another way can steal with this?

Thanks,

Rainer



--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, 
UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug

PGP: 0x0F52F982





__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel



__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Rainer M Krug 
OK - thanks. I will than disable the checks for CRAN.

Thanks,

Rainer


> On 5 Sep 2018, at 15:37, Uwe Ligges  wrote:
> 
> You should not run on CRAN. Note that the checks are done almost daily oin 
> several platforms, hence the API key is used for about 10 check runs a day.
> 
> Best,
> Uwe Ligges
> 
> 
> 
> On 05.09.2018 09:28, Rainer Krug wrote:
>> Hi
>> I have a package at GitHub (https://github.com/rkrug/ROriginStamp) which I 
>> am pre[paring for CRAN.
>> It creates a trusted timestamp using the API fro OriginStamp 
>> (https://originstamp.org/home) which requires an API key. Now this API 
>> should not be made public, as to much traffic through one API key will lead 
>> to it’s blocking.
>> I have stored the key encrypted in the travis.yml, and the package passes 
>> all tests.
>> But if I send it to CRAN, it would fail the tests, as the api key is not in 
>> the package itself.
>> I could disable all tests for CRAN which need the API key, but I think it 
>> would be better tu run the tests there as well (as an additional check to 
>> travis).
>> My question:
>> Is there a way of storing the API key encrypted, so that only the CRAN test 
>> servers can decrypt it, or is there another way can steal with this?
>> Thanks,
>> Rainer
>> --
>> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, 
>> UCT), Dipl. Phys. (Germany)
>> University of Zürich
>> Cell:   +41 (0)78 630 66 57
>> email:  rai...@krugs.de
>> Skype:  RMkrug
>> PGP: 0x0F52F982
>> __
>> R-package-devel@r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-package-devel

--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, 
UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug

PGP: 0x0F52F982





signature.asc
Description: Message signed with OpenPGP
__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Peter Meissner 
Hey,

Maybe webmockr (or something alike) can help:
https://cran.r-project.org/web/packages/webmockr/index.html

Best, Peter

Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:

> OK - thanks. I will than disable the checks for CRAN.
>
> Thanks,
>
> Rainer
>
>
> > On 5 Sep 2018, at 15:37, Uwe Ligges 
> wrote:
> >
> > You should not run on CRAN. Note that the checks are done almost daily
> oin several platforms, hence the API key is used for about 10 check runs a
> day.
> >
> > Best,
> > Uwe Ligges
> >
> >
> >
> > On 05.09.2018 09:28, Rainer Krug wrote:
> >> Hi
> >> I have a package at GitHub (https://github.com/rkrug/ROriginStamp)
> which I am pre[paring for CRAN.
> >> It creates a trusted timestamp using the API fro OriginStamp (
> https://originstamp.org/home) which requires an API key. Now this API
> should not be made public, as to much traffic through one API key will lead
> to it’s blocking.
> >> I have stored the key encrypted in the travis.yml, and the package
> passes all tests.
> >> But if I send it to CRAN, it would fail the tests, as the api key is
> not in the package itself.
> >> I could disable all tests for CRAN which need the API key, but I think
> it would be better tu run the tests there as well (as an additional check
> to travis).
> >> My question:
> >> Is there a way of storing the API key encrypted, so that only the CRAN
> test servers can decrypt it, or is there another way can steal with this?
> >> Thanks,
> >> Rainer
> >> --
> >> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
> Biology, UCT), Dipl. Phys. (Germany)
> >> University of Zürich
> >> Cell:   +41 (0)78 630 66 57
> >> email:  rai...@krugs.de
> >> Skype:  RMkrug
> >> PGP: 0x0F52F982
> >> __
> >> R-package-devel@r-project.org mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>
> --
> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
> Biology, UCT), Dipl. Phys. (Germany)
>
> University of Zürich
>
> Cell:   +41 (0)78 630 66 57
> email:  rai...@krugs.de
> Skype:  RMkrug
>
> PGP: 0x0F52F982
>
>
>
> __
> R-package-devel@r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>

[[alternative HTML version deleted]]

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Spencer Graves 

The fda package disables some tests on CRAN using:


if(!fda::CRAN()){
    test you don't want run on CRAN
}


  I've used this in other contexts with tests that are too long to 
run on CRAN but that I want to run otherwise during "R CMD check".



  Spencer Graves


On 2018-09-05 12:13, Peter Meissner wrote:

Hey,

Maybe webmockr (or something alike) can help:
https://cran.r-project.org/web/packages/webmockr/index.html

Best, Peter

Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:


OK - thanks. I will than disable the checks for CRAN.

Thanks,

Rainer



On 5 Sep 2018, at 15:37, Uwe Ligges 

wrote:

You should not run on CRAN. Note that the checks are done almost daily

oin several platforms, hence the API key is used for about 10 check runs a
day.

Best,
Uwe Ligges



On 05.09.2018 09:28, Rainer Krug wrote:

Hi
I have a package at GitHub (https://github.com/rkrug/ROriginStamp)

which I am pre[paring for CRAN.

It creates a trusted timestamp using the API fro OriginStamp (

https://originstamp.org/home) which requires an API key. Now this API
should not be made public, as to much traffic through one API key will lead
to it’s blocking.

I have stored the key encrypted in the travis.yml, and the package

passes all tests.

But if I send it to CRAN, it would fail the tests, as the api key is

not in the package itself.

I could disable all tests for CRAN which need the API key, but I think

it would be better tu run the tests there as well (as an additional check
to travis).

My question:
Is there a way of storing the API key encrypted, so that only the CRAN

test servers can decrypt it, or is there another way can steal with this?

Thanks,
Rainer
--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation

Biology, UCT), Dipl. Phys. (Germany)

University of Zürich
Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug
PGP: 0x0F52F982
__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug

PGP: 0x0F52F982



__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


[[alternative HTML version deleted]]

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Gábor Csárdi 
On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
 wrote:
>
> The fda package disables some tests on CRAN using:
>
>
> if(!fda::CRAN()){
>  test you don't want run on CRAN
> }

Seemingly this just checks for a couple of (5 by default) environment
variables that match "^_R_":
https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14

I am not sure if this is a good indication of the machine being a CRAN
machine, I do set  some of these
occasionally on my machine.  It would be great if CRAN machines could
set a specific environment
variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
these tests and examples
easily.

Gabor

>
>
>I've used this in other contexts with tests that are too long to
> run on CRAN but that I want to run otherwise during "R CMD check".
>
>
>Spencer Graves
>
>
> On 2018-09-05 12:13, Peter Meissner wrote:
> > Hey,
> >
> > Maybe webmockr (or something alike) can help:
> > https://cran.r-project.org/web/packages/webmockr/index.html
> >
> > Best, Peter
> >
> > Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:
> >
> >> OK - thanks. I will than disable the checks for CRAN.
> >>
> >> Thanks,
> >>
> >> Rainer
> >>
> >>
> >>> On 5 Sep 2018, at 15:37, Uwe Ligges 
> >> wrote:
> >>> You should not run on CRAN. Note that the checks are done almost daily
> >> oin several platforms, hence the API key is used for about 10 check runs a
> >> day.
> >>> Best,
> >>> Uwe Ligges
> >>>
> >>>
> >>>
> >>> On 05.09.2018 09:28, Rainer Krug wrote:
>  Hi
>  I have a package at GitHub (https://github.com/rkrug/ROriginStamp)
> >> which I am pre[paring for CRAN.
>  It creates a trusted timestamp using the API fro OriginStamp (
> >> https://originstamp.org/home) which requires an API key. Now this API
> >> should not be made public, as to much traffic through one API key will lead
> >> to it’s blocking.
>  I have stored the key encrypted in the travis.yml, and the package
> >> passes all tests.
>  But if I send it to CRAN, it would fail the tests, as the api key is
> >> not in the package itself.
>  I could disable all tests for CRAN which need the API key, but I think
> >> it would be better tu run the tests there as well (as an additional check
> >> to travis).
>  My question:
>  Is there a way of storing the API key encrypted, so that only the CRAN
> >> test servers can decrypt it, or is there another way can steal with this?
>  Thanks,
>  Rainer
>  --
>  Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
> >> Biology, UCT), Dipl. Phys. (Germany)
>  University of Zürich
>  Cell:   +41 (0)78 630 66 57
>  email:  rai...@krugs.de
>  Skype:  RMkrug
>  PGP: 0x0F52F982
>  __
>  R-package-devel@r-project.org mailing list
>  https://stat.ethz.ch/mailman/listinfo/r-package-devel
> >> --
> >> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
> >> Biology, UCT), Dipl. Phys. (Germany)
> >>
> >> University of Zürich
> >>
> >> Cell:   +41 (0)78 630 66 57
> >> email:  rai...@krugs.de
> >> Skype:  RMkrug
> >>
> >> PGP: 0x0F52F982
> >>
> >>
> >>
> >> __
> >> R-package-devel@r-project.org mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-package-devel
> >>
> >   [[alternative HTML version deleted]]
> >
> > __
> > R-package-devel@r-project.org mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-package-devel
>
> __
> R-package-devel@r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Spencer Graves 




On 2018-09-05 12:52, Gábor Csárdi wrote:

On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
 wrote:

The fda package disables some tests on CRAN using:


if(!fda::CRAN()){
  test you don't want run on CRAN
}

Seemingly this just checks for a couple of (5 by default) environment
variables that match "^_R_":
https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14

I am not sure if this is a good indication of the machine being a CRAN
machine, I do set  some of these
occasionally on my machine.  It would be great if CRAN machines could
set a specific environment
variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
these tests and examples
easily.



Agreed.  Before I wrote that function, I asked this list for 
suggestions.  The suggestion I got was, "Don't do it."  I felt that was 
not acceptable so wrote what I did.  I think we need a better solution.  
Spencer


Gabor



I've used this in other contexts with tests that are too long to
run on CRAN but that I want to run otherwise during "R CMD check".


Spencer Graves


On 2018-09-05 12:13, Peter Meissner wrote:

Hey,

Maybe webmockr (or something alike) can help:
https://cran.r-project.org/web/packages/webmockr/index.html

Best, Peter

Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:


OK - thanks. I will than disable the checks for CRAN.

Thanks,

Rainer



On 5 Sep 2018, at 15:37, Uwe Ligges 

wrote:

You should not run on CRAN. Note that the checks are done almost daily

oin several platforms, hence the API key is used for about 10 check runs a
day.

Best,
Uwe Ligges



On 05.09.2018 09:28, Rainer Krug wrote:

Hi
I have a package at GitHub (https://github.com/rkrug/ROriginStamp)

which I am pre[paring for CRAN.

It creates a trusted timestamp using the API fro OriginStamp (

https://originstamp.org/home) which requires an API key. Now this API
should not be made public, as to much traffic through one API key will lead
to it’s blocking.

I have stored the key encrypted in the travis.yml, and the package

passes all tests.

But if I send it to CRAN, it would fail the tests, as the api key is

not in the package itself.

I could disable all tests for CRAN which need the API key, but I think

it would be better tu run the tests there as well (as an additional check
to travis).

My question:
Is there a way of storing the API key encrypted, so that only the CRAN

test servers can decrypt it, or is there another way can steal with this?

Thanks,
Rainer
--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation

Biology, UCT), Dipl. Phys. (Germany)

University of Zürich
Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug
PGP: 0x0F52F982
__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug

PGP: 0x0F52F982



__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


   [[alternative HTML version deleted]]

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Henrik Bengtsson 
I take a complementary approach; I condition on, my home-made,
R_TEST_ALL variable.  Effectively, I do:

if (as.logical(Sys.getenv("R_TEST_ALL", "FALSE"))) {
   ...
}

and set R_TEST_ALL=TRUE when I want to run that part of the test.  You
can also imagine refined versions of this, e.g. R_TEST_SETS=foo,bar
and test scripts with:

if ("foo" %in% strsplit(Sys.getenv("R_TEST_SETS"), split="[, ]+")[[1]]) {
   ...makes no assumption
}

That avoids making assumptions on where the tests are submitted/run,
may it be CRAN, Bioconductor, Travis CI, ...

/Henrik

On Wed, Sep 5, 2018 at 11:08 AM Spencer Graves
 wrote:
>
>
>
> On 2018-09-05 12:52, Gábor Csárdi wrote:
> > On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
> >  wrote:
> >> The fda package disables some tests on CRAN using:
> >>
> >>
> >> if(!fda::CRAN()){
> >>   test you don't want run on CRAN
> >> }
> > Seemingly this just checks for a couple of (5 by default) environment
> > variables that match "^_R_":
> > https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14
> >
> > I am not sure if this is a good indication of the machine being a CRAN
> > machine, I do set  some of these
> > occasionally on my machine.  It would be great if CRAN machines could
> > set a specific environment
> > variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
> > these tests and examples
> > easily.
>
>
> Agreed.  Before I wrote that function, I asked this list for
> suggestions.  The suggestion I got was, "Don't do it."  I felt that was
> not acceptable so wrote what I did.  I think we need a better solution.
> Spencer
> >
> > Gabor
> >
> >>
> >> I've used this in other contexts with tests that are too long to
> >> run on CRAN but that I want to run otherwise during "R CMD check".
> >>
> >>
> >> Spencer Graves
> >>
> >>
> >> On 2018-09-05 12:13, Peter Meissner wrote:
> >>> Hey,
> >>>
> >>> Maybe webmockr (or something alike) can help:
> >>> https://cran.r-project.org/web/packages/webmockr/index.html
> >>>
> >>> Best, Peter
> >>>
> >>> Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:
> >>>
>  OK - thanks. I will than disable the checks for CRAN.
> 
>  Thanks,
> 
>  Rainer
> 
> 
> > On 5 Sep 2018, at 15:37, Uwe Ligges 
>  wrote:
> > You should not run on CRAN. Note that the checks are done almost daily
>  oin several platforms, hence the API key is used for about 10 check runs 
>  a
>  day.
> > Best,
> > Uwe Ligges
> >
> >
> >
> > On 05.09.2018 09:28, Rainer Krug wrote:
> >> Hi
> >> I have a package at GitHub (https://github.com/rkrug/ROriginStamp)
>  which I am pre[paring for CRAN.
> >> It creates a trusted timestamp using the API fro OriginStamp (
>  https://originstamp.org/home) which requires an API key. Now this API
>  should not be made public, as to much traffic through one API key will 
>  lead
>  to it’s blocking.
> >> I have stored the key encrypted in the travis.yml, and the package
>  passes all tests.
> >> But if I send it to CRAN, it would fail the tests, as the api key is
>  not in the package itself.
> >> I could disable all tests for CRAN which need the API key, but I think
>  it would be better tu run the tests there as well (as an additional check
>  to travis).
> >> My question:
> >> Is there a way of storing the API key encrypted, so that only the CRAN
>  test servers can decrypt it, or is there another way can steal with this?
> >> Thanks,
> >> Rainer
> >> --
> >> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>  Biology, UCT), Dipl. Phys. (Germany)
> >> University of Zürich
> >> Cell:   +41 (0)78 630 66 57
> >> email:  rai...@krugs.de
> >> Skype:  RMkrug
> >> PGP: 0x0F52F982
> >> __
> >> R-package-devel@r-project.org mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>  --
>  Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>  Biology, UCT), Dipl. Phys. (Germany)
> 
>  University of Zürich
> 
>  Cell:   +41 (0)78 630 66 57
>  email:  rai...@krugs.de
>  Skype:  RMkrug
> 
>  PGP: 0x0F52F982
> 
> 
> 
>  __
>  R-package-devel@r-project.org mailing list
>  https://stat.ethz.ch/mailman/listinfo/r-package-devel
> 
> >>>[[alternative HTML version deleted]]
> >>>
> >>> __
> >>> R-package-devel@r-project.org mailing list
> >>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
> >> __
> >> R-package-devel@r-project.org mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>
> __
> R-package-devel@r-project.or

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Duncan Murdoch 

On 05/09/2018 2:20 PM, Henrik Bengtsson wrote:

I take a complementary approach; I condition on, my home-made,
R_TEST_ALL variable.  Effectively, I do:

if (as.logical(Sys.getenv("R_TEST_ALL", "FALSE"))) {
...
}

and set R_TEST_ALL=TRUE when I want to run that part of the test.  You
can also imagine refined versions of this, e.g. R_TEST_SETS=foo,bar
and test scripts with:

if ("foo" %in% strsplit(Sys.getenv("R_TEST_SETS"), split="[, ]+")[[1]]) {
...makes no assumption
}

That avoids making assumptions on where the tests are submitted/run,
may it be CRAN, Bioconductor, Travis CI, ...


This is the right way to do it.

This discussion has come up before.  If you want to submit to CRAN, you 
should include tests that satisfy their requests.  If you want even more 
tests, there are several ways to add them in addition to the CRAN tests. 
 Henrik's is one, "R CMD check --test-dir=myCustomTests" is another.


Rainer's package is unusual, in that from his description it can't 
really work unless the user obtains an API key.  There are other 
packages like that, and those cases need manual handling by CRAN:  they 
don't really run full tests by default.  But the vast majority of 
packages should be able to live within the CRAN guidelines.


Duncan Murdoch


/Henrik

On Wed, Sep 5, 2018 at 11:08 AM Spencer Graves
 wrote:




On 2018-09-05 12:52, Gábor Csárdi wrote:

On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
 wrote:

The fda package disables some tests on CRAN using:


if(!fda::CRAN()){
   test you don't want run on CRAN
}

Seemingly this just checks for a couple of (5 by default) environment
variables that match "^_R_":
https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14

I am not sure if this is a good indication of the machine being a CRAN
machine, I do set  some of these
occasionally on my machine.  It would be great if CRAN machines could
set a specific environment
variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
these tests and examples
easily.



Agreed.  Before I wrote that function, I asked this list for
suggestions.  The suggestion I got was, "Don't do it."  I felt that was
not acceptable so wrote what I did.  I think we need a better solution.
Spencer


Gabor



 I've used this in other contexts with tests that are too long to
run on CRAN but that I want to run otherwise during "R CMD check".


 Spencer Graves


On 2018-09-05 12:13, Peter Meissner wrote:

Hey,

Maybe webmockr (or something alike) can help:
https://cran.r-project.org/web/packages/webmockr/index.html

Best, Peter

Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:


OK - thanks. I will than disable the checks for CRAN.

Thanks,

Rainer



On 5 Sep 2018, at 15:37, Uwe Ligges 

wrote:

You should not run on CRAN. Note that the checks are done almost daily

oin several platforms, hence the API key is used for about 10 check runs a
day.

Best,
Uwe Ligges



On 05.09.2018 09:28, Rainer Krug wrote:

Hi
I have a package at GitHub (https://github.com/rkrug/ROriginStamp)

which I am pre[paring for CRAN.

It creates a trusted timestamp using the API fro OriginStamp (

https://originstamp.org/home) which requires an API key. Now this API
should not be made public, as to much traffic through one API key will lead
to it’s blocking.

I have stored the key encrypted in the travis.yml, and the package

passes all tests.

But if I send it to CRAN, it would fail the tests, as the api key is

not in the package itself.

I could disable all tests for CRAN which need the API key, but I think

it would be better tu run the tests there as well (as an additional check
to travis).

My question:
Is there a way of storing the API key encrypted, so that only the CRAN

test servers can decrypt it, or is there another way can steal with this?

Thanks,
Rainer
--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation

Biology, UCT), Dipl. Phys. (Germany)

University of Zürich
Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug
PGP: 0x0F52F982
__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

--
Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:   +41 (0)78 630 66 57
email:  rai...@krugs.de
Skype:  RMkrug

PGP: 0x0F52F982



__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


[[alternative HTML version deleted]]

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

__
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


__
R-package-devel@

Re: [R-pkg-devel] Submission to CRAN when package needs personal data (API key)

2018-09-05 Thread Rainer M Krug 


> On 5 Sep 2018, at 20:20, Henrik Bengtsson  > wrote:
> 
> I take a complementary approach; I condition on, my home-made,
> R_TEST_ALL variable.  Effectively, I do:
> 
> if (as.logical(Sys.getenv("R_TEST_ALL", "FALSE"))) {
>   ...
> }
> 
> and set R_TEST_ALL=TRUE when I want to run that part of the test.  You
> can also imagine refined versions of this, e.g. R_TEST_SETS=foo,bar
> and test scripts with:
> 
> if ("foo" %in% strsplit(Sys.getenv("R_TEST_SETS"), split="[, ]+")[[1]]) {
>   ...makes no assumption
> }
> 
> That avoids making assumptions on where the tests are submitted/run,
> may it be CRAN, Bioconductor, Travis CI, …

Thanks Henrik - that sounds like a good idea. At the moment, I am checking for 
the name of my machine, which is obviously not to robust.

I will implement this before submission to CRAN.

Thanks,

Rainer

> 
> /Henrik
> 
> On Wed, Sep 5, 2018 at 11:08 AM Spencer Graves
>  > wrote:
>> 
>> 
>> 
>> On 2018-09-05 12:52, Gábor Csárdi wrote:
>>> On Wed, Sep 5, 2018 at 6:34 PM Spencer Graves
>>> >> > wrote:
 The fda package disables some tests on CRAN using:
 
 
 if(!fda::CRAN()){
  test you don't want run on CRAN
 }
>>> Seemingly this just checks for a couple of (5 by default) environment
>>> variables that match "^_R_":
>>> https://github.com/cran/fda/blob/0549e6a86aa144d8c2aade2d8704a269fb8a94ed/R/CRAN.R#L14
>>>  
>>> 
>>> 
>>> I am not sure if this is a good indication of the machine being a CRAN
>>> machine, I do set  some of these
>>> occasionally on my machine.  It would be great if CRAN machines could
>>> set a specific environment
>>> variable globally, e.g. ON_CRAN, or _R_ON_CRAN_, so people could skip
>>> these tests and examples
>>> easily.
>> 
>> 
>> Agreed.  Before I wrote that function, I asked this list for
>> suggestions.  The suggestion I got was, "Don't do it."  I felt that was
>> not acceptable so wrote what I did.  I think we need a better solution.
>> Spencer
>>> 
>>> Gabor
>>> 
 
I've used this in other contexts with tests that are too long to
 run on CRAN but that I want to run otherwise during "R CMD check".
 
 
Spencer Graves
 
 
 On 2018-09-05 12:13, Peter Meissner wrote:
> Hey,
> 
> Maybe webmockr (or something alike) can help:
> https://cran.r-project.org/web/packages/webmockr/index.html 
> 
> 
> Best, Peter
> 
> Rainer M Krug  schrieb am Mi., 5. Sep. 2018, 15:38:
> 
>> OK - thanks. I will than disable the checks for CRAN.
>> 
>> Thanks,
>> 
>> Rainer
>> 
>> 
>>> On 5 Sep 2018, at 15:37, Uwe Ligges 
>> wrote:
>>> You should not run on CRAN. Note that the checks are done almost daily
>> oin several platforms, hence the API key is used for about 10 check runs 
>> a
>> day.
>>> Best,
>>> Uwe Ligges
>>> 
>>> 
>>> 
>>> On 05.09.2018 09:28, Rainer Krug wrote:
 Hi
 I have a package at GitHub (https://github.com/rkrug/ROriginStamp)
>> which I am pre[paring for CRAN.
 It creates a trusted timestamp using the API fro OriginStamp (
>> https://originstamp.org/home) which requires an API key. Now this API
>> should not be made public, as to much traffic through one API key will 
>> lead
>> to it’s blocking.
 I have stored the key encrypted in the travis.yml, and the package
>> passes all tests.
 But if I send it to CRAN, it would fail the tests, as the api key is
>> not in the package itself.
 I could disable all tests for CRAN which need the API key, but I think
>> it would be better tu run the tests there as well (as an additional check
>> to travis).
 My question:
 Is there a way of storing the API key encrypted, so that only the CRAN
>> test servers can decrypt it, or is there another way can steal with this?
 Thanks,
 Rainer
 --
 Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>> Biology, UCT), Dipl. Phys. (Germany)
 University of Zürich
 Cell:   +41 (0)78 630 66 57
 email:  rai...@krugs.de
 Skype:  RMkrug
 PGP: 0x0F52F982
 __
 R-package-devel@r-project.org mailing list
 https://stat.ethz.ch/mailman/listinfo/r-package-devel
>> --
>> Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation
>> Biology, UCT), Dipl. Phys. (Germany)
>> 
>> University of Zürich
>> 
>> Cell:   +41 (0)78 630 66 57
>> email:  rai...@krugs.de
>> Skype:  RMkrug
>> 
>> PGP: 0x0F52F982
>>