On 13 August 2016 at 18:19, Bob Rudis wrote:
| Aye. I rly need to get back to my security & privacy "R" post. The
| slipstreaming in of these binaries is somewhat frightening. Almost as
| frightening as being stuck on Windows 😀
Right.
And the Windows side of that so-called "anticonf" [1] pattern more-or-less
establishes itself as "best practice" -- which may be defensible realizing
[2] that Windows is a fairly terrible development environment lacking any
kind of modularity or packages [3]. But then we all need to wake up, realize
it is 2016 and we may be providing binaries for maybe up to a millions users
on that platform. By what you call "slipstreaming". Seriously?
Dirk
[1] I personally dislike that name a lot, even though I generally enjoy puns.
[2] See my earlier post in this thread.
[3] At the system level; I am unfamiliar with nu-get but add-ons failed before
| On Sat, Aug 13, 2016 at 13:09 Dirk Eddelbuettel <e...@debian.org> wrote:
|
|
| I don't think there is a good "generally applicable" solution. We have a
| bunch of hacks. Below are three quickly picked examples from packages of
| mine:
|
| RQuantLib relies on environment variables and a 'library that needs to
just
| be there' on the build host:
|
| ## The environment variable QUANTLIB_ROOT has to point to an existing
| build of QuantLib
| ## With R 2.12.0 and later, we also support 32 and 64 bit builds and
| need to differentiate
| PKG_CPPFLAGS=-I$(QUANTLIB_ROOT) -I../inst/include -I. -I$(BOOSTLIB)
| PKG_CXXFLAGS=$(SHLIB_OPENMP_CFLAGS) -fpermissive
| PKG_LIBS=-L$(QUANTLIB_ROOT)/lib${R_ARCH} -lQuantLib $
| (SHLIB_OPENMP_CFLAGS)
|
| RcppGSL does the same
|
| ## This assumes that the LIB_GSL variable points to working GSL
| libraries
| PKG_CPPFLAGS=-I$(LIB_GSL)/include -I../inst/include
| PKG_LIBS=-L$(LIB_GSL)/lib -lgsl -lgslcblas
|
| Rblpapi copies a library (for which we have 'free' binaries but no source)
| in
| from GitHub:
|
| ## target to ensure tar.gz files get unpacked
| ## the opening '@' ensures operations are executed 'quietly'
| ## in order to see commands as they happens add a 'v' to the tar and cp
| commands
| ## curl has '-k' flag to suppress certificate warnings
| blpLibrary:
| @if [ ! -d ../inst ]; then mkdir -p ../inst; fi
| @if [ ! -d ../blp/win/${FLV} ]; then mkdir -p ../blp/win/$
| {FLV}; fi
| @if [ ! -f ../blp/win/${FLV}/blpHeaders.tar.gz ]; then
curl
| -s -k -L -O https://github.com/Rblp/blp/raw/master/headers/windows/
| blpHeaders.tar.gz; mv blpHeaders.tar.gz ../blp/win/${FLV}; tar xfz ../blp/
| win/${FLV}/blpHeaders.tar.gz -C ../inst; fi
| @if [ ! -f ../blp/win/${FLV}/blpLibrary.tar.gz ]; then
curl
| -s -k -L -O https://github.com/Rblp/blp/raw/master/win${WIN}/
| blpLibrary.tar.gz; mv blpLibrary.tar.gz ../blp/win/${FLV}; tar xfz ../blp/
| win/${FLV}/blpLibrary.tar.gz; fi
| @if [ ! -d ${FLV} ]; then mkdir -p ${FLV}; fi
| @cp blpapi3_${WIN}.dll ${FLV}
| @if [ ! -d ../inst/libs/${FLV} ]; then mkdir -p ../inst/
| libs/${FLV}; fi
| @cp blpapi3_${WIN}.dll ../inst/libs/${FLV}
|
|
| None of that really generalizes well. The last bit, much like the
| so-called
| anticonf pattern, is more or less a non-standard practice exposing a
| security
| risk by copying in code from a semi-random location which could be
hijacked
| or man-in-the-middle'd.
|
| Really all this is just pretending that Windows is an envrionment on which
| you can deploy proper build systems -- similar to what we are used from
the
| likes of dpkg/apt/yum or brew. But in all honesty you just can't.
|
| So I would not try to aim for something overly general. It is Windows
| after all.
|
| Dirk
|
| --
| http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
|
--
http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
______________________________________________
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel
