Release Notes#
Please contact Posit customer support (support@posit.co) with questions about the described changes.
Posit Package Manager 2024.08.3#
November 07, 2024
New#
- Adds support for openSUSE 15.6 and SLES 15 SP6. (#14026)
- Adds a command to the Bioconductor setup page to set the
R_BIOC_VERSION
environment variable for better reproducibility. This prevents BiocManager from automatically upgrading to a new Bioconductor version as soon as it's released. (#14320) - Our installation documentation now recommends using
apt
instead ofgdebi
to install Package Manager. (#7812) - Python Git builders now build binary distributions (wheels) for Python packages if possible, in addition to source distributions. This may help prevent package installation failures using newer versions of
pip
that use build isolation, and speed up installations for packages with compiled code. (#14213) - Document the
rspm evict
command types for more clear usage. (#14404) - Adds new
rspm encrypt generate
command to create an encryption key manually before starting Package Manager. (14430) - Document how to edit the
rstudio-pm.service
configuration. (#14431) - Adds a new
PACKAGEMANAGER_PROXY_TOKEN
environment variable for the CLI to set theAuthorization
andX-PPM-Authorization
headers accordingly for proxied environments. (#14472) - Adds the ability create blocklist rules based on a repository. (#14560)
- The UI now displays a single entry with a version selector when multiple current versions of a package exist in CRAN. (#3856)
Fixed#
- Fixed an issue where Git-based packages did not load correctly after migrating to a Postgres DB. (#14219)
- Please contact Posit customer support (support@posit.co) if you see messages like this in your server log after migrating to Postgres using an older Package Manager version:
Unable to set Git Builder URL for Git package: sql: no rows in result set
.
- Please contact Posit customer support (support@posit.co) if you see messages like this in your server log after migrating to Postgres using an older Package Manager version:
- Fixed an issue where
--succeed-on-existing
flag forrspm create git-builder
did not work. (#14211) - Fixed an issue where excessive blank space could appear on the Usage Stats page in certain browsers like Chrome. (#14192)
- Fixed an issue that prevented retrieving archived packages from CRAN Snapshot sources migrated from Package Manager
2023.12
or earlier. (#14273) - Fixed an issue with the R Package page loading slowly for packages with a large number of dependencies. (#14291)
- Fixed an issue with serving responses for missing Python packages when using S3 file storage. This could cause tools like uv to fail when installing packages in some cases. (#14292)
- Fixed an issue with missing Activity Log messages for curated CRAN sources when using S3 file storage. (#14292)
- Fixed an issue with
rspm
CLI error messages not appearing in some cases. (#14321) - Fixed an issue that could cause binary package serving to fail when using a proxy or third-party integration, like Artifactory, in very rare cases. (#14300)
- Increases timeout to prevent intermittent "timeout waiting for macro transaction to open" errors. (#14390)
- Fixed an issue where the
Postgres.UsageDataURL
would default to thePostgres.URL
, but thePostgres.UsageDataPassword
would need to be configured separately. (#14339) - Fixed an issue where the
Database.Provider = postgres
setting wasn't accounting for case sensitivity resulting in errors thatthe commands are only available when using a PostgreSQL database
.(#14420) - CRAN snapshot dates now backdate to the selected Bioconductor date on the Setup page. (#14254)
- Fixed an issue with package manager hanging up after startup if
Server.TempDir
was set to a directory with thenoexec
option (#14381) - Fixed an issue where the CRAN repository package count could be incorrect. (#13132)
- Fixed an issue where curated CRAN requirements containing a dash '-' resulted in a failure. (#14475)
- Fixed an issue where an error during package updates could cause temporary files to accrue. (#14485)
- Broad encryption key file permissions now log a warning rather than prevent start-up. (#14547)
- Fixed an issue where the PyPI simple package page could incorrectly reference the wrong repository. (#14560)
- Fixed a confusing
rspm
error where aninvalid character ... looking for beginning of value
. This will now output the body from the failed request. - Fixed an issue where a failed package update could get cached and require a server restart to recover. (#14628)
- Fixed
S3Storage.Prefix
handling by automatically stripping all leading and trailing slashes. (#14606) - Fixed an issue where disabled vulnerabilities flag was not applied correctly. (#14630)
Breaking#
- CentOS/RHEL 7 has reached vendor end of support and is no longer supported. (#13652)
- Changed swagger definitions and response types for creating and listing repos and sources, to avoid exposing internal struct types. (#14307)
- The configuration option
HTTP.Listen
will now default to:4242
. SetHTTP.Listen
to an empty value to disable HTTP server connections. (#14187)
Posit Package Manager 2024.08.2#
September 20, 2024
Fixed#
- Fixed a migration issue involving Bioconductor usage with Package Manager versions prior to
2021.09
. (#14408)
Posit Package Manager 2024.08.0#
August 09, 2024
New#
[Logging]
section has been added to configure the system log output, format, and level. (#13817)- Postgres installations no longer require a separate database for the usage data. The
[Postgres].UsageDataURL
field will now default to the configured[Postgres].URL
. (#13643) - Adds a new notification banner and prometheus metric for the number of days left until the product version is no longer supported. See the support configuration settings to tweak these options. (#9905)
- The Server API is now considered stable and generally available. While endpoints are still subject to change, breaking changes will be documented. (#13682)
- Adds a new flag option
rspm evict --type=clear
for immediate cache eviction. (#13767) - Adds a new
rspm bootstrap
command for creating keypairs, and generating an admin token for remote management. (#13799) - The entire admin CLI is now available for use remotely, with the exception of the
offline
,online
andcluster
commands. API tokens can be generated with the newglobal:admin
scope to allow full access to the CLI. See the Remote Use documentation for more details. (#13778) - The following commands can now be used remotely with the
sources:write
API token scope:rspm update
andrspm add
on curated CRAN, CRAN snapshot, and curated PyPI sources. (#13592, #13779)rspm import
to import a Git credential that can be used for any Git source. (#13780)rspm remove
to remove packages from a source. (#13781)
- Adds the
rspm verify
command to verify a connection to the server. (#13954) - Adds the AppArmor profile for Ubuntu 24.04 and later versions, enabling the use of user namespace sandboxing for Git package builds. (#13599)
- Bioconductor sources now fully support date-based snapshots. Use the snapshot calendar on the Setup page to get a frozen URL for any Bioconductor packages. Bioconductor repos may now optionally include a
latest
or snapshot URL segment. (#13947) - Adds support for Ubuntu 24.04 (Noble). (#13222)
- Adds the
OS Type
field to the R package Overview page in the UI for packages that specify an OS type. (#8076) - Updated to Go 1.22.6.
Fixed#
- Fixed an issue where the PyPI repository view would incorrectly show some popular packages. The view will also now sort popular packages using 30 day rollups instead of 90 days. (#13633)
- Fixed an issue where Python signature files were being recorded as package downloads. (#13545)
- Retry Git clones when building Git packages in the case of transient download issues. (#13699)
- Fixed an issue that was causing reloads of the Bioconductor activity page to navigate to the error page. (#13721)
- Fixed several issues with missing messages when running the
rspm update
command. (#13656, #13724, #13750) - Fixed an issue where changes to PyPI packages in an offline environment would not be reflected in PyPI repositories when installing packages from historical date snapshots. (#13621)
- Fixed an API issue with unbounded memory usage when enumerating packages. (#13692)
- Fixed an API memory issue to remove a potential Denial-of-Service (DoS) vulnerability. (#13692)
- Fixed an issue where multiple Git builds with matching checksums would sometimes fail. (#13728)
- Python and R repositories with no snapshots will no longer try and display a calendar. (#13557)
- Fixed a bug with the
rspm_license_days_left
metric returning the days left for a trial instead of the activated license. (#13852) - Fixed an issue where Git builds would intermittently fail due to missing remote references. (#13880)
- Fixed an issue with retrieving data from empty Curated CRAN sources. (#13886)
- Adds back the
Needs Compilation
andDependency
columns to therspm update
for curated CRAN sources. (#14009) - Fixed an issue where Postgres returned an unexpected EOF resulting in a fatal shutdown. (#14039)
- Fixed an issue with displaying all results for certain searches. (#13739)
- Fixed a Git builder issue that would cause the error
sql: Scan error on column index 10, name "url": converting NULL to string is unsupported
. (#14069) - Fixed an issue with loading R package binaries for archived packages. (#14099)
- Fixed an issue where the distribution selectors displayed in the UI had different values. (#14118)
- Fixed an issue with loading R package binaries for archived packages from CRAN Snapshot sources. (#7179)
- Fixed an issue with the UI where archived source file URLs were invalid for packages with paths such as
4.5.0/Recommended
. (#14121)
Breaking#
- Bioconductor sources can no longer be created with the
rspm create source
command. Individual Bioconductor sources have been replaced with a single Bioconductor source that provides data for all Bioconductor versions. See the Quick Start guide for more information. (#13962) [Debug].Log
has been deprecated and disabled, along with debug regions. See[Logging].SystemLogLevel
for debug logging. (#13817)- Systemd service file has been simplified due to logging changes.
tee
is no longer used to redirect logs to log file and PID file no longer used. See[Logging]
section for logging configs. (#13858) rspm config debug logger
has been updated. It is nowrspm config log --level=[level]
to set various logger levels. (#13817)- The
[Authentication].APITokenAuth
setting is now enabled by default. (#13805) - API endpoints now expect repository and source names instead of IDs. IDs are still supported for backward compatibility, but this may change in a future release. Using IDs instead of names may result in inconsistent output if any sources or repositories use numeric names. (#13683)
- Deprecates using
rspm add
to add packages to Curated CRAN sources. Userspm update
to add packages to Curated CRAN sources. (#13404) - openSUSE 15.4 and SLES 15 SP4 have reached vendor end of support and are no longer supported. (#13518)
- The Swagger API documentation version will now match the application server version. (#13681)
- The
Id
in the transactions API will now be null for CRAN, PyPI, and other mirrored sources instead of 0. (#13674) - Integers are no longer allowed as source or repository names. (#13701)
- New repository and source names may only contain the characters
a-z
,A-Z
,0-9
, and.
,~
,-
,_
. (#13933) - The
rspm url create
command now requires the--date
flag. (#14010)
Posit Package Manager 2024.04.4#
June 26, 2024
Fixed#
- Fixed an issue with migrating Curated CRAN sources when using a PostgreSQL database. (#13938)
Posit Package Manager 2024.04.2#
June 14, 2024
New#
- Adds an index to the
cache_objects
table for more efficient cache evictions. (#13648)
Fixed#
- Fixed an issue with migrating Curated CRAN sources that were created prior to Package Manager 1.2.0. (#13747)
Posit Package Manager 2024.04.0#
May 6, 2024
New#
- PyPI repositories can now be used in air-gapped or offline environments. Rather than downloading all of PyPI, you'll define your own subset of packages you want to make available offline. See the Air-Gapped Package Manager documentation for instructions on how to set up an offline PyPI repository.
- Adds automatic CRAN synchronization. Package Manager will synchronize the CRAN source on demand and check for CRAN updates every 10 minutes. (#13114)
- Major updates to the CRAN source. CRAN data is no longer stored in the database, which significantly reduces sync time and increases performance. If you are already using a CRAN source, you can take advantage of these improvements by running
rspm sync --type=cran
immediately after upgrading. (#13114) - By default, new created Curated CRAN sources now use a more permissive package version snapshot behavior. You can still create Curated CRAN sources using the previous behavior by using the
--strict
option when creating the source. See the Admin Guide for more details. (#12884) rspm update
now supports specifying arequirements.txt
file with the--file-in
flag for Curated CRAN sources. (#12884)- New Curated CRAN sources can now filter individual packages using version constraints. This does not apply to Curated CRAN sources created before this release. (#12884)
- New Curated CRAN sources can now have their snapshots updated backwards in time. This does not apply to Curated CRAN sources created before this release. (#12884)
rspm create source
now supports a--include
flag which determines which types of related packages are included in the source.- Python auto-detection will now attempt to pick the highest available version of
python
orpython3
bin in$PATH
or/opt/python/*
that hasbuild
andvirtualenv
modules. If no such version is found, it defaults to the highest version available. (#12991, #13260, #13307) - R
PACKAGES
andPACKAGES.rds
responses for package binary lists include new fields. (#4639)- For local and Git package binaries, the new
Sha256Hash
field records the SHA256 hash for the file. (#4639) - For CRAN package binaries, the new
Hash
field can be used to determine when a package binary is updated. This field should not be used to verify file integrity. (#4639)
- For local and Git package binaries, the new
- Package Manager will now switch its built-in encryption to use the AES-256-GCM algorithm when the
Server.UseFIPSEncryption
setting is enabled. This algorithm is an Approved Security Function under Federal Information Processing Standard 140, which is applicable to many organizations. (#12534) - The URL used for a Git builder is now displayed in the UI for associated Git packages. (#11873)
- Adds new blocklist flag
--deleted-packages
to block packages that have been removed from PyPI or CRAN from older snapshots. (#12624) - Adds new
rspm_license_days_left
Prometheus metric for more convenient alerting. (#13037) rspm
completions for thefish
shell can be generated withrspm completion
. (#13366)rspm update
will now default to the latest snapshot if the--commit
flag is absent for curated PyPI sources. (#13297)- Updated to Golang 1.22.2.
- Package Manager's version will be included in the
User-Agent
header when syncing packages. (#9509)
Fixed#
- Disables the calendar selector when an R repository is only subscribed to a Bioconductor source. (#12560)
- Improved error message when using the
rspm add
command with invalid flags. (#12022) - Properly display binary files in UI for repositories that mix CRAN and Bioconductor sources. (#12559)
- Delete Python Git builders when a Git Python source is deleted. (#12626)
- The Server API Guide "Try it out" URLs now respect the path of the public server URL configured in
Server.Address
. The Server API Guide URLs can still be customized separately using theSwagger.Host
andSwagger.BasePath
settings. (#12448) - The
Swagger.BasePath
setting no longer needs to end with/__api__
. This may be removed from any existingSwagger.BasePath
settings. (#12448) - The
Database.Provider
configuration option is now case insensitive. (#12708) - Python packages will no longer hyperlink malformed
extra
package links. (#11836) - Orphaned Python packages are now deleted when running
rspm evict --type packages
. (#9422) - Fixed a bug where the usage stats page would no longer render charts after changing the chart options. (#12730)
- Archived packages for combined repos are properly filtered based on subscription order. (#12804, #12687)
- Fixed the incorrect repository URL for Bioconductor repositories on the Setup page. (#12936)
- Fixed an issue preventing Linux binary packages in local and Git sources from being served for old, deprecated R versions. (#9209, #12938)
- Fixed an issue preventing Linux binary packages in local and Git sources from being served for the arm64 architecture. (#11633)
- Increased the systemd
StartLimitBurst
from3
to30
for more reliable recovery. (#13206) - Fixed an issue that was causing temporary files to accumulate when downloads failed. (#13331)
- Fixed the output of the
rspm list git-builds
command to return valid JSON when the--output-format=json
flag is provided. (#13475) - Only attempt Git credential decryption once to avoid spurious logs about potentially sensitive values in plain text. (#13383)
- Double the default timeout for the
rspm cluster [online/offline]
commands. (#13407) - Fixed an issue where the
rspm [online/offline]
andrspm cluster [online/offline]
commands will intermittently timeout. (#13415) - Fixed an issue where some packages could not have their checksum computed which caused some packages to be missing. (#6980)
- Logging has been improved when a secret decryption fails. (#12874)
- The UI no longer shows statistics on the home page unless a relevant repository exists. (#12543)
- List items in the Package Details UI are now more easily clickable. (#12777)
- Server logs are improved when Python cannot be auto-detected. (#12545)
- The stats page now saves the selected ecosystem. (#12540)
- Warnings are now shown when curated repositories exist without the proper license. (#12558)
- The
run-diagnostics
script now excludes large binary files from the report. (#12528) - The error page now presents a generic error message instead of internal errors. (#13209)
- Fixed a
migrate database
bug when migrating with stale data injob_launcher_jobs
andgit_package_builds
; these tables will now be ignored. (#12729) - Underlines package links on the activity page for R and Bioconductor repositories following accessibility best practices. (#12587)
- Repositories with empty Curated CRAN and PyPI sources no longer show an error. (#13171)
- The
rspm create source
now displays a better error when an invalid type is provided. (#13150) - CRAN snapshots in error messages are formatted correctly. (#13190)
- Some archived CRAN packages were missing the occurred field. (#13341)
- Some documentation redirects were misconfigured. (#13405)
- Fixed a deadlock that can occur during syncs. (#13166)
Breaking#
- Air-gapped customers are required to re-download the CRAN data after upgrading before syncing the CRAN source. See the Admin Guide for more information.
- The offline downloader version must now correspond with the Package Manager version.
- Removes support for populating the database with information on cached objects when upgrading from versions prior to 1.1.2. If you are upgrading from a version prior to 1.1.2, recently used cached objects may be evicted, but will be automatically recreated on demand. (#12664)
- Removes support for the
id
query parameter from all API endpoints. Packages should be referenced only by name. - The
/packages/:id/files/:path
API address has changed to/repos/:id/packages/:name/files/:path
and requires a package name instead of an ID. - The
/packages/:id/readme
API address has changed to/repos/:id/packages/:name/readme
and requires a package name instead of an ID. - When updating a Git builder's URL, specifying the branch is also required to ensure its existence. (#12880)
- Integrations with Artifactory must add the new
**/rsf/**
inclusion/exclusion rules to the repositories. (#13182) - Updating the snapshot date of an empty curated CRAN source is no longer possible. (#13750)
Posit Package Manager 2023.12.0#
December 18, 2023
New#
- Adds package vulnerability reporting based on osv.dev advisories. Known security vulnerabilities will be displayed on the Package page for CRAN, Bioconductor, and PyPI packages. (#11932)
- Adds
--vulns
option torspm create blocklist-rule
to block packages with known security vulnerabilities. (#11931) - Database migrations are now stricter when comparing data. Migration errors now display the table and column where mismatch occurred. (#9749)
- Adds support for creating Git builders with Python packages using
rspm create git-builder
command. (#11952) - Adds banner for blocked packages, archived versions, and distributions. If a description exists for the blocking rule, it will be displayed on the banner. (#11935)
- Grayed out various broken URLs for downloading package binaries, distributions, etc. if they are known to be blocked. (#11967, #11971)
- Adds
rspm create bulk-blocklist-rules
(aliasrspm create bulk-bl
) command to bulk add blocklist rules via file or STDIN. (#11964) - The pre-install script now creates a symlink from the
rspm
command to the/user/local/bin
directory and, if available, initializes bash autocompletion. (#6544) - The
rspm delete blocklist-rule
command now supports bulk deletion of either all or a subset of rules with specified--id
flag. (#10071) - The R Package page now displays the sub-path of the package within the repository if present, such as
Path: Older
orPath: 4.4.0/Recommended
. (#11881) - Render Python reStructuredText READMEs in the UI. (#4594)
- Adds the
Git.AttemptVignettes
option to attempt building R Package Vignettes through the Git Builders. (#8490) - Adds the source type and SPDX license types for package requests to the service log using the
src_type
andlic_type
fields. (#11923) - Adds new endpoints to gather vulnerability information on sources, repositories, and packages. (#12051)
- Adds
EnvironmentFile
support to systemd service definitions. (#12079) - When the
Server.RVersion
option is unset, attempt to autodetect R by checking the PATH and some well-known installation directories. (#11801) - Adds support for uploading Python packages to
local-python
sources with therspm add
CLI command. (#12078) - Adds ability to pass in a directory for the
--path
flag when uploading packages withrspm add
, supported for bothlocal
andlocal-python
sources. (#12101) - Adds
[CRAN, PyPI, Bioconductor].DelaySyncDuration
config option to have the ability to delay sync by a certain number of [hours|days]. (#11935) - When the
Server.PythonVersion
option is unset, attempt to autodetect Python by checking the PATH. (#12104) - The webpage footer now displays the product tier. (#12271)
- Adds support for increasing Git cloning depth when adding/editing Git builders with a new
--clone-depth=[depth]
flag. (#12273) - Adds support for openSUSE 15.5 and SLES 15 SP5. (#10858)
Fixed#
- Accessibility improvements in the UI.
- Fixed keyboard navigation of radio button groups on the Setup page. (#11739)
- Fixed missing accessible labels and markup for disclosure buttons on the Packages page, Activity page, and navigation bar. (#11794, #11805, #11824)
- Fixed missing accessible labels on search inputs and their clear buttons for packages and usage stats. (#11821, #11795)
- Removed duplicate empty link in the navigation bar. (#11793)
- Copy buttons are now better labeled with unique descriptions. (#10738)
- Navigating between Python packages had a noticable delay. (#11898)
- Minor performance improvements to R and Python package serving when packages have been blocked. (#12280)
- Sandboxed Git builders now share the same network configuration as the host so they can pull external dependencies. (#12296)
- Fixed the
empty git-upload-pack given
error that ocurred with Git builders for Azure Git repositories. (#12323) - Increased the default package cache size. (#12379)
- Fixed an issue with incorrect "Content-Length" header reporting when using S3 with client-side KMS encryption. (#12532)
- Respect proxy environment variables (
http_proxy
/https_proxy
) with remote CLI usage. (#11784)
Breaking#
- Ubuntu 18.04 (Bionic) has reached vendor end of support and is no longer supported. (#9762)
- Removes support for extracting README files for local and Git packages created in Package Manager versions prior to
1.0.6
. If you are upgrading from a version prior to1.0.6
, this means that existing packages in local and Git sources will be migrated correctly, but Package Manager won't automatically extract README data for the migrated packages. You can work around this limitation by upgrading to version2023.08.0
prior to this version. (#11867)
Posit Package Manager 2023.08.4#
October 30, 2023
Fixed#
- Fixed an issue where git-builders could not be created when the scheme (e.g.
ssh://
) was prepended to the URL. (#12138) - Fixed an issue that could prevent Git builds from working unless sandboxing was disabled via the
Git.AllowUnsandboxedGitBuilds = true
setting. This most commonly occurred when using a Linux Security Module such as SELinux. (#12135)
Posit Package Manager 2023.08.2#
October 19, 2023
Fixed#
- Package Manager now attempts every
PACKAGEMANAGER_DISTRO
when autodetection of the OS fails. (#11870)
Posit Package Manager 2023.08.0#
September 12, 2023
New#
- Adds automatic PyPI synchronization. Package Manager will synchronize the PyPI source on demand and check for PyPI updates every 10 minutes. (#10376)
- Enables remote token authentication for
rspm create git-builder
(#9883) - CRAN and PyPI repositories now support nearest-snapshot matching when used with date-based URLs. See Snapshot Identifiers in the Admin Guide for details. (#10544)
- Adds new block list token scope
--scope=blocklist:read
forrspm create token
command. See also breaking changes. (#10557) - Enables remote use for all blocklist CLI commands, e.g.
rspm list blocklist
andrspm test blocklist
(#10557) - Adds the ability to rerun a Git builder job for a specific Git SHA. (#10939)
- Supports Git builders with custom names by adding an optional
--name
flag. (#8799) - Adds support for Git submodule recursion when adding/editing Git builders with a new
--recurse-submodules=[depth]
flag. (#7111) - Adds a
Git.AllowTagVersionMismatch
setting to allow Git builds when the Git tag version does not match theDESCRIPTION
file version. (#5603) - Adds support for serving precompiled binary packages for Debian 11 (Bullseye) and Debian 12 (Bookworm). (#11010)
- Adds
Server.CustomHomeTitle
config option to have the ability to customize the Home Page UI text. (#10588) - Adds support for macOS R package binaries for both x86 and Apple Silicon (arm64) CPU architectures. These are available for R versions 4.1, 4.2, and 4.3 on CRAN or user-uploaded.
- The Homepage page has been redesigned to be more functional. (#10504, #11132, #10502)
- The Setup page in the UI has been redesigned to be easier to navigate. (#10503, #10589)
- Many accessibility improvements have been made to the UI.
- Tab navigation is now fully supported.
- Keyboard focus has been improved.
- Semantic HTML tags such as header, link, and button elements are now better used.
- Usage graphs now contain a textual representation that is accessible to screen readers.
- Color contrast has been improved.
- Links are underlined.
- Page titles update on navigation.
- Images, aside from those in package READMEs, now contain alt text.
- Form fields now have attributes set for screen readers.
- Modal dialogs no longer lose keyboard focus.
maximum-scale
is no longer set.
- Most UI pages now fill the width of the browser. (#10505, #10594)
- The UI will retry failed requests.
- The UI will cache and update API responses.
- The UI better displays when a Readme is available for a package.
- The What's New page hierarchy is easier to navigate. (#10604)
- The UI URLs now contain more information about what screen the user is on.
- The repo routes now use the repository name instead of ID. (#10723)
- The source on the Activity page route is now the name instead of the ID. (#11217)
- The packages routes now include more information about the package ID and whether a user is on the Overview or Readme pages. (#10600)
- The Setup page URLs now contain query parameters that make it easier to share links. (#10722)
- URLs from previous versions of Package Manager will properly re-route to the new URLs. (#11517, #11288)
Fixed#
- Fixed an issue that caused Windows binary package serving and binary availability reporting to fail when using third-party integrations such as Artifactory. When third-party integrations do not support proxying
ETag
response headers, Package Manager now falls back appropriately. (#8433) - Fixed a bug where some archived R package requests served the package source when a binary was available. (#10471)
- Fixed an issue where deleting Git builders while Git builds were still running could result in an incomplete cleanup of files in the
Git.BuilderDir
directory. (#10479) - Fixed an issue where deleting SSH keys for Git building while Git builds were still running could result in an incomplete cleanup of SSH agents. (#10484)
- Fixed an incorrect error message in the server log when starting the server with invalid HTTPS credentials for Git building. (#10518)
- Fixed an incorrect error message in the server log when deleting HTTPS credentials for Git building. (#10512)
- Fixed an issue sanitizing weak etags from integrations which would lead to error logs like
_W/"..: no such file or directory
. (#10926) - Fixed a bug with the
Binaries.Distributions
setting where binary packages could still be served for disabled distributions. (#11075) - Fixed an issue with unbounded accumulation of cached PyPI manifest data. Older PyPI manifest data is now evicted at the normal eviction interval. (#11511)
- Fixed a bug where arm64 Linux users were receiving x86-built R package binaries. (#11512)
- Fixed a bug where the
PACKAGEMANAGER_ENCRYPTION_KEY
environment variable was not honored for Git builders. (#11631) - When the
PACKAGEMANAGER_ENCRYPTION_KEY
environment variable is set, an encryption key file is no longer generated at the[Server].EncryptionKeyPath
location. (#11631)
Breaking#
- For custom binaries, some distribution aliases such as
rhel7
have been deprecated, use supported distros fromrspm list distributions
instead, such ascentos7
. (#10439) - The
rspm create token
command now forces the use of the--scope
flag. If left blank, it will no longer default to--scope=sources:write
. - openSUSE 15.3 and SLES 15 SP3 have reached vendor end of support and are no longer supported.
- Git builders no longer require the Job Launcher. Any Git builds in the job queue at upgrade time will be canceled, but will be rescheduled at the next Git builder poll. (#10955)
- The
[Launcher]
configuration section has been deprecated since Git builders no longer require the Job Launcher. Please remove any existing[Launcher]
sections from your configuration files. (#10955) - Logs for previous Git builds will be inaccessible after upgrading. Use the
rspm logs
command prior to upgrading to retrieve any Git logs that must be preserved. (#10955) - When
Git.AllowFileURLs = true
and any Git builders usefile://
URLs, Git must be installed on the server. (#10982) - The default storage alerting threshold has been changed from
75%
to90%
. To restore the original setting, addStorageAlerts.Threshold = 75%
to your configuration file. (#11095) - Installers are signed with a new Posit GnuPG key. See the Posit Signed Builds page for more information about signed builds.
- The default permission for the
user.conf
systemd configuration file has been changed from0600
to0644
to prevent warnings about world-inaccessibility. (#11356) - Disabled binary distributions no longer appear in the UI as a selectable distribution. (#11510)
- The
PACKAGEMANAGER_ENCRYPTION_KEY
environment variable will now take precedence over a key file at the[Server].EncryptionKeyPath
location instead of failing to start. (#11631)
Deprecated/Removed#
- The
rspm create token --blocklist
flag is deprecated in favor of--scope=blocklist:admin
and--scope=blocklist:read
. (#10557) - The Lock Package Data checkbox has been removed from the Setup page. Snapshots will continue to be backwards compatible and deterministic. (#10725)
Posit Package Manager 2023.04.0#
April 28, 2023
This release of Package Manager introduces the ability to globally block packages for an entire instance, preventing downloads of packages with known vulnerabilities or prohibited license types. Additionally, Package Manager now supports creating curated subsets of PyPI with a curated-pypi
source, allowing only the Python packages from PyPI you permit. This release also heavily optimizes the PyPI source, making synchronization happen instantly.
New#
- Adds the ability to globally block packages across all snapshots and repos to prevent unwanted downloads. See the Package Blocking guide for more information. (#9962)
- Adds the ability to create curated subsets of PyPI with the new
curated-pypi
source. See the Quick Start guide for more information. (#9863) - Major updates to the PyPI source. PyPI data is no longer stored in the database, which significantly reduces sync time and increases performance. If you are already using a PyPI source, you can take advantage of these improvements by running
rspm sync --type=pypi
immediately after upgrading. (#9707) - The API documentation examples will now autodetect the transfer protocol scheme and hostname. (#9332)
- The UI now displays an alert banner when the license is close to expiration. The default threshold is 30 days, and it is configurable using the
Licensing.ExpiryDaysReminder
option. Can disable completely by using the newLicensing.DisableExpiryBanner = true
option. (#7848) - Export application runtime metrics through the prometheus endpoint for better observability. Set the
Metrics.Enabled = true
option to enable. (#9617) - Adds new
/[Repository]/[Snapshot]/web/packages/[Package Name]/DESCRIPTION
endpoint to support calls fromremotes::install_dev
for R repositories. (#9667) - The error message when trying to
create
,add
, orupdate
a Curated CRAN source for a snapshot that doesn't exist now outputs nearby snapshot dates. (#9648) - The Usage Stats page now counts multiple license specifications as individual licenses (e.g.,
GPL-2 | GPL-3
asGPL-2
andGPL-3
). (#9858) - Frozen URLs for Python repos no longer include the "Lock Package Data" checkbox. (#10028)
- The output for the
rspm list
CLI commands now includes the pinned snapshots for curated-CRAN and CRAN-snapshot sources. (#6274) - The command
rspm list sources
can now be filtered by specific types of sources with a new--type
flag. (#9955) - The command
rspm list repos
can now be filtered by specific sources with a new--source
flag. (#9955) - The command
rspm update
now supports outputting JSON with--output-format=json
. (#10212) - The documentation navigation bar has been updated to include the user guide, licenses, and release notes. (#9316)
Fixed#
- The Server API documentation now correctly lists all available values for the
bioc_version
query parameter. (#9221) - Git builds no longer fail with an expired certificate error when Package Manager has been running for longer than a year. (#9406)
- Improved error messages when building Git packages with an invalid subdirectory. (#7019)
- Fixed an unhandled error that could result in incomplete cleanup after failed syncs or other transactional operations. (#9510)
- Fixed an issue where license info for some Python packages would be missing in the UI. (#9792, #9793)
- Fixes an issue where some Python packages would display the full license instead of the license type on the Usage Stats page. (#8682)
- Fixed an issue with displaying very long package names on the Usage Stats page. (#9910)
- Addressed an open redirect vulnerability where Package Manager may redirect users to an untrusted external website based on a user-provided path in the URL. (#9580)
- Fixed a bug where the
migrate
utility was creating an empty SQLite database whenSQLite.Dir
was unset, this now raises ano such file
error. To resolve this, set an absolute path to the database in theSQLite.Dir
setting. (#10200) - Fixed a bug in the logs documentation referring to
Debug.Log = route
instead of the correctDebug.Log = router
. (#9645) - Fixed a bug that caused Package Manager to serve the source package when a Windows package binary was not found, instead of correctly returning a 404 error. (#9719)
- Fixes an issue on the Usage Stats page where search queries containing certain special characters would not work. (#9960)
- Fixed a bug in 2022.11 that incorrectly recorded usage stats by license type. (#9932)
- Fixed a bug where Python version releases were sometimes not sorted properly. (#10343)
Breaking#
- Upgrades from versions before 2023.04 may take longer than usual to start the first time due to a metrics data migration.
- Adds a new
Persistent
storage class for storing PyPI and Curated-PyPI data. If you have a[Storage]
configuration section that references specific storage classes, you will need to add a value for thePersistent
class. We highly recommend switching to theStorage.Default
setting to avoid issues when new storage classes are added. See the Admin Guide for details. (#10197) - A fatal error will now occur when using an SQLite database on an NFS volume. Can disable this functionality by using the new
Sqlite.NoNFSCheck = true
option. (#9363)
- Package Manager instances configured to use
S3
for storage will now automatically store package files. Use theRetainFetchedPackages
option to change this behavior. (#6964) - The individual
[CRAN, PyPI, Bioconductor].RetainFetchedPackages
settings have been deprecated in favor of a singleServer.RetainFetchedPackages
option. (#9415) - Python repos now prohibit using the
id
query parameter with the/repos/:id/packages/:key
API endpoint. (#9707) - The
rspm clear
CLI command no longer supports the--type=pypi
flag. (#9707) - The admin guide "Security and Auditing" page has moved to a security folder called "Server Security and Auditing," redirects have been added. (#9962)
- The admin guide "PyPI Mirroring and Local Python Packages" page has moved to a Python folder called "Python Packaging," redirects have been added. (#9862)
Deprecated/Removed#
- Deprecates the
PyPI.DownloadConcurrency
configuration option. This option is no longer relevant to PyPI. (#9971) - Removes the unused
GET /repos/:id/first-transaction
API endpoint. (#9983)
Posit Package Manager 2022.11.4#
December 05, 2022
Fixed#
- Fixed an issue that prevented some local Python packages from being uploaded with Twine. (#9407)
- Fixed an issue that prevented some local Python packages from displaying correctly on the Package page. (#9419)
Posit Package Manager 2022.11.2#
November 18, 2022
Fixed#
- Fixed an issue that prevented serving R package binaries for archived packages. (#9345)
Posit Package Manager 2022.11.0#
November 14, 2022
This release of Package Manager introduces the ability to upload your own Python packages, using the existing Twine toolset to upload packages to local Python repositories. In addition, Package Manager has been rebranded to reflect the new Posit branding.
New#
- Adds the ability to upload local Python packages to a new
local-python
source. See the Quick Start guide for how to use this functionality. - Set environment variable
GIT_CEILING_DIRECTORIES
to the Git builder directory during a Git build to protect againstCVE-2022-24765
for customers who can't upgrade Git immediately. (#7851) - Updates the Packages page in the UI to display the list of packages in a scrollable area. (#8509)
- Adds new
rspm edit [ssh-key|https-credential]
commands to update Git builder credentials in place. (#8399) - Updates to Golang 1.19.
- Updates Launcher plugin to version 2.8.0 using Golang 1.19. (#8935)
- Adds new
--succeed-on-existing
flag to therspm [add|create|import|subscribe]
commands for automation tools running the same commands each time. (#8387) - Omits debug symbols from the application binary, see the Go link command documentation for more information. (#7939)
- Omits debug symbols from R binary packages for Linux, R 3.6 and above, significantly reducing the size of packages with compiled code. (#7282)
- Adds an internal shortener to the fix URL lengths generated through the calendar date picker to 8 characters. (#8744)
- Adds a new
--hide
option to therspm edit repo
command to hide repositories from the user interface. (#9117) - Adds support for Red Hat Enterprise Linux 9. (#8127)
- Adds support for openSUSE 15.4 and SLES 15 SP4. (#7933)
- Updates UI to NodeJS 1.18.
- Updates admin documentation dependencies.
- Improves activity page UI. (#8876)
- Scroll long licenses in UI usage page. (#9044)
- Rebrands application for RStudio's change to Posit. (#8732)
- Introduces a new User Guide focusing on use of Package Manager for the data scientist, based on the previous User Interface Overview page. (#9133)
- Now soon-to-expire API tokens output a warning in the log. (#8152)
- Python Package UI now displays the project homepage URL. (#8675)
Breaking#
- Removes the top-level
rspm import
command, userspm import ssh-key
orrspm import https-credential
instead. (#8399) - Migrates PyPI data into more appropriately named tables. This may slightly delay the first server startup time after the upgrade. (#8778)
- The
rspm add --replace
flag no longer replaces packages stored with identical checksums. (#8586)
Fixed#
- Fixed a bug where the
sync
command would ignore theManifest.User
andManifest.Password
settings. (#8526) - Fixed an issue that could prevent scheduled tasks from working in a cluster environment and cause the following error:
Error verifying cluster integrity: node list length differs
. This affected certain PostgreSQL configurations, such as PostgreSQL clusters deployed using Amazon Aurora Serverless v1. (#8767) - Fixed an issue that could cause Windows binary package installations to temporarily fail for newly released versions of R. (#7914)
- Fixed an issue that could cause incorrect reporting of binary availability for local and Git sources. (#8571)
- Fixed an issue that could cause incorrect reporting of binary availability for CRAN packages with R patch version dependencies (e.g., R (>= 3.5.1)). (#8608)
- Fixed an issue with the reporting of binary availability for R versions and distributions that have reached end of support. (#9197)
- Improved error messages when adding an existing package using the
rspm add
command. (#8916) - Fixed an issue that could cause a panic when switching from offline to online mode with Prometheus metrics enabled. (#8913)
- Fixed an issue that left behind date aliases when using the
rspm clear
command. (#6396) - The Server API endpoints to query available binary packages now support R versions that have reached end of support. (#8088)
- Removed a duplicate header appearing on the licenses page. (#9056)
- Fixed an issue where certain Windows binaries couldn't be added to a local source. (#9113)
- Fixed rendering of the
Debug
section on the configuration guide. (#8319) - Fixed the example URLs for Python repos when using
rspm url create
. (#9148) - Fixed an issue where some UPSI URLs would include sources that were not subscribed to the repo anymore. (#9019)
- Fixed issue when
PACKAGEMANAGER_ADDRESS
environment variable had a trailing slash. (#8485) - Correctly parse R versions with certain formats. (#8607)
RStudio Package Manager 2022.07.2#
August 2, 2022
Fixed#
- Fixed a bug that caused incorrect download counts for a package when some versions of the package were deleted. (#8428)
RStudio Package Manager 2022.07.0#
July 19, 2022
This release of Package Manager introduces the ability to add your binary package builds for R packages. To help publish these binary packages, we've also included a new remote publishing feature that makes it as easy as ever to integrate with your build processes and CI/CD pipelines. Finally, we've taken the PyPI mirror source out of beta, and it's ready for production.
New#
- PyPI support is ready for production use. The time required to sync information has been greatly reduced.
- Adds support for supplementing local and git sources with precompiled binary packages. See Adding Local and Git Binaries for more information.
- Adds support for API token authentication for remote CLI use. See API Tokens for details about enabling and using API tokens.
- You can now download the
rspm
CLI separately as a standalone application for Linux, Windows, or macOS. rspm add
andrspm add binary
now support remote use with API tokens. See Admin CLI Remote Use for more information.rspm add
for local sources now supports installing multiple packages at the same time in a single snapshot.rspm add --path
supports passing in multiple file paths that are comma-seperated.rspm add --file-in
also supports passing in a CSV that contains all package paths. For examples on how to use this, see the Getting Started documentation for local packages. (#7872)- The encryption key can now be specified in the
PACKAGEMANAGER_ENCRYPTION_KEY
environment variable instead of using the key file directly. This is intended to make it easier to inject the encryption key into containers. (#8074) - Adds support for Ubuntu 22.04 (Jammy). (#7349)
- Adds support for serving precompiled binary packages for R 4.2. (#7818)
- Adds the
Content-Disposition
header to package download responses. (#8132) - The web UI now loads JavaScript dependencies through ESM modules. This will break compatibiltiy with browsers that don't support ESM modules (#7926)
Fixed#
- The Activity Log UI will now display when a package is deleted from a Git source. (#7764)
- Fixed a race condition when running
rspm add
after creating a repository that would sometimes log the error messageError: Unable to locate package(s)
. (#7799) - Fixed a bug that caused
git-builders
to lock up Package Manager until all builders were completed. (#7598) rspm create git-builder
will now use the default branch of a repository if the--branch
flag is not provided. (#6984)- Fixed an issue where Git builds could fail if a commit was pushed to the remote Git repository before the build had completed. (#8037)
- Improved performance of Git building for Git repositories with a large number of tags. (#8037)
- Fixed an issue that could cause all Git builds to fail when running RSPM as
root
. This was a file permissions issue that prevented the Job Launcher from starting correctly. The data directory (/var/lib/rstudio-pm
by default) is now given file permissions of0701
instead of0700
. (#7624) - Added missing installation dependency for the
libssl1.1
software package for DEB packages. (#7806) - Increases the number of attempts to download sync information to fix the error
CheckpointDownloadRunner returned error: GET "...": unexpected HTTP status 500
. (#8222) - Fixed an issue that prevented Job Launcher debug logs from being created. When enabled, Launcher debug logs are now written to
Server.LauncherDir
once again. (#7925). - The
rspm-offline-downloader
tool now supports downloading binary packages for newly released R versions and operating systems (including R 4.2 and Ubuntu 22.04) without requiring an upgrade of the tool. Note that future release notes for the RSPM Offline Downloader will located in the new Offline Downloader News page. (#6454) - The general performance of the
rspm-offline-downloader get cran
command has been improved. (#5271)
Breaking#
- Any Python repositories previously subscribed to the PyPI source need to be resubscribed and resynchronized. For more information, see the PyPI quickstart guide.
- Removes installation dependency for the
curl
andrrdtool
software packages, which were not required or used. (#7807) - Removes recommended dependency on the
r-base
software package for DEB packages. To install R for building Git packages, we recommend installing R from the precompiled binaries at Install R. (#8216) - SLES 12 SP5 has reached vendor end of support is no longer supported. (#7883)
- The recommended system requirements and installation instructions documentation pages have been migrated to the https://docs.posit.co/rpm/documentation/ site. (#7920)
Deprecated/Removed#
- Deprecates the
CRAN.Binaries
configuration options in favor of the newBinaries.Distributions
option. Users with a customizedCRAN.Binaries
setting should configure the newBinaries.Distributions
option. (#8158)
RStudio Package Manager 2022.04.0#
April 12, 2022
This release of RStudio Package Manager provides new insight into which packages have pre-built binaries available for your desired R version and distribution. It also contains various improvements to Git building and many other bug fixes.
New#
- The UI now displays whether a binary file is available for a CRAN package, and provides a link to download the binary package if available. On the package page, scroll down to the new "Binary File" section, and select a distribution and R version to check binary availability for that environment. To learn more about when binaries are available, see the Binary Availability documentation.
- Adds two new Server API endpoints to query available binary packages,
/repos/{id}/packages/{name}/binaries
and/repos/{id}/binaries
. - The
/status
API now returns Package Manager's list of supported R versions for binary packages. - Adds a new configuration stanza
Manifest
that can be used to change the outgoingURL
, set a Basic authenticationUser
, and set an encryptedPassword
field. - Adds support for HTTPS credentials for Git builders. HTTPS credentials can imported using the new
rspm import https-credential
command, used to create Git builders using therspm create git-builder --credential=<name>
command, and listed using the newrspm list git-credentials
command. See Importing an HTTPS credential for more information, including how to import credentials securely.- With the addition of HTTPS credentials, several commands have been changed to support both SSH keys and HTTPS credentials, including the addition of a new
rspm import ssh-key
subcommand to specifically import SSH keys. See the Breaking changes in this release for more information.
- With the addition of HTTPS credentials, several commands have been changed to support both SSH keys and HTTPS credentials, including the addition of a new
- When importing an SSH key with a passphrase, the passphrase file may now contain encrypted text from the
rspm encrypt
command. - Adds
--remove-credential
argument to therspm edit git-builder
command, to dissociate a credential from a Git builder. - Adds a new
Git.AllowFileURLs
configuration option that can be used to create a Git builder based on a local Git repo. - Adds a new composite index to the metrics table to improve package view performance.
- Adds a new
S3Storage.KMSKeyID
configuration option that can be used to enable client-side encryption before transferring files to S3. See the S3 storage documentation for caveats and additional information. - Adds the ability to configure Package Manager with environment variables. See the configuration documentation for additional information and examples.
- Adds a new
/robots.txt
endpoint to help search engine crawlers know what URLs they can access. - System requirements and distribution updates will now use reloaded URL configurations. These previously required an application reboot to take effect.
- CSV files output with
rspm add --csv-out
can now be imported into R and used withtools::package_dependencies()
to analyze dependencies before adding packages to a curated CRAN source. - Rename the button
Client OS
toDistribution
to allow for great flexibility in the future. - Group official RStudio-supported distributions in the distribution picker.
Fixed#
- Fixed a bug that was truncating commit and published timestamps from appearing for built Git packages. This fix will only work for published packages moving forward.
- Fixed an issue where some packages README images were not rendering correctly.
- Fixed an error with the
/alerts
API endpoint when storage auditing is disabled. - Updated
rspm encrypt
command to output only the result on stdout. - Fixed an issue where the locked status of a CRAN snapshot source was not accurately reflected in the frozen URL description.
- Fixed an issue where the UI could display invalid archived versions for packages in CRAN snapshot sources.
- System requirements and distribution updates will now use reloaded URL configurations. These previously required an application reboot to take effect.
- Removed the need to create socket file when running migrate utility, which requires that RSPM not be running.
- Fixed an issue with storage alerts for local file systems. This was preventing the service from starting properly.
- Fixed an issue where cache eviction tasks could run more frequently than intended and cause RSPM to respond slower.
- Package Manager no longer requires the
--privileged
flag to run in a Docker container. However, sandboxed Git builds still require system calls not permitted by Docker's defaultseccomp
profile, and mount operations not permitted by the default AppArmor profile. You will need to either (a) start the container with--security-opt 'seccomp=unconfined'
and--security-opt 'apparmor=unconfined'
; (b) provide alternativeseccomp
and AppArmor profiles; or (c) setGit.AllowUnsandboxedGitBuilds = true
in your configuration to disable sandboxed builds entirely. - The RSPM installer for RHEL 8 is now correctly signed with the RStudio GnuPG key.
- Fixes a bug that was causing some CLI commands to fail with a 5xx response. In the logs this appeared as
ERROR: payload string too long (SQLSTATE 22023)
.
Breaking#
- Deprecates the
CRAN.ManifestURL
,Bioconductor.ManifestURL
andPyPI.ManifestURL
configuration options. Note that users should configure the newManifest.URL
option. - Removes the outdated
info-cran
command from the offline downloader. - Deprecates calling the
rspm import
command without either thessh-key
orhttps-credential
subcommand. - Deprecates the
--ssh-key
argument to therspm create git-builder
command in favor of the--credential
flag. - Deprecates the
rspm delete ssh-key
subcommand in favor of the more generalrspm delete git-credential
. - Deprecates the
--new-ssh-key
argument to therspm edit git-builder
in favor of the--new-credential
argument. - Deprecates the
rspm list ssh-keys
command in favor ofrspm list git-credentials
. - Refactor the files and directories storage documentation into multiple pages.
- Removes the
Source
andBinary
buttons on theSetup
page for CRAN and Bioconductor. This simplifies how binary and source packages are displayed and served to the user. - Changed field name from
Name
toPackage
inrspm add --csv-out
CSV output file to be compatible with the standard package database format in R. - CentOS Linux 8 has reached vendor end of support and is no longer supported. RHEL 8 remains supported, and continues to use
centos8
in its binary package repository URLs for backward compatibility. - openSUSE 15.2 and SLES 15 SP2 have reached vendor end of support and are no longer supported.
RStudio Package Manager 2021.12.0#
December 23, 2021
New#
- Adds support for openSUSE 15.3 and SLES 15 SP3.
- Adds a new configuration option
Server.LegacyCalendarTransactionURL
that can be used to revert single-source repositories to use a numeric identifier (e.g./repo/4115
) in the calendar URLs instead of the default hash values. - The calendar will now display the snapshot date as a valid date on the calendar instead of the transaction date for CRAN snapshot sources.
- Introduced code splitting to improve webpage loading times.
Fixed#
- Performed security and dependency upgrades for libraries used by the server and web interface.
- Improved the caching layer throughout the product. This should result in faster package downloads, page loads, and greater scalability due to lower database usage.
- Fixed a timezone issue where the browser's selected calendar date and the URL generated by the server could differ by one day.
- Fixed an issue with leadership election that could result in two or more leaders being elected and the
Error verifying cluster integrity: node list length differs
log line. - Fixed an issue with leadership election that could result in the
Error pushing leader assumption work to queue
log line, failing requests, and/or the service taking a long time to restart. - Fixed an issue with leadership election and multiple interfaces on an instance resulting in the
node "X" with IP "Y" from store not known by leader
log line. - Fixed an issue serving R package binaries for new operating systems and R versions, such as openSUSE 15.3 and SLES 15 SP3, or R 4.2 and above.
- Fixed an issue that prevented system requirements from being listed for new operating systems, such as openSUSE 15.3 and SLES 15 SP3.
- Fixed an issue that could prevent R packages encoded in Latin-1 from being installed in R 3.5 or below.
- Fixed an issue with static assets not caching correctly in the UI.
- Fixed a bug that was incorrectly logging
Warning: SQLite directory error
message for some PostgreSQL installations.
Breaking#
- The calendar will now only display dates as selectable when an update or transaction occured for that repository. The
rspm url create
command can be used to generate a URL for any date and set of transactions. - The default minimum TLS version is now correctly configured as
1.1
, instead of defaulting to1.0
. Note that this can be changed using theHTTPS.MinimumTLS
configuration option.
RStudio Package Manager 2021.09.0#
September 8, 2021
This release of RStudio Package Manager contains a new calendar view and improved way to freeze your set of packages. It also contains logging improvements and many important bug fixes.
New#
- Introduces a new, more flexible repository calendar. Users can now freeze to any date in the repository's history, and frozen repository URLs now include the snapshot date in
YYYY-MM-DD
format. The calendar is now supported in many cases where it previously was not, particularly for repositories with multiple sources. Existing repository URLs that use a numeric identifier (e.g.,/repo/4155
) are still supported, and will continue to work. More information about the calendar is available in the User Interface Overview section of the Admin Guide. - Adds a
rspm url create
command to create a frozen repository URL, and arspm url explain
command to explain what a frozen repository URL encodes. - RSPM can now serve binary packages for new R versions and operating systems without upgrading to a new version. The list of supported platforms is now synced from the RStudio Package Service.
- Git-builders may now be edited using the
rspm edit git-builder
command to change the SSH key, Git URL, branch, and subdirectory. - Git-builders using "commits" triggers may now be configured to use the version in the DESCRIPTION file instead of the unique, timestamped version. See the new
Git.ForceDescriptionVersion
configuration option for more information. - Adds additional logging indicating when CRAN, Bioconductor, and PyPI packages are being checked for updates.
- A PID file is now created to track the Package Manager process ID.
- Adds two new sections to the documentation that describe available command-line options: Command-Line Interface and Offline Downloader.
- Logs are now available through journalctl.
- The UI and CLI will now provide better error messages to help customers get started with setting up repositories and sources.
- The general performance of the
rspm-offline-downloader get cran
command has been improved. By default theconcurrency
value is set to 10 and the--concurrency
flag accepts higher values for quicker downloads. - Adds a more helpful error message when attempting to unsubscribe a Bioconductor repo from a source. This action is not allowed because Bioconductor repos are automatically subscribed to sources.
- Adds support for the Bioconductor
books
repository. Thebooks
repository will be available in Bioconductor sources after the next Bioconductor sync. - The PyPI source now supports
YYYY-MM-DD
date aliases for frozen repository URLs. - Adds a new
rspm completion
command to generate a CLI autocompletion script for Bash. More information is available in the Admin Guide. - Starting with this release, RSPM will now use a calendar-based versioning scheme.
Fixed#
- Fixes an issue where Bioconductor syncs could treat the order of sync actions incorrectly, leading to sources that fail to sync. This issue only affects users of Bioconductor repositories. If you are upgrading from RSPM 1.2.0 or 1.2.2, please use
rspm sync --type=bioconductor
to re-sync your Bioconductor sources. The 1.2.2.1 release includes this step, and you need not repeat it if you already updated to that release. - Fixes a bug that could schedule two or more interfering package updates for the same source.
- Fixes a bug where some SSH keys with passphrases were not being imported correctly.
- Fixes a bug that prevented packages from being added to curated CRAN sources with certain
--snapshot
flag values. - Fixes a bug that could prevent the election of a leader in HA clusters.
- The PostgreSQL driver has been upgraded to recover more quickly from lost connections and TCP resets. This also fixes an issue where some Azure customers were seeing a
read: connection reset by peer
error. - Fixes a bug where HA clusters could not verify node integrity.
- Fixes loss of state in leader election during a loss of Postgres connection.
- All errors in PyPI sync are now retried so that more syncs are successful.
- Fixes confusing error message when
Server.TempDir
is not writable. - The recommended CRAN snapshots for Bioconductor were too early and could cause Bioconductor package installations to fail. For Bioconductor repositories, we recommend configuring R to use the revised CRAN snapshots on the Setup page. For R repositories, we recommend adding an appropriate CRAN snapshot using the revised instructions in the Admin Guide.
- Fixes the instructions for using Bioconductor packages in an offline environment with newer versions of BiocManager (1.30.12 and above). If you are unable to use BiocManager offline, refer to the revised instructions on the Bioconductor repository Setup page.
- Fixes a XSS-vulnerability with the experimental API swagger docs. The swagger UI has been upgraded to the latest version
3.51.1
in the process. - Fixes a PyPI sync bug that was impacting PostgreSQL users with the
search_path
option. - Fixes a rare bug that could prevent the application from starting after upgrading from version
1.1.6.1-*
or earlier. - Fixes an issue with serving PyPI packages with plus signs in their filename.
Breaking#
- The default logging location has been moved from
/var/log/rstudio-pm.log
to/var/log/rstudio/rstudio-pm/rstudio-pm.log
. This will also impact the access logs. - The following operating systems have reached vendor end of support and are no longer supported:
- Ubuntu 16.04 (Xenial Xerus)
- openSUSE 42.3
- openSUSE 15.1
- SLES 15 SP1
- Dates returned to the Usage Stats page are now ISO 8601 dates rather than a full RFC3339 timestamp.
- The minimum number of
PostgresPool.MaxOpenConnections
will now be set to 10. - Air-gapped customers using Bioconductor with RSPM 1.2.0 or 1.2.2 are required to fetch the new v4/1 schema after upgrading RSPM to 2021.09.0, but before syncing the Bioconductor source. Please refer to the admin guide for more details. The 1.2.2.1 release includes this step, and you need not repeat it if you already updated to that release.
- The date aliases for the CRAN source will now use UTC as the basis for the date.
- Both the Activity page and the Setup page will now use UTC for all dates and times.
Deprecated/Removed#
- Deprecates the Git
--branch
option when used in conjunction with the--build-trigger=tags
flag. - Discontinues support of openSUSE 15.1, SLES 15 SP1, and Ubuntu 16.04 (Xenial Xerus) R binary packages. RSPM will continue to serve existing binary packages for these operating systems in perpetuity, but no longer provide new binary packages after several months. Please refer to the Admin Guide for more information about the supported operating systems and R versions for binary packages.
- Internet Explorer 11 is no longer supported. Please see our Platform Support page for a list of supported browsers.
- Deprecates the
--cache-dir
flag from therspm-offline-downloader get cran
command as caching and fast updates will now be enabled by default.
RStudio Package Manager 1.2.2.1#
May 13, 2021
New#
- Adds support for serving precompiled binary packages for R 4.1.
Fixed#
- Fixed an issue where Bioconductor syncs could treat the order of sync actions incorrectly, leading to sources that fail to sync. This issue only affects users of Bioconductor repositories. After installing this release, please use
rspm sync --type=bioconductor
to re-sync your Bioconductor sources. Bioconductor updates for the previous RSPM versions (1.2.0, 1.2.2) will not be updated going forward. - Fixed an issue where Bioconductor syncs could fail when using PostgreSQL.
Breaking#
- Air-gapped customers using Bioconductor with RSPM 1.2.0 or 1.2.2 are required to fetch the new v4/1 schema after upgrading RSPM to 1.2.2.1, but before syncing the Bioconductor source. Please refer to the admin guide for more details.
RStudio Package Manager 1.2.2#
March 02, 2021
New#
- Package Manager now provides filesystem storage auditing and alerting. When storage exceeds user-configurable thresholds, the server will alert in the log as well as the UI. More information is available in the Admin Guide.
- Operational metrics can now be exported via a Prometheus-compatible endpoint to empower your own monitoring and alerting systems. More information is available in the Admin Guide.
- Python packages now display additional release information including download links, SHA256 values, and the yank status.
- Python packages release are now paginated in the UI.
- Use the new
[Storage].Default
option to configure all variable storage classes together, for example setting[Storage].Default = S3
will ensure all packages are written to yourS3
bucket. - Configure the maximum time to wait when connecting to the database by using the
[Database].ConnectionTimeout
option. - Package Manager can now be installed on both openSUSE 15.2 and SLES 15 SP2 systems.
- Precompiled R binary packages are now available for openSUSE 15.2 and SLES 15 SP2.
- System requirements information can now be listed for openSUSE 15.2 and SLES 15 SP2.
- Additional startup validation is performed when using PostgreSQL with a search path.
- Clusters now automatically elect a leader node. The leader manages jobs like schedule syncing and cache eviction to avoid duplicated work.
- Package Manager now uses asynchronous messaging instead of database locking to track active work (like syncing CRAN sources); this improves performance and helps eliminate database resource contention.
Fixed#
-
Fixes an issue that could result in syncing snapshots more than once, resulting in corrupted data. In the unlikely event that your installation is affected by this bug, you will be unable to start RSPM, and you will see the following error in the log:
If your installation is affected, please contact support. You can reinstall the previous RSPM version and continue using RSPM until the issue is resolved. - Some malformed or incorrect database configurations prevented startup and did not crash, these will now timeout accordingly. - Improves robustness of PostgreSQL database connections by automatically reconnecting when connections are lost. - Git builders now respect the specified --ssh-key
flag when cloning repositories. - Fixes a race condition when building large Git repositories that was causing intermittent failures. - Fixes an issue with adding Git packages that have blank lines in their DESCRIPTION file. - Duplicate Python packages are no longer presented in the UI. - Some Python packages and files were missing from RSPM. - Patches the UI dependency marked
to remove a potential Denial-of-Service (DoS) vulnerability. - We've improved the PyPI source sync operation; syncing should complete much more quickly and reliably. See the breaking change below about resubscribing and resyncing Python repositories.
Breaking#
- RStudio Package Manager no longer supports Red Hat Enterprise Linux/CentOS Linux 6.x.
- Any Python repositories previously subscribed to the PyPI source need to be resubscribed and resynchronized. For more information, see the PyPI quickstart guide.
- Removes Git support from the
rspm add
command. Use the newrspm create git-builder
command going forward. - Removes deprecated
rspm clear-cran
command. Use the newrspm clear --type=cran
command going forward. - RSPM will now validate
S3
storage configuration options on start up.
RStudio Package Manager 1.2.0#
November 24, 2020
Bioconductor Support#
- Bioconductor is now supported through a series of changes. We recommend upwards of 1 TB additional disk storage, and admin CLI actions are required to enable Bioconductor. Learn more about how to serve Bioconductor packages in the admin guide.
- Adds a new Bioconductor repository type. Bioconductor repositories can be created using the
rspm create repo --type=bioconductor
command. - Adds new source types representing Bioconductor releases and R repositories within a release. These sources can be added to Bioconductor or R repositories.
- Adds a new
--type
flag to thesync
command that distinguishes between syncing CRAN and Bioconductor metadata. - Adds
rspm-offline-downloader
support for Bioconductor data. - Adds support in the web interface for Bioconductor repositories, including a new Setup page for working with BiocManager and Bioconductor repositories.
- Adds support in the CLI for listing Bioconductor repositories, sources, and packages. Adds a new
rspm list bioconductor versions
command to list available Bioconductor releases. - Adds support to the Server API for Bioconductor metadata and repository information.
PyPI (Beta)#
- PyPI mirroring is now supported in beta through a series of changes and additions. We recommend upwards of 1 TB additional disk storage, and admin CLI actions are required to enable PyPI. Learn more about how to serve PyPI packages in the admin guide.
- Adds a new Python repository type. Python repositories can be created using the
rspm create repo --type=python
command. - Adds new
--type
flag to thesync
command that distinguishes between syncing CRAN and PyPI metadata. - Adds a
PyPI
config section for setting PyPI related configuration attributes such as the PyPI sync schedule. - Adds a new
pypi
source that is enabled by default when using a Python repository. - Adds support for listing and searching for Python packages.
- Adds support in the web interface for PyPI repositories including searching for and displaying package data.
- Adds support for routing pip requests.
- Adds support for tracking PyPI package downloads and corresponding display in the Usage section of the web interface.
- Adds support to the Server API for PyPI metadata and repository information.
- Adds a new
rspm clear --type=pypi
command to clear PyPI metadata, for removing PyPI as a source, or for re-syncing a fresh copy.
Changes to Curated CRAN Sources#
- Curated-CRAN sources can now be created using a
--snapshot
flag to specify an initial snapshot date. For example--snapshot=2019-11-07
. A newrspm list cran snapshots
command shows the available snapshot dates. - Curated-CRAN source
add
andupdate
operations now support passing a snapshot date via the--snapshot
flag, e.g.,--snapshot=2019-11-07
. Passing the--transaction-id
flag is deprecated but still supported. The--commit
flag is now required for both. - A new source type,
cran-snapshot
is available for creating a source that contains ALL of CRAN but only for a specific date. Like Curated-CRAN sources, CRAN-Snapshot sources can be updated using therspm update
command.
Misc#
- Adds new storage classes for Bioconductor and PyPI. If you use a non-default storage location for packages (e.g., S3), please configure the correct storage location for Bioconductor and PyPI before upgrading.
- BREAKING: Removes the
rspm-offline-downloader get-cran
command. Userspm-offline-downloader get cran
going forward. - Improves download resiliency of the
rspm-offline-downloader
tool through increasing the number of retries and adding a timeout using exponential back-off. - Adds new
--starting-snapshot
flag to therspm-offline-downloader
tool that can be used to download RSPM CRAN data starting at a particular snapshot. Note: This does not impact R package binary downloads. - Adds new
validate-cran
command to therspm-offline-downloader
to validate that the destination contains all relevant snapshots and directories for RSPM to work correctly. - Updates the
rspm edit repo
command to no longer require the--new-name
flag when updating a repository's description. - Fixes a bug where local and Git packages could have missing package dependencies.
- Prevents source sync from occurring thirty minutes after the desired schedule.
- NOTICE: When using Postgres, RStudio Package Manager now verifies that a minimum version of 9.5 is being used. A warning message will be logged if the version of Postgres being used is older. The 9.5 minimum version is also noted in the PostgreSQL section of the Database chapter of the Admin Guide.
- Updates UI search to prioritize exact matches first, also restricts matching-search to three or more characters.
- Deprecates the
clear-cran
command. Use the newclear --type=cran
command going forward. - Fixes a bug that could result in job queue deadlock under load. This prevents issues that could cause the RSPM service to stop responding.
- Adds a response header to help identify Package Manager in requests:
X-Repository-Type: RSPM
- The Activity page in the web interface now shows the snapshot dates for the
cran
source, not the dates the snapshots were synchronized. This makes the Activity page easier to navigate and consistent with the repository calendar. - A repository that only subscribes to the
cran
source can now be indexed by dates as well as transaction IDs. The date aliases are shown in the repository Setup page where applicable. - The Package page now displays older package versions in descending chronological order.
RStudio Package Manager 1.1.6.1#
July 13, 2020
- Fixes a bug where Git builders could be created in non-Git sources, causing the
rspm list git-builders
andrspm list git-builds
commands to fail.
RStudio Package Manager 1.1.6#
June 23, 2020
- BREAKING: Removes the
--dryrun
CLI flag that was required when adding or updating packages to curated-CRAN sources. Attempting to use this flag will result in a command error. - BREAKING: Use the Apache Combined Log Format as the default access log format instead of the Apache Common Log Format. Switch back by setting
Server.AccessLogFormat = "common"
. - BREAKING: The CLI now waits for commands to complete by default. The following CLI commands are affected:
rspm sync
,rspm create git-builder
,rspm run git-builder
, andrspm rerun git-builder
. Use the new--no-wait
flag to run these commands asynchronously without waiting. The--wait
flag remains available for backwards compatibility. - Adds
rspm offline
andrspm online
admin CLI commands to support taking services offline and bringing them back online safely. - Adds
rspm cluster offline
andrspm cluster online
commands to the admin CLI to support taking multiple nodes in a cluster offline and bringing them back online. - Adds a
rspm cluster nodes
command to the admin CLI to support listing nodes in a cluster. - Adds a
rspm config debug logger
commmand to temporarily alter the debug log configuration without restarting the Package Manager server. - Updates the Admin Guide High Availability and Load Balancing chapter with a new guide for upgrading a cluster.
- Adds a new experimental Server API documentation for commonly requested endpoints. For more information see the new documentation.
- Adds support for Ubuntu 20.04 LTS.
- Adds support for serving precompiled binary packages for Ubuntu 20.04 LTS.
- Adds support for listing system requirements of packages on Ubuntu 20.04 LTS.
- Adds new
Proxy.User
andProxy.Password
configuration options to securely configure outbound proxies. - Deprecates the
rspm add
command for Git packages. Userspm create git-builder
going forward.
RStudio Package Manager 1.1.4.1#
May 20, 2020
- Adds support for serving precompiled binary packages for R 4.0.
RStudio Package Manager 1.1.4#
April 10, 2020
- Adds a new storage class for CRAN. Upgrading will result in a migration of existing CRAN packages and README files to the new storage class. If you use a non-default storage location for packages (e.g., S3), please configure the correct storage location for CRAN before upgrading. All CRAN packages will be moved to the new CRAN storage location upon service startup. If your installation has downloaded many CRAN packages, this may take some time, and the service will be unavailable until the migration is complete.
If the storage class configured for CRAN is of a different type than the packages storage class, startup will fail. If you wish to migrate CRAN packages to a different storage type, enable the
Migration.EnableMixedClassMigration = true
configuration property.
- Adds eviction for orphaned packages. Git and local packages that are stored but no longer referenced in any sources will be removed periodically.
- Adds a new CLI command
list git-builds
that can be used to review Git builder runs and debug potential problems. - Adds better caching and improves performance by:
- Adding configurable settings for in-memory caching.
- Caching system requirements data for better performance.
- Enabling package request caching by default.
- Updates the
license-manager
command to incorporate recent bug fixes. - Adds the package size for local and Git packages to the Web client.
- Adds the Git SHA to the Web client when displaying package information for packages from Git sources.
- Adds an example configuration file that includes all the available configuration settings and their defaults at
/etc/rstudio-pm/rstudio-pm.gcfg.defaults
. - Fixes a bug where adding Git packages via SSH could fail with certain SSH server configurations.
- Fixes a bug where adding Git packages could fail with custom R startup files present.
- Fixes an issue with rendering SVG images in package READMEs.
- Fixes an issue where build-id files installed in
/usr/lib/.build-id/
could conflict with other RStudio products and cause install errors. - Fixes an issue where out-of-sync system requirements could prevent the server from starting. This improves support for running RStudio Package Manager in offline (air-gapped) environments.
- Updates the admin guide, licenses, and news documentation to use
mkdocs
.
RStudio Package Manager 1.1.2#
February 26, 2020
- RStudio Package Manager 1.1.2 includes beta support for pre-compiled R package binaries for Windows. Windows R package binaries can be installed much faster without the need to install system dependencies. More details are available in the admin guide.
- Support for CRAN repos with versions older than 1.0.6 has been removed. Updating to version 1.0.6 or later is now required for CRAN support.
- Eviction Policies
- Adds the ability to configure eviction policies that control the lifetime of stored objects. Eviction policies can be used to keep server disk usage to a minimum. Learn more in the admin guide.
- Startup after upgrading RStudio Package Manager may take some time since all stored objects will be recorded in the database. If you are upgrading multiple nodes in a cluster, please allow the first node to completely start up before starting additional nodes.
- Fixes a bug where a bad database connection to PostgreSQL or SQLite would cause a panic.
- Support for TLS 1.3. Access to this TLS version is available without additional configuration.
- The setting
HTTPS.ExcludedCiphers
has been removed and is no longer supported. TheHTTPS.MinimumTLS
setting should be used to specify a minimum accepted TLS version. We recommend running a secure proxy when your organization has more complex HTTPS requirements. - Adds support for serving precompiled binary packages for CentOS/RHEL 8.
- Adds support for listing system requirements of packages on CentOS/RHEL 8.
- Fixes a bug where shutting down the server sometimes resulted in orphaned job launcher processes.
- Adds a migration utility that can be used to migrate to a different database provider. Learn more in the admin guide.
- Fixed a bug in which CPU usage of the
rstudio-pm
service would increase over time when using SQLite as a database.
RStudio Package Manager 1.1.0.1#
November 22, 2019
- Fixes a bug that both impacted the server performance and resulted in potentially serving incorrect binaries when fetching binary packages for a non-current checkpoint.
RStudio Package Manager 1.1.0#
October 31, 2019
- Adds two new configuration settings,
Server.PackageRewriteCompressionLevel
andServer.PackageRewriteBufferSize
that can be used to improve performance when installing packages in local sources. Learn more in the admin guide. - Deprecates the
--dryrun
flag that was required when updating packages to curated-CRAN sources. - The
rspm-offline-downloader
now supports downloading Linux R package binaries for offline environments. Learn more in the admin guide. - Adds a new
Proxy.URL
configuration option to have RStudio Package manager use an outbound server proxy when making HTTP and HTTPS requests. - Stops support of Ubuntu 14 (Trusty Tahr). With the Ubuntu EOL, and RStudio six-month support coming to a close, we will no longer be testing or supporting RStudio Package Manager on this version of Ubuntu.
- Deprecates the
CRAN.SyncMode
setting. Future releases will not support eager syncing for CRAN and curated-CRAN sources. The air-gapped installation approach can be used for situations that require preemptive downloads for CRAN or curated-CRAN packages. Learn more in the admin guide. - Fixes a bug preventing git packages with a large number of tags from building.
- Adds support for installing very large packages in local sources.
- Adds support for SUSE Linux package binaries. See the repo setup page for more information.
RStudio Package Manager 1.0.14#
October 2, 2019
- This release includes bug fixes and significant performance improvements.
- Deprecates the
--dryrun
flag that was required when adding packages to curated-CRAN sources. - Adds support for RHEL 8.
RStudio Package Manager 1.0.12#
September 10, 2019
- Beta: Introduces support for linux package binaries. Precompiled package binaries will be available for the majority of CRAN packages using R 3.4, 3.5 and 3.6 for Ubuntu 16.04 (Xenial), Ubuntu 18.04 (Bionic) and CentOS/RHEL 7. Please refer to the admin guide to start serving binaries.
- Introduces a service log which can be used to analyze how Package Manager is serving source vs. binary packages. Learn more in the admin guide
- RStudio Package Manager installers are now signed. Our signing key is available on the RStudio website. The Installation instructions in the RStudio Package Manager Admin Guide explains adding the RStudio key to your Linux distribution.
- Fixed bugs related to building Git packages and added log messages which can help diagnose Git problems more quickly.
RStudio Package Manager 1.0.10#
July 8, 2019
- Introduces a new CLI command to list system requirements for packages in a given repository. Run
rspm list requirements --help
for more information. - The system requirements for a repository are also available in the UI. See the Setup page for a respository in the UI.
- Updated UI Javascript code to address moderate CVEs published by NPM.
- Fixed a bug that prevented package system requirements from displaying correctly in certain circumstances.
- Fixed bugs and improved performance for transaction handling (i.e. "pinning" a repository to a certain date).
- NOTICE: When using Postgres, RStudio Package Manager now verifies that a minimum version of 9.4 is being used. A warning message will be logged if the version of Postgres being used is older. The 9.4 minimum version is also noted in the PostgreSQL section of the Database chapter of the Admin Guide.
RStudio Package Manager 1.0.8#
April 18, 2019
- RStudio Package Manager now helps users find and install system dependencies of R packages for supported Linux operating systems. Installation commands for known system dependencies are displayed on the package page. System dependency information will be available after syncing. See the Admin Guide for more details.
- The process for setting up an air-gapped environment is simplified by using a new tool which does not require the AWS CLI. See the Admin Guide for updated setup instructions.
- Running RStudio Package Manager in a clustered environment using S3 as a backing filesystem is now officially out of beta.
- Improvements to logging when Git builders fail will help to more quickly diagnose problems with the build environment.
- Package listing and search is now much faster.
- Rendering package README files is improved and several layout bugs are fixed.
- RStudio Package Manager is now available for SUSE Linux Enterprise 15.
RStudio Package Manager 1.0.6#
March 11, 2019
- BREAKING: Air-gapped customers are required to fetch the new
v3/1
schema after upgrading before syncing the CRAN source. See the Admin Guide for more information. - Important updates and fixes to Package Manager's CRAN source. Past CRAN checkpoints will remain available. Users will see corrected browsing behavior for a small percentage of packages for new syncs.
- README files are rendered in the web page for each package. READMEs for packages in existing local and Git sources will be extracted automatically upon upgrading. READMEs for the CRAN source will be available after syncing. READMEs for existing packages in curated-CRAN sources will be unavailable, but, after syncing the CRAN source and updating the curated-CRAN source, READMEs for new and updated packages will be available.
RStudio Package Manager 1.0.4#
January 25, 2019
- BREAKING: The R processes that build Git packages now run inside a sandbox for security. Only customers using Git sources are affected. SUSE/Ubuntu users will not require any changes. If you are using CentOS/RHEL, you will need to either (a) configure the
Git.AllowUnsandboxedGitBuilds = true
configuration setting, (b) reconfigure RStudio Package Manager to run asroot
, or (c) enable user namespace support (CentOS/RHEL 7 only). If you are running RStudio Package Manager in a Docker container, you will need to either (a) start the container with the--privileged
flag or (b) configure theGit.AllowUnsandboxedGitBuilds = true
configuration setting. Please consult the Admin Guide for more information. - Archived packages (packages with no current versions) are now displayed in the RStudio Package Manager UI.
- The Setup page in the UI now includes a calendar that allows you to freeze your set of packages to a particular checkpoint.
- Added beta support for shared storage using AWS S3. See the Admin Guide for more information. IMPORTANT: AWS S3 support is in beta. Please do not use S3 for production data at this time.
RStudio Package Manager 1.0.2#
December 5, 2018
- Git packages can now be built from subdirectories within a Git filesystem.
- Git packages can now use SSH keys with or without a passphrase.
- SSH connections when performing Git operations now utilize a private SSH agent process for improved security.
- Git packages now include the commit SHA in the package DESCRIPTION file for reference.
- Fixed a bug where Git commits could be built out of order if they were recorded in different timezones.
- Fixed a bug where Curated CRAN sources might need an CRAN update prior to an initial sync.
RStudio Package Manager 1.0.0#
October 17, 2018
- RStudio 1.0 is the first generally available release of the product. RStudio license terms, conditions, and limits apply. Contact sales@posit.co for more details.
- RStudio Package Manager can automatically track R packages in Git (including GitHub, Bitbucket, and GitLab). Tracking Git endpoints requires a valid installation and configuration of R. Private endpoints are supported using ssh-keys. See the Admin Guide for details.
- Improved messaging for CLI commands and CRAN sync operations.
- CRAN synchronization will not happen until a manual sync has occurred or a repository subscribes to a cran source or curated cran source.
- BREAKING: A sync schedule of 12:00AM (server time) daily is now enabled by default. To only have manual syncs, configure a blank
SyncSchedule
in the[CRAN]
configuration. See the Admin Guide for details.
RStudio Package Manager 0.7.0#
September 4, 2018
- BREAKING: The new default minimum TLS version for the HTTPS listener is "1.1", in compliance with PCI Data Security Standards. Previously, TLS 1.0 was enabled by default. Additionally, it is now possible to specify the minimum TLS version using the
HTTPS.MinimumTLS
configuration setting. - Fixed a bug in which CPU usage of the
rstudio-pm
service would increase over time. - Added a new configuration flag,
HTTP.ForceSecure
, that makes RStudio Package Manager set theSecure
flag on all of its cookies. This provides extra security when running RStudio Package Manager behind a HTTPS-terminating proxy.HTTP.ForceSecure
also sets theStrict-Transport-Security
header on all web connections.
RStudio Package Manager 0.6.0.1#
August 2, 2018
- Fixed a bug in which empty files were being served for
packages.rds
andpackages.gz
files in the/bin/
directory. This was causing problems in R versions 3.4.4 and greater when a user attempted to install more than one package.
RStudio Package Manager 0.6.0#
July 31, 2018
- Added Usage Statistics for analyzing package downloads and package licenses over time.
- Compress (gzip) the packages and archive RDS files before serving them to clients.
- Added row.names to the packages RDS file.
- The CLI
list sources
output now includes source types. - Added a CLI
list
command that outputs a tree of all repos and sources. - Added a CLI
fetch
command to initial eager package fetching. - The CLI now uploads local packages using multi-part uploads to the API. Only the CLI needs permission to read files you are uploading, and relative paths are supported.
- Added support for minor migrations for CRAN sources. Minor migrations are typically used for supplementing CRAN sources with additional metadata.
- Added the
SystemRequirements
andNeedsCompilation
fields to CRAN sources. - Improved the informational and error messages displayed during curated CRAN operations.
- Fixed a bug that resulted in reading the wrong package DESCRIPTION file in some CRAN packages that include DESCRIPTION files at multiple paths.
RStudio Package Manager 0.5.0#
June 28, 2018
- BREAKING: RStudio Package Manager's support for CRAN metadata was simplified. RStudio Package Manager now includes a single, default CRAN source and the fetch mode and sync schedules are defined server-wide in the configuration file. If you have existing CRAN sources, they will be dropped when upgrading. A new
cran
source will be created automatically. Use the CLI to subscribe existing repositories to the newcran
source and to sync the newcran
source. Example: If you had a repository namedprod
that subscribed to an CRAN source namedcran-src
, you will need to run:rspm subscribe --repo=prod --source=cran
andrspm sync
after upgrading. - BREAKING: The
CRANTimeout
andFetchTimeout
configuration properties have been moved to a new[CRAN]
configuration section. If you included either of these two properties under your[Server]
configuration section, you will need to move them to a new[CRAN]
configuration section. - RStudio Package Manager now includes curated CRAN sources, giving administrators the ability to host approved subsets of CRAN instead of taking an all-or-nothing approach. Administrators add packages, preview changes, and even perform dry runs before running updates. The admin guide contains examples and quick start guides.
- The
[CRAN]
configuration section now includesSyncSchedule
andSyncMode
settings. TheSyncSchedule
setting accepts a crontab format for scheduling synchronization of the CRAN source. TheSyncMode
setting defaults tolazy
but can be configured aseager
for eager package downloading. The sync schedule and mode were previously configured using the CLI. - Admins can now edit source names, repository names, and repository descriptions using the
edit
CLI command. - Added an
[API]
configuration section that includes the settingsMaxApiResults
andDefaultApiResultsLimit
for configurable API result limits. - Added documentation for air-gapped environments. See the Admin Guide for details.
- Eliminates external fonts in the UI.
- The activity page for a CRAN source now lists the historical date represented by a sync operation instead of the date the sync occurred.
- Removed the CLI
sync-wait
command and replaced it with a flag. You can now runrspm sync --wait
instead. - Better support for the URL property that appears in many CRAN package DESCRIPTION files. This property appears in CRAN packages as
URL
,Url
, andurl
, which are all now supported. - The package date for archived packages is now displayed in the UI.
- The CLI
reorder
command allows reordering source subscriptions for a repository. This allows you to change the priority for resolving conflicts when two sources include a package with the same name. - Fixed a bug that prevented using the UI through a proxy that prepends a prefix to the RStudio Package Manager URL.
- Include
Content-Length
andLast-Modified
headers when serving a package tarball. - Support for Ubuntu 18.04.
- SUSE Enterprise Linux 12 SP3+ Support.
RStudio Package Manager 0.4.0#
May 3, 2018
- BREAKING: Sources can no longer be hidden. Since repositories can subscribe and unsubscribe from sources (since 0.2.0), there is no need to hide sources. Sources that were previously hidden will no longer be hidden after upgrading to this release. If your repositories subscribed to hidden sources that should remain hidden, please unsubscribe those repositories from the hidden sources before upgrading.
- Added the ability to version and migrate CRAN sources. This allows RStudio Package Manager to replace outdated or flawed CRAN sources without losing transaction history.
- Added a /ping endpoint to allow services to more easily monitor the service's status. It always responds with an empty JSON message and a 200 status code.
- Sources cannot be deleted when associated with any repositories. A repository's source subscriptions and unsubscriptions are all recorded permanently. To preserve a repository's immutable historical records, no sources that were ever associated with an existing repository may be deleted. If you need to delete a source, you must first delete any repositories that at any time subscribed to the source.
RStudio Package Manager 0.3.0#
March 26, 2018
- BREAKING: This release incorporates major improvements to sources typed as
cran
. Packages in existing sources typed ascran
will be removed when upgrading. Administrators should initiate synchronization for any sources typed ascran
after upgrading. - KNOWN BUG: When using an NFS share for
[Server].DataDir
, there can be delays of up to 60 seconds when initailly serving particular files including the PACKAGES files for a particular repository. When using the "lazy" sync mode with CRAN, this delay can also occur the first time a version of a package is served. This latency can be improved by shortening the length of time attributes are cached on your NFS clients (see theacdirmax
andnoac
NFS mount options). We will work to resolve this latency in a subsequent release. - Added support for multiple current versions of CRAN packages.
- Support synchronizing multiple CRAN checkpoints simultaneously. This greatly reduces the time to synchronize a CRAN source.
- CRAN checkpoints are cached to avoid redundant downloads. This greatly reduces the time to synchronize CRAN sources.
- Introduced better logging configuration options to provide helpful logging during CRAN synchronization without overwhelming logs. Also added trace-level synchronization logging.
- Added a
sync-wait
command to the CLI. This command lets you wait for synchronization to complete after you initiate a synchronization. - The RStudio Package Manager service now manages its
/var/run/rstudio-pm
directory correctly to avoid missing domain socket files on operating systems that use temporary file systems for the/var/run
directory. - More consistently sort/order packages. Previous RStudio Package Manager releases ordered packages inconsistently when using PostgreSQL vs. SQLite.
- Sort archived packages by version in the RStudio Package Manager Web client.
- Fixed a bug that prevented package link (depends, imports, etc.) versions from being displayed in the RStudio Package Manager Web client.
- Added the ability to specify a description for repositories, which are displayed via the CLI and the UI.
RStudio Package Manager 0.2.0#
January 29, 2018
- The RStudio Package Manager service now runs under an unprivileged account. By default, the service runs under the
rstudio-pm
account. See the admin guide appendix on changing the RunAs User if you need to adjust the service account. - BREAKING: Upon upgrading, if you previously configured RStudio Package Manager with alternative data directories, cache directories, log files, or .gcfg locations, you will need to manually change ownership on these files/directories to the new
rstudio-pm
service account. See the admin guide appendix on changing the RunAs User for more information. - BREAKING: The internal structure of Package Manager has changed. Repositories no longer contain packages directly, but instead repositories are composed of one or more "sources". Sources are typed as either
local
orcran
. See the admin guide for more details. Due to this change, upgrading to 0.2 will wipe all existing repositories. Administrators should recreate the repositories using the source + repo model. Any CRAN packages that were previously downloaded will be retained on the server and can be accessed after a new repository is configured. Local packages will need to be re-added. Additionally, the cache directory,/var/lib/rstudio-pm/cache
can be removed prior to upgrading to save disk space. - BREAKING: The administrator command line interface (CLI) has been significantly refactored for easier use. Any scripts developed with the previous CLI should be rewritten. The new CLI does not require root. Instead, admins should be part of the
rstudio-pm
unix group. Instructions for changing the group are included in the admin guide. - BREAKING: Package Manager now tracks the number of downloads for each package. To do so, a new database was added for storing metrics. Servers using Postgres will need to create a new database and populate the
[Postgres].MetricsURL
configuration option or disable metrics by setting[Server].MetricsEnabled = false
. Servers using the SQLite database (the default) will not need to alter their configuration; a new database will be created alongside your existing one. - The
[Server].MetricsRetention
configuration option specifies when to reap metrics that have expired. - The Package Manager web interface displays additional information about packages, including prior archived versions.
- In version 0.1.0 users were prompted to name the repository
RSPM
. The new Overview page suggests naming the repository according to the repository name on Package Manager. - A date parsing error that occurred when adding local packages was fixed.
- A number of bugs were fixed to properly sync CRAN packages including properly archiving prior package versions and correctly displaying the
Depends
,Suggests
, andImports
fields.
RStudio Package Manager 0.1.0#
November 20, 2017
- This is the initial alpha release of RStudio Package Manager.