Skip to content

Release Notes#

Please contact Posit customer support (support@posit.co) with questions about the described changes.

Posit Package Manager 2024.11.0#

December 04, 2024

New#

  • Introduces the first of a new set of features called Metadata Services, which allow you to enrich Package Manager’s built-in package information with your own information, like internal package scores, approval status, or even links to your own supplemental documentation. For more information on how to use custom metadata, refer to the documentation. (#14518)
  • Adds support for openSUSE 15.6 and SLES 15 SP6. (#14026)
  • Adds a command to the Bioconductor setup page to set the R_BIOC_VERSION environment variable for better reproducibility. This prevents BiocManager from automatically upgrading to a new Bioconductor version as soon as it's released. (#14320)
  • Our installation documentation now recommends using apt instead of gdebi to install Package Manager. (#7812)
  • Python Git builders now build binary distributions (wheels) for Python packages if possible, in addition to source distributions. This may help prevent package installation failures using newer versions of pip that use build isolation, and speed up installations for packages with compiled code. (#14213)
  • Document the rspm evict command types for more clear usage. (#14404)
  • Adds new rspm encrypt generate command to create an encryption key manually before starting Package Manager. (#14430)
  • Document how to edit the rstudio-pm.service configuration. (#14431)
  • Adds a new PACKAGEMANAGER_PROXY_TOKEN environment variable for the CLI to set the Authorization and X-PPM-Authorization headers accordingly for proxied environments. (#14472)
  • Adds the ability create blocklist rules based on a repository. (#14560)
  • The UI now displays a single entry with a version selector when multiple current versions of a package exist in CRAN. (#3856)
  • Handle generating and storing the encryption key automatically in the persistent storage location. The new location is /persistent/encryption/rstudio-pm.key at the [Storage].Persistent location. The original key remains backed up on the disk at the same location with the name rstudio-pm.key.bak.<timestamp_of_migration>. (#13651)
  • Adds retry logic when connecting to a Postgres database to better handle failover scenarios. (#14816)
  • Adds a Manifest.AllowRedirect setting to support 307 redirects to the underlying package repositories. This enables the ability for users to download packages directly from the Manifest.URL location without passing through Package Manager and caching locally. (#14403)
    • This can both significantly improve package serving performance and reduce storage usage.
    • Note: the end user's system needs outbound internet access to the Manifest.URL location (by default this is the Posit Package Service, http://rspm-sync.rstudio.com). This is not always feasible depending on the network configuration.
    • Note: redirects are supported by both R's install.packages() and the Python's pip by default, but if using a non-default download method in R such as curl, you will have to add the download options to follow redirects for that particular method.
  • The run-diagnostics script now includes the output of the git-builds command. (#14752)
  • Updates the recommended system requirements for Package Manager to 4 CPU cores, 16 GB memory, and at least 500 GB of storage. The previously recommended system requirements are now the minimum system requirements. (#14488)
    • The AWS reference architecture configurations have been updated to reflect the new recommended system requirements.
  • Updates the Reference Architectures documentation with new architectures for Microsoft Azure and more:
  • Updated to Golang 1.23.3.

Fixed#

  • Fixed an issue where Git-based packages did not load correctly after migrating to a Postgres DB. (#14219)
    • Please contact Posit customer support (support@posit.co) if you see messages like this in your server log after migrating to Postgres using an older Package Manager version: Unable to set Git Builder URL for Git package: sql: no rows in result set.
  • Fixed an issue where --succeed-on-existing flag for rspm create git-builder did not work. (#14211)
  • Fixed an issue where excessive blank space could appear on the Usage Stats page in certain browsers like Chrome. (#14192)
  • Fixed an issue that prevented retrieving archived packages from CRAN Snapshot sources migrated from Package Manager 2023.12 or earlier. (#14273)
  • Fixed an issue with the R Package page loading slowly for packages with a large number of dependencies. (#14291)
  • Fixed an issue with serving responses for missing Python packages when using S3 file storage. This could cause tools like uv to fail when installing packages in some cases. (#14292)
  • Fixed an issue with missing Activity Log messages for curated CRAN sources when using S3 file storage. (#14292)
  • Fixed an issue with rspm CLI error messages not appearing in some cases. (#14321)
  • Fixed an issue that could cause binary package serving to fail when using a proxy or third-party integration, like Artifactory, in very rare cases. (#14300)
  • Increases timeout to prevent intermittent "timeout waiting for macro transaction to open" errors. (#14390)
  • Fixed an issue where the Postgres.UsageDataURL would default to the Postgres.URL, but the Postgres.UsageDataPassword would need to be configured separately. (#14339)
  • Fixed an issue where the Database.Provider = postgres setting wasn't accounting for case sensitivity resulting in errors that the commands are only available when using a PostgreSQL database. (#14420)
  • CRAN snapshot dates now backdate to the selected Bioconductor date on the Setup page. (#14254)
  • Fixed an issue with package manager hanging up after startup if Server.TempDir was set to a directory with the noexec option (#14381)
  • Fixed an issue where the CRAN repository package count could be incorrect. (#13132)
  • Fixed an issue where curated CRAN requirements containing a dash '-' resulted in a failure. (#14475)
  • Fixed an issue where an error during package updates could cause temporary files to accrue. (#14485)
  • Broad encryption key file permissions now log a warning rather than prevent start-up. (#14547)
  • Fixed an issue where the vulnerabilities endpoints were returning packages that were not available in the repository or source. (#14733)
  • Fixed an issue where the PyPI simple package page could incorrectly reference the wrong repository. (#14560)
  • Fixed a confusing rspm error where an invalid character ... looking for beginning of value. This will now output the body from the failed request. (#14503)
  • Fixed an issue where the Postgres.UsageDataPassword was set, but the Postgres.UsageDataURL would not use the default Postgres.URL. (#14690)
  • Fixed an issue where auto-syncing Bioconductor would fail due to a missing version number. (#14624)
  • Fixed an issue where a failed package update could get cached and require a server restart to recover. (#14628)
  • Fixed S3Storage.Prefix handling by automatically stripping all leading and trailing slashes. (#14606)
  • Fixed an issue where disabled vulnerabilities flag was not applied correctly. (#14630)
  • Fixed an issue where Bioconductor packages with the same name but different versions could cache metadata incorrectly across Bioconductor versions. (#14726)

Breaking#

  • CentOS/RHEL 7 has reached vendor end of support and is no longer supported. (#13652)
  • Changed swagger definitions and response types for creating and listing repos and sources, to avoid exposing internal struct types. (#14307)
  • The configuration option HTTP.Listen will now default to :4242. Set HTTP.Listen to an empty value to disable HTTP server connections. (#14187)
  • Deprecate the [Server].EncryptionKeyPath option in favor of storing the encryption key on the persistent storage location (s3 or file). An existing key will be migrated to the [Storage].Persistent location. Remove the [Server].EncryptionKeyPath setting after the key has been migrated to avoid warnings in the startup logs. (#13651)

Posit Package Manager 2024.08.2#

September 20, 2024

Fixed#

  • Fixed a migration issue involving Bioconductor usage with Package Manager versions prior to 2021.09. (#14408)

Posit Package Manager 2024.08.0#

August 09, 2024

New#

  • [Logging] section has been added to configure the system log output, format, and level. (#13817)
  • Postgres installations no longer require a separate database for the usage data. The [Postgres].UsageDataURL field will now default to the configured [Postgres].URL. (#13643)
  • Adds a new notification banner and prometheus metric for the number of days left until the product version is no longer supported. See the support configuration settings to tweak these options. (#9905)
  • The Server API is now considered stable and generally available. While endpoints are still subject to change, breaking changes will be documented. (#13682)
  • Adds a new flag option rspm evict --type=clear for immediate cache eviction. (#13767)
  • Adds a new rspm bootstrap command for creating keypairs, and generating an admin token for remote management. (#13799)
  • The entire admin CLI is now available for use remotely, with the exception of the offline, online and cluster commands. API tokens can be generated with the new global:admin scope to allow full access to the CLI. See the Remote Use documentation for more details. (#13778)
  • The following commands can now be used remotely with the sources:write API token scope:
    • rspm update and rspm add on curated CRAN, CRAN snapshot, and curated PyPI sources. (#13592, #13779)
    • rspm import to import a Git credential that can be used for any Git source. (#13780)
    • rspm remove to remove packages from a source. (#13781)
  • Adds the rspm verify command to verify a connection to the server. (#13954)
  • Adds the AppArmor profile for Ubuntu 24.04 and later versions, enabling the use of user namespace sandboxing for Git package builds. (#13599)
  • Bioconductor sources now fully support date-based snapshots. Use the snapshot calendar on the Setup page to get a frozen URL for any Bioconductor packages. Bioconductor repos may now optionally include a latest or snapshot URL segment. (#13947)
  • Adds support for Ubuntu 24.04 (Noble). (#13222)
  • Adds the OS Type field to the R package Overview page in the UI for packages that specify an OS type. (#8076)
  • Updated to Go 1.22.6.

Fixed#

  • Fixed an issue where the PyPI repository view would incorrectly show some popular packages. The view will also now sort popular packages using 30 day rollups instead of 90 days. (#13633)
  • Fixed an issue where Python signature files were being recorded as package downloads. (#13545)
  • Retry Git clones when building Git packages in the case of transient download issues. (#13699)
  • Fixed an issue that was causing reloads of the Bioconductor activity page to navigate to the error page. (#13721)
  • Fixed several issues with missing messages when running the rspm update command. (#13656, #13724, #13750)
  • Fixed an issue where changes to PyPI packages in an offline environment would not be reflected in PyPI repositories when installing packages from historical date snapshots. (#13621)
  • Fixed an API issue with unbounded memory usage when enumerating packages. (#13692)
  • Fixed an API memory issue to remove a potential Denial-of-Service (DoS) vulnerability. (#13692)
  • Fixed an issue where multiple Git builds with matching checksums would sometimes fail. (#13728)
  • Python and R repositories with no snapshots will no longer try and display a calendar. (#13557)
  • Fixed a bug with the rspm_license_days_left metric returning the days left for a trial instead of the activated license. (#13852)
  • Fixed an issue where Git builds would intermittently fail due to missing remote references. (#13880)
  • Fixed an issue with retrieving data from empty Curated CRAN sources. (#13886)
  • Adds back the Needs Compilation and Dependency columns to the rspm update for curated CRAN sources. (#14009)
  • Fixed an issue where Postgres returned an unexpected EOF resulting in a fatal shutdown. (#14039)
  • Fixed an issue with displaying all results for certain searches. (#13739)
  • Fixed a Git builder issue that would cause the error sql: Scan error on column index 10, name "url": converting NULL to string is unsupported. (#14069)
  • Fixed an issue with loading R package binaries for archived packages. (#14099)
  • Fixed an issue where the distribution selectors displayed in the UI had different values. (#14118)
  • Fixed an issue with loading R package binaries for archived packages from CRAN Snapshot sources. (#7179)
  • Fixed an issue with the UI where archived source file URLs were invalid for packages with paths such as 4.5.0/Recommended. (#14121)

Breaking#

  • Bioconductor sources can no longer be created with the rspm create source command. Individual Bioconductor sources have been replaced with a single Bioconductor source that provides data for all Bioconductor versions. See the Quick Start guide for more information. (#13962)
  • [Debug].Log has been deprecated and disabled, along with debug regions. See [Logging].SystemLogLevel for debug logging. (#13817)
  • Systemd service file has been simplified due to logging changes. tee is no longer used to redirect logs to log file and PID file no longer used. See [Logging] section for logging configs. (#13858)
  • rspm config debug logger has been updated. It is now rspm config log --level=[level] to set various logger levels. (#13817)
  • The [Authentication].APITokenAuth setting is now enabled by default. (#13805)
  • API endpoints now expect repository and source names instead of IDs. IDs are still supported for backward compatibility, but this may change in a future release. Using IDs instead of names may result in inconsistent output if any sources or repositories use numeric names. (#13683)
  • Deprecates using rspm add to add packages to Curated CRAN sources. Use rspm update to add packages to Curated CRAN sources. (#13404)
  • openSUSE 15.4 and SLES 15 SP4 have reached vendor end of support and are no longer supported. (#13518)
  • The Swagger API documentation version will now match the application server version. (#13681)
  • The Id in the transactions API will now be null for CRAN, PyPI, and other mirrored sources instead of 0. (#13674)
  • Integers are no longer allowed as source or repository names. (#13701)
  • New repository and source names may only contain the characters a-z, A-Z, 0-9, and ., ~, -, _. (#13933)
  • The rspm url create command now requires the --date flag. (#14010)

Posit Package Manager 2024.04.4#

June 26, 2024

Fixed#

  • Fixed an issue with migrating Curated CRAN sources when using a PostgreSQL database. (#13938)

Posit Package Manager 2024.04.2#

June 14, 2024

New#

  • Adds an index to the cache_objects table for more efficient cache evictions. (#13648)

Fixed#

  • Fixed an issue with migrating Curated CRAN sources that were created prior to Package Manager 1.2.0. (#13747)

Posit Package Manager 2024.04.0#

May 6, 2024

New#

  • PyPI repositories can now be used in air-gapped or offline environments. Rather than downloading all of PyPI, you'll define your own subset of packages you want to make available offline. See the Air-Gapped Package Manager documentation for instructions on how to set up an offline PyPI repository.
  • Adds automatic CRAN synchronization. Package Manager will synchronize the CRAN source on demand and check for CRAN updates every 10 minutes. (#13114)
  • Major updates to the CRAN source. CRAN data is no longer stored in the database, which significantly reduces sync time and increases performance. If you are already using a CRAN source, you can take advantage of these improvements by running rspm sync --type=cran immediately after upgrading. (#13114)
  • By default, new created Curated CRAN sources now use a more permissive package version snapshot behavior. You can still create Curated CRAN sources using the previous behavior by using the --strict option when creating the source. See the Admin Guide for more details. (#12884)
  • rspm update now supports specifying a requirements.txt file with the --file-in flag for Curated CRAN sources. (#12884)
  • New Curated CRAN sources can now filter individual packages using version constraints. This does not apply to Curated CRAN sources created before this release. (#12884)
  • New Curated CRAN sources can now have their snapshots updated backwards in time. This does not apply to Curated CRAN sources created before this release. (#12884)
  • rspm create source now supports a --include flag which determines which types of related packages are included in the source.
  • Python auto-detection will now attempt to pick the highest available version of python or python3 bin in $PATH or /opt/python/* that has build and virtualenv modules. If no such version is found, it defaults to the highest version available. (#12991, #13260, #13307)
  • R PACKAGES and PACKAGES.rds responses for package binary lists include new fields. (#4639)
    • For local and Git package binaries, the new Sha256Hash field records the SHA256 hash for the file. (#4639)
    • For CRAN package binaries, the new Hash field can be used to determine when a package binary is updated. This field should not be used to verify file integrity. (#4639)
  • Package Manager will now switch its built-in encryption to use the AES-256-GCM algorithm when the Server.UseFIPSEncryption setting is enabled. This algorithm is an Approved Security Function under Federal Information Processing Standard 140, which is applicable to many organizations. (#12534)
  • The URL used for a Git builder is now displayed in the UI for associated Git packages. (#11873)
  • Adds new blocklist flag --deleted-packages to block packages that have been removed from PyPI or CRAN from older snapshots. (#12624)
  • Adds new rspm_license_days_left Prometheus metric for more convenient alerting. (#13037)
  • rspm completions for the fish shell can be generated with rspm completion. (#13366)
  • rspm update will now default to the latest snapshot if the --commit flag is absent for curated PyPI sources. (#13297)
  • Updated to Golang 1.22.2.
  • Package Manager's version will be included in the User-Agent header when syncing packages. (#9509)

Fixed#

  • Disables the calendar selector when an R repository is only subscribed to a Bioconductor source. (#12560)
  • Improved error message when using the rspm add command with invalid flags. (#12022)
  • Properly display binary files in UI for repositories that mix CRAN and Bioconductor sources. (#12559)
  • Delete Python Git builders when a Git Python source is deleted. (#12626)
  • The Server API Guide "Try it out" URLs now respect the path of the public server URL configured in Server.Address. The Server API Guide URLs can still be customized separately using the Swagger.Host and Swagger.BasePath settings. (#12448)
  • The Swagger.BasePath setting no longer needs to end with /__api__. This may be removed from any existing Swagger.BasePath settings. (#12448)
  • The Database.Provider configuration option is now case insensitive. (#12708)
  • Python packages will no longer hyperlink malformed extra package links. (#11836)
  • Orphaned Python packages are now deleted when running rspm evict --type packages. (#9422)
  • Fixed a bug where the usage stats page would no longer render charts after changing the chart options. (#12730)
  • Archived packages for combined repos are properly filtered based on subscription order. (#12804, #12687)
  • Fixed the incorrect repository URL for Bioconductor repositories on the Setup page. (#12936)
  • Fixed an issue preventing Linux binary packages in local and Git sources from being served for old, deprecated R versions. (#9209, #12938)
  • Fixed an issue preventing Linux binary packages in local and Git sources from being served for the arm64 architecture. (#11633)
  • Increased the systemd StartLimitBurst from 3 to 30 for more reliable recovery. (#13206)
  • Fixed an issue that was causing temporary files to accumulate when downloads failed. (#13331)
  • Fixed the output of the rspm list git-builds command to return valid JSON when the --output-format=json flag is provided. (#13475)
  • Only attempt Git credential decryption once to avoid spurious logs about potentially sensitive values in plain text. (#13383)
  • Double the default timeout for the rspm cluster [online/offline] commands. (#13407)
  • Fixed an issue where the rspm [online/offline] and rspm cluster [online/offline] commands will intermittently timeout. (#13415)
  • Fixed an issue where some packages could not have their checksum computed which caused some packages to be missing. (#6980)
  • Logging has been improved when a secret decryption fails. (#12874)
  • The UI no longer shows statistics on the home page unless a relevant repository exists. (#12543)
  • List items in the Package Details UI are now more easily clickable. (#12777)
  • Server logs are improved when Python cannot be auto-detected. (#12545)
  • The stats page now saves the selected ecosystem. (#12540)
  • Warnings are now shown when curated repositories exist without the proper license. (#12558)
  • The run-diagnostics script now excludes large binary files from the report. (#12528)
  • The error page now presents a generic error message instead of internal errors. (#13209)
  • Fixed a migrate database bug when migrating with stale data in job_launcher_jobs and git_package_builds; these tables will now be ignored. (#12729)
  • Underlines package links on the activity page for R and Bioconductor repositories following accessibility best practices. (#12587)
  • Repositories with empty Curated CRAN and PyPI sources no longer show an error. (#13171)
  • The rspm create source now displays a better error when an invalid type is provided. (#13150)
  • CRAN snapshots in error messages are formatted correctly. (#13190)
  • Some archived CRAN packages were missing the occurred field. (#13341)
  • Some documentation redirects were misconfigured. (#13405)
  • Fixed a deadlock that can occur during syncs. (#13166)

Breaking#

  • Air-gapped customers are required to re-download the CRAN data after upgrading before syncing the CRAN source. See the Admin Guide for more information.
  • The offline downloader version must now correspond with the Package Manager version.
  • Removes support for populating the database with information on cached objects when upgrading from versions prior to 1.1.2. If you are upgrading from a version prior to 1.1.2, recently used cached objects may be evicted, but will be automatically recreated on demand. (#12664)
  • Removes support for the id query parameter from all API endpoints. Packages should be referenced only by name.
  • The /packages/:id/files/:path API address has changed to /repos/:id/packages/:name/files/:path and requires a package name instead of an ID.
  • The /packages/:id/readme API address has changed to /repos/:id/packages/:name/readme and requires a package name instead of an ID.
  • When updating a Git builder's URL, specifying the branch is also required to ensure its existence. (#12880)
  • Integrations with Artifactory must add the new **/rsf/** inclusion/exclusion rules to the repositories. (#13182)
  • Updating the snapshot date of an empty curated CRAN source is no longer possible. (#13750)

Posit Package Manager 2023.12.0#

December 18, 2023

New#

  • Adds package vulnerability reporting based on osv.dev advisories. Known security vulnerabilities will be displayed on the Package page for CRAN, Bioconductor, and PyPI packages. (#11932)
  • Adds --vulns option to rspm create blocklist-rule to block packages with known security vulnerabilities. (#11931)
  • Database migrations are now stricter when comparing data. Migration errors now display the table and column where mismatch occurred. (#9749)
  • Adds support for creating Git builders with Python packages using rspm create git-builder command. (#11952)
  • Adds banner for blocked packages, archived versions, and distributions. If a description exists for the blocking rule, it will be displayed on the banner. (#11935)
  • Grayed out various broken URLs for downloading package binaries, distributions, etc. if they are known to be blocked. (#11967, #11971)
  • Adds rspm create bulk-blocklist-rules (alias rspm create bulk-bl) command to bulk add blocklist rules via file or STDIN. (#11964)
  • The pre-install script now creates a symlink from the rspm command to the /user/local/bin directory and, if available, initializes bash autocompletion. (#6544)
  • The rspm delete blocklist-rule command now supports bulk deletion of either all or a subset of rules with specified --id flag. (#10071)
  • The R Package page now displays the sub-path of the package within the repository if present, such as Path: Older or Path: 4.4.0/Recommended. (#11881)
  • Render Python reStructuredText READMEs in the UI. (#4594)
  • Adds the Git.AttemptVignettes option to attempt building R Package Vignettes through the Git Builders. (#8490)
  • Adds the source type and SPDX license types for package requests to the service log using the src_type and lic_type fields. (#11923)
  • Adds new endpoints to gather vulnerability information on sources, repositories, and packages. (#12051)
  • Adds EnvironmentFile support to systemd service definitions. (#12079)
  • When the Server.RVersion option is unset, attempt to autodetect R by checking the PATH and some well-known installation directories. (#11801)
  • Adds support for uploading Python packages to local-python sources with the rspm add CLI command. (#12078)
  • Adds ability to pass in a directory for the --path flag when uploading packages with rspm add, supported for both local and local-python sources. (#12101)
  • Adds [CRAN, PyPI, Bioconductor].DelaySyncDuration config option to have the ability to delay sync by a certain number of [hours|days]. (#11935)
  • When the Server.PythonVersion option is unset, attempt to autodetect Python by checking the PATH. (#12104)
  • The webpage footer now displays the product tier. (#12271)
  • Adds support for increasing Git cloning depth when adding/editing Git builders with a new --clone-depth=[depth] flag. (#12273)
  • Adds support for openSUSE 15.5 and SLES 15 SP5. (#10858)

Fixed#

  • Accessibility improvements in the UI.
    • Fixed keyboard navigation of radio button groups on the Setup page. (#11739)
    • Fixed missing accessible labels and markup for disclosure buttons on the Packages page, Activity page, and navigation bar. (#11794, #11805, #11824)
    • Fixed missing accessible labels on search inputs and their clear buttons for packages and usage stats. (#11821, #11795)
    • Removed duplicate empty link in the navigation bar. (#11793)
    • Copy buttons are now better labeled with unique descriptions. (#10738)
  • Navigating between Python packages had a noticable delay. (#11898)
  • Minor performance improvements to R and Python package serving when packages have been blocked. (#12280)
  • Sandboxed Git builders now share the same network configuration as the host so they can pull external dependencies. (#12296)
  • Fixed the empty git-upload-pack given error that ocurred with Git builders for Azure Git repositories. (#12323)
  • Increased the default package cache size. (#12379)
  • Fixed an issue with incorrect "Content-Length" header reporting when using S3 with client-side KMS encryption. (#12532)
  • Respect proxy environment variables (http_proxy/https_proxy) with remote CLI usage. (#11784)

Breaking#

  • Ubuntu 18.04 (Bionic) has reached vendor end of support and is no longer supported. (#9762)
  • Removes support for extracting README files for local and Git packages created in Package Manager versions prior to 1.0.6. If you are upgrading from a version prior to 1.0.6, this means that existing packages in local and Git sources will be migrated correctly, but Package Manager won't automatically extract README data for the migrated packages. You can work around this limitation by upgrading to version 2023.08.0 prior to this version. (#11867)

Posit Package Manager 2023.08.4#

October 30, 2023

Fixed#

  • Fixed an issue where git-builders could not be created when the scheme (e.g. ssh://) was prepended to the URL. (#12138)
  • Fixed an issue that could prevent Git builds from working unless sandboxing was disabled via the Git.AllowUnsandboxedGitBuilds = true setting. This most commonly occurred when using a Linux Security Module such as SELinux. (#12135)

Posit Package Manager 2023.08.2#

October 19, 2023

Fixed#

  • Package Manager now attempts every PACKAGEMANAGER_DISTRO when autodetection of the OS fails. (#11870)

Posit Package Manager 2023.08.0#

September 12, 2023

New#

  • Adds automatic PyPI synchronization. Package Manager will synchronize the PyPI source on demand and check for PyPI updates every 10 minutes. (#10376)
  • Enables remote token authentication for rspm create git-builder (#9883)
  • CRAN and PyPI repositories now support nearest-snapshot matching when used with date-based URLs. See Snapshot Identifiers in the Admin Guide for details. (#10544)
  • Adds new block list token scope --scope=blocklist:read for rspm create token command. See also breaking changes. (#10557)
  • Enables remote use for all blocklist CLI commands, e.g. rspm list blocklist and rspm test blocklist (#10557)
  • Adds the ability to rerun a Git builder job for a specific Git SHA. (#10939)
  • Supports Git builders with custom names by adding an optional --name flag. (#8799)
  • Adds support for Git submodule recursion when adding/editing Git builders with a new --recurse-submodules=[depth] flag. (#7111)
  • Adds a Git.AllowTagVersionMismatch setting to allow Git builds when the Git tag version does not match the DESCRIPTION file version. (#5603)
  • Adds support for serving precompiled binary packages for Debian 11 (Bullseye) and Debian 12 (Bookworm). (#11010)
  • Adds Server.CustomHomeTitle config option to have the ability to customize the Home Page UI text. (#10588)
  • Adds support for macOS R package binaries for both x86 and Apple Silicon (arm64) CPU architectures. These are available for R versions 4.1, 4.2, and 4.3 on CRAN or user-uploaded.
  • The Homepage page has been redesigned to be more functional. (#10504, #11132, #10502)
  • The Setup page in the UI has been redesigned to be easier to navigate. (#10503, #10589)
  • Many accessibility improvements have been made to the UI.
    • Tab navigation is now fully supported.
    • Keyboard focus has been improved.
    • Semantic HTML tags such as header, link, and button elements are now better used.
    • Usage graphs now contain a textual representation that is accessible to screen readers.
    • Color contrast has been improved.
    • Links are underlined.
    • Page titles update on navigation.
    • Images, aside from those in package READMEs, now contain alt text.
    • Form fields now have attributes set for screen readers.
    • Modal dialogs no longer lose keyboard focus.
    • maximum-scale is no longer set.
  • Most UI pages now fill the width of the browser. (#10505, #10594)
  • The UI will retry failed requests.
  • The UI will cache and update API responses.
  • The UI better displays when a Readme is available for a package.
  • The What's New page hierarchy is easier to navigate. (#10604)
  • The UI URLs now contain more information about what screen the user is on.
    • The repo routes now use the repository name instead of ID. (#10723)
    • The source on the Activity page route is now the name instead of the ID. (#11217)
    • The packages routes now include more information about the package ID and whether a user is on the Overview or Readme pages. (#10600)
    • The Setup page URLs now contain query parameters that make it easier to share links. (#10722)
    • URLs from previous versions of Package Manager will properly re-route to the new URLs. (#11517, #11288)

Fixed#

  • Fixed an issue that caused Windows binary package serving and binary availability reporting to fail when using third-party integrations such as Artifactory. When third-party integrations do not support proxying ETag response headers, Package Manager now falls back appropriately. (#8433)
  • Fixed a bug where some archived R package requests served the package source when a binary was available. (#10471)
  • Fixed an issue where deleting Git builders while Git builds were still running could result in an incomplete cleanup of files in the Git.BuilderDir directory. (#10479)
  • Fixed an issue where deleting SSH keys for Git building while Git builds were still running could result in an incomplete cleanup of SSH agents. (#10484)
  • Fixed an incorrect error message in the server log when starting the server with invalid HTTPS credentials for Git building. (#10518)
  • Fixed an incorrect error message in the server log when deleting HTTPS credentials for Git building. (#10512)
  • Fixed an issue sanitizing weak etags from integrations which would lead to error logs like _W/"..: no such file or directory. (#10926)
  • Fixed a bug with the Binaries.Distributions setting where binary packages could still be served for disabled distributions. (#11075)
  • Fixed an issue with unbounded accumulation of cached PyPI manifest data. Older PyPI manifest data is now evicted at the normal eviction interval. (#11511)
  • Fixed a bug where arm64 Linux users were receiving x86-built R package binaries. (#11512)
  • Fixed a bug where the PACKAGEMANAGER_ENCRYPTION_KEY environment variable was not honored for Git builders. (#11631)
  • When the PACKAGEMANAGER_ENCRYPTION_KEY environment variable is set, an encryption key file is no longer generated at the [Server].EncryptionKeyPath location. (#11631)

Breaking#

  • For custom binaries, some distribution aliases such as rhel7 have been deprecated, use supported distros from rspm list distributions instead, such as centos7. (#10439)
  • The rspm create token command now forces the use of the --scope flag. If left blank, it will no longer default to --scope=sources:write.
  • openSUSE 15.3 and SLES 15 SP3 have reached vendor end of support and are no longer supported.
  • Git builders no longer require the Job Launcher. Any Git builds in the job queue at upgrade time will be canceled, but will be rescheduled at the next Git builder poll. (#10955)
  • The [Launcher] configuration section has been deprecated since Git builders no longer require the Job Launcher. Please remove any existing [Launcher] sections from your configuration files. (#10955)
  • Logs for previous Git builds will be inaccessible after upgrading. Use the rspm logs command prior to upgrading to retrieve any Git logs that must be preserved. (#10955)
  • When Git.AllowFileURLs = true and any Git builders use file:// URLs, Git must be installed on the server. (#10982)
  • The default storage alerting threshold has been changed from 75% to 90%. To restore the original setting, add StorageAlerts.Threshold = 75% to your configuration file. (#11095)
  • Installers are signed with a new Posit GnuPG key. See the Posit Signed Builds page for more information about signed builds.
  • The default permission for the user.conf systemd configuration file has been changed from 0600 to 0644 to prevent warnings about world-inaccessibility. (#11356)
  • Disabled binary distributions no longer appear in the UI as a selectable distribution. (#11510)
  • The PACKAGEMANAGER_ENCRYPTION_KEY environment variable will now take precedence over a key file at the [Server].EncryptionKeyPath location instead of failing to start. (#11631)

Deprecated/Removed#

  • The rspm create token --blocklist flag is deprecated in favor of --scope=blocklist:admin and --scope=blocklist:read. (#10557)
  • The Lock Package Data checkbox has been removed from the Setup page. Snapshots will continue to be backwards compatible and deterministic. (#10725)

Posit Package Manager 2023.04.0#

April 28, 2023

This release of Package Manager introduces the ability to globally block packages for an entire instance, preventing downloads of packages with known vulnerabilities or prohibited license types. Additionally, Package Manager now supports creating curated subsets of PyPI with a curated-pypi source, allowing only the Python packages from PyPI you permit. This release also heavily optimizes the PyPI source, making synchronization happen instantly.

New#

  • Adds the ability to globally block packages across all snapshots and repos to prevent unwanted downloads. See the Package Blocking guide for more information. (#9962)
  • Adds the ability to create curated subsets of PyPI with the new curated-pypi source. See the Quick Start guide for more information. (#9863)
  • Major updates to the PyPI source. PyPI data is no longer stored in the database, which significantly reduces sync time and increases performance. If you are already using a PyPI source, you can take advantage of these improvements by running rspm sync --type=pypi immediately after upgrading. (#9707)
  • The API documentation examples will now autodetect the transfer protocol scheme and hostname. (#9332)
  • The UI now displays an alert banner when the license is close to expiration. The default threshold is 30 days, and it is configurable using the Licensing.ExpiryDaysReminder option. Can disable completely by using the new Licensing.DisableExpiryBanner = true option. (#7848)
  • Export application runtime metrics through the prometheus endpoint for better observability. Set the Metrics.Enabled = true option to enable. (#9617)
  • Adds new /[Repository]/[Snapshot]/web/packages/[Package Name]/DESCRIPTION endpoint to support calls from remotes::install_dev for R repositories. (#9667)
  • The error message when trying to create, add, or update a Curated CRAN source for a snapshot that doesn't exist now outputs nearby snapshot dates. (#9648)
  • The Usage Stats page now counts multiple license specifications as individual licenses (e.g., GPL-2 | GPL-3 as GPL-2 and GPL-3). (#9858)
  • Frozen URLs for Python repos no longer include the "Lock Package Data" checkbox. (#10028)
  • The output for the rspm list CLI commands now includes the pinned snapshots for curated-CRAN and CRAN-snapshot sources. (#6274)
  • The command rspm list sources can now be filtered by specific types of sources with a new --type flag. (#9955)
  • The command rspm list repos can now be filtered by specific sources with a new --source flag. (#9955)
  • The command rspm update now supports outputting JSON with --output-format=json. (#10212)
  • The documentation navigation bar has been updated to include the user guide, licenses, and release notes. (#9316)

Fixed#

  • The Server API documentation now correctly lists all available values for the bioc_version query parameter. (#9221)
  • Git builds no longer fail with an expired certificate error when Package Manager has been running for longer than a year. (#9406)
  • Improved error messages when building Git packages with an invalid subdirectory. (#7019)
  • Fixed an unhandled error that could result in incomplete cleanup after failed syncs or other transactional operations. (#9510)
  • Fixed an issue where license info for some Python packages would be missing in the UI. (#9792, #9793)
  • Fixes an issue where some Python packages would display the full license instead of the license type on the Usage Stats page. (#8682)
  • Fixed an issue with displaying very long package names on the Usage Stats page. (#9910)
  • Addressed an open redirect vulnerability where Package Manager may redirect users to an untrusted external website based on a user-provided path in the URL. (#9580)
  • Fixed a bug where the migrate utility was creating an empty SQLite database when SQLite.Dir was unset, this now raises a no such file error. To resolve this, set an absolute path to the database in the SQLite.Dir setting. (#10200)
  • Fixed a bug in the logs documentation referring to Debug.Log = route instead of the correct Debug.Log = router. (#9645)
  • Fixed a bug that caused Package Manager to serve the source package when a Windows package binary was not found, instead of correctly returning a 404 error. (#9719)
  • Fixes an issue on the Usage Stats page where search queries containing certain special characters would not work. (#9960)
  • Fixed a bug in 2022.11 that incorrectly recorded usage stats by license type. (#9932)
  • Fixed a bug where Python version releases were sometimes not sorted properly. (#10343)

Breaking#

  • Upgrades from versions before 2023.04 may take longer than usual to start the first time due to a metrics data migration.
  • Adds a new Persistent storage class for storing PyPI and Curated-PyPI data. If you have a [Storage] configuration section that references specific storage classes, you will need to add a value for the Persistent class. We highly recommend switching to the Storage.Default setting to avoid issues when new storage classes are added. See the Admin Guide for details. (#10197)
  • A fatal error will now occur when using an SQLite database on an NFS volume. Can disable this functionality by using the new Sqlite.NoNFSCheck = true option. (#9363)
  • Package Manager instances configured to use S3 for storage will now automatically store package files. Use the RetainFetchedPackages option to change this behavior. (#6964)
  • The individual [CRAN, PyPI, Bioconductor].RetainFetchedPackages settings have been deprecated in favor of a single Server.RetainFetchedPackages option. (#9415)
  • Python repos now prohibit using the id query parameter with the /repos/:id/packages/:key API endpoint. (#9707)
  • The rspm clear CLI command no longer supports the --type=pypi flag. (#9707)
  • The admin guide "Security and Auditing" page has moved to a security folder called "Server Security and Auditing," redirects have been added. (#9962)
  • The admin guide "PyPI Mirroring and Local Python Packages" page has moved to a Python folder called "Python Packaging," redirects have been added. (#9862)

Deprecated/Removed#

  • Deprecates the PyPI.DownloadConcurrency configuration option. This option is no longer relevant to PyPI. (#9971)
  • Removes the unused GET /repos/:id/first-transaction API endpoint. (#9983)

Posit Package Manager 2022.11.4#

December 05, 2022

Fixed#

  • Fixed an issue that prevented some local Python packages from being uploaded with Twine. (#9407)
  • Fixed an issue that prevented some local Python packages from displaying correctly on the Package page. (#9419)

Posit Package Manager 2022.11.2#

November 18, 2022

Fixed#

  • Fixed an issue that prevented serving R package binaries for archived packages. (#9345)

Posit Package Manager 2022.11.0#

November 14, 2022

This release of Package Manager introduces the ability to upload your own Python packages, using the existing Twine toolset to upload packages to local Python repositories. In addition, Package Manager has been rebranded to reflect the new Posit branding.

New#

  • Adds the ability to upload local Python packages to a new local-python source. See the Quick Start guide for how to use this functionality.
  • Set environment variable GIT_CEILING_DIRECTORIES to the Git builder directory during a Git build to protect against CVE-2022-24765 for customers who can't upgrade Git immediately. (#7851)
  • Updates the Packages page in the UI to display the list of packages in a scrollable area. (#8509)
  • Adds new rspm edit [ssh-key|https-credential] commands to update Git builder credentials in place. (#8399)
  • Updates to Golang 1.19.
  • Updates Launcher plugin to version 2.8.0 using Golang 1.19. (#8935)
  • Adds new --succeed-on-existing flag to the rspm [add|create|import|subscribe] commands for automation tools running the same commands each time. (#8387)
  • Omits debug symbols from the application binary, see the Go link command documentation for more information. (#7939)
  • Omits debug symbols from R binary packages for Linux, R 3.6 and above, significantly reducing the size of packages with compiled code. (#7282)
  • Adds an internal shortener to the fix URL lengths generated through the calendar date picker to 8 characters. (#8744)
  • Adds a new --hide option to the rspm edit repo command to hide repositories from the user interface. (#9117)
  • Adds support for Red Hat Enterprise Linux 9. (#8127)
  • Adds support for openSUSE 15.4 and SLES 15 SP4. (#7933)
  • Updates UI to NodeJS 1.18.
  • Updates admin documentation dependencies.
  • Improves activity page UI. (#8876)
  • Scroll long licenses in UI usage page. (#9044)
  • Rebrands application for RStudio's change to Posit. (#8732)
  • Introduces a new User Guide focusing on use of Package Manager for the data scientist, based on the previous User Interface Overview page. (#9133)
  • Now soon-to-expire API tokens output a warning in the log. (#8152)
  • Python Package UI now displays the project homepage URL. (#8675)

Breaking#

  • Removes the top-level rspm import command, use rspm import ssh-key or rspm import https-credential instead. (#8399)
  • Migrates PyPI data into more appropriately named tables. This may slightly delay the first server startup time after the upgrade. (#8778)
  • The rspm add --replace flag no longer replaces packages stored with identical checksums. (#8586)

Fixed#

  • Fixed a bug where the sync command would ignore the Manifest.User and Manifest.Password settings. (#8526)
  • Fixed an issue that could prevent scheduled tasks from working in a cluster environment and cause the following error: Error verifying cluster integrity: node list length differs. This affected certain PostgreSQL configurations, such as PostgreSQL clusters deployed using Amazon Aurora Serverless v1. (#8767)
  • Fixed an issue that could cause Windows binary package installations to temporarily fail for newly released versions of R. (#7914)
  • Fixed an issue that could cause incorrect reporting of binary availability for local and Git sources. (#8571)
  • Fixed an issue that could cause incorrect reporting of binary availability for CRAN packages with R patch version dependencies (e.g., R (>= 3.5.1)). (#8608)
  • Fixed an issue with the reporting of binary availability for R versions and distributions that have reached end of support. (#9197)
  • Improved error messages when adding an existing package using the rspm add command. (#8916)
  • Fixed an issue that could cause a panic when switching from offline to online mode with Prometheus metrics enabled. (#8913)
  • Fixed an issue that left behind date aliases when using the rspm clear command. (#6396)
  • The Server API endpoints to query available binary packages now support R versions that have reached end of support. (#8088)
  • Removed a duplicate header appearing on the licenses page. (#9056)
  • Fixed an issue where certain Windows binaries couldn't be added to a local source. (#9113)
  • Fixed rendering of the Debug section on the configuration guide. (#8319)
  • Fixed the example URLs for Python repos when using rspm url create. (#9148)
  • Fixed an issue where some UPSI URLs would include sources that were not subscribed to the repo anymore. (#9019)
  • Fixed issue when PACKAGEMANAGER_ADDRESS environment variable had a trailing slash. (#8485)
  • Correctly parse R versions with certain formats. (#8607)

RStudio Package Manager 2022.07.2#

August 2, 2022

Fixed#

  • Fixed a bug that caused incorrect download counts for a package when some versions of the package were deleted. (#8428)

RStudio Package Manager 2022.07.0#

July 19, 2022

This release of Package Manager introduces the ability to add your binary package builds for R packages. To help publish these binary packages, we've also included a new remote publishing feature that makes it as easy as ever to integrate with your build processes and CI/CD pipelines. Finally, we've taken the PyPI mirror source out of beta, and it's ready for production.

New#

  • PyPI support is ready for production use. The time required to sync information has been greatly reduced.
  • Adds support for supplementing local and git sources with precompiled binary packages. See Adding Local and Git Binaries for more information.
  • Adds support for API token authentication for remote CLI use. See API Tokens for details about enabling and using API tokens.
  • You can now download the rspm CLI separately as a standalone application for Linux, Windows, or macOS.
  • rspm add and rspm add binary now support remote use with API tokens. See Admin CLI Remote Use for more information.
  • rspm add for local sources now supports installing multiple packages at the same time in a single snapshot. rspm add --path supports passing in multiple file paths that are comma-seperated. rspm add --file-in also supports passing in a CSV that contains all package paths. For examples on how to use this, see the Getting Started documentation for local packages. (#7872)
  • The encryption key can now be specified in the PACKAGEMANAGER_ENCRYPTION_KEY environment variable instead of using the key file directly. This is intended to make it easier to inject the encryption key into containers. (#8074)
  • Adds support for Ubuntu 22.04 (Jammy). (#7349)
  • Adds support for serving precompiled binary packages for R 4.2. (#7818)
  • Adds the Content-Disposition header to package download responses. (#8132)
  • The web UI now loads JavaScript dependencies through ESM modules. This will break compatibiltiy with browsers that don't support ESM modules (#7926)

Fixed#

  • The Activity Log UI will now display when a package is deleted from a Git source. (#7764)
  • Fixed a race condition when running rspm add after creating a repository that would sometimes log the error message Error: Unable to locate package(s). (#7799)
  • Fixed a bug that caused git-builders to lock up Package Manager until all builders were completed. (#7598)
  • rspm create git-builder will now use the default branch of a repository if the --branch flag is not provided. (#6984)
  • Fixed an issue where Git builds could fail if a commit was pushed to the remote Git repository before the build had completed. (#8037)
  • Improved performance of Git building for Git repositories with a large number of tags. (#8037)
  • Fixed an issue that could cause all Git builds to fail when running RSPM as root. This was a file permissions issue that prevented the Job Launcher from starting correctly. The data directory (/var/lib/rstudio-pm by default) is now given file permissions of 0701 instead of 0700. (#7624)
  • Added missing installation dependency for the libssl1.1 software package for DEB packages. (#7806)
  • Increases the number of attempts to download sync information to fix the error CheckpointDownloadRunner returned error: GET "...": unexpected HTTP status 500. (#8222)
  • Fixed an issue that prevented Job Launcher debug logs from being created. When enabled, Launcher debug logs are now written to Server.LauncherDir once again. (#7925).
  • The rspm-offline-downloader tool now supports downloading binary packages for newly released R versions and operating systems (including R 4.2 and Ubuntu 22.04) without requiring an upgrade of the tool. Note that future release notes for the RSPM Offline Downloader will located in the new Offline Downloader News page. (#6454)
  • The general performance of the rspm-offline-downloader get cran command has been improved. (#5271)

Breaking#

  • Any Python repositories previously subscribed to the PyPI source need to be resubscribed and resynchronized. For more information, see the PyPI quickstart guide.
  • Removes installation dependency for the curl and rrdtool software packages, which were not required or used. (#7807)
  • Removes recommended dependency on the r-base software package for DEB packages. To install R for building Git packages, we recommend installing R from the precompiled binaries at Install R. (#8216)
  • SLES 12 SP5 has reached vendor end of support is no longer supported. (#7883)
  • The recommended system requirements and installation instructions documentation pages have been migrated to the https://docs.posit.co/rpm/documentation/ site. (#7920)

Deprecated/Removed#

  • Deprecates the CRAN.Binaries configuration options in favor of the new Binaries.Distributions option. Users with a customized CRAN.Binaries setting should configure the new Binaries.Distributions option. (#8158)

RStudio Package Manager 2022.04.0#

April 12, 2022

This release of RStudio Package Manager provides new insight into which packages have pre-built binaries available for your desired R version and distribution. It also contains various improvements to Git building and many other bug fixes.

New#

  • The UI now displays whether a binary file is available for a CRAN package, and provides a link to download the binary package if available. On the package page, scroll down to the new "Binary File" section, and select a distribution and R version to check binary availability for that environment. To learn more about when binaries are available, see the Binary Availability documentation.
  • Adds two new Server API endpoints to query available binary packages, /repos/{id}/packages/{name}/binaries and /repos/{id}/binaries.
  • The /status API now returns Package Manager's list of supported R versions for binary packages.
  • Adds a new configuration stanza Manifest that can be used to change the outgoing URL, set a Basic authentication User, and set an encrypted Password field.
  • Adds support for HTTPS credentials for Git builders. HTTPS credentials can imported using the new rspm import https-credential command, used to create Git builders using the rspm create git-builder --credential=<name> command, and listed using the new rspm list git-credentials command. See Importing an HTTPS credential for more information, including how to import credentials securely.
    • With the addition of HTTPS credentials, several commands have been changed to support both SSH keys and HTTPS credentials, including the addition of a new rspm import ssh-key subcommand to specifically import SSH keys. See the Breaking changes in this release for more information.
  • When importing an SSH key with a passphrase, the passphrase file may now contain encrypted text from the rspm encrypt command.
  • Adds --remove-credential argument to the rspm edit git-builder command, to dissociate a credential from a Git builder.
  • Adds a new Git.AllowFileURLs configuration option that can be used to create a Git builder based on a local Git repo.
  • Adds a new composite index to the metrics table to improve package view performance.
  • Adds a new S3Storage.KMSKeyID configuration option that can be used to enable client-side encryption before transferring files to S3. See the S3 storage documentation for caveats and additional information.
  • Adds the ability to configure Package Manager with environment variables. See the configuration documentation for additional information and examples.
  • Adds a new /robots.txt endpoint to help search engine crawlers know what URLs they can access.
  • System requirements and distribution updates will now use reloaded URL configurations. These previously required an application reboot to take effect.
  • CSV files output with rspm add --csv-out can now be imported into R and used with tools::package_dependencies() to analyze dependencies before adding packages to a curated CRAN source.
  • Rename the button Client OS to Distribution to allow for great flexibility in the future.
  • Group official RStudio-supported distributions in the distribution picker.

Fixed#

  • Fixed a bug that was truncating commit and published timestamps from appearing for built Git packages. This fix will only work for published packages moving forward.
  • Fixed an issue where some packages README images were not rendering correctly.
  • Fixed an error with the /alerts API endpoint when storage auditing is disabled.
  • Updated rspm encrypt command to output only the result on stdout.
  • Fixed an issue where the locked status of a CRAN snapshot source was not accurately reflected in the frozen URL description.
  • Fixed an issue where the UI could display invalid archived versions for packages in CRAN snapshot sources.
  • System requirements and distribution updates will now use reloaded URL configurations. These previously required an application reboot to take effect.
  • Removed the need to create socket file when running migrate utility, which requires that RSPM not be running.
  • Fixed an issue with storage alerts for local file systems. This was preventing the service from starting properly.
  • Fixed an issue where cache eviction tasks could run more frequently than intended and cause RSPM to respond slower.
  • Package Manager no longer requires the --privileged flag to run in a Docker container. However, sandboxed Git builds still require system calls not permitted by Docker's default seccomp profile, and mount operations not permitted by the default AppArmor profile. You will need to either (a) start the container with --security-opt 'seccomp=unconfined' and --security-opt 'apparmor=unconfined'; (b) provide alternative seccomp and AppArmor profiles; or (c) set Git.AllowUnsandboxedGitBuilds = true in your configuration to disable sandboxed builds entirely.
  • The RSPM installer for RHEL 8 is now correctly signed with the RStudio GnuPG key.
  • Fixes a bug that was causing some CLI commands to fail with a 5xx response. In the logs this appeared as ERROR: payload string too long (SQLSTATE 22023).

Breaking#

  • Deprecates the CRAN.ManifestURL, Bioconductor.ManifestURL and PyPI.ManifestURL configuration options. Note that users should configure the new Manifest.URL option.
  • Removes the outdated info-cran command from the offline downloader.
  • Deprecates calling the rspm import command without either the ssh-key or https-credential subcommand.
  • Deprecates the --ssh-key argument to the rspm create git-builder command in favor of the --credential flag.
  • Deprecates the rspm delete ssh-key subcommand in favor of the more general rspm delete git-credential.
  • Deprecates the --new-ssh-key argument to the rspm edit git-builder in favor of the --new-credential argument.
  • Deprecates the rspm list ssh-keys command in favor of rspm list git-credentials.
  • Refactor the files and directories storage documentation into multiple pages.
  • Removes the Source and Binary buttons on the Setup page for CRAN and Bioconductor. This simplifies how binary and source packages are displayed and served to the user.
  • Changed field name from Name to Package in rspm add --csv-out CSV output file to be compatible with the standard package database format in R.
  • CentOS Linux 8 has reached vendor end of support and is no longer supported. RHEL 8 remains supported, and continues to use centos8 in its binary package repository URLs for backward compatibility.
  • openSUSE 15.2 and SLES 15 SP2 have reached vendor end of support and are no longer supported.

RStudio Package Manager 2021.12.0#

December 23, 2021

New#

  • Adds support for openSUSE 15.3 and SLES 15 SP3.
  • Adds a new configuration option Server.LegacyCalendarTransactionURL that can be used to revert single-source repositories to use a numeric identifier (e.g. /repo/4115) in the calendar URLs instead of the default hash values.
  • The calendar will now display the snapshot date as a valid date on the calendar instead of the transaction date for CRAN snapshot sources.
  • Introduced code splitting to improve webpage loading times.

Fixed#

  • Performed security and dependency upgrades for libraries used by the server and web interface.
  • Improved the caching layer throughout the product. This should result in faster package downloads, page loads, and greater scalability due to lower database usage.
  • Fixed a timezone issue where the browser's selected calendar date and the URL generated by the server could differ by one day.
  • Fixed an issue with leadership election that could result in two or more leaders being elected and the Error verifying cluster integrity: node list length differs log line.
  • Fixed an issue with leadership election that could result in the Error pushing leader assumption work to queue log line, failing requests, and/or the service taking a long time to restart.
  • Fixed an issue with leadership election and multiple interfaces on an instance resulting in the node "X" with IP "Y" from store not known by leader log line.
  • Fixed an issue serving R package binaries for new operating systems and R versions, such as openSUSE 15.3 and SLES 15 SP3, or R 4.2 and above.
  • Fixed an issue that prevented system requirements from being listed for new operating systems, such as openSUSE 15.3 and SLES 15 SP3.
  • Fixed an issue that could prevent R packages encoded in Latin-1 from being installed in R 3.5 or below.
  • Fixed an issue with static assets not caching correctly in the UI.
  • Fixed a bug that was incorrectly logging Warning: SQLite directory error message for some PostgreSQL installations.

Breaking#

  • The calendar will now only display dates as selectable when an update or transaction occured for that repository. The rspm url create command can be used to generate a URL for any date and set of transactions.
  • The default minimum TLS version is now correctly configured as 1.1, instead of defaulting to 1.0. Note that this can be changed using the HTTPS.MinimumTLS configuration option.

RStudio Package Manager 2021.09.0#

September 8, 2021

This release of RStudio Package Manager contains a new calendar view and improved way to freeze your set of packages. It also contains logging improvements and many important bug fixes.

New#

  • Introduces a new, more flexible repository calendar. Users can now freeze to any date in the repository's history, and frozen repository URLs now include the snapshot date in YYYY-MM-DD format. The calendar is now supported in many cases where it previously was not, particularly for repositories with multiple sources. Existing repository URLs that use a numeric identifier (e.g.,/repo/4155) are still supported, and will continue to work. More information about the calendar is available in the User Interface Overview section of the Admin Guide.
  • Adds a rspm url create command to create a frozen repository URL, and a rspm url explain command to explain what a frozen repository URL encodes.
  • RSPM can now serve binary packages for new R versions and operating systems without upgrading to a new version. The list of supported platforms is now synced from the RStudio Package Service.
  • Git-builders may now be edited using the rspm edit git-builder command to change the SSH key, Git URL, branch, and subdirectory.
  • Git-builders using "commits" triggers may now be configured to use the version in the DESCRIPTION file instead of the unique, timestamped version. See the new Git.ForceDescriptionVersion configuration option for more information.
  • Adds additional logging indicating when CRAN, Bioconductor, and PyPI packages are being checked for updates.
  • A PID file is now created to track the Package Manager process ID.
  • Adds two new sections to the documentation that describe available command-line options: Command-Line Interface and Offline Downloader.
  • Logs are now available through journalctl.
  • The UI and CLI will now provide better error messages to help customers get started with setting up repositories and sources.
  • The general performance of the rspm-offline-downloader get cran command has been improved. By default the concurrency value is set to 10 and the --concurrency flag accepts higher values for quicker downloads.
  • Adds a more helpful error message when attempting to unsubscribe a Bioconductor repo from a source. This action is not allowed because Bioconductor repos are automatically subscribed to sources.
  • Adds support for the Bioconductor books repository. The books repository will be available in Bioconductor sources after the next Bioconductor sync.
  • The PyPI source now supports YYYY-MM-DD date aliases for frozen repository URLs.
  • Adds a new rspm completion command to generate a CLI autocompletion script for Bash. More information is available in the Admin Guide.
  • Starting with this release, RSPM will now use a calendar-based versioning scheme.

Fixed#

  • Fixes an issue where Bioconductor syncs could treat the order of sync actions incorrectly, leading to sources that fail to sync. This issue only affects users of Bioconductor repositories. If you are upgrading from RSPM 1.2.0 or 1.2.2, please use rspm sync --type=bioconductor to re-sync your Bioconductor sources. The 1.2.2.1 release includes this step, and you need not repeat it if you already updated to that release.
  • Fixes a bug that could schedule two or more interfering package updates for the same source.
  • Fixes a bug where some SSH keys with passphrases were not being imported correctly.
  • Fixes a bug that prevented packages from being added to curated CRAN sources with certain --snapshot flag values.
  • Fixes a bug that could prevent the election of a leader in HA clusters.
  • The PostgreSQL driver has been upgraded to recover more quickly from lost connections and TCP resets. This also fixes an issue where some Azure customers were seeing a read: connection reset by peer error.
  • Fixes a bug where HA clusters could not verify node integrity.
  • Fixes loss of state in leader election during a loss of Postgres connection.
  • All errors in PyPI sync are now retried so that more syncs are successful.
  • Fixes confusing error message when Server.TempDir is not writable.
  • The recommended CRAN snapshots for Bioconductor were too early and could cause Bioconductor package installations to fail. For Bioconductor repositories, we recommend configuring R to use the revised CRAN snapshots on the Setup page. For R repositories, we recommend adding an appropriate CRAN snapshot using the revised instructions in the Admin Guide.
  • Fixes the instructions for using Bioconductor packages in an offline environment with newer versions of BiocManager (1.30.12 and above). If you are unable to use BiocManager offline, refer to the revised instructions on the Bioconductor repository Setup page.
  • Fixes a XSS-vulnerability with the experimental API swagger docs. The swagger UI has been upgraded to the latest version 3.51.1 in the process.
  • Fixes a PyPI sync bug that was impacting PostgreSQL users with the search_path option.
  • Fixes a rare bug that could prevent the application from starting after upgrading from version 1.1.6.1-* or earlier.
  • Fixes an issue with serving PyPI packages with plus signs in their filename.

Breaking#

  • The default logging location has been moved from /var/log/rstudio-pm.log to /var/log/rstudio/rstudio-pm/rstudio-pm.log. This will also impact the access logs.
  • The following operating systems have reached vendor end of support and are no longer supported:
    • Ubuntu 16.04 (Xenial Xerus)
    • openSUSE 42.3
    • openSUSE 15.1
    • SLES 15 SP1
  • Dates returned to the Usage Stats page are now ISO 8601 dates rather than a full RFC3339 timestamp.
  • The minimum number of PostgresPool.MaxOpenConnections will now be set to 10.
  • Air-gapped customers using Bioconductor with RSPM 1.2.0 or 1.2.2 are required to fetch the new v4/1 schema after upgrading RSPM to 2021.09.0, but before syncing the Bioconductor source. Please refer to the admin guide for more details. The 1.2.2.1 release includes this step, and you need not repeat it if you already updated to that release.
  • The date aliases for the CRAN source will now use UTC as the basis for the date.
  • Both the Activity page and the Setup page will now use UTC for all dates and times.

Deprecated/Removed#

  • Deprecates the Git --branch option when used in conjunction with the --build-trigger=tags flag.
  • Discontinues support of openSUSE 15.1, SLES 15 SP1, and Ubuntu 16.04 (Xenial Xerus) R binary packages. RSPM will continue to serve existing binary packages for these operating systems in perpetuity, but no longer provide new binary packages after several months. Please refer to the Admin Guide for more information about the supported operating systems and R versions for binary packages.
  • Internet Explorer 11 is no longer supported. Please see our Platform Support page for a list of supported browsers.
  • Deprecates the --cache-dir flag from the rspm-offline-downloader get cran command as caching and fast updates will now be enabled by default.

RStudio Package Manager 1.2.2.1#

May 13, 2021

New#

  • Adds support for serving precompiled binary packages for R 4.1.

Fixed#

  • Fixed an issue where Bioconductor syncs could treat the order of sync actions incorrectly, leading to sources that fail to sync. This issue only affects users of Bioconductor repositories. After installing this release, please use rspm sync --type=bioconductor to re-sync your Bioconductor sources. Bioconductor updates for the previous RSPM versions (1.2.0, 1.2.2) will not be updated going forward.
  • Fixed an issue where Bioconductor syncs could fail when using PostgreSQL.

Breaking#

  • Air-gapped customers using Bioconductor with RSPM 1.2.0 or 1.2.2 are required to fetch the new v4/1 schema after upgrading RSPM to 1.2.2.1, but before syncing the Bioconductor source. Please refer to the admin guide for more details.

RStudio Package Manager 1.2.2#

March 02, 2021

New#

  • Package Manager now provides filesystem storage auditing and alerting. When storage exceeds user-configurable thresholds, the server will alert in the log as well as the UI. More information is available in the Admin Guide.
  • Operational metrics can now be exported via a Prometheus-compatible endpoint to empower your own monitoring and alerting systems. More information is available in the Admin Guide.
  • Python packages now display additional release information including download links, SHA256 values, and the yank status.
  • Python packages release are now paginated in the UI.
  • Use the new [Storage].Default option to configure all variable storage classes together, for example setting [Storage].Default = S3 will ensure all packages are written to your S3 bucket.
  • Configure the maximum time to wait when connecting to the database by using the [Database].ConnectionTimeout option.
  • Package Manager can now be installed on both openSUSE 15.2 and SLES 15 SP2 systems.
  • Precompiled R binary packages are now available for openSUSE 15.2 and SLES 15 SP2.
  • System requirements information can now be listed for openSUSE 15.2 and SLES 15 SP2.
  • Additional startup validation is performed when using PostgreSQL with a search path.
  • Clusters now automatically elect a leader node. The leader manages jobs like schedule syncing and cache eviction to avoid duplicated work.
  • Package Manager now uses asynchronous messaging instead of database locking to track active work (like syncing CRAN sources); this improves performance and helps eliminate database resource contention.

Fixed#

  • Fixes an issue that could result in syncing snapshots more than once, resulting in corrupted data. In the unlikely event that your installation is affected by this bug, you will be unable to start RSPM, and you will see the following error in the log:

    Error running services: Error: Unable to initialize a connection to the
    database: UNIQUE constraint failed: checkpoints.source_id, checkpoints.guid, checkpoints.version
    

If your installation is affected, please contact support. You can reinstall the previous RSPM version and continue using RSPM until the issue is resolved. - Some malformed or incorrect database configurations prevented startup and did not crash, these will now timeout accordingly. - Improves robustness of PostgreSQL database connections by automatically reconnecting when connections are lost. - Git builders now respect the specified --ssh-key flag when cloning repositories. - Fixes a race condition when building large Git repositories that was causing intermittent failures. - Fixes an issue with adding Git packages that have blank lines in their DESCRIPTION file. - Duplicate Python packages are no longer presented in the UI. - Some Python packages and files were missing from RSPM. - Patches the UI dependency marked to remove a potential Denial-of-Service (DoS) vulnerability. - We've improved the PyPI source sync operation; syncing should complete much more quickly and reliably. See the breaking change below about resubscribing and resyncing Python repositories.

Breaking#

  • RStudio Package Manager no longer supports Red Hat Enterprise Linux/CentOS Linux 6.x.
  • Any Python repositories previously subscribed to the PyPI source need to be resubscribed and resynchronized. For more information, see the PyPI quickstart guide.
  • Removes Git support from the rspm add command. Use the new rspm create git-builder command going forward.
  • Removes deprecated rspm clear-cran command. Use the new rspm clear --type=cran command going forward.
  • RSPM will now validate S3 storage configuration options on start up.

RStudio Package Manager 1.2.0#

November 24, 2020

Bioconductor Support#

  • Bioconductor is now supported through a series of changes. We recommend upwards of 1 TB additional disk storage, and admin CLI actions are required to enable Bioconductor. Learn more about how to serve Bioconductor packages in the admin guide.
  • Adds a new Bioconductor repository type. Bioconductor repositories can be created using the rspm create repo --type=bioconductor command.
  • Adds new source types representing Bioconductor releases and R repositories within a release. These sources can be added to Bioconductor or R repositories.
  • Adds a new --type flag to the sync command that distinguishes between syncing CRAN and Bioconductor metadata.
  • Adds rspm-offline-downloader support for Bioconductor data.
  • Adds support in the web interface for Bioconductor repositories, including a new Setup page for working with BiocManager and Bioconductor repositories.
  • Adds support in the CLI for listing Bioconductor repositories, sources, and packages. Adds a new rspm list bioconductor versions command to list available Bioconductor releases.
  • Adds support to the Server API for Bioconductor metadata and repository information.

PyPI (Beta)#

  • PyPI mirroring is now supported in beta through a series of changes and additions. We recommend upwards of 1 TB additional disk storage, and admin CLI actions are required to enable PyPI. Learn more about how to serve PyPI packages in the admin guide.
  • Adds a new Python repository type. Python repositories can be created using the rspm create repo --type=python command.
  • Adds new --type flag to the sync command that distinguishes between syncing CRAN and PyPI metadata.
  • Adds a PyPI config section for setting PyPI related configuration attributes such as the PyPI sync schedule.
  • Adds a new pypi source that is enabled by default when using a Python repository.
  • Adds support for listing and searching for Python packages.
  • Adds support in the web interface for PyPI repositories including searching for and displaying package data.
  • Adds support for routing pip requests.
  • Adds support for tracking PyPI package downloads and corresponding display in the Usage section of the web interface.
  • Adds support to the Server API for PyPI metadata and repository information.
  • Adds a new rspm clear --type=pypi command to clear PyPI metadata, for removing PyPI as a source, or for re-syncing a fresh copy.

Changes to Curated CRAN Sources#

  • Curated-CRAN sources can now be created using a --snapshot flag to specify an initial snapshot date. For example --snapshot=2019-11-07. A new rspm list cran snapshots command shows the available snapshot dates.
  • Curated-CRAN source add and update operations now support passing a snapshot date via the --snapshot flag, e.g., --snapshot=2019-11-07. Passing the --transaction-id flag is deprecated but still supported. The --commit flag is now required for both.
  • A new source type, cran-snapshot is available for creating a source that contains ALL of CRAN but only for a specific date. Like Curated-CRAN sources, CRAN-Snapshot sources can be updated using the rspm update command.

Misc#

  • Adds new storage classes for Bioconductor and PyPI. If you use a non-default storage location for packages (e.g., S3), please configure the correct storage location for Bioconductor and PyPI before upgrading.
  • BREAKING: Removes the rspm-offline-downloader get-cran command. Use rspm-offline-downloader get cran going forward.
  • Improves download resiliency of the rspm-offline-downloader tool through increasing the number of retries and adding a timeout using exponential back-off.
  • Adds new --starting-snapshot flag to the rspm-offline-downloader tool that can be used to download RSPM CRAN data starting at a particular snapshot. Note: This does not impact R package binary downloads.
  • Adds new validate-cran command to the rspm-offline-downloader to validate that the destination contains all relevant snapshots and directories for RSPM to work correctly.
  • Updates the rspm edit repo command to no longer require the --new-name flag when updating a repository's description.
  • Fixes a bug where local and Git packages could have missing package dependencies.
  • Prevents source sync from occurring thirty minutes after the desired schedule.
  • NOTICE: When using Postgres, RStudio Package Manager now verifies that a minimum version of 9.5 is being used. A warning message will be logged if the version of Postgres being used is older. The 9.5 minimum version is also noted in the PostgreSQL section of the Database chapter of the Admin Guide.
  • Updates UI search to prioritize exact matches first, also restricts matching-search to three or more characters.
  • Deprecates the clear-cran command. Use the new clear --type=cran command going forward.
  • Fixes a bug that could result in job queue deadlock under load. This prevents issues that could cause the RSPM service to stop responding.
  • Adds a response header to help identify Package Manager in requests: X-Repository-Type: RSPM
  • The Activity page in the web interface now shows the snapshot dates for the cran source, not the dates the snapshots were synchronized. This makes the Activity page easier to navigate and consistent with the repository calendar.
  • A repository that only subscribes to the cran source can now be indexed by dates as well as transaction IDs. The date aliases are shown in the repository Setup page where applicable.
  • The Package page now displays older package versions in descending chronological order.

RStudio Package Manager 1.1.6.1#

July 13, 2020

  • Fixes a bug where Git builders could be created in non-Git sources, causing the rspm list git-builders and rspm list git-builds commands to fail.

RStudio Package Manager 1.1.6#

June 23, 2020

  • BREAKING: Removes the --dryrun CLI flag that was required when adding or updating packages to curated-CRAN sources. Attempting to use this flag will result in a command error.
  • BREAKING: Use the Apache Combined Log Format as the default access log format instead of the Apache Common Log Format. Switch back by setting Server.AccessLogFormat = "common".
  • BREAKING: The CLI now waits for commands to complete by default. The following CLI commands are affected: rspm sync, rspm create git-builder, rspm run git-builder, and rspm rerun git-builder. Use the new --no-wait flag to run these commands asynchronously without waiting. The --wait flag remains available for backwards compatibility.
  • Adds rspm offline and rspm online admin CLI commands to support taking services offline and bringing them back online safely.
  • Adds rspm cluster offline and rspm cluster online commands to the admin CLI to support taking multiple nodes in a cluster offline and bringing them back online.
  • Adds a rspm cluster nodes command to the admin CLI to support listing nodes in a cluster.
  • Adds a rspm config debug logger commmand to temporarily alter the debug log configuration without restarting the Package Manager server.
  • Updates the Admin Guide High Availability and Load Balancing chapter with a new guide for upgrading a cluster.
  • Adds a new experimental Server API documentation for commonly requested endpoints. For more information see the new documentation.
  • Adds support for Ubuntu 20.04 LTS.
  • Adds support for serving precompiled binary packages for Ubuntu 20.04 LTS.
  • Adds support for listing system requirements of packages on Ubuntu 20.04 LTS.
  • Adds new Proxy.User and Proxy.Password configuration options to securely configure outbound proxies.
  • Deprecates the rspm add command for Git packages. Use rspm create git-builder going forward.

RStudio Package Manager 1.1.4.1#

May 20, 2020

  • Adds support for serving precompiled binary packages for R 4.0.

RStudio Package Manager 1.1.4#

April 10, 2020

  • Adds a new storage class for CRAN. Upgrading will result in a migration of existing CRAN packages and README files to the new storage class. If you use a non-default storage location for packages (e.g., S3), please configure the correct storage location for CRAN before upgrading. All CRAN packages will be moved to the new CRAN storage location upon service startup. If your installation has downloaded many CRAN packages, this may take some time, and the service will be unavailable until the migration is complete.

If the storage class configured for CRAN is of a different type than the packages storage class, startup will fail. If you wish to migrate CRAN packages to a different storage type, enable the Migration.EnableMixedClassMigration = true configuration property.

  • Adds eviction for orphaned packages. Git and local packages that are stored but no longer referenced in any sources will be removed periodically.
  • Adds a new CLI command list git-builds that can be used to review Git builder runs and debug potential problems.
  • Adds better caching and improves performance by:
    • Adding configurable settings for in-memory caching.
    • Caching system requirements data for better performance.
    • Enabling package request caching by default.
  • Updates the license-manager command to incorporate recent bug fixes.
  • Adds the package size for local and Git packages to the Web client.
  • Adds the Git SHA to the Web client when displaying package information for packages from Git sources.
  • Adds an example configuration file that includes all the available configuration settings and their defaults at /etc/rstudio-pm/rstudio-pm.gcfg.defaults.
  • Fixes a bug where adding Git packages via SSH could fail with certain SSH server configurations.
  • Fixes a bug where adding Git packages could fail with custom R startup files present.
  • Fixes an issue with rendering SVG images in package READMEs.
  • Fixes an issue where build-id files installed in /usr/lib/.build-id/ could conflict with other RStudio products and cause install errors.
  • Fixes an issue where out-of-sync system requirements could prevent the server from starting. This improves support for running RStudio Package Manager in offline (air-gapped) environments.
  • Updates the admin guide, licenses, and news documentation to use mkdocs.

RStudio Package Manager 1.1.2#

February 26, 2020

  • RStudio Package Manager 1.1.2 includes beta support for pre-compiled R package binaries for Windows. Windows R package binaries can be installed much faster without the need to install system dependencies. More details are available in the admin guide.
  • Support for CRAN repos with versions older than 1.0.6 has been removed. Updating to version 1.0.6 or later is now required for CRAN support.
  • Eviction Policies
    • Adds the ability to configure eviction policies that control the lifetime of stored objects. Eviction policies can be used to keep server disk usage to a minimum. Learn more in the admin guide.
    • Startup after upgrading RStudio Package Manager may take some time since all stored objects will be recorded in the database. If you are upgrading multiple nodes in a cluster, please allow the first node to completely start up before starting additional nodes.
  • Fixes a bug where a bad database connection to PostgreSQL or SQLite would cause a panic.
  • Support for TLS 1.3. Access to this TLS version is available without additional configuration.
  • The setting HTTPS.ExcludedCiphers has been removed and is no longer supported. The HTTPS.MinimumTLS setting should be used to specify a minimum accepted TLS version. We recommend running a secure proxy when your organization has more complex HTTPS requirements.
  • Adds support for serving precompiled binary packages for CentOS/RHEL 8.
  • Adds support for listing system requirements of packages on CentOS/RHEL 8.
  • Fixes a bug where shutting down the server sometimes resulted in orphaned job launcher processes.
  • Adds a migration utility that can be used to migrate to a different database provider. Learn more in the admin guide.
  • Fixed a bug in which CPU usage of the rstudio-pm service would increase over time when using SQLite as a database.

RStudio Package Manager 1.1.0.1#

November 22, 2019

  • Fixes a bug that both impacted the server performance and resulted in potentially serving incorrect binaries when fetching binary packages for a non-current checkpoint.

RStudio Package Manager 1.1.0#

October 31, 2019

  • Adds two new configuration settings, Server.PackageRewriteCompressionLevel and Server.PackageRewriteBufferSize that can be used to improve performance when installing packages in local sources. Learn more in the admin guide.
  • Deprecates the --dryrun flag that was required when updating packages to curated-CRAN sources.
  • The rspm-offline-downloader now supports downloading Linux R package binaries for offline environments. Learn more in the admin guide.
  • Adds a new Proxy.URL configuration option to have RStudio Package manager use an outbound server proxy when making HTTP and HTTPS requests.
  • Stops support of Ubuntu 14 (Trusty Tahr). With the Ubuntu EOL, and RStudio six-month support coming to a close, we will no longer be testing or supporting RStudio Package Manager on this version of Ubuntu.
  • Deprecates the CRAN.SyncMode setting. Future releases will not support eager syncing for CRAN and curated-CRAN sources. The air-gapped installation approach can be used for situations that require preemptive downloads for CRAN or curated-CRAN packages. Learn more in the admin guide.
  • Fixes a bug preventing git packages with a large number of tags from building.
  • Adds support for installing very large packages in local sources.
  • Adds support for SUSE Linux package binaries. See the repo setup page for more information.

RStudio Package Manager 1.0.14#

October 2, 2019

  • This release includes bug fixes and significant performance improvements.
  • Deprecates the --dryrun flag that was required when adding packages to curated-CRAN sources.
  • Adds support for RHEL 8.

RStudio Package Manager 1.0.12#

September 10, 2019

  • Beta: Introduces support for linux package binaries. Precompiled package binaries will be available for the majority of CRAN packages using R 3.4, 3.5 and 3.6 for Ubuntu 16.04 (Xenial), Ubuntu 18.04 (Bionic) and CentOS/RHEL 7. Please refer to the admin guide to start serving binaries.
  • Introduces a service log which can be used to analyze how Package Manager is serving source vs. binary packages. Learn more in the admin guide
  • RStudio Package Manager installers are now signed. Our signing key is available on the RStudio website. The Installation instructions in the RStudio Package Manager Admin Guide explains adding the RStudio key to your Linux distribution.
  • Fixed bugs related to building Git packages and added log messages which can help diagnose Git problems more quickly.

RStudio Package Manager 1.0.10#

July 8, 2019

  • Introduces a new CLI command to list system requirements for packages in a given repository. Run rspm list requirements --help for more information.
  • The system requirements for a repository are also available in the UI. See the Setup page for a respository in the UI.
  • Updated UI Javascript code to address moderate CVEs published by NPM.
  • Fixed a bug that prevented package system requirements from displaying correctly in certain circumstances.
  • Fixed bugs and improved performance for transaction handling (i.e. "pinning" a repository to a certain date).
  • NOTICE: When using Postgres, RStudio Package Manager now verifies that a minimum version of 9.4 is being used. A warning message will be logged if the version of Postgres being used is older. The 9.4 minimum version is also noted in the PostgreSQL section of the Database chapter of the Admin Guide.

RStudio Package Manager 1.0.8#

April 18, 2019

  • RStudio Package Manager now helps users find and install system dependencies of R packages for supported Linux operating systems. Installation commands for known system dependencies are displayed on the package page. System dependency information will be available after syncing. See the Admin Guide for more details.
  • The process for setting up an air-gapped environment is simplified by using a new tool which does not require the AWS CLI. See the Admin Guide for updated setup instructions.
  • Running RStudio Package Manager in a clustered environment using S3 as a backing filesystem is now officially out of beta.
  • Improvements to logging when Git builders fail will help to more quickly diagnose problems with the build environment.
  • Package listing and search is now much faster.
  • Rendering package README files is improved and several layout bugs are fixed.
  • RStudio Package Manager is now available for SUSE Linux Enterprise 15.

RStudio Package Manager 1.0.6#

March 11, 2019

  • BREAKING: Air-gapped customers are required to fetch the new v3/1 schema after upgrading before syncing the CRAN source. See the Admin Guide for more information.
  • Important updates and fixes to Package Manager's CRAN source. Past CRAN checkpoints will remain available. Users will see corrected browsing behavior for a small percentage of packages for new syncs.
  • README files are rendered in the web page for each package. READMEs for packages in existing local and Git sources will be extracted automatically upon upgrading. READMEs for the CRAN source will be available after syncing. READMEs for existing packages in curated-CRAN sources will be unavailable, but, after syncing the CRAN source and updating the curated-CRAN source, READMEs for new and updated packages will be available.

RStudio Package Manager 1.0.4#

January 25, 2019

  • BREAKING: The R processes that build Git packages now run inside a sandbox for security. Only customers using Git sources are affected. SUSE/Ubuntu users will not require any changes. If you are using CentOS/RHEL, you will need to either (a) configure the Git.AllowUnsandboxedGitBuilds = true configuration setting, (b) reconfigure RStudio Package Manager to run as root, or (c) enable user namespace support (CentOS/RHEL 7 only). If you are running RStudio Package Manager in a Docker container, you will need to either (a) start the container with the --privileged flag or (b) configure the Git.AllowUnsandboxedGitBuilds = true configuration setting. Please consult the Admin Guide for more information.
  • Archived packages (packages with no current versions) are now displayed in the RStudio Package Manager UI.
  • The Setup page in the UI now includes a calendar that allows you to freeze your set of packages to a particular checkpoint.
  • Added beta support for shared storage using AWS S3. See the Admin Guide for more information. IMPORTANT: AWS S3 support is in beta. Please do not use S3 for production data at this time.

RStudio Package Manager 1.0.2#

December 5, 2018

  • Git packages can now be built from subdirectories within a Git filesystem.
  • Git packages can now use SSH keys with or without a passphrase.
  • SSH connections when performing Git operations now utilize a private SSH agent process for improved security.
  • Git packages now include the commit SHA in the package DESCRIPTION file for reference.
  • Fixed a bug where Git commits could be built out of order if they were recorded in different timezones.
  • Fixed a bug where Curated CRAN sources might need an CRAN update prior to an initial sync.

RStudio Package Manager 1.0.0#

October 17, 2018

  • RStudio 1.0 is the first generally available release of the product. RStudio license terms, conditions, and limits apply. Contact sales@posit.co for more details.
  • RStudio Package Manager can automatically track R packages in Git (including GitHub, Bitbucket, and GitLab). Tracking Git endpoints requires a valid installation and configuration of R. Private endpoints are supported using ssh-keys. See the Admin Guide for details.
  • Improved messaging for CLI commands and CRAN sync operations.
  • CRAN synchronization will not happen until a manual sync has occurred or a repository subscribes to a cran source or curated cran source.
  • BREAKING: A sync schedule of 12:00AM (server time) daily is now enabled by default. To only have manual syncs, configure a blank SyncSchedule in the [CRAN] configuration. See the Admin Guide for details.

RStudio Package Manager 0.7.0#

September 4, 2018

  • BREAKING: The new default minimum TLS version for the HTTPS listener is "1.1", in compliance with PCI Data Security Standards. Previously, TLS 1.0 was enabled by default. Additionally, it is now possible to specify the minimum TLS version using the HTTPS.MinimumTLS configuration setting.
  • Fixed a bug in which CPU usage of the rstudio-pm service would increase over time.
  • Added a new configuration flag, HTTP.ForceSecure, that makes RStudio Package Manager set the Secure flag on all of its cookies. This provides extra security when running RStudio Package Manager behind a HTTPS-terminating proxy. HTTP.ForceSecure also sets the Strict-Transport-Security header on all web connections.

RStudio Package Manager 0.6.0.1#

August 2, 2018

  • Fixed a bug in which empty files were being served for packages.rds and packages.gz files in the /bin/ directory. This was causing problems in R versions 3.4.4 and greater when a user attempted to install more than one package.

RStudio Package Manager 0.6.0#

July 31, 2018

  • Added Usage Statistics for analyzing package downloads and package licenses over time.
  • Compress (gzip) the packages and archive RDS files before serving them to clients.
  • Added row.names to the packages RDS file.
  • The CLI list sources output now includes source types.
  • Added a CLI list command that outputs a tree of all repos and sources.
  • Added a CLI fetch command to initial eager package fetching.
  • The CLI now uploads local packages using multi-part uploads to the API. Only the CLI needs permission to read files you are uploading, and relative paths are supported.
  • Added support for minor migrations for CRAN sources. Minor migrations are typically used for supplementing CRAN sources with additional metadata.
  • Added the SystemRequirements and NeedsCompilation fields to CRAN sources.
  • Improved the informational and error messages displayed during curated CRAN operations.
  • Fixed a bug that resulted in reading the wrong package DESCRIPTION file in some CRAN packages that include DESCRIPTION files at multiple paths.

RStudio Package Manager 0.5.0#

June 28, 2018

  • BREAKING: RStudio Package Manager's support for CRAN metadata was simplified. RStudio Package Manager now includes a single, default CRAN source and the fetch mode and sync schedules are defined server-wide in the configuration file. If you have existing CRAN sources, they will be dropped when upgrading. A new cran source will be created automatically. Use the CLI to subscribe existing repositories to the new cran source and to sync the new cran source. Example: If you had a repository named prod that subscribed to an CRAN source named cran-src, you will need to run: rspm subscribe --repo=prod --source=cran and rspm sync after upgrading.
  • BREAKING: The CRANTimeout and FetchTimeout configuration properties have been moved to a new [CRAN] configuration section. If you included either of these two properties under your [Server] configuration section, you will need to move them to a new [CRAN] configuration section.
  • RStudio Package Manager now includes curated CRAN sources, giving administrators the ability to host approved subsets of CRAN instead of taking an all-or-nothing approach. Administrators add packages, preview changes, and even perform dry runs before running updates. The admin guide contains examples and quick start guides.
  • The [CRAN] configuration section now includes SyncSchedule and SyncMode settings. The SyncSchedule setting accepts a crontab format for scheduling synchronization of the CRAN source. The SyncMode setting defaults to lazy but can be configured as eager for eager package downloading. The sync schedule and mode were previously configured using the CLI.
  • Admins can now edit source names, repository names, and repository descriptions using the edit CLI command.
  • Added an [API] configuration section that includes the settings MaxApiResults and DefaultApiResultsLimit for configurable API result limits.
  • Added documentation for air-gapped environments. See the Admin Guide for details.
  • Eliminates external fonts in the UI.
  • The activity page for a CRAN source now lists the historical date represented by a sync operation instead of the date the sync occurred.
  • Removed the CLI sync-wait command and replaced it with a flag. You can now run rspm sync --wait instead.
  • Better support for the URL property that appears in many CRAN package DESCRIPTION files. This property appears in CRAN packages as URL, Url, and url, which are all now supported.
  • The package date for archived packages is now displayed in the UI.
  • The CLI reorder command allows reordering source subscriptions for a repository. This allows you to change the priority for resolving conflicts when two sources include a package with the same name.
  • Fixed a bug that prevented using the UI through a proxy that prepends a prefix to the RStudio Package Manager URL.
  • Include Content-Length and Last-Modified headers when serving a package tarball.
  • Support for Ubuntu 18.04.
  • SUSE Enterprise Linux 12 SP3+ Support.

RStudio Package Manager 0.4.0#

May 3, 2018

  • BREAKING: Sources can no longer be hidden. Since repositories can subscribe and unsubscribe from sources (since 0.2.0), there is no need to hide sources. Sources that were previously hidden will no longer be hidden after upgrading to this release. If your repositories subscribed to hidden sources that should remain hidden, please unsubscribe those repositories from the hidden sources before upgrading.
  • Added the ability to version and migrate CRAN sources. This allows RStudio Package Manager to replace outdated or flawed CRAN sources without losing transaction history.
  • Added a /ping endpoint to allow services to more easily monitor the service's status. It always responds with an empty JSON message and a 200 status code.
  • Sources cannot be deleted when associated with any repositories. A repository's source subscriptions and unsubscriptions are all recorded permanently. To preserve a repository's immutable historical records, no sources that were ever associated with an existing repository may be deleted. If you need to delete a source, you must first delete any repositories that at any time subscribed to the source.

RStudio Package Manager 0.3.0#

March 26, 2018

  • BREAKING: This release incorporates major improvements to sources typed as cran. Packages in existing sources typed as cran will be removed when upgrading. Administrators should initiate synchronization for any sources typed as cran after upgrading.
  • KNOWN BUG: When using an NFS share for [Server].DataDir, there can be delays of up to 60 seconds when initailly serving particular files including the PACKAGES files for a particular repository. When using the "lazy" sync mode with CRAN, this delay can also occur the first time a version of a package is served. This latency can be improved by shortening the length of time attributes are cached on your NFS clients (see the acdirmax and noac NFS mount options). We will work to resolve this latency in a subsequent release.
  • Added support for multiple current versions of CRAN packages.
  • Support synchronizing multiple CRAN checkpoints simultaneously. This greatly reduces the time to synchronize a CRAN source.
  • CRAN checkpoints are cached to avoid redundant downloads. This greatly reduces the time to synchronize CRAN sources.
  • Introduced better logging configuration options to provide helpful logging during CRAN synchronization without overwhelming logs. Also added trace-level synchronization logging.
  • Added a sync-wait command to the CLI. This command lets you wait for synchronization to complete after you initiate a synchronization.
  • The RStudio Package Manager service now manages its /var/run/rstudio-pm directory correctly to avoid missing domain socket files on operating systems that use temporary file systems for the /var/run directory.
  • More consistently sort/order packages. Previous RStudio Package Manager releases ordered packages inconsistently when using PostgreSQL vs. SQLite.
  • Sort archived packages by version in the RStudio Package Manager Web client.
  • Fixed a bug that prevented package link (depends, imports, etc.) versions from being displayed in the RStudio Package Manager Web client.
  • Added the ability to specify a description for repositories, which are displayed via the CLI and the UI.

RStudio Package Manager 0.2.0#

January 29, 2018

  • The RStudio Package Manager service now runs under an unprivileged account. By default, the service runs under the rstudio-pm account. See the admin guide appendix on changing the RunAs User if you need to adjust the service account.
  • BREAKING: Upon upgrading, if you previously configured RStudio Package Manager with alternative data directories, cache directories, log files, or .gcfg locations, you will need to manually change ownership on these files/directories to the new rstudio-pm service account. See the admin guide appendix on changing the RunAs User for more information.
  • BREAKING: The internal structure of Package Manager has changed. Repositories no longer contain packages directly, but instead repositories are composed of one or more "sources". Sources are typed as either local or cran. See the admin guide for more details. Due to this change, upgrading to 0.2 will wipe all existing repositories. Administrators should recreate the repositories using the source + repo model. Any CRAN packages that were previously downloaded will be retained on the server and can be accessed after a new repository is configured. Local packages will need to be re-added. Additionally, the cache directory, /var/lib/rstudio-pm/cache can be removed prior to upgrading to save disk space.
  • BREAKING: The administrator command line interface (CLI) has been significantly refactored for easier use. Any scripts developed with the previous CLI should be rewritten. The new CLI does not require root. Instead, admins should be part of the rstudio-pm unix group. Instructions for changing the group are included in the admin guide.
  • BREAKING: Package Manager now tracks the number of downloads for each package. To do so, a new database was added for storing metrics. Servers using Postgres will need to create a new database and populate the [Postgres].MetricsURL configuration option or disable metrics by setting [Server].MetricsEnabled = false. Servers using the SQLite database (the default) will not need to alter their configuration; a new database will be created alongside your existing one.
  • The [Server].MetricsRetention configuration option specifies when to reap metrics that have expired.
  • The Package Manager web interface displays additional information about packages, including prior archived versions.
  • In version 0.1.0 users were prompted to name the repository RSPM. The new Overview page suggests naming the repository according to the repository name on Package Manager.
  • A date parsing error that occurred when adding local packages was fixed.
  • A number of bugs were fixed to properly sync CRAN packages including properly archiving prior package versions and correctly displaying the Depends, Suggests, and Imports fields.

RStudio Package Manager 0.1.0#

November 20, 2017

  • This is the initial alpha release of RStudio Package Manager.