Confirm pak is picking up packages from DownloadURL

[dgkf]

Following up on #74

@borgmaan mentioned today that we need to confirm that the packages being installed from the url specified in the PACKAGES DownloadURL after setting a repo to a local file path as shown in https://github.com/pharmaR/repos/blob/feature/riskscore/dev/merge-riskscore.R

There are probably plenty of ways of testing this. One idea is to debugonce(download.file); debugonce(download.package). I'm not certain these are used on the backend, but I think they're probably a safe bet.

tagging @ramiromagno for interest

[llrs]

I tried with debugonce(download.package), debugonce(download.file) and degubonce(install.packages) and then install a package via pak::pkg_instal() and the R session wasn't pulled into the tracer/browser to debug either of them.
This is in R 4.4 and pak version 0.7.2 from Rstudio 2024.04.
Another possible exploration on how is done is to use flow to explore or directly explore the function code.

[ramiromagno]

Hello @dgkf and @llrs,

It seems that the functions download.file(), download.package(), and install.packages() are not used in the pak package.

After examining the source code of pak, it seems that all downloading activities are handled via R6 methods of a pkg_installation_proposal object, which is created using pkg_installation_proposal(). You can see the implementation here: https://github.com/r-lib/pak/blob/d791187ade9d9c2eb2f47adb685a37b5b6e3fe3e/R/package.R#L95.

Inspecting the internal operations of pak is challenging due to the encapsulation of processes within callr/processx subprocesses. Additionally, the private methods of the R6 classes do not facilitate quick reviews.

I also searched for any references to the DownloadURL field but found none in either pak or pkgdepends.

Perhaps consulting @gaborcsardi directly might be the quickest approach. :)

[gaborcsardi]

You can check the summary that pak returns. E.g. this container installs from a repo at GH releases:

istats <- pak::pkg_install("pillar")

✔ Updated metadata database: 2.95 MB in 9 files.
✔ Updating metadata database ... done

→ Will install 8 packages.
→ Will download 8 packages with unknown size.
+ cli         3.6.2 [dl]
+ fansi       1.0.6 [dl]
+ glue        1.7.0 [dl]
+ lifecycle   1.0.4 [dl]
+ pillar      1.9.0 [dl]
+ rlang       1.1.3 [dl]
+ utf8        1.2.4 [dl]
+ vctrs       0.6.5 [dl]

ℹ Getting 8 pkgs with unknown sizes
✔ Got glue 1.7.0 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (154.29 kB)
✔ Got lifecycle 1.0.4 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (124.24 kB)
✔ Got fansi 1.0.6 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (318.00 kB)
✔ Got pillar 1.9.0 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (648.03 kB)
✔ Got cli 3.6.2 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (1.31 MB)
✔ Got rlang 1.1.3 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (1.61 MB)
✔ Got utf8 1.2.4 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (150.43 kB)
✔ Got vctrs 0.6.5 (x86_64-pc-linux-gnu-ubuntu-22.04-libc++) (1.34 MB)
✔ Downloaded 8 packages (5.66 MB) in 2.2s
✔ Installed cli 3.6.2  (140ms)
✔ Installed fansi 1.0.6  (164ms)
✔ Installed glue 1.7.0  (194ms)
✔ Installed lifecycle 1.0.4  (213ms)
✔ Installed pillar 1.9.0  (260ms)
✔ Installed rlang 1.1.3  (273ms)
✔ Installed utf8 1.2.4  (276ms)
✔ Installed vctrs 0.6.5  (294ms)
✔ 1 pkg + 7 deps: added 8, dld 8 (5.66 MB) [11.7s]

> names(istats)
 [1] "ref"                  "type"                 "direct"
 [4] "directpkg"            "status"               "package"
 [7] "version"              "license"              "needscompilation"
[10] "priority"             "md5sum"               "sha256"
[13] "filesize"             "built"                "platform"
[16] "rversion"             "repotype"             "repodir"
[19] "target"               "deps"                 "mirror"
[22] "sources"              "remote"               "error"
[25] "metadata"             "dep_types"            "params"
[28] "sysreqs"              "os_type"              "cache_status"
[31] "sysreqs_packages"     "sysreqs_pre_install"  "sysreqs_post_install"
[34] "sysreqs_install"      "lib_status"           "old_version"
[37] "new_version"          "fulltarget"           "fulltarget_tree"
[40] "download_status"      "download_error"       "file_size"
[43] "library"              "binary"               "dependencies"
[46] "installed"            "vignettes"            "install_args"
[49] "packaged"             "file"                 "package_done"
[52] "package_time"         "package_error"        "package_stdout"
[55] "build_done"           "build_time"           "build_error"
[58] "build_stdout"         "install_done"         "install_time"
[61] "install_error"        "install_stdout"       "worker_id"
[64] "deps_left"

sources has the download URLs for every package:

istats[, c("package", "sources")]

    package
1       cli
2     fansi
3      glue
4 lifecycle
5    pillar
6     rlang
7      utf8
8     vctrs
                                                                                                                           sources
1             https://github.com/cran/cli/releases/download/3.6.2/cli_3.6.2_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
2         https://github.com/cran/fansi/releases/download/1.0.6/fansi_1.0.6_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
3           https://github.com/cran/glue/releases/download/1.7.0/glue_1.7.0_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
4 https://github.com/cran/lifecycle/releases/download/1.0.4/lifecycle_1.0.4_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
5       https://github.com/cran/pillar/releases/download/1.9.0/pillar_1.9.0_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
6         https://github.com/cran/rlang/releases/download/1.1.3/rlang_1.1.3_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
7           https://github.com/cran/utf8/releases/download/1.2.4/utf8_1.2.4_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz
8         https://github.com/cran/vctrs/releases/download/0.6.5/vctrs_0.6.5_b1_R4.5_x86_64-pc-linux-gnu-ubuntu-22.04-libc++.tar.gz

Is this what you need?

[ramiromagno]

Thank you Gábor!

I had noticed that the output of pak::pkg-install() did indeed included the sources but it has been difficult to actually confirm that that URL is the one used for the download.