|
217 | 217 | \code{"<system>.binary.<build>"} where \code{<system>} is |
218 | 218 | lower-case name (letters only) of the system and \code{<build>} is |
219 | 219 | the name of the build (alphanumeric and dashes). The corresponding |
220 | | - paths returned by \code{contrib.url} (which govern repository |
| 220 | + paths returned by \code{contrib.url} (which govern the repository |
221 | 221 | layout) with the above \code{type=} have the form |
222 | 222 | \code{bin/<system>/<build>/contrib/<x.y>} where \code{<x.y>} |
223 | 223 | is the \R version without patch level. This is a generalisation of |
|
233 | 233 | typically only done by the author of a binary \R distribution to |
234 | 234 | define the type of binaries supported by that build of \R. |
235 | 235 |
|
| 236 | + \item If \R uses custom binary type in its |
| 237 | + \code{.Platform$pkgType} then \code{R CMD INSTALL --build} will |
| 238 | + produce \code{<package>_<ver>_R_<system>-<build>.tar.zstd} binary |
| 239 | + files if \R has \command{zstd} support, \code{.tar.xz} otherwise. |
| 240 | + |
| 241 | + \item New facilities have been introduced for package integrity |
| 242 | + verification and package signing. The optional file \file{SHA256} |
| 243 | + in a package contains \abbr{SHA}-256 hashes, lengths and paths |
| 244 | + of files provided in the package allowing for more reliable integrity |
| 245 | + verification (relative to \file{MD5}). This file is now generated |
| 246 | + by default in \code{R CMD INSTALL --build} and optionally via |
| 247 | + \code{R CMD build --sha256}. A package can be signed by creating a |
| 248 | + detached GnuPG signature file \file{SHA256.sig} signing the |
| 249 | + entirety of the \file{SHA256} file. Upon installation, the |
| 250 | + signature is verified using GnuPG, thus ensuring the integrity of |
| 251 | + the \file{SHA256} file and by induction all files in the package. |
| 252 | + Both source and binary packages can be signed. Currently, this only |
| 253 | + applies to tar-based packages, and the command-line GnuPG |
| 254 | + \command{gpg} tool (or equivalent tool named in the \code{GPG} |
| 255 | + environment variable) has to be available for signing and |
| 256 | + verification to work. \code{R CMD INSTALL --sign} can be used to |
| 257 | + sign binary packages, including its use with \code{--build}. |
| 258 | + System-wide GnuPG keyrings for the \R installation |
| 259 | + can be placed in \code{\var{R_HOME}/etc/keyrings} as files with |
| 260 | + \file{.gpg} extensions and will be checked first before consulting |
| 261 | + user's GnuPG keyring (if present). |
| 262 | +
|
236 | 263 | \item Experimentally, several math library (\file{math.h}) functions, |
237 | 264 | such as \code{exp(.)}, \code{log1p()}, \code{sin()}, \code{atanh()}, |
238 | 265 | when called from \R, are now ensured to give fully accurate results |
|
0 commit comments