In ropenscilabs/notary: Signing and Verification of R Packages
knitr::opts_chunk$set(collapse = TRUE)
options(width = 120)
Problems
Solutions (current)
GitHub
- Only install signed releases
- Verify release signatures
CRAN
- Reimagining integrity mirror integrity
notary : Signing and Verification of R Packages
Methods
More for users:
CRAN-ish
install_packages: Install and verify packagesdownload_packages: Download and verify packagesavailable_packages: Download and verify package indices
GitHub-ish
install_release: Validate that the current GitHub release is GPG signed and install it if sovalidate_release: Validate that the current GitHub release is GPG signedretrieve_release_signature: Retrieve the GitHub signing information for the latest release of a packageget_tags: Retrieve a data frame of GitHub package tag (release) info
source()-ish
source_safe_sign: Source a file with verificationsys_source_safe_sign: Source a file with verification
More for plumbers:
package_index_prepare: Prepare a package index
The Book of R [Security]
https://ropenscilabs.github.io/r-security-practices/index.html
A gif is worth a thousand words
Usage
library(notary)
library(tidyverse)
validate_release("hrbrmstr/hrbrthemes")
validate_release("ironholds/rgeolocate")
retrieve_release_signature("hrbrmstr/ggalt")
glimpse(get_tags("hrbrmstr/hrbrthemes"))
get_tags("tidyverse/dplyr")
install_release("hrbrmstr/hrbrthemes")
# fails
install_release("ironholds/rgeolocate")
Code of Coduct
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
ropenscilabs/notary documentation built on May 20, 2022, 11:58 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
knitr::opts_chunk$set(collapse = TRUE) options(width = 120)
Problems
Solutions (current)
GitHub
- Only install signed releases
- Verify release signatures
CRAN
- Reimagining integrity mirror integrity
notary : Signing and Verification of R Packages
Methods
More for users:
CRAN-ish
install_packages: Install and verify packagesdownload_packages: Download and verify packagesavailable_packages: Download and verify package indices
GitHub-ish
install_release: Validate that the current GitHub release is GPG signed and install it if sovalidate_release: Validate that the current GitHub release is GPG signedretrieve_release_signature: Retrieve the GitHub signing information for the latest release of a packageget_tags: Retrieve a data frame of GitHub package tag (release) info
source()-ish
source_safe_sign: Source a file with verificationsys_source_safe_sign: Source a file with verification
More for plumbers:
package_index_prepare: Prepare a package index
The Book of R [Security]
https://ropenscilabs.github.io/r-security-practices/index.html
A gif is worth a thousand words
Usage
library(notary) library(tidyverse)
validate_release("hrbrmstr/hrbrthemes") validate_release("ironholds/rgeolocate") retrieve_release_signature("hrbrmstr/ggalt") glimpse(get_tags("hrbrmstr/hrbrthemes")) get_tags("tidyverse/dplyr")
install_release("hrbrmstr/hrbrthemes") # fails install_release("ironholds/rgeolocate")
Code of Coduct
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.