torch icon indicating copy to clipboard operation
torch copied to clipboard
verified publisher icon mlverse

library("torch") should not install anything automatically

Open strimmerlab opened this issue 5 years ago • 10 comments

Please change the startup script when loading the library so that library("torch") does not install anything automatically. IMHO this is highly non-standard and counter-intuitive behaviour.

Instead I think it is much better and less confusing to just check on startup whether the configuration is complete. If it isn't complete and shared libraries are missing then issue a warning along with instructions to run torch::install_torch() manually (and if needed as superuser).

strimmerlab avatar Oct 30 '20 12:10 strimmerlab

Hi @strimmerlab

The idea behind auto installation is that the users, when installing torch for the first time doesn't have to deal with any additional installation steps. I understand that this is not standard, but would argue that it's useful for many users.

The auto installation only happens in interactive sessions where users can easily see that we are installing additional software. You can also completely disable the auto installation by setting the TORCH_INSTALL environment variable to 0. For example: Sys.setenv("TORCH_INSTALL"=0)

dfalbel avatar Oct 30 '20 12:10 dfalbel

I understand your point about convience, but it is a bit of a false convenience.

Using a package and installing a package should be clearly separated steps because these two things may require different user rights. The current behaviour is also what leads to the unexpected behaviour #338 in multi-user settings.

If there are any automatic downloads and installations happening in interactive session these need be subject to confirmation of the user.

Otherwise you may even have the problem that some systems/ firewalls etc might believe that your package is malware because it downloads and installs stuff behind the back of the user.

strimmerlab avatar Oct 30 '20 12:10 strimmerlab

See also CRAN Repository Policy: https://cran.r-project.org/web/packages/policies.html

"The code and examples provided in a package should never do anything which might be regarded as malicious or anti-social. The following are illustrative examples from past experience. " "Packages should not write in the user’s home filespace (including clipboards), nor anywhere else on the file system apart from the R session’s temporary directory (or during installation in the location pointed to by TMPDIR: and such usage should be cleaned up). Installing into the system’s R installation (e.g., scripts to its bin directory) is not allowed.

Limited exceptions may be allowed in interactive sessions if the package obtains confirmation from the user. "

strimmerlab avatar Oct 30 '20 13:10 strimmerlab

I agree with you. So IIUC we have two possible solutions:

  1. Install the binary dependencies in a post installation script that would run at the same time as install.packages.
  2. Prompt the user for permission to install in the .onLoad script, or simply throw a warning with the instructions.

I am inclined to do (2.). DO you think there are additional options and things to consider?

dfalbel avatar Oct 30 '20 13:10 dfalbel

I always have a multi-user environment in mind, where user != administrator:

  • the user runs library("torch") to load and use the package.
  • the adminstrator installs the package and makes it available to the users.

A user typically has very limited rights, so even if the users get asked for confirmation to install something, the R process will only be able to save in their own home directory.

So I think 1) is better. Ideally it would completely transparent and be done inside install.packages() but not sure it is possible to call post-installation scripts from there.

strimmerlab avatar Oct 30 '20 14:10 strimmerlab

Is it possible to run the installiation script through the Makevars file?

dirkschumacher avatar Oct 30 '20 21:10 dirkschumacher

It's tricky because the Makevars file is not run if you install the binaries from CRAN on macOS or Windows that are already built. And we also can't include the Libtorch and lantern binaries in the CRAN built packages too.

dfalbel avatar Oct 30 '20 21:10 dfalbel

FYI, some other R packages on CRAN also use post-installation scripts. For example" IRkernel" (this package enables to run R in Jupyter). For details see: https://irkernel.github.io/installation/

Installation steps:

  1. install.packages('IRkernel')
  2. IRkernel::installspec(user=FALSE)

strimmerlab avatar Oct 31 '20 00:10 strimmerlab

Another thing that we could do in the future is consider depending on system libraries like:

  • https://packages.debian.org/sid/libtorch-dev
  • https://formulae.brew.sh/formula/libtorch

We would still need to figure out how to host the lantern builds.

dfalbel avatar Oct 31 '20 01:10 dfalbel

I also think this is a problem. In my case, I was using tensorflow and pytorch as gpu, but the virtual environment was broken.

qkdrk7777775 avatar May 21 '22 12:05 qkdrk7777775