knitr
knitr copied to clipboard
yihui
knit2wp can only use obsolete transport security
If you use knit2wp to a site that has good transport-security configuration--meaning it doesn't permit obsolete transport-security protocols--you will get an error. By "obsolete transport security", I mean any transport-security protocol other than TLS 1.2 or 1.3 (more info).
The ultimate problem is with the RCurl package, which this function depends on for data-transport. The error can reliably be reproduced with a trivial example, such as RCurl::getURL("http://www.arencambre.com/").
The below sites will produce an error. They are verified at https://gf.dev/tls-scanner as not supporting anything lower than TLS 1.2:
- https://www.smu.edu/
- https://www.rstudio.com/
- https://www.arencambre.com/
- https://en.wikipedia.com/
- https://www.harvard.edu/
Note that knit2wp depends on these packages:
- RWordPress (latest commit is August 2012)
- XMLRPC, which RWordPress uses to interact with WordPress.
- RCurl, which XMLRPC uses for the actual communications with WordPress. A relevant issue was reported to RCurl in November 2018, but there is no apparent action on it. I also opened a more general issue, similar to this one.
By filing an issue to this repo, I promise that
- [X] I have fully read the issue guide at https://yihui.org/issue/.
- [X] I have provided the necessary information about my issue.
- If I'm asking a question, I have already asked it on Stack Overflow or RStudio Community, waited for at least 24 hours, and included a link to my question there.
- If I'm filing a bug report, I have included a minimal, self-contained, and reproducible example, and have also included
xfun::session_info('knitr'). I have upgraded all my packages to their latest versions (e.g., R, RStudio, and R packages), and also tried the development version:remotes::install_github('yihui/knitr'). - If I have posted the same issue elsewhere, I have also mentioned it in this issue.
- [X] I have learned the Github Markdown syntax, and formatted my issue correctly.
I understand that my issue may be closed if I don't fulfill my promises.
Thanks for the report! Unfortunately I don't think there is anything that I could do about it. For anyone who is still using knitr::knit2wp() today, personally I'd strongly recommend that you give it up and switch to blogdown instead. The main reason is that as you have observed, the packages that knit2wp() relies on do not seem to be actively maintained any more.
I love blogdown. I teach a graduate data-science course, and all the textbooks are blogdown books. Thanks for that!
My use case is different: I wish to have a few R Notebooks be specific pages on a site that is otherwise not R-centric. The knit2wp function is great for this. https://www.arencambre.com/who-is-wylie-h-dallas/ is an example. I agree that it depends on unmaintained or inconsistently maintained libraries, and that is a bummer!
If only these packages were still actively maintained, I could have made knit2wp() much much more useful: https://github.com/yihui/shinyWP Unfortunately I don't have the expertise or time to contribute to RWordPress, XMLPRC, or RCurl.
The RCurl package owner responded. Trying to work with him on a solution.
His relationship with the R community may be changing: R 4.0.2's first changelog note was about removing the RCurl maintainer's repository from setRepositories() (oops, not the case; bug report filed).
For the RCurl problem, here is a post providing a temporal solution. The author seems to bypass RCurl with httr
There is another issue with package RWordPress, it uses getServerURL() which is a function in package wtss which has been removed from CRAN.
To solve this, type trace(newPost, edit = T) in console and replace server=getServerURL() with server = getOption("WordPressURL"). Similarly, if you deploy function apart from newPost, you will need to manually modify other functions in ?RWordPress. And you must set your blog url with options(WordPressURL = "https://XXXX.com/xmlrpc.php")
Anyway, it is time to move to blogdown
I may have found a solution.
I started hacking together a fix to XMLRPC that might shift its dependence on RCurl to curl. Before I got too far, I checked for forks. Turns out @josephguillaume has a working fork! Check out https://github.com/josephguillaume/XMLRPC. He shifts it to using httr.
If you already have Duncan Lang's XMLRPC installed, you'll want to remove it and the RCurl packages. Then you can refresh using this command (slightly altered from what is at https://yihui.org/knitr/demo/wordpress/):
remotes::install_github(c("josephguillaume/XMLRPC", "duncantl/RWordPress"))
Then voilà, it works!
@josephguillaume I am going to send you an email as an FYI in case tags here don't notify you. Would like your input on this.
Hi Aren, I'm also using XMLRPC with Wordpress, and have updated to use testthat, but my use case doesn't use RWordpress much and I have very limited bandwidth for support. So yes, the solution should work if the user is willing to use GitHub repos, but I would say that the XMLRPC httr fork and RWordpress are still unmaintained unless you or someone else would like to take them on. They're not too complicated packages, I just don't have much time unfortunately.
Thank you for replying, @josephguillaume. Just curious, what is your use case?
For sure, the RWordPress package could use improvements and modernization, but in the spirit of "it still works", I am reluctant to do anything about it. If you can allow issue tracking, it can help with maintenance of your fork of XMLRPC, should it be requested.
Since Lang's original XMLRPC does not appear to be in CRAN, maybe you could make your fork of XMLRPC the one that makes it into CRAN. If it needs to be renamed, I could look into forking RWordPress for the sake of altering it to depend on your renamed package. Thoughts?
Hi Aren, my use case involves editing wordpress pages with custom fields, so it's easier to directly construct XMLRPC requests rather than use RWordPress functions. I'd be happy for you or someone else to take my fork, host the issue tracking, and submit to CRAN.
I may have found a solution.
I started hacking together a fix to XMLRPC that might shift its dependence on RCurl to curl. Before I got too far, I checked for forks. Turns out @josephguillaume has a working fork! Check out https://github.com/josephguillaume/XMLRPC. He shifts it to using httr.
If you already have Duncan Lang's XMLRPC installed, you'll want to remove it and the RCurl packages. Then you can refresh using this command (slightly altered from what is at https://yihui.org/knitr/demo/wordpress/):
remotes::install_github(c("josephguillaume/XMLRPC", "duncantl/RWordPress"))Then voilà, it works!
@arencambre Ran into this issue now and I really appreciate that you solved it! Thank you for discovering this and thank you for dealing with the issue @josephguillaume
Just noting here, for folks looking for rwordpress alternatives, that @maelle's goodpress (https://maelle.github.io/goodpress) works absolutely beautifully. Even if it's not under active development, it uses the REST API and works perfectly with WordPress 6.2 and its built-in authentication (so also better for security). Would be great if knitr pointed folks to that instead of to a package that hasn't seen updates for 12 years.
Glad to read this. I could transfer the package repo to someone who'd want to maintain it as I don't have time to, and as I don't use WordPress at all. :grin: :wink:
I could transfer the package repo to someone who'd want to maintain it
Same offer still applies to my XMLRPC fork too 🤣
I could transfer the package repo to someone who'd want to maintain it
Same offer still applies to my XMLRPC fork too 🤣
It still works for me so I'm not touching it yet!
I opened an issue about goodpress' need for a new maintainer https://github.com/maelle/goodpress/issues/41