Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

knit2wp can only use obsolete transport security #1866

Open
3 tasks done
arencambre opened this issue Jun 23, 2020 · 17 comments
Open
3 tasks done

knit2wp can only use obsolete transport security #1866

arencambre opened this issue Jun 23, 2020 · 17 comments

Comments

@arencambre
Copy link

If you use knit2wp to a site that has good transport-security configuration--meaning it doesn't permit obsolete transport-security protocols--you will get an error. By "obsolete transport security", I mean any transport-security protocol other than TLS 1.2 or 1.3 (more info).

The ultimate problem is with the RCurl package, which this function depends on for data-transport. The error can reliably be reproduced with a trivial example, such as RCurl::getURL("http://www.arencambre.com/").

The below sites will produce an error. They are verified at https://gf.dev/tls-scanner as not supporting anything lower than TLS 1.2:

Note that knit2wp depends on these packages:

  • RWordPress (latest commit is August 2012)
  • XMLRPC, which RWordPress uses to interact with WordPress.
  • RCurl, which XMLRPC uses for the actual communications with WordPress. A relevant issue was reported to RCurl in November 2018, but there is no apparent action on it. I also opened a more general issue, similar to this one.

By filing an issue to this repo, I promise that

  • I have fully read the issue guide at https://yihui.org/issue/.
  • I have provided the necessary information about my issue.
    • If I'm asking a question, I have already asked it on Stack Overflow or RStudio Community, waited for at least 24 hours, and included a link to my question there.
    • If I'm filing a bug report, I have included a minimal, self-contained, and reproducible example, and have also included xfun::session_info('knitr'). I have upgraded all my packages to their latest versions (e.g., R, RStudio, and R packages), and also tried the development version: remotes::install_github('yihui/knitr').
    • If I have posted the same issue elsewhere, I have also mentioned it in this issue.
  • I have learned the Github Markdown syntax, and formatted my issue correctly.

I understand that my issue may be closed if I don't fulfill my promises.
@yihui
Copy link
Owner

yihui commented Jun 23, 2020
edited
Loading

Thanks for the report! Unfortunately I don't think there is anything that I could do about it. For anyone who is still using knitr::knit2wp() today, personally I'd strongly recommend that you give it up and switch to blogdown instead. The main reason is that as you have observed, the packages that knit2wp() relies on do not seem to be actively maintained any more.

@arencambre
Copy link
Author

I love blogdown. I teach a graduate data-science course, and all the textbooks are blogdown books. Thanks for that!

My use case is different: I wish to have a few R Notebooks be specific pages on a site that is otherwise not R-centric. The knit2wp function is great for this. https://www.arencambre.com/who-is-wylie-h-dallas/ is an example. I agree that it depends on unmaintained or inconsistently maintained libraries, and that is a bummer!

@yihui
Copy link
Owner

yihui commented Jun 23, 2020

If only these packages were still actively maintained, I could have made knit2wp() much much more useful: https://github.com/yihui/shinyWP Unfortunately I don't have the expertise or time to contribute to RWordPress, XMLPRC, or RCurl.

@maelle
Copy link

maelle commented Jun 24, 2020

Feel free to try https://maelle.github.io/goodpress 🙂

yihui added a commit to yihui/yihui.org that referenced this issue Jun 25, 2020
@yihui
warn users that RWordPress is no longer actively maintained: yihui/kn…
a393d53 
…itr#1866
@arencambre
Copy link
Author

arencambre commented Jun 27, 2020
edited
Loading

The RCurl package owner responded. Trying to work with him on a solution.

His relationship with the R community may be changing: R 4.0.2's first changelog note was about removing the RCurl maintainer's repository from setRepositories() (oops, not the case; bug report filed).

@Hzhang-ouce
Copy link

Hzhang-ouce commented Sep 10, 2020
edited
Loading

For the RCurl problem, here is a post providing a temporal solution. The author seems to bypass RCurl with httr

There is another issue with package RWordPress, it uses getServerURL() which is a function in package wtss which has been removed from CRAN.

To solve this, type trace(newPost, edit = T) in console and replace server=getServerURL() with server = getOption("WordPressURL"). Similarly, if you deploy function apart from newPost, you will need to manually modify other functions in ?RWordPress. And you must set your blog url with options(WordPressURL = "https://XXXX.com/xmlrpc.php")

Anyway, it is time to move to blogdown

@yihui yihui mentioned this issue Sep 21, 2020
Closed
3 tasks
@cderv cderv mentioned this issue Oct 30, 2020
Closed
3 tasks
@arencambre
Copy link
Author

I may have found a solution.

I started hacking together a fix to XMLRPC that might shift its dependence on RCurl to curl. Before I got too far, I checked for forks. Turns out @josephguillaume has a working fork! Check out https://github.com/josephguillaume/XMLRPC. He shifts it to using httr.

If you already have Duncan Lang's XMLRPC installed, you'll want to remove it and the RCurl packages. Then you can refresh using this command (slightly altered from what is at https://yihui.org/knitr/demo/wordpress/):

remotes::install_github(c("josephguillaume/XMLRPC", "duncantl/RWordPress"))

Then voilà, it works!

@arencambre
Copy link
Author

@josephguillaume I am going to send you an email as an FYI in case tags here don't notify you. Would like your input on this.

@josephguillaume
Copy link

josephguillaume commented Nov 27, 2020
edited
Loading

Hi Aren, I'm also using XMLRPC with Wordpress, and have updated to use testthat, but my use case doesn't use RWordpress much and I have very limited bandwidth for support. So yes, the solution should work if the user is willing to use GitHub repos, but I would say that the XMLRPC httr fork and RWordpress are still unmaintained unless you or someone else would like to take them on. They're not too complicated packages, I just don't have much time unfortunately.

@arencambre
Copy link
Author

arencambre commented Nov 27, 2020
edited
Loading

Thank you for replying, @josephguillaume. Just curious, what is your use case?

For sure, the RWordPress package could use improvements and modernization, but in the spirit of "it still works", I am reluctant to do anything about it. If you can allow issue tracking, it can help with maintenance of your fork of XMLRPC, should it be requested.

Since Lang's original XMLRPC does not appear to be in CRAN, maybe you could make your fork of XMLRPC the one that makes it into CRAN. If it needs to be renamed, I could look into forking RWordPress for the sake of altering it to depend on your renamed package. Thoughts?

@josephguillaume
Copy link

Hi Aren, my use case involves editing wordpress pages with custom fields, so it's easier to directly construct XMLRPC requests rather than use RWordPress functions.
I'd be happy for you or someone else to take my fork, host the issue tracking, and submit to CRAN.

@benyamindsmith
Copy link

I may have found a solution.

I started hacking together a fix to XMLRPC that might shift its dependence on RCurl to curl. Before I got too far, I checked for forks. Turns out @josephguillaume has a working fork! Check out https://github.com/josephguillaume/XMLRPC. He shifts it to using httr.

If you already have Duncan Lang's XMLRPC installed, you'll want to remove it and the RCurl packages. Then you can refresh using this command (slightly altered from what is at https://yihui.org/knitr/demo/wordpress/):

remotes::install_github(c("josephguillaume/XMLRPC", "duncantl/RWordPress"))

Then voilà, it works!

@arencambre Ran into this issue now and I really appreciate that you solved it! Thank you for discovering this and thank you for dealing with the issue @josephguillaume

@maelle maelle mentioned this issue Nov 11, 2021
Closed
@mdingemanse
Copy link

Just noting here, for folks looking for rwordpress alternatives, that @maelle's goodpress (https://maelle.github.io/goodpress) works absolutely beautifully. Even if it's not under active development, it uses the REST API and works perfectly with WordPress 6.2 and its built-in authentication (so also better for security). Would be great if knitr pointed folks to that instead of to a package that hasn't seen updates for 12 years.

@maelle
Copy link

maelle commented Mar 31, 2023

Glad to read this. I could transfer the package repo to someone who'd want to maintain it as I don't have time to, and as I don't use WordPress at all. 😁 😉

@josephguillaume
Copy link

I could transfer the package repo to someone who'd want to maintain it

Same offer still applies to my XMLRPC fork too 🤣

@benyamindsmith
Copy link

I could transfer the package repo to someone who'd want to maintain it

Same offer still applies to my XMLRPC fork too 🤣

It still works for me so I'm not touching it yet!

@maelle
Copy link

maelle commented Apr 4, 2023

I opened an issue about goodpress' need for a new maintainer baranovskypd/goodpress#41

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@yihui @arencambre @josephguillaume @maelle @mdingemanse @benyamindsmith @Hzhang-ouce