Release v0.2.16: Sonoma URL, cache R-minor sentinel, install timeout, SIGINT cleanup, pin warning

- #51: macOS R install URL is now Sonoma-aware (sonoma-arm64 / sonoma-x86_64
  for Darwin >= 14, with big-sur fallback for older R versions). Resolves
  the 4.6.0 404 reported by adamhsparks on Sonoma.
- #66: Project library carries a .uvr-r-version sentinel. If the active R
  doesn't match the sentinel (R upgraded out from under the library), sync
  wipes and reinstalls instead of reusing ABI-incompatible builds.
- #63/#64 phase 1: every library-affecting command warns loudly when the
  project pin (.r-version or [project] r_version) doesn't match the active
  R, including the "pinned but not installed" case.
- #52: per-package install timeout (default 30m) via --timeout flag and
  UVR_INSTALL_TIMEOUT env. Stale 00LOCK-<pkg>/ dirs are cleaned up on any
  failure path (timeout, exit, error).
- #58: Ctrl+C now kills in-flight R CMD INSTALL, removes its 00LOCK dir,
  and exits 130. Process-global registry tracks active installs.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Author: nbafrank

Cargo.lock

@@ -3,7 +3,7 @@ members = ["crates/uvr", "crates/uvr-core"]
 resolver = "2"
 
 [workspace.package]
-version = "0.2.15"
+version = "0.2.16"
 edition = "2021"
 authors = ["uvr contributors"]
 license = "MIT"

Cargo.toml

@@ -31,6 +31,9 @@ urlencoding.workspace = true
 zip.workspace = true
 regex.workspace = true
 
+[target.'cfg(unix)'.dependencies]
+libc = "0.2"
+
 [build-dependencies]
 serde_json.workspace = true
 serde.workspace = true

crates/uvr-core/Cargo.toml

@@ -1,9 +1,86 @@
 use std::io::{BufRead, BufReader};
 use std::path::Path;
 use std::process::{Command, Stdio};
+use std::sync::atomic::{AtomicBool, Ordering};
+use std::sync::Arc;
+use std::time::{Duration, Instant};
 
 use crate::error::{Result, UvrError};
 
+/// Default per-package install timeout when neither `--timeout` nor the env var is set.
+pub const DEFAULT_INSTALL_TIMEOUT: Duration = Duration::from_secs(30 * 60);
+
+/// Parse a duration like `30m`, `2h`, `90s`, or a bare number (interpreted as seconds).
+/// Returns `None` for unparseable input — callers fall back to the default.
+pub fn parse_install_timeout(s: &str) -> Option<Duration> {
+    let s = s.trim();
+    if s.is_empty() {
+        return None;
+    }
+    let (num, suffix) = match s.find(|c: char| !c.is_ascii_digit()) {
+        Some(idx) => (&s[..idx], &s[idx..]),
+        None => (s, ""),
+    };
+    let n: u64 = num.parse().ok()?;
+    let secs = match suffix.trim() {
+        "" | "s" | "sec" | "secs" | "second" | "seconds" => n,
+        "m" | "min" | "mins" | "minute" | "minutes" => n.checked_mul(60)?,
+        "h" | "hr" | "hrs" | "hour" | "hours" => n.checked_mul(3600)?,
+        _ => return None,
+    };
+    Some(Duration::from_secs(secs))
+}
+
+/// Resolve the effective install timeout: explicit override > env var > default.
+pub fn effective_install_timeout(explicit: Option<Duration>) -> Duration {
+    if let Some(d) = explicit {
+        return d;
+    }
+    if let Ok(env) = std::env::var("UVR_INSTALL_TIMEOUT") {
+        if let Some(d) = parse_install_timeout(&env) {
+            return d;
+        }
+    }
+    DEFAULT_INSTALL_TIMEOUT
+}
+
+/// Remove a stale `00LOCK-<package>/` directory left behind by an aborted
+/// `R CMD INSTALL`. Best-effort: if removal fails the next install attempt
+/// will surface a clearer error than a silent skip would.
+pub fn cleanup_lock_dir(library: &Path, package_name: &str) {
+    let lock_dir = library.join(format!("00LOCK-{package_name}"));
+    if lock_dir.exists() {
+        let _ = std::fs::remove_dir_all(&lock_dir);
+    }
+}
+
+/// Send a TERM-equivalent signal to a child process by PID. On Unix uses
+/// SIGTERM (graceful), on Windows uses TerminateProcess (immediate). Best-effort.
+fn kill_pid(pid: u32) {
+    #[cfg(unix)]
+    unsafe {
+        // SIGTERM is graceful; the process gets a chance to clean up. If it
+        // ignores TERM, the timeout watchdog can be hardened later with SIGKILL.
+        libc::kill(pid as i32, libc::SIGTERM);
+    }
+    #[cfg(windows)]
+    {
+        use std::process::Command;
+        // taskkill /F /T /PID <pid> kills the whole process tree. This catches
+        // R's child Rscript / cc.exe sub-processes that would otherwise live on.
+        let _ = Command::new("taskkill")
+            .args(["/F", "/T", "/PID", &pid.to_string()])
+            .stdin(std::process::Stdio::null())
+            .stdout(std::process::Stdio::null())
+            .stderr(std::process::Stdio::null())
+            .status();
+    }
+    #[cfg(not(any(unix, windows)))]
+    {
+        let _ = pid; // suppress unused warning on exotic targets
+    }
+}
+
 pub struct RCmdInstall {
     pub r_binary: String,
 }
@@ -17,32 +94,62 @@ impl RCmdInstall {
 
     /// Run `R CMD INSTALL --library=<lib_path> --no-test-load <tarball>`.
     /// On failure, the captured stderr is included in the error message.
+    /// On any failure (timeout, non-zero exit, parse error), the
+    /// `00LOCK-<package>/` directory is removed from `library`.
     pub fn install(&self, tarball: &Path, library: &Path, package_name: &str) -> Result<()> {
-        let mut cmd = self.build_cmd(tarball, library);
-        cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
+        let result: Result<()> = (|| {
+            let mut cmd = self.build_cmd(tarball, library);
+            cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
 
-        let output = cmd.output()?;
+            let output = cmd.output()?;
 
-        if !output.status.success() {
-            let code = output.status.code().unwrap_or(-1);
-            let stderr = String::from_utf8_lossy(&output.stderr);
-            let stdout = String::from_utf8_lossy(&output.stdout);
-            let log = if stderr.is_empty() { stdout } else { stderr };
-            return Err(UvrError::Other(format!(
-                "R CMD INSTALL failed for '{package_name}' (exit {code}):\n{log}"
-            )));
+            if !output.status.success() {
+                let code = output.status.code().unwrap_or(-1);
+                let stderr = String::from_utf8_lossy(&output.stderr);
+                let stdout = String::from_utf8_lossy(&output.stdout);
+                let log = if stderr.is_empty() { stdout } else { stderr };
+                return Err(UvrError::Other(format!(
+                    "R CMD INSTALL failed for '{package_name}' (exit {code}):\n{log}"
+                )));
+            }
+            Ok(())
+        })();
+        if result.is_err() {
+            cleanup_lock_dir(library, package_name);
         }
-
-        Ok(())
+        result
     }
 
     /// Like `install`, but streams stderr line-by-line to a callback so the
-    /// caller can update a progress spinner with compilation output.
+    /// caller can update a progress spinner with compilation output. The
+    /// subprocess is killed if it runs longer than `timeout` (or
+    /// `UVR_INSTALL_TIMEOUT`, or 30m default) — see #52. On any failure
+    /// the `00LOCK-<package>/` dir is cleaned up.
     pub fn install_streaming<F>(
         &self,
         tarball: &Path,
         library: &Path,
         package_name: &str,
+        timeout: Option<Duration>,
+        on_line: F,
+    ) -> Result<()>
+    where
+        F: Fn(&str),
+    {
+        let timeout = effective_install_timeout(timeout);
+        let result = self.install_streaming_inner(tarball, library, package_name, timeout, on_line);
+        if result.is_err() {
+            cleanup_lock_dir(library, package_name);
+        }
+        result
+    }
+
+    fn install_streaming_inner<F>(
+        &self,
+        tarball: &Path,
+        library: &Path,
+        package_name: &str,
+        timeout: Duration,
         on_line: F,
     ) -> Result<()>
     where
@@ -52,11 +159,51 @@ impl RCmdInstall {
         cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
 
         let mut child = cmd.spawn()?;
+        let pid = child.id();
+
+        // Register this install so the SIGINT handler can kill the child + clean
+        // up its 00LOCK on Ctrl+C (#58). Deregister at the end (success or fail).
+        crate::signal::register(crate::signal::ActiveInstall {
+            pid,
+            library: library.to_path_buf(),
+            package_name: package_name.to_string(),
+        });
+        struct Deregister(u32);
+        impl Drop for Deregister {
+            fn drop(&mut self) {
+                crate::signal::unregister(self.0);
+            }
+        }
+        let _deregister_guard = Deregister(pid);
+
+        // Watchdog: kill the child if `timeout` elapses before completion.
+        // The flag tells the watchdog the install thread is done (success or
+        // graceful failure), so the watchdog never kills a finished process.
+        let completed = Arc::new(AtomicBool::new(false));
+        let timed_out = Arc::new(AtomicBool::new(false));
+        let watchdog = {
+            let completed = Arc::clone(&completed);
+            let timed_out = Arc::clone(&timed_out);
+            std::thread::spawn(move || {
+                let start = Instant::now();
+                while start.elapsed() < timeout {
+                    if completed.load(Ordering::SeqCst) {
+                        return;
+                    }
+                    std::thread::sleep(Duration::from_millis(200));
+                }
+                if !completed.load(Ordering::SeqCst) {
+                    timed_out.store(true, Ordering::SeqCst);
+                    kill_pid(pid);
+                }
+            })
+        };
 
         // Collect all output for error reporting
         let mut all_stderr = String::new();
 
-        // Read stderr line-by-line to update progress
+        // Read stderr line-by-line to update progress. When the watchdog kills
+        // the child, the pipe closes and this loop exits naturally.
         if let Some(stderr) = child.stderr.take() {
             let reader = BufReader::new(stderr);
             for line in reader.lines().map_while(|l| l.ok()) {
@@ -70,6 +217,18 @@ impl RCmdInstall {
         }
 
         let status = child.wait()?;
+        completed.store(true, Ordering::SeqCst);
+        let _ = watchdog.join();
+
+        if timed_out.load(Ordering::SeqCst) {
+            return Err(UvrError::Other(format!(
+                "Install of '{package_name}' timed out after {}s — killed by uvr (#52). \
+                 Override with `--timeout <duration>` or `UVR_INSTALL_TIMEOUT=<duration>` \
+                 (e.g. 1h).",
+                timeout.as_secs()
+            )));
+        }
+
         if !status.success() {
             let code = status.code().unwrap_or(-1);
             // Also grab stdout if stderr was empty
@@ -176,3 +335,80 @@ impl RCmdInstall {
         cmd
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parse_seconds_default() {
+        assert_eq!(parse_install_timeout("90"), Some(Duration::from_secs(90)));
+        assert_eq!(parse_install_timeout("90s"), Some(Duration::from_secs(90)));
+        assert_eq!(
+            parse_install_timeout("90 sec"),
+            Some(Duration::from_secs(90))
+        );
+    }
+
+    #[test]
+    fn parse_minutes() {
+        assert_eq!(
+            parse_install_timeout("30m"),
+            Some(Duration::from_secs(1800))
+        );
+        assert_eq!(
+            parse_install_timeout("30 min"),
+            Some(Duration::from_secs(1800))
+        );
+    }
+
+    #[test]
+    fn parse_hours() {
+        assert_eq!(parse_install_timeout("2h"), Some(Duration::from_secs(7200)));
+        assert_eq!(
+            parse_install_timeout("1 hour"),
+            Some(Duration::from_secs(3600))
+        );
+    }
+
+    #[test]
+    fn parse_invalid_returns_none() {
+        assert!(parse_install_timeout("").is_none());
+        assert!(parse_install_timeout("nope").is_none());
+        assert!(parse_install_timeout("30x").is_none());
+        assert!(parse_install_timeout("-5m").is_none());
+    }
+
+    #[test]
+    fn effective_prefers_explicit() {
+        let d = effective_install_timeout(Some(Duration::from_secs(42)));
+        assert_eq!(d, Duration::from_secs(42));
+    }
+
+    #[test]
+    fn effective_default_when_none() {
+        // Don't tamper with env in this test — just ensure default kicks in
+        // when neither explicit nor a parseable env var is set.
+        std::env::remove_var("UVR_INSTALL_TIMEOUT");
+        let d = effective_install_timeout(None);
+        assert_eq!(d, DEFAULT_INSTALL_TIMEOUT);
+    }
+
+    #[test]
+    fn cleanup_lock_dir_removes_directory() {
+        let tmp = tempfile::TempDir::new().unwrap();
+        let lib = tmp.path();
+        let lock = lib.join("00LOCK-foo");
+        std::fs::create_dir_all(lock.join("nested")).unwrap();
+        std::fs::write(lock.join("file"), "x").unwrap();
+        cleanup_lock_dir(lib, "foo");
+        assert!(!lock.exists());
+    }
+
+    #[test]
+    fn cleanup_lock_dir_handles_missing() {
+        let tmp = tempfile::TempDir::new().unwrap();
+        // Should not panic when nothing's there.
+        cleanup_lock_dir(tmp.path(), "doesnotexist");
+    }
+}

crates/uvr-core/src/installer/r_cmd_install.rs

@@ -8,5 +8,6 @@ pub mod project;
 pub mod r_version;
 pub mod registry;
 pub mod resolver;
+pub mod signal;
 pub mod sysreqs;
 pub mod sysreqs_rules;