pip install shouldn't use sudo

[jeffythedragonslayer]

In the documentation, Installing from source on Ubuntu, "sudo pip install ." fails

Removing sudo works.

[SR4ven]

What error message do you get?

sudo in combination with pip is a security risk anyways.
pip install . --user should be the safest way to install boofuzz for a single user.

I'll open a PR when I find some time.
Thanks for the info @jeffythedragonslayer.

[jeffythedragonslayer]

Attached sudo_pip_error.txt

sudo -H as it suggested also didn't work, and even more bizarre is that I already had setuptools version 41.2.0 so idk why it's complaining.

[jtpereyda]

Has anyone replicated this error?

I'm a bit ambivalent on the best install strategy to recommend. Using virtualenv will work without sudo, but without virtualenv I would anticipate install-without-sudo would fail, right?

[SR4ven]

@jeffythedragonslayer your installation problem with sudo seems to be caused by connection problems as your log contains Failed to establish a new connection: [Errno -2] Name or service not known.

Has anyone replicated this error?

I'm a bit ambivalent on the best install strategy to recommend. Using virtualenv will work without sudo, but without virtualenv I would anticipate install-without-sudo would fail, right?

@jtpereyda you are right, thanks for pointing this out.
The installation without sudo will fail because of missing write access to /usr/local/lib/python3.7/dist-packages/.
I'm currently on Ubuntu 19.04 which doesn't come with a reference to pip for the root user by default (command not found).
Installing with sudo python3 -m pip install boofuzz works fine, so the installation method is not broken, but not best practice either.

The one way to install pip packages, that has always worked for me, is using the --user option.
That installs the package for the current user and not system wide, which should be sufficient for the most use cases.
https://pip.pypa.io/en/stable/user_guide/#user-installs
https://stackoverflow.com/questions/42988977/what-is-the-purpose-pip-install-user/42989020

In my opinion we should recommend the user-install method and maybe mention the system wide installation only as a fallback.
On top, there are many statements about sudo pip install being a bad practice.
https://askubuntu.com/questions/802544/is-sudo-pip-install-still-a-broken-practice

https://packaging.python.org/tutorials/installing-packages/#ensure-you-can-run-python-from-the-command-line

Note: Due to the way most Linux distributions are handling the Python 3 migration, Linux users using the system Python without creating a virtual environment first should replace the python command in this tutorial with python3 and the pip command with pip3 --user. Do not run any of the commands in this tutorial with sudo: if you get a permissions error, come back to the section on creating virtual environments, set one up, and then continue with the tutorial as written.

[jtpereyda]

That's a good point on the security side. I'd be happy switching the advice to --user instead of sudo.... or I guess to virtualenv. Honestly I'm always too lazy to use virtualenv unless I run into a conflict and need to. 🤷‍♂

[SR4ven]

Should have been fixed with #327.
Can we close this issue @jeffythedragonslayer?

[SR4ven]

I just ran into an issue installing boofuzz with pip install -e .[dev] --user related to setuptools pypa/setuptools#1405
Let's hope this gets fixed anytime soon.

Installing with sudo pip install -e .[dev] works without problems.

Python 3.7.3; pip 19.3.1 on Ubuntu 19.04